Files
Rental-operations-platform/docs/PHASE_16_HANDOFF_v1.0.md
T
2026-06-25 20:08:39 -04:00

66 lines
4.5 KiB
Markdown

# Phase 16 Handoff: Final Content Approval and Deployment Preparation
## Handoff status
Phase 15 recommendation: **Not ready for Phase 16**. This handoff exists to make the remaining work explicit, not to imply release approval.
## Artifact identity
- Supplied archive had no Git metadata; final validated commit identifier is **unavailable**.
- Use `PHASE_15_PACKAGE_MANIFEST_v1.0.json` and the delivered ZIP checksum to identify this artifact.
- Phase 16 must commit the exact package and record the immutable commit SHA before release-candidate freeze.
## Evidence package
Review `docs/PHASE_15_IMPLEMENTATION_REPORT_v1.0.md`, `docs/phase15/FINAL_RELEASE_RECOMMENDATION_v1.0.md`, `docs/phase15/DEFECT_REGISTER_v1.0.csv`, `docs/phase15/RELEASE_GATE_MATRIX_v1.0.csv`, `docs/phase15/RISK_ACCEPTANCE_REGISTER_v1.0.csv`, `docs/phase15/COMMAND_MATRIX_v1.0.csv`, and all Phase 15 reports.
## Production configuration inventory
Authoritative inventories remain `.env.example` and the Phase 14 environment, feature-flag, destination, external-service, data-flow, consent, and analytics registries. Production defaults remain blocked. No production credential is included.
## Required engineering validation before freeze
1. Run Node 24.17.0 and pnpm 11.9.0.
2. Run `pnpm install --frozen-lockfile`.
3. Run `pnpm validate`, `pnpm validate:package`, `pnpm format:check`, `pnpm lint`, `pnpm typecheck`, `pnpm test:unit`, `pnpm test:integration`, `pnpm test:security`, `pnpm test:privacy`, and the production build.
4. Install pinned Playwright browsers and run browser, accessibility, and visual suites.
5. Complete manual keyboard, screen-reader, zoom/reflow, forced-colors, reduced-motion, Arabic RTL, and mobile device matrices.
6. Measure performance and bundles against the approved budgets.
7. Rehearse production-like deployment and rollback.
8. Close all Critical/High defects and retest Medium defects.
## Required business and operational approvals
- Final EN/FR/AR copy and native linguistic review
- Claims, evidence, customer logos, testimonials, and product captures
- Legal/privacy/consent text, legal basis, retention, deletion, recipients, and transfers
- Analytics provider, event approval, consent category, DPA, region, retention, and owner
- CRM lead destination, mapping, authentication, duplicate/retry policy, sandbox, monitoring, and owner
- Scheduler and email decisions if enabled
- Production origin, DNS, hosting, cache/security headers, redirects, robots, canonical, and hreflang
- Final logo, social assets, hero/product assets, and performance approval
- Production secrets through an approved secret manager with least privilege and rotation
- Launch owner matrix, launch-day checklist, incident/rollback authority, and post-launch monitoring
## Launch-day checklist
Freeze the approved commit and manifest; verify environment and secret inventory; deploy with production integrations disabled until each gate is approved; run localized route, demo, headers, metadata, analytics/consent, privacy, accessibility, performance, and destination smoke checks; confirm monitoring; record go/no-go decision.
## Post-launch smoke and monitoring checklist
Verify EN/FR/AR pages, light/dark/system, mobile/desktop, demo acceptance semantics, no duplicate leads, no PII in URLs/logs/analytics, CRM/scheduler latency, errors/timeouts/rate limits, consent withdrawal, security headers, canonical/hreflang/robots, Core Web Vitals, and rollback triggers.
## Files Phase 16 may modify
Approved copy/resources, final governed assets, production environment templates without secrets, approved destination/provider adapters, deployment configuration, launch documentation, and targeted tests/evidence.
## Files Phase 16 must not modify without reopening QA
Phase 9 contracts, component behavior, page structure, validation/schema, data flow, consent semantics, analytics event names/properties, integration interfaces, accessibility behavior, RTL/theme/routing foundations, CSP/security controls, or performance-critical loading behavior.
Any change in those areas requires targeted Phase 15 regression and updated evidence before release.
## Definition of done for release
A real commit SHA and manifest identify the candidate; all required commands pass; browser/AT/visual/performance/deployment/rollback evidence is approved; no unresolved Critical or High defect remains without accountable written exception; all production business/legal/operational gates are approved; post-deployment smoke checks pass; monitoring and rollback owners are active.