# GO/NO-GO Checklist — v2.0.0-public > **Target release** : v2.0.0 public launch (W6 Day 30 per `docs/ROADMAP_V1.0_LAUNCH.md`). > **Audit RC** : v2.0.0-rc1 (Day 28 prod canary). > **Prepared** : W6 Day 26. > **Decision authority** : tech lead + on-call lead must both sign GO. Either one signing NO-GO blocks the launch. This checklist derives from `GO_NO_GO_CHECKLIST_v1.0.0.md` and tightens the bar for the public launch. Every row carries an **evidence link** — commit SHA, dashboard URL, test ID, or the document where the check is defined. Anonymous "trust me" entries are NOT acceptable for v2.0.0. Status legend : - ✅ **GO** : evidence shipped, verified, no follow-up - 🟡 **PENDING** : code/runbook ready, awaiting live-environment verification (soak, deploy, real run). Will flip to GO when the gate clears. - 🔴 **RED** : known blocker, must remediate before launch - ⏳ **TBD** : evidence depends on an external action (vendor sign-off, legal counter-signature) ## 1. Sécurité | Critère | Statut | Preuve | | ---------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------- | | Pentest externe : 0 finding Critique / High ouverte | ⏳ TBD | Day 25 brief delivered (`docs/PENTEST_SCOPE_2026.md`). Engagement async W5-W6 ; report expected by Day 29. | | Pre-flight pentest interne : 0 HIGH | 🟡 PENDING | `docs/SECURITY_PRELAUNCH_AUDIT.md` (W5 Day 21). Manual audit clean ; ZAP + nuclei runs deferred to live staging. | | JWT RS256 en production | ✅ GO | `internal/security/jwt_service.go` — RS256 primary path, HS256 dev fallback only. Validated by `Config.ValidateForEnvironment` rule. | | Aucun secret dans le repo git | ✅ GO | `.env.template` only carries `${VAR}` placeholders ; gitleaks gate in `.github/workflows/security-scan.yml`. | | Secrets management : Ansible Vault encryption | ✅ GO | `infra/ansible/group_vars/all/vault.yml.example` ; assertions in role tasks refuse to ship placeholder values to staging/prod. | | Share-token enumeration fix (W5 Day 21) | ✅ GO | `internal/core/track/track_hls_handler.go` + `track_social_handler.go` — unified 403 ; test asserts the new shape. | | MFA enforced for admin actions | ✅ GO | `RequireMFA()` in admin route chains (DMCA, moderation, platform). Verified by `internal/middleware/mfa_enforcement_test.go`. | | RGPD : export + suppression fonctionnels | ✅ GO | `internal/handlers/gdpr_export_handler.go` + `account_deletion_handler.go` + E2E test. | | TLS termination + Mozilla Intermediate cipher list | 🟡 PENDING | `infra/ansible/roles/haproxy/templates/haproxy.cfg.j2` ships the cipher list ; `haproxy_tls_cert_path` set on prod inventory only at deploy time. | | HLS segments served with Cache-Control immutable | ✅ GO | `internal/handlers/hls_handler.go` + `core/track/track_hls_handler.go` — `max-age=86400, immutable`. | | Embed widget : `html.EscapeString` on every interpolation | ✅ GO | `internal/handlers/embed_handler.go::renderEmbed` — every {title, artist, canonical, streamURL} interpolation wrapped. | | DMCA workflow : 451 playback gate + sworn-statement enforcement | ✅ GO | `core/track/track_hls_handler.go::Stream/DownloadTrack` returns 451 when `track.dmca_blocked` ; handler refuses sworn=false. | ## 2. Stabilité | Critère | Statut | Preuve | | -------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------- | | Uptime ≥ 99.9% sur staging 30 j | 🟡 PENDING | Synthetic monitoring (W5 Day 24) + Prometheus