6 · Pre-launch sign-off

# ZajLibrary — implementation playbook

You are a **senior implementation assistant** working inside the user’s real development environment (terminal, editor, git repo). You are **not** a documentation writer, tutor, or library editor.

**Mission:** Execute the procedure described below in the user’s real project workspace — create or modify the files and run the commands it specifies. Do not just summarize it.

## Metadata
- title: 6 · Pre-launch sign-off
- url: https://library.zajapps.com/tech-stack/laravel/codecanyon/build/playbooks/setup-new/10-audit-qa/06-sign-off/
- shelf: Build & Create
- doc_type: implementation playbook
- status: current
- kind: playbook
- category: tech-stack
- subcategory: laravel
- topic: codecanyon
- phase: 10
- step_number: 6
- est_time: ~45 min
- description: The final gate — walk the pre-launch checklist across blockers, infra, security, monitoring, payments, comms, legal, content, and team readiness, then execute the launch sequence.
- tags: codecanyon, laravel, launch, checklist

## Execution rules (binding)
- This is step 6 of phase 10 (~45 min) — do only this step, then stop at its `## Checklist`.
- Follow `## Steps` in order. Do not skip steps or declare the work complete early.
- Respect `:::note[Who does this]`: 👤 **User** steps (browser, downloads, OAuth, moving files) need the human — wait for or instruct them; 🤖 **Agent** steps you run in the shell.
- After every command, compare its output to the `# Expected:` comment or ✅ bullet beneath it. If it differs, **stop, show what you got, and ask how to proceed** — do not guess or rewrite the procedure.
- Honor `:::caution` / `:::note` callouts as hard gates (a step may forbid a command at this stage).
- Do not mark the step done until every `## Checklist` item is genuinely satisfied.
- Scope: implement only what this page describes — no refactors, added features, or later-phase work unless the page says so.
- When reporting progress, cite the `##` / `###` headings you completed or got blocked on.
- Secrets: never put API keys, passwords, or `.env` values in frontend code, commits, or chat logs — use server-side `.env` / config only, and keep `.env` gitignored.

---

# 6 · Pre-launch sign-off

## TL;DR

**Objective** — walk the pre-launch checklist across blockers, infra, security, monitoring, payments, comms, legal, content, and team readiness, then execute the launch sequence — the final gate where any unresolved high-risk item means **do not launch**.

:::note[User part + done-when]
**👤 User part** — the sign-off decision and the launch itself: a person makes the go/no-go call, notifies the team, and owns the deploy + 24–48h monitor window (the agent can verify items and tag the release, but it can't authorize a launch).

**Done when** every checklist area is green with zero unresolved high-risk items and the launch sequence has run through to post-launch monitoring. &nbsp;·&nbsp; **⏱ ~45 min** &nbsp;·&nbsp; 🔀 mixed (👤 go/no-go + deploy, 🤖 verification).
:::

## Background

The final gate. Walk the checklist; if any high-risk item is unresolved, **do not launch**. Everything before this phase fed into one decision — whether the app is ready for paying users.

## Steps

### 1. Walk the pre-launch checklist

Confirm every area below before anyone makes a go/no-go call.

| Area | Verify |
|---|---|
| Blockers | No unresolved HIGH / open ISSUE / SECURITY items in the project log |
| Infrastructure | SSL > 30 days, DNS + www resolve, CDN proxy on, SSL mode Full (strict) |
| Security | `APP_DEBUG=false`, `.env` returns 403/404, no debug toolbar, **Grade A** headers (securityheaders.com) + **SSL Labs (TLS)** A/A+ |
| Monitoring | Error tracking captures a test event, uptime monitor + backups verified |
| Payments | Live keys, production webhook + secret, test mode off, real charge + refund work |
| Communications | Inbox-delivered welcome/reset/invoice emails, chat widget live |
| Legal | Privacy, Terms, Cookie, Refund pages published + linked; consent banner enforced |
| Content | No placeholder text, favicon, OG/meta, sitemap, `robots.txt` correct |
| Team readiness | Admin creds in a vault with 2FA, rollback documented, 24h monitor assigned |

:::note[Who does this]
👤 **User** makes the go/no-go sign-off — a launch authorization only a person can give. 🤖 **Agent** verifies the technical items (headers, `.env` blocking, webhook config) and reports status per area.
:::

<Steps>

1. **Verify every area, then make the go/no-go call.** If any high-risk item is unresolved, **do not launch**.

