veza/docs/GO_NO_GO_CHECKLIST_v2.0.0_PUBLIC.md

GO/NO-GO Checklist — v2.0.0-public

Target release : v2.0.0 public launch (W6 Day 30 per docs/ROADMAP_V1.0_LAUNCH.md). Audit RC : v2.0.0-rc1 (Day 28 prod canary). Prepared : W6 Day 26. Decision authority : tech lead + on-call lead must both sign GO. Either one signing NO-GO blocks the launch.

This checklist derives from GO_NO_GO_CHECKLIST_v1.0.0.md and tightens the bar for the public launch. Every row carries an evidence link — commit SHA, dashboard URL, test ID, or the document where the check is defined. Anonymous "trust me" entries are NOT acceptable for v2.0.0.

Status legend :

• ✅ GO : evidence shipped, verified, no follow-up
• 🟡 PENDING : code/runbook ready, awaiting live-environment verification (soak, deploy, real run). Will flip to GO when the gate clears.
• 🔴 RED : known blocker, must remediate before launch
• ⏳ TBD : evidence depends on an external action (vendor sign-off, legal counter-signature)

1. Sécurité

Critère	Statut	Preuve
Pentest externe : 0 finding Critique / High ouverte	⏳ TBD	Day 25 brief delivered (docs/PENTEST_SCOPE_2026.md). Engagement async W5-W6 ; report expected by Day 29.
Pre-flight pentest interne : 0 HIGH	🟡 PENDING	docs/SECURITY_PRELAUNCH_AUDIT.md (W5 Day 21). Manual audit clean ; ZAP + nuclei runs deferred to live staging.
JWT RS256 en production	✅ GO	internal/security/jwt_service.go — RS256 primary path, HS256 dev fallback only. Validated by Config.ValidateForEnvironment rule.
Aucun secret dans le repo git	✅ GO	.env.template only carries ${VAR} placeholders ; gitleaks gate in .github/workflows/security-scan.yml.
Secrets management : Ansible Vault encryption	✅ GO	infra/ansible/group_vars/all/vault.yml.example ; assertions in role tasks refuse to ship placeholder values to staging/prod.
Share-token enumeration fix (W5 Day 21)	✅ GO	internal/core/track/track_hls_handler.go + track_social_handler.go — unified 403 ; test asserts the new shape.
MFA enforced for admin actions	✅ GO	RequireMFA() in admin route chains (DMCA, moderation, platform). Verified by internal/middleware/mfa_enforcement_test.go.
RGPD : export + suppression fonctionnels	✅ GO	internal/handlers/gdpr_export_handler.go + account_deletion_handler.go + E2E test.
TLS termination + Mozilla Intermediate cipher list	🟡 PENDING	infra/ansible/roles/haproxy/templates/haproxy.cfg.j2 ships the cipher list ; haproxy_tls_cert_path set on prod inventory only at deploy time.
HLS segments served with Cache-Control immutable	✅ GO	internal/handlers/hls_handler.go + core/track/track_hls_handler.go — max-age=86400, immutable.
Embed widget : html.EscapeString on every interpolation	✅ GO	internal/handlers/embed_handler.go::renderEmbed — every {title, artist, canonical, streamURL} interpolation wrapped.
DMCA workflow : 451 playback gate + sworn-statement enforcement	✅ GO	core/track/track_hls_handler.go::Stream/DownloadTrack returns 451 when track.dmca_blocked ; handler refuses sworn=false.

2. Stabilité

Critère	Statut	Preuve
Uptime ≥ 99.9% sur staging 30 j	🟡 PENDING	Synthetic monitoring (W5 Day 24) + Prometheus availability SLO in config/prometheus/slo.yml. Soak gate.
Taux 5xx < 0.1% sur staging	🟡 PENDING	veza:slo_api_availability:burnrate_* recording rules + alerts. Soak gate.
Aucun incident P0 ouvert	✅ GO	No active P0 in #incident-response. Re-confirm at GO call.
Postgres HA : pg_auto_failover formation tested, RTO < 60 s	✅ GO	infra/ansible/roles/postgres_ha/ + infra/ansible/tests/test_pg_failover.sh (W2 Day 6).
Redis Sentinel : promotion < 30 s	✅ GO	infra/ansible/roles/redis_sentinel/ + infra/ansible/tests/test_redis_failover.sh (W3 Day 11).
MinIO EC:2 : tolerates 2 simultaneous node losses	✅ GO	infra/ansible/roles/minio_distributed/ + infra/ansible/tests/test_minio_resilience.sh (W3 Day 12).
HAProxy LB : sticky WS + 5 s health check + 30 s drain	✅ GO	infra/ansible/roles/haproxy/ + infra/ansible/tests/test_backend_failover.sh (W4 Day 19).
pgBackRest dr-drill : weekly, alert on staleness > 8 d	✅ GO	infra/ansible/roles/pgbackrest/ + BackupRestoreDrillFailed/Stale alerts (W2 Day 8).
Game day #1 documented + 0 silent fail	🟡 PENDING	Driver + scenarios + session template ready (W5 Day 22). Real session executes Day 28 (game day #2 on prod).
Game day #2 prod : 5 scenarios green	🟡 PENDING	Day 28 milestone. Drives via scripts/security/game-day-driver.sh.

