ENV-001 critical environment-tiers

Production environment exists

Production environment deployed, deployment method documented, visible in CI history

Question to ask

"How is production deployed — does the whole team know?"

Verification guide

Severity: Critical

Check automatically:

  1. Find deployment workflows in CI:

    grep -r -l "production\|prod" .github/workflows/

  2. Check GitHub deployment history:

    gh api repos/{owner}/{repo}/deployments --jq '.[] | select(.environment | test("prod"; "i")) | {env: .environment, ref: .ref, created: .created_at}' | head -20

  3. Check workflow run history for deploy jobs:

    gh run list --limit 20 --json name,conclusion,createdAt,headBranch | jq '.[] | select(.name | test("deploy|prod"; "i"))'

  4. Look for platform config files:

    ls -la vercel.json fly.toml railway.toml render.yaml netlify.toml 2>/dev/null

From CI/deployment history, extract:

  • Which workflow deploys to production
  • What branch/trigger (main, tags, manual)
  • Recent deployment frequency
  • Success/failure rate

Ask user to confirm:

  • Production URL
  • Is the detected deployment method correct?

Pass criteria:

  • Production deployments visible in history
  • Clear deployment trigger identified

Fail criteria:

  • No deployment history found
  • Can't determine how production is deployed

Evidence to capture:

  • Production URL
  • Workflow file path
  • Deployment trigger (branch/tag/manual)
  • Last successful deployment date
  • Platform (detected from config or workflow)

Section

04. Environments

Infrastructure & Setup

← Previous

AUTH-010

Webhooks verify signatures

 Next →

ENV-002

Staging environment exists