Production Republish Runbook
Status: Requires Authorization Audience: Operators Priority: P1
Objective
Republish ProviderFlow packages to production with explicit approval.
Prerequisites
- ✅ Package successfully deployed to production
- ✅ Authorization to perform production republish
- ✅ Change justification documented
- ✅ Rollback plan approved
Overview
Production republish is a manual process that republishes ProviderFlow packages to production. It is requires authorization.
When to Use
This runbook is for:
- ⚠️ Production package updates (requires authorization)
- ⚠️ Production bug fixes (requires authorization)
- ⚠️ Production feature additions (requires authorization)
This runbook is NOT for:
- ❌ Sandbox validation
- ❌ Pre-deployment validation
- ❌ Automated updates
Authorization Required
⚠️ Production republish requires explicit authorization from operators.
Authorization process:
- Submit request to operations team
- Provide change justification
- Document impact
- Await approval
- Perform republish
- Document results
Republish Steps
Step 1: Verify Current Version
Verify current version:
zen package inspect <package-name>
Output includes:
- Package name and version
- Deployment status
- Package visibility (internal/private)
- Validation status
- Current version
Step 2: Document Change
Document the change:
Change information:
- Package name
- Previous version
- New version
- Change description
- Change justification
- Impact assessment
- Rollback plan
Step 3: Review Change Impact
Review change impact:
zen package diff <package-name> --version=<previous-version>
Output includes:
- Differences between versions
- Changed fields
- New fields
- Removed fields
- Breaking changes
Step 4: Approve Rollback Plan
Approve rollback plan:
Rollback plan checklist:
- Rollback command documented
- Rollback process documented
- Rollback verification documented
- Rollback timeline acceptable
Step 5: Perform Republish
Republish package to production:
zen package republish <package-name> --version=<new-version> --yes
Flags:
--version: New version to deploy--yes: Skip confirmation
Expected output:
✅ Package republished successfully
✅ Version: 2.0.0
✅ Environment: production
✅ Deployment status: active
Step 6: Verify Deployment
Verify deployment:
zen package inspect <package-name>
Check:
- ✅ Deployment status is active
- ✅ Version is correct
- ✅ No errors
- ✅ All event types deployed
Step 7: Verify Event Types
Verify event types:
zen package inspect <package-name> --event-types
Check:
- ✅ All event types are deployed
- ✅ No missing event types
- ✅ No extra event types
Step 8: Monitor Initial Traffic
Monitor initial traffic:
zen status --monitor
Monitor:
- Event processing
- Delivery success rate
- Error rate
- Latency
Step 9: Document Results
Document results:
Republish report includes:
- Package name
- Previous version
- New version
- Republish date
- Deployment status
- Event types deployed
- Initial traffic stats
- Error rate
- Success rate
- Recommendations
Republish Exit Codes
| Exit Code | Description |
|---|---|
0 | Republish successful |
1 | General error |
2 | Authentication error |
3 | Validation error |
4 | Authorization error |
Successful Republish
Republish is successful when:
- ✅ Exit code is 0
- ✅ Deployment status is active
- ✅ Version is correct
- ✅ All event types deployed
- ✅ No errors
- ✅ Initial traffic is normal
- ✅ Error rate is low (< 1%)
Republish Failure
Republish fails when:
- ❌ Exit code is non-zero
- ❌ Deployment status is not active
- ❌ Version is incorrect
- ❌ Event types are missing
- ❌ High error rate
- ❌ Delivery failures
Troubleshooting:
- Review error messages
- Check deployment status
- Check event types
- Check logs
- Fix issues
- Re-republish
Rollback Procedure
If republish fails:
Step 1: Rollback
zen package rollback <package-name> --version=<previous-version> --yes
Step 2: Verify Rollback
zen package inspect <package-name>
Check:
- ✅ Deployment status is active
- ✅ Version is correct
- ✅ No errors
Step 3: Investigate
Investigate root cause:
- Review error logs
- Review deployment logs
- Review traffic logs
- Identify failure point
Step 4: Fix Issues
Fix identified issues:
- Fix code/contract issues
- Update tests
- Update documentation
- Update fixtures/goldens
Step 5: Re-Submit
Re-submit for republish:
- Document fix
- Document impact
- Await approval
- Perform republish
Authorization
⚠️ Production republish requires explicit authorization from operators.
Authorization checklist:
- Change justification documented
- Impact assessment completed
- Rollback plan approved
- Timeline is acceptable
- Risk is acceptable
Security Considerations
Authentication
All authentication configurations are validated:
zen package inspect <package-name>
Checks:
- ✅ API key validation
- ✅ Bearer token validation
- ✅ Header-based authentication
- ✅ Authentication boundaries enforced
No Arbitrary Execution
Packages do not execute arbitrary JavaScript or runtime code:
- ✅ Deterministic YAML/DAG processing only
- ✅ No JavaScript execution
- ✅ No arbitrary runtime code
- ✅ No plugins or extensions
Secret Redaction
All secrets are redacted from outputs:
- ✅ API keys redacted
- ✅ Tokens redacted
- ✅ Credentials redacted
- ✅ No secrets in traces
Audit Trail
All operations are logged for audit purposes:
- ✅ Republish operations logged
- ✅ Version changes logged
- ✅ Deployment status logged
- ✅ Error logs logged
Production Monitoring
Real-Time Monitoring
Monitor production:
zen status --monitor
Output includes:
- Event processing
- Delivery success rate
- Error rate
- Latency
Alerting
Set up alerts for:
- ❌ High error rate (> 5%)
- ❌ Delivery failures (> 10%)
- ❌ High latency (> 500ms)
- ❌ Rollback triggers
Related
Next: Real Webhook Validation