# 🚀 LAUNCH CHECKLIST — Feb 22-23, 2026

**Target:** Weekend soft launch of rivet.rateright.com.au  
**Owner:** Michael (Rocky) + Builder  
**Status:** DRAFT — Ready for review by Friday Feb 21

---

## 1. DATABASE INTEGRITY

### Supabase Health
- [ ] Verify all tables exist: `profiles`, `companies`, `worker_profiles`, `jobs`, `matches`, `ratings`, `payments`, `notifications`, `conversations`, `conversation_participants`, `messages`
- [ ] Confirm RLS enabled on ALL tables (never disabled)
- [ ] Test auth flow creates profile correctly (signup → profile row)
- [ ] Verify foreign key constraints are intact
- [ ] Check no orphaned rows (matches without jobs, messages without conversations)

### Data Validation
- [ ] Run `SELECT count(*) FROM profiles` — confirm test data is clean or purged
- [ ] Check no test/dummy payment records in `payments` table
- [ ] Verify ABN lookup returns valid data for real ABNs
- [ ] Confirm geocoding works for Sydney suburbs

---

## 2. PAYMENT FLOW (CRITICAL)

### Stripe Integration
- [ ] **Create payment** — `POST /api/payments/create` returns Stripe checkout session
- [ ] **Stripe webhook** — `POST /api/webhooks/stripe` receives and processes events
- [ ] **Payment verify** — `POST /api/payments/verify` confirms payment status
- [ ] **Payment success page** — `/contractor/payment-success` renders correctly
- [ ] Test full flow: post job → match → pay $50 → success page
- [ ] Verify Stripe is in LIVE mode (not test mode)
- [ ] Confirm product: `prod_TwC6PLLwYHVTt3` ($50 AUD flat fee)
- [ ] Confirm price: `price_1SyJinRQ4311dYYb9NmbyYgO`
- [ ] Test webhook with Stripe CLI: `stripe trigger checkout.session.completed`
- [ ] Verify cold-start doesn't break webhook (known issue — resolved per bulletin)

### Edge Cases
- [ ] Payment fails gracefully (cancelled checkout)
- [ ] Double-payment prevention (same match can't be paid twice)
- [ ] Refund flow documented (manual via Stripe dashboard for now)

---

## 3. AUTH & SIGNUP FLOWS

### Worker Signup (60-second target)
- [ ] Method selection → Trade → Experience → Certifications → Phone → Location → Availability → Review → Submit
- [ ] Voice signup path works: VoiceStep → transcription → profile generation
- [ ] Phone verification sends SMS
- [ ] Profile saved to `worker_profiles` + `profiles`
- [ ] Redirect to dashboard after completion

### Contractor Signup
- [ ] Company details captured
- [ ] ABN lookup validates (`/api/abn-lookup`)
- [ ] Profile saved to `companies` + `profiles`
- [ ] Redirect to dashboard / post-job

### Auth Core
- [ ] Login works (email/password)
- [ ] Signup works (email/password)
- [ ] Forgot password sends reset email
- [ ] Reset password flow completes
- [ ] Email verification (`/auth/verify-email`)
- [ ] Auth callback handles all states (`/auth/callback`)
- [ ] Error page renders for auth failures (`/auth/error`)
- [ ] Session persists across page refreshes
- [ ] Logout clears session completely

---

## 4. CORE FEATURES

### Job Posting
- [ ] `/contractor/post-job` — form submits and creates job
- [ ] Voice-to-job posting (`/api/ai/voice-to-job`) — transcribe → generate job
- [ ] AI job generation (`/api/ai/generate-job`) returns valid structure
- [ ] Job appears in worker job listing (`/worker/jobs`)

### Matching
- [ ] `/api/match/find-matches` returns relevant workers
- [ ] Match results display on `/contractor/matches`
- [ ] Sub-5-minute matching (performance target)

### Messaging
- [ ] Start conversation (`/api/messages/start`)
- [ ] Send message (`/api/messages/[id]/send`)
- [ ] View conversations (`/messages`)
- [ ] View individual conversation (`/messages/[conversationId]`)

### Ratings
- [ ] Rate a match (`/rate/[matchId]`)
- [ ] View ratings (`/ratings/[userId]`)
- [ ] `/api/ratings` endpoint works

### Notifications
- [ ] `/notifications` page loads
- [ ] Notifications trigger on key events (new match, message, etc.)

### Worker Browse
- [ ] `/contractor/browse` — lists available workers
- [ ] Filter/search works

---

## 5. MOBILE RESPONSIVENESS (CRITICAL)

Construction workers use phones. Test everything at 375px width.

