Blame
|
1 | --- |
||||||
| 2 | category: reference |
|||||||
| 3 | tags: [process, launch] |
|||||||
| 4 | last_updated: 2026-03-13 |
|||||||
| 5 | confidence: medium |
|||||||
| 6 | --- |
|||||||
| 7 | ||||||||
| 8 | # Launch Checklist — Human Actions Required |
|||||||
| 9 | ||||||||
| 10 | Things that require human action before wikibot.io can go live. These cannot be done by agents. |
|||||||
| 11 | ||||||||
| 12 | ## Branding |
|||||||
| 13 | ||||||||
| 14 | - [ ] Logo designed (needed for OAuth consent screens, favicon, landing page) |
|||||||
| 15 | - [ ] Favicon / app icon variants (16x16, 32x32, 180x180, 512x512) |
|||||||
| 16 | ||||||||
| 17 | ## OAuth Providers (WorkOS) |
|||||||
| 18 | ||||||||
| 19 | ### Google |
|||||||
| 20 | - [ ] OAuth consent screen configured with logo |
|||||||
| 21 | - [ ] App submitted for Google verification review (required for production — unverified apps show scary warnings) |
|||||||
| 22 | - [ ] Privacy policy URL configured (Google requires this) |
|||||||
| 23 | - [ ] Terms of service URL configured |
|||||||
| 24 | ||||||||
| 25 | ### Apple |
|||||||
| 26 | - [ ] Sign in with Apple configured with logo / branding |
|||||||
| 27 | - [ ] Privacy policy URL configured (Apple requires this) |
|||||||
| 28 | ||||||||
| 29 | ### GitHub |
|||||||
| 30 | - [ ] OAuth app logo uploaded |
|||||||
| 31 | - [ ] Callback URLs updated for production domain |
|||||||
| 32 | ||||||||
| 33 | ## WorkOS |
|||||||
| 34 | ||||||||
| 35 | - [ ] Credit card added (required for production tier) |
|||||||
| 36 | - [ ] Production environment created (separate from staging) |
|||||||
| 37 | - [ ] Production API key generated and stored in Pulumi prod config |
|||||||
| 38 | - [ ] Redirect URIs updated for production domain (`wikibot.io`) |
|||||||
| 39 | ||||||||
| 40 | ## DNS / Domain |
|||||||
| 41 | ||||||||
| 42 | - [ ] `wikibot.io` production DNS records configured |
|||||||
| 43 | - [ ] Email forwarding or MX records for `@wikibot.io` (for support/contact) |
|||||||
| 44 | ||||||||
| 45 | ## Legal |
|||||||
| 46 | ||||||||
| 47 | - [ ] Privacy policy written and hosted |
|||||||
| 48 | - [ ] Terms of service written and hosted |
|||||||
| 49 | ||||||||
| 50 | ## Accounts / Billing |
|||||||
| 51 | ||||||||
| 52 | - [ ] AWS production account or isolated stack (separate from dev) |
|||||||
| 53 | - [ ] AWS budget alarm set for production |
|||||||
| 54 | - [ ] Production Pulumi stack created |
|||||||
| 55 | ||||||||
| 56 | ## Pre-Launch Smoke Test |
|||||||
| 57 | ||||||||
| 58 | - [ ] Fresh user signup works (Google, Apple, GitHub) |
|||||||
| 59 | - [ ] OAuth consent screens show correct branding |
|||||||
| 60 | - [ ] MCP connection from Claude.ai works |
|||||||
| 61 | - [ ] MCP connection from Claude Code works |
|||||||
| 62 | - [ ] Create wiki → write page → semantic search cycle works |
|||||||
| 63 | - [ ] Git clone with bearer token works |
|||||||
|
64 | |||||||
| 65 | ## Security Review |
|||||||
| 66 | ||||||||
| 67 | Pre-launch security review before opening to users. This is not a penetration test — it's a structured walkthrough of the attack surface. |
|||||||
| 68 | ||||||||
| 69 | ### Auth and access control |
|||||||
| 70 | - [ ] Verify tenant isolation: User A cannot access User B's wiki via API, MCP, web UI, or git |
|||||||
| 71 | - [ ] Verify MCP bearer tokens are hashed at rest (not stored in plaintext) |
|||||||
| 72 | - [ ] Verify OAuth tokens are not logged or exposed in error responses |
|||||||
| 73 | - [ ] Verify expired/revoked tokens are rejected promptly |
|||||||
| 74 | - [ ] Verify ACL enforcement on all routes (API, MCP, web, git) |
|||||||
| 75 | - [ ] Test collaborator invite flow: invited user gets correct permissions, uninvited user gets nothing |
|||||||
| 76 | ||||||||
| 77 | ### Input validation |
|||||||
| 78 | - [ ] Wiki names, page names, usernames: test for path traversal (`../`, `%2e%2e/`) |
|||||||
| 79 | - [ ] Markdown content: test for stored XSS (script tags, event handlers, javascript: URIs in rendered HTML) |
|||||||
| 80 | - [ ] API inputs: test for injection via page titles, search queries, tag values |
|||||||
| 81 | - [ ] MCP tool inputs: fuzz all tool parameters for unexpected types and boundary values |
|||||||
| 82 | ||||||||
| 83 | ### Infrastructure |
|||||||
| 84 | - [ ] Lambda environment variables: no secrets in plaintext (use Secrets Manager or Pulumi config) |
|||||||
| 85 | - [ ] EFS: confirm no cross-tenant file access is possible via path manipulation |
|||||||
| 86 | - [ ] DynamoDB: confirm IAM policies scope Lambda access appropriately |
|||||||
| 87 | - [ ] API Gateway: confirm rate limiting is active |
|||||||
| 88 | - [ ] HTTPS enforced on all endpoints (no HTTP fallback) |
|||||||
| 89 | - [ ] CORS headers: confirm only expected origins are allowed |
|||||||
| 90 | ||||||||
| 91 | ### Data exposure |
|||||||
| 92 | - [ ] Error responses do not leak stack traces, file paths, or internal identifiers |
|||||||
| 93 | - [ ] Git clone does not expose other tenants' repos |
|||||||
| 94 | - [ ] Search (keyword and semantic) is scoped to the requesting user's wikis only |
|||||||
| 95 | - [ ] CloudFront cache does not serve User A's cached content to User B |
|||||||