   - ✅ All nine areas are green with zero unresolved HIGH / SECURITY items, and the sign-off is recorded.

</Steps>

### 2. Execute the launch sequence

With a green checklist, run the launch sequence in order.

:::note[Who does this]
🔀 **User + Agent** — the agent runs the backup + release tag; 👤 **User** notifies the team, deploys, and owns the 24–48h monitoring window.
:::

<Steps>

1. **Run the sequence: backup → tag → push tag → notify → deploy → verify → monitor.** Full DB backup → tag the release → push the tag → notify the team → deploy → verify a full user flow → submit the sitemap and monitor for 24–48 hours.

   ```bash
   # Backup first (adjust for your host/tooling)
   # mysqldump … > pre-launch-$(date +%F).sql

   git tag -a v1.0.0 -m "Launch v1.0.0"
   git push origin v1.0.0
   # Expected: annotated tag exists locally and on origin
   ```

   - ✅ DB backed up, release tagged **and pushed**, team notified, deploy verified end-to-end, sitemap submitted, 24–48h monitor running.

</Steps>

## Checklist

Do not mark this step done until **every** box below is checked.

- [ ] **🤖 Blockers clear** — no unresolved HIGH / open ISSUE / SECURITY items in the project log.
- [ ] **🤖 Infrastructure ready** — SSL > 30 days, DNS + www resolve, CDN proxy on, SSL mode Full (strict).
- [ ] **🤖 Security verified** — `APP_DEBUG=false`, `.env` returns 403/404, no debug toolbar; **Grade A** at securityheaders.com; **SSL Labs (TLS)** A or A+.
- [ ] **🤖 Monitoring live** — error tracking captures a test event, uptime monitor + backups verified.
- [ ] **🔀 Payments live** — live keys, production webhook + secret, test mode off, real charge + refund work.
- [ ] **🤖 Communications working** — inbox-delivered welcome/reset/invoice emails, chat widget live.
- [ ] **🤖 Legal published** — Privacy, Terms, Cookie, Refund pages published + linked; consent banner enforced.
- [ ] **🤖 Content complete** — no placeholder text, favicon, OG/meta, sitemap, `robots.txt` correct.
- [ ] **👤 Team ready + launched** — admin creds vaulted with 2FA, rollback documented, 24h monitor assigned, launch sequence run.

:::next[Next step]
[Phase 11 · Pre-customer verification](/tech-stack/laravel/codecanyon/build/playbooks/setup-new/11-pre-customer/)
:::

# 6 · Pre-launch sign-off

> Source: https://library.zajapps.com/tech-stack/laravel/codecanyon/build/playbooks/setup-new/10-audit-qa/06-sign-off/

## TL;DR

**Objective** — walk the pre-launch checklist across blockers, infra, security, monitoring, payments, comms, legal, content, and team readiness, then execute the launch sequence — the final gate where any unresolved high-risk item means **do not launch**.

:::note[User part + done-when]
**👤 User part** — the sign-off decision and the launch itself: a person makes the go/no-go call, notifies the team, and owns the deploy + 24–48h monitor window (the agent can verify items and tag the release, but it can't authorize a launch).

