First Production Launch Runbook (No-Migration Track)

This runbook assumes first-ever production deployment for FakeMCP, with no existing production data.

1) Launch policy

• No backward migrations.
• No data backfills.
• No compatibility shims.
• One-time schema bootstrap only on an empty D1 database.
• Production-only environment model (no staging).

2) Config and secret model

• Commit all non-secret Cloudflare settings in /Users/michael/personal/fakemcp-com/infra/config/production.ts.
• Keep only one execution secret: CLOUDFLARE_API_TOKEN.
• Store/sync that token from deploy-ops into Mykybo/fakemcp-com GitHub secrets.
• Set CLOUDFLARE_ZONE_ID as a non-secret GitHub repository variable (32-char zone id).

3) Bootstrap infrastructure (idempotent)

pnpm infra:bootstrap

What it does:

• Ensures D1 database exists.
• Ensures R2 bucket exists.
• Ensures Durable Object namespace exists.
• Applies bootstrap SQL from apps/mcp/migrations/0001_reliability.sql.
• Verifies required reliability tables.
• Upserts managed WAF and rate-limit rules.
• Writes discovered IDs to .infra/production.state.json.
• Renders worker deployment config to .infra/wrangler.*.production.jsonc.

Dry-run:

pnpm infra:bootstrap --dry-run

4) Deploy workers and routing

pnpm infra:deploy

What it does:

• Builds MCP and web workers.
• Deploys MCP worker first, then web worker.
• Upserts same-domain route ownership:
  • /health*, /catalog*, /v1/catalog*, /scenario*, /v1/scenario*, /mcp*, /v1/suites*, /v1/runs*, /v1/replays*, /v1/conformance*, /v1/ops* -> fakemcp-mcp
  • all other paths -> fakemcp-web
• Runs production smoke checks:
  • pnpm smoke:api https://fakemcp.com
  • pnpm smoke:mcp https://fakemcp.com

Dry-run:

pnpm infra:deploy --dry-run

5) Verify infrastructure state

pnpm infra:check

Checks include:

• D1/R2/DO resources exist.
• D1 table set is complete.
• Managed routes match configured ownership.
• Managed WAF + rate-limit rules are present.

6) Merge gates

Before launch, keep these green:

pnpm format:check
pnpm lint
pnpm typecheck
pnpm test
pnpm build
pnpm smoke:api
pnpm smoke:mcp

7) Rollout sequence (single production env)

1. Internal alpha traffic for 2-3 days.
2. Design-partner beta traffic for 1 week.
3. Public release after SLO stability.

8) Observability and alerts

Key counters:

• runs_created, runs_passed, runs_failed
• ci_gate_invocations, ci_gate_failures
• replays_created, replays_opened
• conformance_runs_created
• stateful_sessions_created

Alert thresholds:

• Run creation P95 > 500ms
• Run report retrieval success < 99.5%
• internal_error rate > 1% over 5 minutes