# AIRIN Launch Readiness Checklist

The code-level product is gated in production. This runbook names the remaining owner/dashboard proof inputs required before AIRIN should be called fully launch-ready.

Canonical command:

```bash
BASE_URL=https://airinetwork.com npm run launch:gate
```

A launch-ready run should report `0 failed, 0 blockers`. Without the proof inputs below, the gate must block rather than overstate readiness.

Owner proof preflight:

```bash
npm run launch:proof-inputs
```

## Code-level proofs already covered

- Stripe Checkout Session permission: Stack Audit checkout creates a context-preserving stripe.com Checkout Session.
- Durable rate limiting: production declares REDIS_URL and public API route limits are covered by the KV-capable rateLimitKV invariant.
- Code-level product suites: subscription capture, inbound capture, report deliverables, PDF visual snapshots, pricing surfaces, analytics, rate limits, and security hardening are covered by automated launch suites.

## Kit and Resend provider health

Proof: The production machine-health probe must accept the production machine secret and verify Kit + Resend health.

- Set LAUNCH_MACHINE_SECRET to the production MACHINE_SECRET.
- Run the full launch gate against https://airinetwork.com.
- Confirm Resend airinetwork.com domain health and Kit form/tag/sequence health pass.

Gate input: `LAUNCH_MACHINE_SECRET=<prod-machine-secret> npm run launch:gate`

## Paid purchase history smoke

Proof: A real paid or recovered order must produce a PDF and attach to the signed-in user's My Reports history.

- Buy or recover a Stack Audit purchase using the production flow.
- Record PURCHASE_TOKEN and ORDER_ID for automated proof, or set PAID_PURCHASE_SMOKE=passed after manual proof.
- Run BASE_URL=https://airinetwork.com PURCHASE_TOKEN=<token> ORDER_ID=<order-id> npm run launch:purchase-proof for the fast PDF proof.
- Sign in, save the recovered purchase to My Reports, download Original PDF, and regenerate Latest PDF.
- Confirm the report remains available after refreshing and signing back in.

Gate input: `PURCHASE_TOKEN=<token> ORDER_ID=<order-id> npm run launch:gate`

## Stripe dashboard descriptor and receipt proof

Proof: Stripe dashboard settings must be manually confirmed because descriptor/product/receipt branding live outside git.

- Confirm statement descriptor is AIRIN.
- Confirm product names, receipt branding, support email, and checkout success URLs match AIRIN launch copy.
- Set STRIPE_DASHBOARD_SMOKE=passed only after confirmation.

Gate input: `STRIPE_DASHBOARD_SMOKE=passed npm run launch:gate`

## Supabase Auth dashboard proof

Proof: Supabase Auth settings must be manually confirmed because Site URL, OAuth redirects, and email templates live outside git.

- Confirm Site URL, Google OAuth redirect, magic-link redirect/templates, and auth sender/domain.
- Verify the deployed auth flow after any dashboard change.
- Set SUPABASE_AUTH_DASHBOARD_SMOKE=passed only after confirmation.

Gate input: `SUPABASE_AUTH_DASHBOARD_SMOKE=passed npm run launch:gate`

## Full launch-ready gate

```bash
BASE_URL=https://airinetwork.com \
LAUNCH_MACHINE_SECRET=<prod-machine-secret> \
PURCHASE_TOKEN=<real-recovery-token> \
ORDER_ID=<real-order-id> \
STRIPE_DASHBOARD_SMOKE=passed \
SUPABASE_AUTH_DASHBOARD_SMOKE=passed \
npm run launch:gate
```

The gate intentionally treats the missing paid purchase proof as a blocker rather than a failure. That keeps product regressions separate from the final live-commerce smoke.