**Done when** every checklist area is green with zero unresolved high-risk items and the launch sequence has run through to post-launch monitoring. &nbsp;·&nbsp; **⏱ ~45 min** &nbsp;·&nbsp; 🔀 mixed (👤 go/no-go + deploy, 🤖 verification).
:::

## Background

The final gate. Walk the checklist; if any high-risk item is unresolved, **do not launch**. Everything before this phase fed into one decision — whether the app is ready for paying users.

## Steps

### 1. Walk the pre-launch checklist

Confirm every area below before anyone makes a go/no-go call.

| Area | Verify |
|---|---|
| Blockers | No unresolved HIGH / open ISSUE / SECURITY items in the project log |
| Infrastructure | SSL > 30 days, DNS + www resolve, CDN proxy on, SSL mode Full (strict) |
| Security | `APP_DEBUG=false`, `.env` returns 403/404, no debug toolbar, **Grade A** headers (securityheaders.com) + **SSL Labs (TLS)** A/A+ |
| Monitoring | Error tracking captures a test event, uptime monitor + backups verified |
| Payments | Live keys, production webhook + secret, test mode off, real charge + refund work |
| Communications | Inbox-delivered welcome/reset/invoice emails, chat widget live |
| Legal | Privacy, Terms, Cookie, Refund pages published + linked; consent banner enforced |
| Content | No placeholder text, favicon, OG/meta, sitemap, `robots.txt` correct |
| Team readiness | Admin creds in a vault with 2FA, rollback documented, 24h monitor assigned |

:::note[Who does this]
👤 **User** makes the go/no-go sign-off — a launch authorization only a person can give. 🤖 **Agent** verifies the technical items (headers, `.env` blocking, webhook config) and reports status per area.
:::

<Steps>

1. **Verify every area, then make the go/no-go call.** If any high-risk item is unresolved, **do not launch**.

   - ✅ All nine areas are green with zero unresolved HIGH / SECURITY items, and the sign-off is recorded.

</Steps>

### 2. Execute the launch sequence

With a green checklist, run the launch sequence in order.

:::note[Who does this]
🔀 **User + Agent** — the agent runs the backup + release tag; 👤 **User** notifies the team, deploys, and owns the 24–48h monitoring window.
:::

<Steps>

1. **Run the sequence: backup → tag → push tag → notify → deploy → verify → monitor.** Full DB backup → tag the release → push the tag → notify the team → deploy → verify a full user flow → submit the sitemap and monitor for 24–48 hours.

   ```bash
   # Backup first (adjust for your host/tooling)
   # mysqldump … > pre-launch-$(date +%F).sql

   git tag -a v1.0.0 -m "Launch v1.0.0"
   git push origin v1.0.0
   # Expected: annotated tag exists locally and on origin
   ```

   - ✅ DB backed up, release tagged **and pushed**, team notified, deploy verified end-to-end, sitemap submitted, 24–48h monitor running.

</Steps>

## Checklist

Do not mark this step done until **every** box below is checked.

- [ ] **🤖 Blockers clear** — no unresolved HIGH / open ISSUE / SECURITY items in the project log.
- [ ] **🤖 Infrastructure ready** — SSL > 30 days, DNS + www resolve, CDN proxy on, SSL mode Full (strict).
- [ ] **🤖 Security verified** — `APP_DEBUG=false`, `.env` returns 403/404, no debug toolbar; **Grade A** at securityheaders.com; **SSL Labs (TLS)** A or A+.
- [ ] **🤖 Monitoring live** — error tracking captures a test event, uptime monitor + backups verified.
- [ ] **🔀 Payments live** — live keys, production webhook + secret, test mode off, real charge + refund work.
- [ ] **🤖 Communications working** — inbox-delivered welcome/reset/invoice emails, chat widget live.
- [ ] **🤖 Legal published** — Privacy, Terms, Cookie, Refund pages published + linked; consent banner enforced.
- [ ] **🤖 Content complete** — no placeholder text, favicon, OG/meta, sitemap, `robots.txt` correct.
- [ ] **👤 Team ready + launched** — admin creds vaulted with 2FA, rollback documented, 24h monitor assigned, launch sequence run.

