SERVICE_READINESS — reporting-service

Sibling: DEPLOYMENT_TOPOLOGY · SECURITY_MODEL · OBSERVABILITY · platform anchor: docs/standards/DEFINITION_OF_DONE

A go/no-go checklist for reporting-service before allowing tenant onboarding to a region. Each item references the owning doc; sign-offs are tracked in the platform readiness sheet.

---

1. Architecture & contracts

• Bounded context, aggregates, ports documented — SERVICE_OVERVIEW, DOMAIN_MODEL, APPLICATION_LOGIC.
• OpenAPI 3.1 published & spectral-clean — bin/openapi.yaml.
• Event subjects registered in platform schema registry, ajv compile passes — EVENT_SCHEMAS.
• Decision log entries created/linked: ADR-0003 desktop sync, ADR-0002 multi-tenancy.
• Cross-service ID prefix registry updated — DATA_MODEL §1, docs/standards/NAMING §6.

2. Storage & data

• Migrations idempotent, additive, reviewed — DATA_MODEL §8, MIGRATION_PLAN.
• RLS policies present on all tenant-scoped tables (CI gate green).
• PII fields encrypted (recipient_email_enc) with tenant-scoped DEK; rotation drill executed.
• GCS buckets provisioned per residency with CMEK + lifecycle rules; regulatory bucket has object lock enabled.
• Backups: PITR 14 d enabled; bucket versioning on regulatory bucket.

3. Security

• mTLS internal between BFFs and the API.
• OIDC verification on Pub/Sub push & Cloud Scheduler endpoints.
• Authorization permissions seeded in iam-service (six permissions in SECURITY_MODEL §2).
• Field-level encryption keys provisioned, key rotation runbook exists.
• Secret Manager paths populated for regulatory adapters; no committed secrets (gitleaks clean).
• Threat model walkthrough completed and signed off by security guild.

4. Observability

• Service identity attributes correct in OTel collector.
• All RED metrics emitted (counters & histograms) — OBSERVABILITY §5.
• Dashboards published in Grafana (reporting-overview, reporting-per-tenant, reporting-regulatory).
• Alerts wired to PagerDuty with runbook links.
• Synthetic canary live and passing in every region.
• Audit events flow into audit-service Merkle anchoring.

5. Resilience & performance

• Outbox + inbox tests pass — TESTING_STRATEGY §2.
• Tenant-isolation integration test passes.
• k6 ad-hoc-runs scenario meets p95 ≤ 8 s @ 50 RPS.
• Chaos drills passed (Pub/Sub drop, GCS 5xx, Puppeteer crash) — FAILURE_MODES §2.
• DLQ alarm wired; replay tooling tested in non-prod.
• Circuit breakers tuned and verified (analytics, notification, AI, regulatory adapters).

6. Documentation & ops

• Bundle complete: 17 docs under services/reporting-service/.
• Summary present in docs/03-microservices/reporting-service.md.
• Runbooks for every P1/P2 alert under docs/runbooks/reporting/.
• LOCAL_DEV_SETUP verified with a fresh clone.
• On-call rotation defined; escalation matrix in PagerDuty.

7. Compliance & legal

• Per-jurisdiction regulatory adapter approvals on file (AF police submission, KSA VAT, etc.).
• Retention policies (operational_2y, operational_7y, regulatory_10y_objectlock) enforced via DB CHECK + bucket lifecycle.
• DPIA completed, residency obligations documented per tenant intake — SECURITY_MODEL §9.
• Right-to-erasure flow exercised end-to-end on a synthetic tenant.

8. AI capability gates

• Capabilities registered in ai-orchestrator-service with budgets and allowlists — AI_INTEGRATION §1.
• Off-switch in tenant settings verified to suppress all reporting AI calls.
• HITL flow for drafted templates exercised.
• Prompt content audit confirms no guest PII leaves the service.

9. Sign-offs

Role	Person	Date
Service tech lead
Security guild
Platform SRE
Compliance & legal
Product (reporting)
Tenant lifecycle

A signed copy of this checklist is filed in docs/launch/<service>-readiness-<region>-<date>.md per release.

Cross-references: SERVICE_RISK_REGISTER, MIGRATION_PLAN.