Production Revalidation Runbook
Status: Requires Authorization Audience: Operators Priority: P0
Objective
Validate ProviderFlow packages in production environment after controlled deployment.
Prerequisites
- ✅ Package successfully deployed to production
- ✅ Authorization to perform production validation
- ✅ Access to production evidence
Overview
Production revalidation is a manual process that validates ProviderFlow packages in the production environment. It is requires authorization and is sandbox-only pre-deployment.
When to Use
This runbook is for:
- ⚠️ Production deployment validation (requires authorization)
- ⚠️ Post-deployment verification
- ⚠️ Production evidence collection
This runbook is NOT for:
- ❌ Automated validation
- ❌ Sandbox validation
- ❌ Pre-deployment validation
Authorization Required
⚠️ Production revalidation requires explicit authorization from operators.
Authorization process:
- Submit request to operations team
- Provide justification for production validation
- Await approval
- Perform validation
- Document results
Validation Steps
Step 1: Verify Deployment
Verify package is deployed:
zen package inspect <package-name>
Output includes:
- Package name and version
- Deployment status
- Package visibility (internal/private)
- Validation status
Step 2: Collect Production Evidence
Collect production evidence:
zen package evidence <package-name> --environment=production
Output includes:
- Production trace data
- Production delivery statistics
- Production validation summary
- Production error logs
Step 3: Review Traces
Review production traces:
cat traces/production/<package>/summary.json
Traces include:
- Event ID
- Timestamp
- Event type
- Contract name
- Endpoint name
- Target name
- Status (success/failure)
- Output data
Step 4: Review Delivery Statistics
Review delivery statistics:
cat traces/production/<package>/delivery-stats.json
Statistics include:
- Total events processed
- Successful deliveries
- Failed deliveries
- Success rate
- Average processing time
Step 5: Review Error Logs
Review error logs:
cat traces/production/<package>/errors.json
Errors include:
- Error ID
- Timestamp
- Error type
- Error message
- Event ID
- Remediation steps
Step 6: Validate Against Production Goldens
Compare against production goldens:
zen package validate <package-name> --environment=production --output=json
Validation checks:
- ✅ YAML syntax validation
- ✅ Required field validation
- ✅ Type validation
- ✅ Dependency validation
- ✅ Contract conformance
- ✅ Authentication configuration
- ✅ Event type validation
Step 7: Generate Validation Report
Generate validation report:
zen package evidence <package-name> --environment=production --report
Report includes:
- Validation summary
- Delivery statistics
- Error logs
- Recommendations
- Approval status
Validation Artifacts
Production Traces
Production execution traces:
traces/production/<package>/<event-type>.jsonl
Example:
traces/production/stripe-v2/payment_intent.succeeded.jsonl
Production Delivery Statistics
Delivery statistics:
traces/production/<package>/delivery-stats.json
Example:
traces/production/stripe-v2/delivery-stats.json
Production Error Logs
Error logs:
traces/production/<package>/errors.json
Example:
traces/production/stripe-v2/errors.json
Production Evidence
Production evidence summary:
evidence/<package>/production/summary.json
Example:
evidence/stripe-v2/production/summary.json
Successful Revalidation
Revalidation is successful when:
- ✅ All production traces collected
- ✅ Delivery statistics are acceptable
- ✅ Error rate is low
- ✅ Production goldens match
- ✅ Exit code is 0
- ✅ All validation checks pass
Revalidation Failure
Revalidation fails when:
- ❌ High error rate
- ❌ Delivery failures
- ❌ Goldens don't match
- ❌ Security issues found
- ❌ Exit code is non-zero
Troubleshooting:
- Review error logs
- Check delivery statistics
- Review traces
- Identify root cause
- Fix issues
- Re-validate
Production Readiness Criteria
Must Satisfy
- ✅ Exit code is 0
- ✅ Error rate < 1%
- ✅ Delivery success rate > 99%
- ✅ All production goldens match
- ✅ No security issues found
- ✅ All traces collected
Should Satisfy
- ⚠️ Average processing time < 100ms
- ⚠️ Memory usage is acceptable
- ⚠️ CPU usage is acceptable
- ⚠️ No memory leaks
- ⚠️ No performance degradation
Nice to Have
- 💡 Delivery statistics documented
- 💡 Error patterns identified
- 💡 Recommendations provided
- 💡 Future improvements identified
Production Monitoring
Real-Time Monitoring
Monitor production:
zen status
Output includes:
- Cluster health
- Endpoint status
- Target status
- Recent delivery statistics
- Package validation status
Alerting
Set up alerts for:
- ❌ High error rate (> 5%)
- ❌ Delivery failures (> 10%)
- ❌ High latency (> 500ms)
- ❌ Memory leaks
- ❌ Security issues
Security Considerations
Authentication
All authentication configurations are validated:
zen package validate <package-name> --environment=production
Checks:
- ✅ API key validation
- ✅ Bearer token validation
- ✅ Header-based authentication
- ✅ Authentication boundaries enforced
No Arbitrary Execution
Packages do not execute arbitrary JavaScript or runtime code:
- ✅ Deterministic YAML/DAG processing only
- ✅ No JavaScript execution
- ✅ No arbitrary runtime code
- ✅ No plugins or extensions
Secret Redaction
All secrets are redacted from outputs:
- ✅ API keys redacted
- ✅ Tokens redacted
- ✅ Credentials redacted
- ✅ No secrets in traces
Audit Trail
All operations are logged for audit purposes:
- ✅ Event processing logged
- ✅ Authentication attempts logged
- ✅ Delivery failures logged
- ✅ Errors and warnings logged
Authorization
⚠️ Production revalidation requires explicit authorization from operators.
Authorization process:
- Submit request to operations team
- Provide justification for production validation
- Await approval
- Perform validation
- Document results
Authorization checklist:
- Package is deployed to production
- Authorization is approved
- Timeline is acceptable
- Risk is acceptable
Production Deployment
Controlled Deployment
Production deployment requires:
- ✅ Sandbox validation passes
- ✅ Evidence collected and reviewed
- ⚠️ Controlled deployment to production
- ⚠️ Explicit approval from operators
- ⚠️ Prod revalidation completed
Rollback Plan
If revalidation fails:
- ⚠️ Rollback to previous version
- ⚠️ Investigate root cause
- ⚠️ Fix issues
- ⚠️ Re-deploy with fixes
- ⚠️ Re-validate
Rollback command:
zen package rollback <package-name> --version=<previous-version>
Related
Next: Prod Republish