3. Performance

Critère	Statut	Preuve
p95 API global < 500 ms (1650 VU mixed scenarios)	🟡 PENDING	scripts/loadtest/k6_mixed_scenarios.js thresholds + nightly workflow .github/workflows/loadtest.yml. Soak gate : 3 nuits consécutives green.
Error rate < 0.5% sous charge	🟡 PENDING	k6 http_req_failed threshold. Same soak.
Lighthouse Performance ≥ 85	⏳ TBD	.lighthouserc.js assertions present ; LH run requires HTTPS staging.
Lighthouse Accessibility ≥ 90	✅ GO	.lighthouserc.js ; targeting score 90 ; ARIA labels in code.
Lighthouse PWA ≥ 90	🟡 PENDING	Service worker shipped (W4 Day 16) ; manifest in place ; needs HTTPS staging.
Service worker offline cache (HLS segments, 50 entries / 7 d)	✅ GO	apps/web/public/sw.js (W4 Day 16) — HLS_CACHE_MAX_ENTRIES=50 + HLS_CACHE_MAX_AGE_MS=7d.
HLS ABR par défaut (HLS_STREAMING=true)	✅ GO	internal/config/config.go:416 — default flipped W4 Day 17.
Phase-1 edge cache (Nginx proxy_cache fronting MinIO)	✅ GO	infra/ansible/roles/nginx_proxy_cache/ + infra/ansible/tests/test_nginx_cache.sh.
OTel tracing wired on 4 hot paths	✅ GO	internal/tracing/otlp_exporter.go + spans in auth.login / track.upload.initiate / payment.webhook / search.query (W2 Day 9).

4. Qualité

Critère	Statut	Preuve
Coverage tests ≥ 70% (Go + Rust + TS)	✅ GO	backend-ci.yml threshold 70% ; coverage badge in README.
0 linting error (golangci-lint + ESLint + clippy)	✅ GO	make lint clean ; CI gate.
CI verte depuis 2 semaines consécutives	🟡 PENDING	Forgejo Actions history. Soak gate.
TS strict + noUncheckedIndexedAccess	✅ GO	apps/web/tsconfig.json.
E2E Playwright @critical green sur PR + nightly full	🟡 PENDING	.github/workflows/e2e.yml ; nightly cron 03:00 UTC.
Synthetic monitoring 6 parcours green sur 24 h	🟡 PENDING	infra/ansible/roles/blackbox_exporter/ + config/prometheus/blackbox_targets.yml (W5 Day 24). Soak gate.
go-fuzz nightly	✅ GO	.github/workflows/go-fuzz.yml.
Trivy fs scan in CI	✅ GO	.github/workflows/trivy-fs.yml.

5. Éthique (obligatoire)

Critère	Statut	Preuve
Audit UX anti-dark-patterns	✅ GO	veza-docs/ORIGIN/ORIGIN_UI_UX_SYSTEM.md §13 ; CLAUDE.md règle #5 ; no FOMO/popularity counters/etc.
Métriques de popularité publiques absentes	✅ GO	internal/models/track.go:48-49 — play_count/like_count are JSON-hidden (creator analytics only).
Aucune donnée comportementale revendue	✅ GO	No tracking tiers ; analytics on-cluster only.
Aucun module IA recommandation	✅ GO	CLAUDE.md règle #1 ; F456-F470 explicitly removed ; no tensorflow/pytorch/sklearn/etc. imports.
Aucun module blockchain / Web3	✅ GO	CLAUDE.md règle #2 ; F491-F500 removed.
Aucune gamification (XP, streaks, leaderboards, badges)	✅ GO	CLAUDE.md règle #3 ; F536-F550 removed.
Feed chronologique (pas algo comportemental)	✅ GO	CLAUDE.md règle #7.
Découverte par tags/genres déclaratifs	✅ GO	internal/handlers/search_handlers.go + FacetSidebar.tsx (W4 Day 18).
Politique de confidentialité RGPD publiée	✅ GO	docs/PRIVACY_POLICY.md.
Conditions générales (ToS) publiées + signées par le légal	⏳ TBD	EX-1 (avocat brief). Required before public launch ; tech sign-off blocked on legal counter-signature.
DMCA workflow opérationnel	✅ GO	internal/handlers/dmca_handler.go + migrations/988_dmca_notices.sql + admin queue (W3 Day 14).
DMCA agent désigné (US Copyright Office registration)	⏳ TBD	EX-3 (DMCA agent). Required for safe-harbor protection.
CDN choice respects no-tracking ethos	✅ GO	Phase-1 self-hosted Nginx ; Bunny.net wired but disabled (CDN_ENABLED=false default). Doc : docs/SECURITY_PRELAUNCH_AUDIT.md + W3 Day 13 commit.

