# Production Checklist

Checklist ini dipakai untuk menilai apakah `bizone-web` sudah layak masuk staging dan production.

Status yang dipakai:
- `[x]` sudah siap
- `[~]` sebagian / perlu verifikasi lanjutan
- `[ ]` belum siap

## Critical Before Go-Live

- [ ] Meta webhook handshake diuji dengan callback URL publik `https`
- [ ] Meta outbound send diuji dengan `accessToken` dan `phoneNumberId` nyata
- [ ] Meta status callback (`sent`, `delivered`, `read`, `failed`) diverifikasi masuk ke sistem
- [ ] Permission audit selesai untuk role `admin`, `editor`, dan `agent`
- [ ] Secrets production dipindah ke env/secret manager nyata
- [ ] Backup database dan restore drill dibuktikan
- [ ] Staging environment tersedia dan menyerupai production
- [ ] CI/CD deploy flow menjalankan build, migrate, dan smoke test
- [ ] Monitoring dan alerting aktif untuk backend, DB, Redis, webhook, dan queue
- [ ] Full smoke test lintas auth, templates, campaigns, conversations, webhook, dan settings selesai

## Auth And Security

- [x] Login flow aktif
- [x] Refresh token + logout invalidation aktif
- [x] Redis rate limiting untuk login flow aktif
- [x] Forgot password flow aktif
- [x] Reset password flow aktif
- [x] 2FA + recovery codes aktif
- [~] Security notification emails sudah diimplementasikan, belum diuji SMTP end-to-end
- [~] Session management baru `single-session`
- [ ] Multi-device session history
- [ ] Revoke session per device
- [ ] Security event review workflow / alert dashboard

## Users, Roles, Permissions

- [x] Role CRUD tersedia
- [x] Permission guard backend untuk `templates`, `campaigns`, `users`, `roles`
- [~] Fallback permission matrix tersedia untuk `admin`, `editor`, `agent`
- [ ] Audit semua route sensitif lain di backend
- [ ] Role-based test cases untuk `editor` dan `agent`
- [ ] Frontend permission-aware UX yang konsisten

## Templates

- [x] Model database `message_templates`
- [x] Migrasi template aktif
- [x] Template list live dari backend
- [x] Template builder create/edit live
- [x] Search/filter template dasar
- [ ] Delete/archive template
- [ ] Versioning template
- [ ] Approval sync dengan Meta
- [ ] Reject reason sync dari Meta

## Campaigns

- [x] Campaign CRUD internal tersedia
- [x] Campaign create/update memvalidasi template live
- [x] Queue scheduling dasar tersedia
- [~] Campaign delivery/reporting masih dominan internal
- [ ] Campaign form memakai dropdown/source template live
- [ ] Audience resolution yang matang
- [ ] Deduplication tervalidasi
- [ ] Retry policy diaudit end-to-end
- [ ] Delivery tracking real dari Meta diuji live

## Conversations

- [x] Conversation list/detail live
- [x] Reply tersimpan ke DB
- [x] Inbound webhook sync ke inbox
- [x] Assignment dasar tersedia
- [x] Unread/read flow dasar tersedia
- [~] Outbound provider path sudah ada, belum diuji ke Meta real
- [ ] Internal notes
- [ ] Rich agent tooling / SLA / escalation flow

## Webhook And Integrations

- [x] WhatsApp integration settings tersedia
- [x] Verify token flow tersedia
- [x] Signature validation path tersedia
- [x] Webhook retry/replay dasar tersedia
- [x] Callback URL production target sudah ditetapkan: `https://portal.bizone.id/api/webhooks/whatsapp`
- [x] Health check production target sudah ditetapkan: `https://portal.bizone.id/api/health`
- [ ] Provider real test terhadap Meta
- [ ] Failure handling terhadap response Meta nyata tervalidasi
- [ ] Webhook observability yang lebih matang

## Infra And Ops

- [x] Env validation production dasar tersedia
- [x] HTTPS constraints production dasar tersedia
- [x] CORS production config dasar tersedia
- [x] Artefak deploy Debian 12 tersedia di `deploy/debian12`
- [ ] Staging deployment final
- [ ] Reverse proxy/domain setup final
- [ ] Backup/restore SOP terdokumentasi
- [ ] Log aggregation / error tracking
- [ ] Queue monitoring dashboard matang
- [ ] Incident runbook

## Build And Release

- [x] Backend build sukses
- [x] Frontend build sukses
- [x] Prisma migration flow aktif
- [x] Legacy baseline script tersedia
- [ ] Automated deploy pipeline final
- [ ] Post-deploy smoke checks terdokumentasi
- [ ] Rollback strategy terdokumentasi

## Recommended Order

1. Siapkan `staging`.
2. Sambungkan dan uji `Meta` end-to-end.
3. Audit `permissions` untuk semua role.
4. Lengkapi `campaign UI` agar memakai template live.
5. Pasang `monitoring`, `backup`, dan `CI/CD`.
6. Jalankan full smoke test.
7. Baru deploy production.

## Production Targets

- App URL: `https://portal.bizone.id`
- API base URL: `https://portal.bizone.id/api`
- Health check: `https://portal.bizone.id/api/health`
- Meta callback URL: `https://portal.bizone.id/api/webhooks/whatsapp`
- Meta verify token source: env `WEBHOOK_VERIFY_TOKEN`
- Alternate provider webhook URL: `https://portal.bizone.id/api/webhooks/whatsapp/meta`