Production Readiness Checklist

Date: October 14, 2025
Status: ⚠️ REVIEW REQUIRED BEFORE DEPLOYMENT

🚨 CRITICAL - Security (MUST FIX)

Environment Variables

.env added to .gitignore

VERIFY: .env was NEVER committed to git

git log --all --full-history -- .env
# Should return nothing

IF .env was committed: Remove from git history immediately

git filter-branch --force --index-filter \
'git rm --cached --ignore-unmatch .env' \
--prune-empty --tag-name-filter cat -- --all

Review ALL commits for accidentally committed secrets
Rotate ANY API keys that were ever in git history

Vercel Environment Variables

Set these in Vercel Dashboard (NOT in .env file):

Required:

LEMON_SQUEEZY_API_KEY
LEMON_SQUEEZY_STORE_ID
LEMON_SQUEEZY_PRODUCT_ID
LEMON_SQUEEZY_VARIANT_ID
LEMON_SQUEEZY_WEBHOOK_SECRET
DOWNLOAD_SECRET (generate with: openssl rand -hex 32)
SITE_URL (e.g., https://photoflowseo.com)
ALLOWED_ORIGINS (your domain)

Optional (AI - BYOK mode):

AI_PROVIDER=mock (or leave unset for BYOK-only)
Do NOT set GEMINI_API_KEY (users provide their own)
Do NOT set OPENROUTER_API_KEY (users provide their own)

✅ Code Quality

Server-Side

Client-Side (Package)

BYOK code in CaptionProvider.js
Batch processing support
README with BYOK docs
Package rebuilt (photoswipe-pro-5.4.4.tgz)
Test package installation
Test BYOK flow from user perspective

Git Status

Current modified files:

M build/build-pro-package.js
M server/ai/router.js
M src/pro/ai/CaptionProvider.js
M docs/*.md
M dist-pro/*

Review all changes
Commit changes with clear message
Tag release (e.g., v5.4.4-byok)

📦 Package Delivery

Lemon Squeezy Setup

Product created in Lemon Squeezy
Variants configured (if multiple tiers)
Webhook configured
- URL: https://your-domain.com/api/webhooks/lemonsqueezy
- Secret set in Vercel env vars
Test purchase flow (sandbox mode first)
Test license delivery email

Download Delivery

Package uploaded to Vercel: releases/photoswipe-pro-5.4.4.tgz
Download endpoint tested: /api/download
Download signature validation working
Test full download flow:
1. Purchase
2. Receive email with download link
3. Download package
4. Verify package integrity

🌐 Website & Documentation

Website

Update pricing page with BYOK model

PhotoSwipe Pro: $49/year
✓ All Pro features
✓ AI caption generation (BYOK)
✓ Your AI costs: $0-10/year (FREE Gemini tier)

Add "Get Free Gemini Key" CTA
Update features list
Add BYOK explanation
Update FAQ

Documentation

docs/BYOK-BRING-YOUR-OWN-KEY.md created
docs/batch-caption-guide.md created
docs/AI-BUSINESS-MODEL.md updated
docs/SECURITY-FIX-AND-BYOK-COMPLETE.md created
Update main README.md
Update getting started guide
Create video tutorial (optional but recommended)

Help Center

"How to get Gemini API key" article
"BYOK setup guide" article
"Troubleshooting AI captions" article
FAQ: "Why do I need my own API key?"

🧪 Testing

Manual Testing

Local Testing:

API Testing:

# Test health
curl http://localhost:4001/health

# Test AI caption (should require API key)
curl -X POST http://localhost:4001/api/ai/caption \
  -H "Content-Type: application/json" \
  -d '{"url":"https://picsum.photos/800/600","licenseKey":"test"}'
# Should return: {"error":"api_key_required","byok":true}

# Test batch (should require API key)
curl -X POST http://localhost:4001/api/ai/caption/batch \
  -H "Content-Type: application/json" \
  -d '{"images":[{"url":"https://picsum.photos/800/600"}],"licenseKey":"test"}'
# Should return: {"error":"api_key_required","byok":true}

End-to-End Testing

Full User Flow:

Edge Cases:

Invalid license key → Proper error
Missing API key → Helpful BYOK error
Rate limit → 429 error
Invalid image URL → Proper error
Batch too large (>50) → Error with message

🚀 Deployment

Pre-Deployment

Vercel Deployment

# Deploy to preview first
vercel

# Test preview deployment
# - Test all API endpoints
# - Test purchase flow
# - Test download flow
# - Test BYOK flow

# Deploy to production
vercel --prod

Post-Deployment Checks

📊 Monitoring

Setup Monitoring

Metrics to Watch

First Week:

Successful purchases
Download completion rate
BYOK setup rate
Support tickets about BYOK
API error rate

Ongoing:

Monthly purchases
Churn rate
BYOK adoption rate
Average AI usage per user
Cost per customer (should be ~$0)

📧 Marketing & Launch

Pre-Launch

Pricing page updated
Product description mentions BYOK
BYOK benefits highlighted
- "Use your free Gemini API key"
- "Pay only for what you use"
- "No monthly quotas or limits"
Comparison table (vs competitors)

Launch Communications

Email List:

Announcement email drafted
Explains BYOK clearly
Links to "Get Free Gemini Key" guide
Early bird discount (optional)

Social Media:

Twitter thread prepared
LinkedIn post prepared
Reddit posts prepared (r/webdev, r/ecommerce)
Dev.to article written

Launch Day:

Post on Product Hunt
Post on Hacker News (Show HN)
Email newsletter sent
Social media posts published

🆘 Support Preparation

Common Questions

Prepare answers for:

"What is BYOK?"
"How do I get a Gemini API key?"
"How much will AI cost me?"
"Can I use OpenRouter instead?"
"Do I need PhotoSwipe Pro AND a Gemini key?"
"Is my API key secure?"
"What if Gemini raises prices?"

Support Resources

BYOK FAQ page
Video: "Getting Your Free Gemini Key"
Video: "Setting Up BYOK in 2 Minutes"
Troubleshooting guide
Support email ready: support@photoflowseo.com

⚠️ Known Issues / TODOs

High Priority

CRITICAL: Verify .env was never committed
Test full purchase → download → use flow
Create onboarding email sequence
Add BYOK setup wizard to website

Medium Priority

Add usage dashboard for users
Add API key validation on client
Add cost estimator ("X images = $Y/month")
Create migration guide for existing users (if any)

Low Priority

Add analytics to track BYOK adoption
Add A/B test for pricing ($49 vs $79)
Consider tiered pricing later
Add referral program

📋 Final Checklist

Before Pushing to Vercel:

Before Going Public:

Launch Readiness:

🎯 Launch Decision

Status: ⚠️ NOT READY YET

Blockers:

🚨 CRITICAL: Verify .env was never committed to git
⚠️ Must test full end-to-end flow
⚠️ Must set all Vercel environment variables
⚠️ Must test purchase flow
⚠️ Must update pricing page with BYOK

Estimated Time to Ready: 2-4 hours

Next Steps:

Check git history for .env exposure
Set Vercel environment variables
Deploy to preview
Test end-to-end
Update website
Deploy to production
THEN publicize

✅ When All Green

You're ready to launch when:

All ❌ are ✅
No critical blockers
All tests pass
Monitoring enabled
Support ready

Then:

# Commit changes
git add .
git commit -m "feat: Add BYOK support with batch processing"
git tag v5.4.4-byok

# Deploy
vercel --prod

# Monitor
# Watch Vercel logs
# Watch error tracking
# Watch for support requests

# Launch!
# Send emails
# Post on social
# Celebrate 🎉

Current Recommendation:

🛑 DO NOT PUSH TO PRODUCTION YET

Fix these first:

Verify no secrets in git
Set Vercel env vars
Test end-to-end
Update website
Then deploy to preview
Then deploy to production

Estimated time needed: 2-4 hours of focused work

Production Readiness Checklist

🚨 CRITICAL - Security (MUST FIX)​

Environment Variables​

Vercel Environment Variables​

✅ Code Quality​

Server-Side​

Client-Side (Package)​

Git Status​

📦 Package Delivery​

Lemon Squeezy Setup​

Download Delivery​

🌐 Website & Documentation​

Website​

Documentation​

Help Center​

🧪 Testing​

Manual Testing​

End-to-End Testing​

🚀 Deployment​

Pre-Deployment​

Vercel Deployment​

Post-Deployment Checks​

📊 Monitoring​

Setup Monitoring​

Metrics to Watch​

📧 Marketing & Launch​

Pre-Launch​

Launch Communications​

🆘 Support Preparation​

Common Questions​

Support Resources​

⚠️ Known Issues / TODOs​

High Priority​

Medium Priority​

Low Priority​

📋 Final Checklist​

🎯 Launch Decision​

✅ When All Green​

🛑 DO NOT PUSH TO PRODUCTION YET​