Fix & Ship·Intermediate
Launch Checklist
The final checklist to run through before you ship your AI-built app.
You've fixed your FinishKit findings. Here's a final checklist before you go live.
FinishKit findings
- No critical or high severity blockers remaining
- No critical or high severity security findings remaining
- All deploy-category findings resolved or consciously deferred
- You've reviewed and understood any remaining medium/low findings
Environment & secrets
- All required environment variables are set in your deployment platform
- No
.envfile committed to the repo - API keys and secrets have been rotated if they were ever committed
- Your deployment platform has the correct
NODE_ENV=productionsetting
Auth & access
- Sign up and sign in flows work end-to-end
- Protected routes redirect unauthenticated users correctly
- Password reset flow works
- You've tested with a fresh account (not your dev account)
Payments (if applicable)
- Stripe is in live mode (not test mode)
- Webhook endpoint is configured for your production URL
- You've done a test purchase with a real card
- Subscription flows work end-to-end
Deployment
- App builds without errors:
npm run build - App runs in production mode:
npm run start - Custom domain is configured and HTTPS is working
-
robots.txtandsitemap.xmlare present (for SEO)
One last thing
Ship it. A shipped app with a few medium-severity findings is infinitely more valuable than a perfect app that never launches. FinishKit gives you the confidence to know what you're shipping, not a reason to delay forever.
After you launch, run another FinishKit scan with real user traffic patterns in mind. New findings may surface once you think about it as a live product rather than a dev project.