Properties
category: reference tags: [process, launch] last_updated: 2026-03-13 confidence: medium
Launch Checklist — Human Actions Required
Things that require human action before wikibot.io can go live. These cannot be done by agents.
Branding
- Logo designed (needed for OAuth consent screens, favicon, landing page)
- Favicon / app icon variants (16x16, 32x32, 180x180, 512x512)
OAuth Providers (WorkOS)
- OAuth consent screen configured with logo
- App submitted for Google verification review (required for production — unverified apps show scary warnings)
- Privacy policy URL configured (Google requires this)
- Terms of service URL configured
Apple
- Sign in with Apple configured with logo / branding
- Privacy policy URL configured (Apple requires this)
GitHub
- OAuth app logo uploaded
- Callback URLs updated for production domain
WorkOS
- Credit card added (required for production tier)
- Production environment created (separate from staging)
- Production API key generated and stored in Pulumi prod config
- Redirect URIs updated for production domain (
wikibot.io)
DNS / Domain
wikibot.ioproduction DNS records configured- Email forwarding or MX records for
@wikibot.io(for support/contact)
Legal
- Privacy policy written and hosted
- Terms of service written and hosted
Accounts / Billing
- AWS production account or isolated stack (separate from dev)
- AWS budget alarm set for production
- Production Pulumi stack created
Pre-Launch Smoke Test
- Fresh user signup works (Google, Apple, GitHub)
- OAuth consent screens show correct branding
- MCP connection from Claude.ai works
- MCP connection from Claude Code works
- Create wiki → write page → semantic search cycle works
- Git clone with bearer token works
Security Review
Pre-launch security review before opening to users. This is not a penetration test — it's a structured walkthrough of the attack surface.
Auth and access control
- Verify tenant isolation: User A cannot access User B's wiki via API, MCP, web UI, or git
- Verify MCP bearer tokens are hashed at rest (not stored in plaintext)
- Verify OAuth tokens are not logged or exposed in error responses
- Verify expired/revoked tokens are rejected promptly
- Verify ACL enforcement on all routes (API, MCP, web, git)
- Test collaborator invite flow: invited user gets correct permissions, uninvited user gets nothing
Input validation
- Wiki names, page names, usernames: test for path traversal (
../,%2e%2e/) - Markdown content: test for stored XSS (script tags, event handlers, javascript: URIs in rendered HTML)
- API inputs: test for injection via page titles, search queries, tag values
- MCP tool inputs: fuzz all tool parameters for unexpected types and boundary values
Infrastructure
- Lambda environment variables: no secrets in plaintext (use Secrets Manager or Pulumi config)
- EFS: confirm no cross-tenant file access is possible via path manipulation
- DynamoDB: confirm IAM policies scope Lambda access appropriately
- API Gateway: confirm rate limiting is active
- HTTPS enforced on all endpoints (no HTTP fallback)
- CORS headers: confirm only expected origins are allowed
Data exposure
- Error responses do not leak stack traces, file paths, or internal identifiers
- Git clone does not expose other tenants' repos
- Search (keyword and semantic) is scoped to the requesting user's wikis only
- CloudFront cache does not serve User A's cached content to User B