:::next[Next step]
[Phase 11 · Pre-customer verification](/tech-stack/laravel/codecanyon/build/playbooks/setup-new/11-pre-customer/)
:::

TL;DR

Objective — walk the pre-launch checklist across blockers, infra, security, monitoring, payments, comms, legal, content, and team readiness, then execute the launch sequence — the final gate where any unresolved high-risk item means do not launch.

Background

The final gate. Walk the checklist; if any high-risk item is unresolved, do not launch. Everything before this phase fed into one decision — whether the app is ready for paying users.

Steps

1. Walk the pre-launch checklist

Confirm every area below before anyone makes a go/no-go call.

Area	Verify
Blockers	No unresolved HIGH / open ISSUE / SECURITY items in the project log
Infrastructure	SSL > 30 days, DNS + www resolve, CDN proxy on, SSL mode Full (strict)
Security	`APP_DEBUG=false`, `.env` returns 403/404, no debug toolbar, Grade A headers (securityheaders.com) + SSL Labs (TLS) A/A+
Monitoring	Error tracking captures a test event, uptime monitor + backups verified
Payments	Live keys, production webhook + secret, test mode off, real charge + refund work
Communications	Inbox-delivered welcome/reset/invoice emails, chat widget live
Legal	Privacy, Terms, Cookie, Refund pages published + linked; consent banner enforced
Content	No placeholder text, favicon, OG/meta, sitemap, `robots.txt` correct
Team readiness	Admin creds in a vault with 2FA, rollback documented, 24h monitor assigned

Verify every area, then make the go/no-go call. If any high-risk item is unresolved, do not launch.
- ✅ All nine areas are green with zero unresolved HIGH / SECURITY items, and the sign-off is recorded.

2. Execute the launch sequence

With a green checklist, run the launch sequence in order.

Run the sequence: backup → tag → push tag → notify → deploy → verify → monitor. Full DB backup → tag the release → push the tag → notify the team → deploy → verify a full user flow → submit the sitemap and monitor for 24–48 hours.
Terminal window
```
# Backup first (adjust for your host/tooling)
# mysqldump … > pre-launch-$(date +%F).sql

git tag -a v1.0.0 -m "Launch v1.0.0"
git push origin v1.0.0
# Expected: annotated tag exists locally and on origin
```
- ✅ DB backed up, release tagged and pushed, team notified, deploy verified end-to-end, sitemap submitted, 24–48h monitor running.

Checklist

Do not mark this step done until every box below is checked.

🤖 Blockers clear — no unresolved HIGH / open ISSUE / SECURITY items in the project log.
🤖 Infrastructure ready — SSL > 30 days, DNS + www resolve, CDN proxy on, SSL mode Full (strict).
🤖 Security verified — APP_DEBUG=false, .env returns 403/404, no debug toolbar; Grade A at securityheaders.com; SSL Labs (TLS) A or A+.
🤖 Monitoring live — error tracking captures a test event, uptime monitor + backups verified.
🔀 Payments live — live keys, production webhook + secret, test mode off, real charge + refund work.
🤖 Communications working — inbox-delivered welcome/reset/invoice emails, chat widget live.
🤖 Legal published — Privacy, Terms, Cookie, Refund pages published + linked; consent banner enforced.
🤖 Content complete — no placeholder text, favicon, OG/meta, sitemap, robots.txt correct.
👤 Team ready + launched — admin creds vaulted with 2FA, rollback documented, 24h monitor assigned, launch sequence run.

Phase 11 · Pre-customer verification

# ZajLibrary — implementation playbook

You are a **senior implementation assistant** working inside the user’s real development environment (terminal, editor, git repo). You are **not** a documentation writer, tutor, or library editor.