availability SLO in `config/prometheus/slo.yml`. Soak gate. | | Taux 5xx < 0.1% sur staging | 🟡 PENDING | `veza:slo_api_availability:burnrate_*` recording rules + alerts. Soak gate. | | Aucun incident P0 ouvert | ✅ GO | No active P0 in `#incident-response`. Re-confirm at GO call. | | Postgres HA : pg_auto_failover formation tested, RTO < 60 s | ✅ GO | `infra/ansible/roles/postgres_ha/` + `infra/ansible/tests/test_pg_failover.sh` (W2 Day 6). | | Redis Sentinel : promotion < 30 s | ✅ GO | `infra/ansible/roles/redis_sentinel/` + `infra/ansible/tests/test_redis_failover.sh` (W3 Day 11). | | MinIO EC:2 : tolerates 2 simultaneous node losses | ✅ GO | `infra/ansible/roles/minio_distributed/` + `infra/ansible/tests/test_minio_resilience.sh` (W3 Day 12). | | HAProxy LB : sticky WS + 5 s health check + 30 s drain | ✅ GO | `infra/ansible/roles/haproxy/` + `infra/ansible/tests/test_backend_failover.sh` (W4 Day 19). | | pgBackRest dr-drill : weekly, alert on staleness > 8 d | ✅ GO | `infra/ansible/roles/pgbackrest/` + `BackupRestoreDrillFailed`/`Stale` alerts (W2 Day 8). | | Game day #1 documented + 0 silent fail | 🟡 PENDING | Driver + scenarios + session template ready (W5 Day 22). Real session executes Day 28 (game day #2 on prod). | | Game day #2 prod : 5 scenarios green | 🟡 PENDING | Day 28 milestone. Drives via `scripts/security/game-day-driver.sh`. | ## 3. Performance | Critère | Statut | Preuve | | ---------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------- | | p95 API global < 500 ms (1650 VU mixed scenarios) | 🟡 PENDING | `scripts/loadtest/k6_mixed_scenarios.js` thresholds + nightly workflow `.github/workflows/loadtest.yml`. Soak gate : 3 nuits consécutives green. | | Error rate < 0.5% sous charge | 🟡 PENDING | k6 `http_req_failed` threshold. Same soak. | | Lighthouse Performance ≥ 85 | ⏳ TBD | `.lighthouserc.js` assertions present ; LH run requires HTTPS staging. | | Lighthouse Accessibility ≥ 90 | ✅ GO | `.lighthouserc.js` ; targeting score 90 ; ARIA labels in code. | | Lighthouse PWA ≥ 90 | 🟡 PENDING | Service worker shipped (W4 Day 16) ; manifest in place ; needs HTTPS staging. | | Service worker offline cache (HLS segments, 50 entries / 7 d) | ✅ GO | `apps/web/public/sw.js` (W4 Day 16) — `HLS_CACHE_MAX_ENTRIES=50` + `HLS_CACHE_MAX_AGE_MS=7d`. | | HLS ABR par défaut (`HLS_STREAMING=true`) | ✅ GO | `internal/config/config.go:416` — default flipped W4 Day 17. | | Phase-1 edge cache (Nginx proxy_cache fronting MinIO) | ✅ GO | `infra/ansible/roles/nginx_proxy_cache/` + `infra/ansible/tests/test_nginx_cache.sh`. | | OTel tracing wired on 4 hot paths | ✅ GO | `internal/tracing/otlp_exporter.go` + spans in auth.login / track.upload.initiate / payment.webhook / search.query (W2 Day 9). | ## 4. Qualité | Critère | Statut | Preuve | | ---------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------- | | Coverage tests ≥ 70% (Go + Rust + TS) | ✅ GO | `backend-ci.yml` threshold 70% ; coverage badge in README. | | 0 linting error (golangci-lint + ESLint + clippy) | ✅ GO | `make lint` clean ; CI gate. | | CI verte depuis 2 semaines consécutives | 🟡 PENDING | Forgejo Actions history. Soak gate. | | TS strict + `noUncheckedIndexedAccess` | ✅ GO | `apps/web/tsconfig.json`. | | E2E Playwright `@critical` green sur PR + nightly full | 🟡 PENDING | `.github/workflows/e2e.yml` ; nightly cron 03:00 UTC. | | Synthetic monitoring 6 parcours green sur 24 h | 🟡 