# CannaManage — Launch Checklist

## Pre-Launch (before going live)

### Infrastructure
- [ ] IONOS VPS SSH access configured
- [ ] Docker + Docker Compose installed on VPS
- [ ] Nginx installed + cannamanage.conf symlinked
- [ ] Let's Encrypt TLS certificate for cannamanage.plate-software.de
- [ ] .env production secrets generated (JWT, NextAuth, DB passwords)
- [ ] GPG backup key generated
- [ ] Cron job for daily backup configured
- [ ] Gitea Actions secrets configured (SSH_USER, SSH_PRIVATE_KEY)
- [ ] DNS A record: cannamanage.plate-software.de → VPS IP

### Stripe
- [ ] Stripe account created + verified
- [ ] Products created: Starter (€19/mo), Pro (€49/mo)
- [ ] SEPA + PayPal + Card payment methods enabled
- [ ] Webhook endpoint registered: https://cannamanage.plate-software.de/api/v1/webhooks/stripe
- [ ] Test payment successful (SEPA + Card)
- [ ] AVV (Auftragsverarbeitungsvertrag) signed with Stripe

### Legal
- [ ] Impressum page created
- [ ] Datenschutzerklärung (privacy policy) published
- [ ] AGB (Terms of Service) published
- [ ] DSGVO consent text reviewed by lawyer (recommended)
- [ ] Cookie banner (if analytics added later)

### Security
- [ ] Final Snyk scan — no critical/high findings
- [ ] HTTPS enforced (HTTP → 301 redirect)
- [ ] CSP headers active
- [ ] HSTS enabled
- [ ] Rate limiting configured (Nginx)
- [ ] DB backup tested (restore drill)
- [ ] REVOKE DELETE on audit_events applied in production

### Application
- [ ] docker compose -f docker-compose.prod.yml up -d — all services healthy
- [ ] Flyway migrations V1-V10 applied successfully
- [ ] Admin user created (first club onboarding)
- [ ] Test distribution flow end-to-end
- [ ] PDF report generation works
- [ ] Email sending works (SMTP configured)
- [ ] WebSocket notifications connect

### Monitoring
- [ ] Health check endpoint accessible: /health
- [ ] Uptime monitor configured (UptimeRobot, Hetrix, or cron)
- [ ] Error alerting (email on 5xx errors)
- [ ] Log rotation verified

## Post-Launch (first week)

- [ ] First real club onboarded
- [ ] First distribution recorded
- [ ] Backup restore drill (within first 3 days)
- [ ] Performance baseline established (response times)
- [ ] Stripe live mode activated (after test verification)