**Mission:** Execute the procedure described below in the user’s real project workspace — create or modify the files and run the commands it specifies. Do not just summarize it.

## Metadata
- title: 6 · Pre-launch sign-off
- url: https://library.zajapps.com/tech-stack/laravel/codecanyon/build/playbooks/setup-new/10-audit-qa/06-sign-off/
- shelf: Build & Create
- doc_type: implementation playbook
- status: current
- kind: playbook
- category: tech-stack
- subcategory: laravel
- topic: codecanyon
- phase: 10
- step_number: 6
- est_time: ~45 min
- description: The final gate — walk the pre-launch checklist across blockers, infra, security, monitoring, payments, comms, legal, content, and team readiness, then execute the launch sequence.
- tags: codecanyon, laravel, launch, checklist

## Execution rules (binding)
- This is step 6 of phase 10 (~45 min) — do only this step, then stop at its `## Checklist`.
- Follow `## Steps` in order. Do not skip steps or declare the work complete early.
- Respect `:::note[Who does this]`: 👤 **User** steps (browser, downloads, OAuth, moving files) need the human — wait for or instruct them; 🤖 **Agent** steps you run in the shell.
- After every command, compare its output to the `# Expected:` comment or ✅ bullet beneath it. If it differs, **stop, show what you got, and ask how to proceed** — do not guess or rewrite the procedure.
- Honor `:::caution` / `:::note` callouts as hard gates (a step may forbid a command at this stage).
- Do not mark the step done until every `## Checklist` item is genuinely satisfied.
- Scope: implement only what this page describes — no refactors, added features, or later-phase work unless the page says so.
- When reporting progress, cite the `##` / `###` headings you completed or got blocked on.
- Secrets: never put API keys, passwords, or `.env` values in frontend code, commits, or chat logs — use server-side `.env` / config only, and keep `.env` gitignored.

---

# 6 · Pre-launch sign-off

## TL;DR

**Objective** — walk the pre-launch checklist across blockers, infra, security, monitoring, payments, comms, legal, content, and team readiness, then execute the launch sequence — the final gate where any unresolved high-risk item means **do not launch**.

:::note[User part + done-when]
**👤 User part** — the sign-off decision and the launch itself: a person makes the go/no-go call, notifies the team, and owns the deploy + 24–48h monitor window (the agent can verify items and tag the release, but it can't authorize a launch).

**Done when** every checklist area is green with zero unresolved high-risk items and the launch sequence has run through to post-launch monitoring. &nbsp;·&nbsp; **⏱ ~45 min** &nbsp;·&nbsp; 🔀 mixed (👤 go/no-go + deploy, 🤖 verification).
:::

## Background

The final gate. Walk the checklist; if any high-risk item is unresolved, **do not launch**. Everything before this phase fed into one decision — whether the app is ready for paying users.

## Steps

### 1. Walk the pre-launch checklist

Confirm every area below before anyone makes a go/no-go call.

| Area | Verify |
|---|---|
| Blockers | No unresolved HIGH / open ISSUE / SECURITY items in the project log |
| Infrastructure | SSL > 30 days, DNS + www resolve, CDN proxy on, SSL mode Full (strict) |
| Security | `APP_DEBUG=false`, `.env` returns 403/404, no debug toolbar, **Grade A** headers (securityheaders.com) + **SSL Labs (TLS)** A/A+ |
| Monitoring | Error tracking captures a test event, uptime monitor + backups verified |
| Payments | Live keys, production webhook + secret, test mode off, real charge + refund work |
| Communications | Inbox-delivered welcome/reset/invoice emails, chat widget live |
| Legal | Privacy, Terms, Cookie, Refund pages published + linked; consent banner enforced |
| Content | No placeholder text, favicon, OG/meta, sitemap, `robots.txt` correct |
| Team readiness | Admin creds in a vault with 2FA, rollback documented, 24h monitor assigned |

:::note[Who does this]
👤 **User** makes the go/no-go sign-off — a launch authorization only a person can give. 🤖 **Agent** verifies the technical items (headers, `.env` blocking, webhook config) and reports status per area.
:::

<Steps>

1. **Verify every area, then make the go/no-go call.** If any high-risk item is unresolved, **do not launch**.