PENDING | `infra/ansible/roles/blackbox_exporter/` + `config/prometheus/blackbox_targets.yml` (W5 Day 24). Soak gate. | | go-fuzz nightly | ✅ GO | `.github/workflows/go-fuzz.yml`. | | Trivy fs scan in CI | ✅ GO | `.github/workflows/trivy-fs.yml`. | ## 5. Éthique (obligatoire) | Critère | Statut | Preuve | | -------------------------------------------------------------------- | ------ | ------------------------------------------------------------------------------------------------------- | | Audit UX anti-dark-patterns | ✅ GO | `veza-docs/ORIGIN/ORIGIN_UI_UX_SYSTEM.md` §13 ; CLAUDE.md règle #5 ; no FOMO/popularity counters/etc. | | Métriques de popularité publiques absentes | ✅ GO | `internal/models/track.go:48-49` — `play_count`/`like_count` are JSON-hidden (creator analytics only). | | Aucune donnée comportementale revendue | ✅ GO | No tracking tiers ; analytics on-cluster only. | | Aucun module IA recommandation | ✅ GO | CLAUDE.md règle #1 ; F456-F470 explicitly removed ; no `tensorflow`/`pytorch`/`sklearn`/etc. imports. | | Aucun module blockchain / Web3 | ✅ GO | CLAUDE.md règle #2 ; F491-F500 removed. | | Aucune gamification (XP, streaks, leaderboards, badges) | ✅ GO | CLAUDE.md règle #3 ; F536-F550 removed. | | Feed chronologique (pas algo comportemental) | ✅ GO | CLAUDE.md règle #7. | | Découverte par tags/genres déclaratifs | ✅ GO | `internal/handlers/search_handlers.go` + `FacetSidebar.tsx` (W4 Day 18). | | Politique de confidentialité RGPD publiée | ✅ GO | `docs/PRIVACY_POLICY.md`. | | Conditions générales (ToS) publiées + signées par le légal | ⏳ TBD | EX-1 (avocat brief). Required before public launch ; tech sign-off blocked on legal counter-signature. | | DMCA workflow opérationnel | ✅ GO | `internal/handlers/dmca_handler.go` + `migrations/988_dmca_notices.sql` + admin queue (W3 Day 14). | | DMCA agent désigné (US Copyright Office registration) | ⏳ TBD | EX-3 (DMCA agent). Required for safe-harbor protection. | | CDN choice respects no-tracking ethos | ✅ GO | Phase-1 self-hosted Nginx ; Bunny.net wired but disabled (`CDN_ENABLED=false` default). Doc : `docs/SECURITY_PRELAUNCH_AUDIT.md` + W3 Day 13 commit. | ## 6. Business | Critère | Statut | Preuve | | -------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------- | | Flux paiement E2E avec vrais fonds | 🟡 PENDING | Day 27 milestone. Stripe live + Hyperswitch live activated, real 5 € purchase, refund tested. Report : `docs/PAYMENT_E2E_LIVE_REPORT.md`. | | KYC vendeur testé E2E | 🟡 PENDING | EX-9 (Stripe Connect KYC). Day 27. | | Webhook Hyperswitch signature validation | ✅ GO | `internal/services/hyperswitch/webhook_subscription.go` — HMAC + timestamp. | | Subscription state machine (`pending_payment` → `active`/`expired`) | ✅ GO | v1.0.9 W1 Days 1-3 (Item G phases 1-3). Migrations 980, 986, 987 ; `internal/core/subscription/service.go`. | | Marketplace pre-listen 30 s (creator opt-in) | ✅ GO | `migrations/989_products_preview_enabled.sql` + `core/marketplace/models.go::PreviewEnabled` (W4 Day 17). | | Track share tokens fonctionnels | ✅ GO | Existing pre-Day 15 + audit-cleared in W5 Day 21. | | Embed widget + oEmbed for unfurlers | ✅ GO | `internal/handlers/embed_handler.go` (W3 Day 15). | | Distribution to external platforms | 🟡 PENDING | `internal/services/distribution/` + routes_distribution.go ; soft-launch validation needed. | | Support accessible (`/support` page + handler) | ✅ GO | Existing. | | Status page publique | ✅ GO | `/api/v1/status` reused for Cachet/statuspage.io feed (W5 Day 24). | | Soft launch beta : 50+ testeurs onboardés, < 3 HIGH issues | 🟡 PENDING | Day 29 milestone. Report : `docs/SOFT_LAUNCH_BETA_2026.md`. | ## Summary | Section | ✅ GO | 🟡 PENDING | ⏳ TBD | 🔴 RED | |--------------|------|-----------|--------|--------| | Sécurité | 9 | 2 | 1 | 0 | | Stabilité | 7 | 3 | 0 | 0 | | Performance | 6 | 3 | 1 | 0 | | Qualité | 6 | 2 | 0 | 0 | | Éthique | 11 | 0 | 2 | 0 | | Business | 7 | 4 | 0 | 0 | | **Total** | **46** | **14** | **4** | **0** | **🔴 RED items count = 0.** Acceptance gate (≤ 3 RED items, all remediable by Day 28) ✓. The 14 🟡 PENDING items break down into : - **Soak windows** (8 items) : 30 d uptime, 5xx rate, k6 nightly × 3, synthetic 24 h, CI green 2 weeks, E2E nightly, distribution validation. These flip to GO automatically when the timer expires + the metric stays under threshold. - **Deploy-time milestones** (4 items) : prod canary deploy, prod game day #2, soft launch, real payment E2E. Days 27-29 of W6. - **External-action gated** (2 items) : Lighthouse runs against HTTPS staging (deployment milestone), TLS cert mounted on the haproxy role (deployment milestone). The 4 ⏳ TBD items are external dependencies the engineering team can't unblock unilaterally : - Pentest external report (vendor sign-off) - Lighthouse runs (HTTPS staging deployment) - ToS legal counter-signature (avocat — EX-1) - DMCA agent registration (EX-3) ## Decision protocol 1. **Day 26 (today)** : every row marked. Tech lead + on-call lead read every row. 2. **Day 27** : remediate 🟡 PENDING items that can be cleared via deploy-time runs (e.g. real payment E2E, prod canary). Day 27 fills the canary deploy + soak gate. 3. **Day 28** : prod canary + game day #2. End-of-day re-read of the checklist ; flip 🟡 → ✅ for items whose soaks completed. 4. **Day 29** : soft launch beta. Final 🟡 → ✅ flips. Any new 🔴 (e.g. real-traffic regression caught by beta) blocks Day 30. 5. **Day 30 morning** : final pre-launch read. ALL rows must be ✅ GO or ⏳ TBD with a documented exception. Any 🟡 PENDING still hanging = NO-GO ; the launch slips. 6. **Day 30 afternoon** : if GO, `git tag v2.0.0` ; if NO-GO, communicate the slip + the unblocking criterion. ## Sign-off | Role | Name | Decision (GO / NO-GO / ABSTAIN) | Date / Signature | | ------------- | ---------------- | ------------------------------- | ---------------- | | Tech lead | _to fill_ | | | | On-call lead | _to fill_ | | | | Product lead | _to fill_ | | | | Legal (ToS) | _to fill_ | | | A NO-GO from any of the 4 above blocks the launch. Tech and on-call have veto power without explanation ; product and legal must justify a NO-GO with a written reason. ## What this checklist replaces - `docs/GO_NO_GO_CHECKLIST_v1.0.0.md` (March 2026 release). Kept on disk for historical context but superseded by this doc for v2.0.0-public. ## Related documents - `docs/ROADMAP_V1.0_LAUNCH.md` — the 6-week sprint that produced v1.0.9 - `docs/SECURITY_PRELAUNCH_AUDIT.md` — internal audit findings (W5 Day 21) - `docs/PENTEST_SCOPE_2026.md` — external pentest brief (W5 Day 25) - `docs/CANARY_RELEASE.md` — the deploy recipe used Day 28 - `docs/PERFORMANCE_BASELINE.md` — k6 thresholds + soak methodology (W4 Day 20) - `docs/runbooks/game-days/2026-W5-game-day-1.md` — game day session template