6. Business

Critère	Statut	Preuve
Flux paiement E2E avec vrais fonds	🟡 PENDING	Day 27 milestone. Stripe live + Hyperswitch live activated, real 5 € purchase, refund tested. Report : docs/PAYMENT_E2E_LIVE_REPORT.md.
KYC vendeur testé E2E	🟡 PENDING	EX-9 (Stripe Connect KYC). Day 27.
Webhook Hyperswitch signature validation	✅ GO	internal/services/hyperswitch/webhook_subscription.go — HMAC + timestamp.
Subscription state machine (pending_payment → active/expired)	✅ GO	v1.0.9 W1 Days 1-3 (Item G phases 1-3). Migrations 980, 986, 987 ; internal/core/subscription/service.go.
Marketplace pre-listen 30 s (creator opt-in)	✅ GO	migrations/989_products_preview_enabled.sql + core/marketplace/models.go::PreviewEnabled (W4 Day 17).
Track share tokens fonctionnels	✅ GO	Existing pre-Day 15 + audit-cleared in W5 Day 21.
Embed widget + oEmbed for unfurlers	✅ GO	internal/handlers/embed_handler.go (W3 Day 15).
Distribution to external platforms	🟡 PENDING	internal/services/distribution/ + routes_distribution.go ; soft-launch validation needed.
Support accessible (/support page + handler)	✅ GO	Existing.
Status page publique	✅ GO	/api/v1/status reused for Cachet/statuspage.io feed (W5 Day 24).
Soft launch beta : 50+ testeurs onboardés, < 3 HIGH issues	🟡 PENDING	Day 29 milestone. Report : docs/SOFT_LAUNCH_BETA_2026.md.

Summary

Section	✅ GO	🟡 PENDING	⏳ TBD	🔴 RED
Sécurité	9	2	1	0
Stabilité	7	3	0	0
Performance	6	3	1	0
Qualité	6	2	0	0
Éthique	11	0	2	0
Business	7	4	0	0
Total	46	14	4	0

🔴 RED items count = 0. Acceptance gate (≤ 3 RED items, all remediable by Day 28) ✓.

The 14 🟡 PENDING items break down into :

• Soak windows (8 items) : 30 d uptime, 5xx rate, k6 nightly × 3, synthetic 24 h, CI green 2 weeks, E2E nightly, distribution validation. These flip to GO automatically when the timer expires + the metric stays under threshold.
• Deploy-time milestones (4 items) : prod canary deploy, prod game day #2, soft launch, real payment E2E. Days 27-29 of W6.
• External-action gated (2 items) : Lighthouse runs against HTTPS staging (deployment milestone), TLS cert mounted on the haproxy role (deployment milestone).

The 4 ⏳ TBD items are external dependencies the engineering team can't unblock unilaterally :

• Pentest external report (vendor sign-off)
• Lighthouse runs (HTTPS staging deployment)
• ToS legal counter-signature (avocat — EX-1)
• DMCA agent registration (EX-3)

Decision protocol

1. Day 26 (today) : every row marked. Tech lead + on-call lead read every row.
2. Day 27 : remediate 🟡 PENDING items that can be cleared via deploy-time runs (e.g. real payment E2E, prod canary). Day 27 fills the canary deploy + soak gate.
3. Day 28 : prod canary + game day #2. End-of-day re-read of the checklist ; flip 🟡 → ✅ for items whose soaks completed.
4. Day 29 : soft launch beta. Final 🟡 → ✅ flips. Any new 🔴 (e.g. real-traffic regression caught by beta) blocks Day 30.
5. Day 30 morning : final pre-launch read. ALL rows must be ✅ GO or ⏳ TBD with a documented exception. Any 🟡 PENDING still hanging = NO-GO ; the launch slips.
6. Day 30 afternoon : if GO, git tag v2.0.0 ; if NO-GO, communicate the slip + the unblocking criterion.

Sign-off

Role	Name	Decision (GO / NO-GO / ABSTAIN)	Date / Signature
Tech lead	to fill
On-call lead	to fill
Product lead	to fill
Legal (ToS)	to fill

A NO-GO from any of the 4 above blocks the launch. Tech and on-call have veto power without explanation ; product and legal must justify a NO-GO with a written reason.

What this checklist replaces

• docs/GO_NO_GO_CHECKLIST_v1.0.0.md (March 2026 release). Kept on disk for historical context but superseded by this doc for v2.0.0-public.

Related documents

• docs/ROADMAP_V1.0_LAUNCH.md — the 6-week sprint that produced v1.0.9
• docs/SECURITY_PRELAUNCH_AUDIT.md — internal audit findings (W5 Day 21)
• docs/PENTEST_SCOPE_2026.md — external pentest brief (W5 Day 25)
• docs/CANARY_RELEASE.md — the deploy recipe used Day 28
• docs/PERFORMANCE_BASELINE.md — k6 thresholds + soak methodology (W4 Day 20)
• docs/runbooks/game-days/2026-W5-game-day-1.md — game day session template