   - ✅ All nine areas are green with zero unresolved HIGH / SECURITY items, and the sign-off is recorded.

</Steps>

### 2. Execute the launch sequence

With a green checklist, run the launch sequence in order.

:::note[Who does this]
🔀 **User + Agent** — the agent runs the backup + release tag; 👤 **User** notifies the team, deploys, and owns the 24–48h monitoring window.
:::

<Steps>

1. **Run the sequence: backup → tag → push tag → notify → deploy → verify → monitor.** Full DB backup → tag the release → push the tag → notify the team → deploy → verify a full user flow → submit the sitemap and monitor for 24–48 hours.

   ```bash
   # Backup first (adjust for your host/tooling)
   # mysqldump … > pre-launch-$(date +%F).sql

   git tag -a v1.0.0 -m "Launch v1.0.0"
   git push origin v1.0.0
   # Expected: annotated tag exists locally and on origin
   ```

   - ✅ DB backed up, release tagged **and pushed**, team notified, deploy verified end-to-end, sitemap submitted, 24–48h monitor running.

</Steps>

## Checklist

Do not mark this step done until **every** box below is checked.

- [ ] **🤖 Blockers clear** — no unresolved HIGH / open ISSUE / SECURITY items in the project log.
- [ ] **🤖 Infrastructure ready** — SSL > 30 days, DNS + www resolve, CDN proxy on, SSL mode Full (strict).
- [ ] **🤖 Security verified** — `APP_DEBUG=false`, `.env` returns 403/404, no debug toolbar; **Grade A** at securityheaders.com; **SSL Labs (TLS)** A or A+.
- [ ] **🤖 Monitoring live** — error tracking captures a test event, uptime monitor + backups verified.
- [ ] **🔀 Payments live** — live keys, production webhook + secret, test mode off, real charge + refund work.
- [ ] **🤖 Communications working** — inbox-delivered welcome/reset/invoice emails, chat widget live.
- [ ] **🤖 Legal published** — Privacy, Terms, Cookie, Refund pages published + linked; consent banner enforced.
- [ ] **🤖 Content complete** — no placeholder text, favicon, OG/meta, sitemap, `robots.txt` correct.
- [ ] **👤 Team ready + launched** — admin creds vaulted with 2FA, rollback documented, 24h monitor assigned, launch sequence run.

:::next[Next step]
[Phase 11 · Pre-customer verification](/tech-stack/laravel/codecanyon/build/playbooks/setup-new/11-pre-customer/)
:::

# 6 · Pre-launch sign-off

> Source: https://library.zajapps.com/tech-stack/laravel/codecanyon/build/playbooks/setup-new/10-audit-qa/06-sign-off/

## TL;DR

**Objective** — walk the pre-launch checklist across blockers, infra, security, monitoring, payments, comms, legal, content, and team readiness, then execute the launch sequence — the final gate where any unresolved high-risk item means **do not launch**.

:::note[User part + done-when]
**👤 User part** — the sign-off decision and the launch itself: a person makes the go/no-go call, notifies the team, and owns the deploy + 24–48h monitor window (the agent can verify items and tag the release, but it can't authorize a launch).

**Done when** every checklist area is green with zero unresolved high-risk items and the launch sequence has run through to post-launch monitoring. &nbsp;·&nbsp; **⏱ ~45 min** &nbsp;·&nbsp; 🔀 mixed (👤 go/no-go + deploy, 🤖 verification).
:::

## Background

The final gate. Walk the checklist; if any high-risk item is unresolved, **do not launch**. Everything before this phase fed into one decision — whether the app is ready for paying users.