### Must Test on Mobile
- [ ] Landing page — hero, CTA visible, no horizontal scroll
- [ ] Signup flow — all steps usable with thumbs
- [ ] Dashboard — key info above fold
- [ ] Job posting — form fields large enough for fat fingers
- [ ] Messages — readable, send button accessible
- [ ] Payment — Stripe checkout works in mobile browser
- [ ] Voice recording — microphone permission prompt works

### Specific Checks
- [ ] No horizontal overflow on any page
- [ ] Touch targets ≥ 44px
- [ ] Forms don't zoom on focus (font-size ≥ 16px on inputs)
- [ ] Bottom nav/CTAs not hidden by mobile keyboard
- [ ] Images/logos not broken on small screens

---

## 6. AI FEATURES

- [ ] Voice transcription (`/api/ai/transcribe-voice`) — returns text
- [ ] Voice-to-job (`/api/ai/voice-to-job`) — creates structured job
- [ ] Voice profile parsing (`/api/ai/parse-profile-voice`)
- [ ] Profile generation (`/api/ai/generate-profile`)
- [ ] Voice complete (`/api/ai/voice-complete`)
- [ ] Company research (`/api/ai/research-company`)
- [ ] All AI endpoints handle errors gracefully (API key missing, timeout, etc.)
- [ ] OpenAI API has sufficient credits

---

## 7. ERROR HANDLING

- [ ] `/offline` page exists and renders
- [ ] Error boundaries work: `/auth/error`, `/worker/error`, `/contractor/error`, `/messages/error`, root `/error`
- [ ] 404s render gracefully (`not-found.tsx` pages)
- [ ] Loading states work: dashboard, worker signup, job posting, messages, matches, payment success, contractor signup, profile build
- [ ] API routes return proper error codes (400, 401, 403, 404, 500)
- [ ] CSRF protection on auth routes (`/api/auth/csrf`)

---

## 8. INFRASTRUCTURE

### Server
- [ ] `npm run build` — clean, zero errors
- [ ] App service running: `sudo systemctl status rateright-app`
- [ ] App responding: `curl -s https://rivet.rateright.com.au` returns 200
- [ ] SSL cert valid and not expiring soon
- [ ] Nginx config correct for all routes

### External Services
- [ ] Supabase — reachable, auth working
- [ ] Stripe — live mode, webhook endpoint active
- [ ] OpenAI — API key valid, credits available
- [ ] Resend — email sending works
- [ ] Twilio — SMS delivery working (phone verification)

### Performance
- [ ] Homepage loads < 3s on mobile
- [ ] Dashboard loads < 2s
- [ ] No memory leaks on VPS (check with `free -h`)
- [ ] Disk space sufficient (`df -h`)

---

## 9. LEGAL & COMPLIANCE

- [ ] Terms of Service page renders (`/legal/terms-of-service`)
- [ ] Privacy Policy page renders (`/legal/privacy-policy`)
- [ ] FAQ page renders (`/faq`)
- [ ] Worker onboarding pack available (`/worker/onboarding-pack`)

---

## 10. LAUNCH DAY PROCEDURE

### Pre-Launch (Friday evening)
1. Run full build: `npm run build`
2. Deploy: `sudo systemctl restart rateright-app`
3. Run through this checklist manually
4. Confirm Stripe in live mode
5. Test one real signup + payment end-to-end

### Launch (Saturday morning)
1. Monitor error logs: `sudo journalctl -u rateright-app -f`
2. Watch Stripe dashboard for payments
3. Check Supabase for new signups
4. Be ready to hotfix (Builder on standby)

### If Something Breaks
1. **Auth broken** → Check Supabase status, restart app
2. **Payments broken** → Check Stripe webhook logs, verify endpoint
3. **AI features broken** → Check OpenAI credits, degrade gracefully
4. **App down** → `sudo systemctl restart rateright-app`, check nginx
5. **Database issue** → Check Supabase dashboard, DO NOT modify RLS

---

## ROLLBACK PLAN

If critical issues arise post-launch:

1. **Immediate:** `sudo systemctl restart rateright-app`
2. **Code rollback:** `git log --oneline -5` → `git revert <commit>` → rebuild → restart
3. **Full rollback:** `git checkout <last-known-good-commit>` → rebuild → restart
4. **Nuclear option:** Maintenance page while we fix (swap nginx to static page)

### Last Known Good Commit
- [ ] Record commit hash here before launch: `_______________`

---

*Built by Builder 🔨 | Review by Friday Feb 21 | Launch Feb 22-23*