## Steps

### 1. Walk the pre-launch checklist

Confirm every area below before anyone makes a go/no-go call.

| Area | Verify |
|---|---|
| Blockers | No unresolved HIGH / open ISSUE / SECURITY items in the project log |
| Infrastructure | SSL > 30 days, DNS + www resolve, CDN proxy on, SSL mode Full (strict) |
| Security | `APP_DEBUG=false`, `.env` returns 403/404, no debug toolbar, **Grade A** headers (securityheaders.com) + **SSL Labs (TLS)** A/A+ |
| Monitoring | Error tracking captures a test event, uptime monitor + backups verified |
| Payments | Live keys, production webhook + secret, test mode off, real charge + refund work |
| Communications | Inbox-delivered welcome/reset/invoice emails, chat widget live |
| Legal | Privacy, Terms, Cookie, Refund pages published + linked; consent banner enforced |
| Content | No placeholder text, favicon, OG/meta, sitemap, `robots.txt` correct |
| Team readiness | Admin creds in a vault with 2FA, rollback documented, 24h monitor assigned |

:::note[Who does this]
👤 **User** makes the go/no-go sign-off — a launch authorization only a person can give. 🤖 **Agent** verifies the technical items (headers, `.env` blocking, webhook config) and reports status per area.
:::

<Steps>

1. **Verify every area, then make the go/no-go call.** If any high-risk item is unresolved, **do not launch**.

   - ✅ All nine areas are green with zero unresolved HIGH / SECURITY items, and the sign-off is recorded.

</Steps>

### 2. Execute the launch sequence

With a green checklist, run the launch sequence in order.

:::note[Who does this]
🔀 **User + Agent** — the agent runs the backup + release tag; 👤 **User** notifies the team, deploys, and owns the 24–48h monitoring window.
:::

<Steps>

1. **Run the sequence: backup → tag → push tag → notify → deploy → verify → monitor.** Full DB backup → tag the release → push the tag → notify the team → deploy → verify a full user flow → submit the sitemap and monitor for 24–48 hours.

   ```bash
   # Backup first (adjust for your host/tooling)
   # mysqldump … > pre-launch-$(date +%F).sql

   git tag -a v1.0.0 -m "Launch v1.0.0"
   git push origin v1.0.0
   # Expected: annotated tag exists locally and on origin
   ```

   - ✅ DB backed up, release tagged **and pushed**, team notified, deploy verified end-to-end, sitemap submitted, 24–48h monitor running.

</Steps>

## Checklist

Do not mark this step done until **every** box below is checked.

- [ ] **🤖 Blockers clear** — no unresolved HIGH / open ISSUE / SECURITY items in the project log.
- [ ] **🤖 Infrastructure ready** — SSL > 30 days, DNS + www resolve, CDN proxy on, SSL mode Full (strict).
- [ ] **🤖 Security verified** — `APP_DEBUG=false`, `.env` returns 403/404, no debug toolbar; **Grade A** at securityheaders.com; **SSL Labs (TLS)** A or A+.
- [ ] **🤖 Monitoring live** — error tracking captures a test event, uptime monitor + backups verified.
- [ ] **🔀 Payments live** — live keys, production webhook + secret, test mode off, real charge + refund work.
- [ ] **🤖 Communications working** — inbox-delivered welcome/reset/invoice emails, chat widget live.
- [ ] **🤖 Legal published** — Privacy, Terms, Cookie, Refund pages published + linked; consent banner enforced.
- [ ] **🤖 Content complete** — no placeholder text, favicon, OG/meta, sitemap, `robots.txt` correct.
- [ ] **👤 Team ready + launched** — admin creds vaulted with 2FA, rollback documented, 24h monitor assigned, launch sequence run.

:::next[Next step]
[Phase 11 · Pre-customer verification](/tech-stack/laravel/codecanyon/build/playbooks/setup-new/11-pre-customer/)
:::