Skip to main content

SERVICE_READINESS — theme-config-service

Sibling: SERVICE_OVERVIEW · DEPLOYMENT_TOPOLOGY

Platform anchors: docs/standards/DEFINITION_OF_DONE.md · docs/standards/SERVICE_TEMPLATE.md

This is the readiness checklist gating each environment promotion. It must be all-green before promotion to staging and re-verified before promotion to production.

Legend: ✅ done · 🟡 in progress · ⛔ blocking · ➖ N/A

1. Architecture & design

ItemStatusNotes
Service ownership documented (Frontend Platform squad)SERVICE_OVERVIEW
Bounded context registered in 02-enterprise-architecture.md"Theming & Configuration — Supporting"
Domain model approved by chapterDOMAIN_MODEL
API design reviewed by API guild🟡scheduled
Event design reviewed by Eventing guild🟡scheduled
Data model + RLS reviewed by Platform DBA🟡scheduled
Security threat model approved by Security🟡scheduled
AI integration approved by AI architecture review🟡scheduled

2. Build & test

ItemStatusNotes
pnpm run lint clean
pnpm run typecheck cleanstrict mode + noUncheckedIndexedAccess
Unit coverage ≥ 95 % domain, ≥ 90 % applicationenforced in CI
Integration coverage targets metincluding Testcontainers Postgres
HTTP suite covers every endpointper TESTING_STRATEGY §5
OpenAPI lints under platform spectral ruleset
OpenAPI breaking-change check
Event JSON-Schema fixtures + producer/consumer assertions
Cross-tenant isolation test passesrequired by platform DoD
Concurrent publish race test passes
Bundle SHA byte-identity test passesacross Node 22.0/22.x
AI eval suite green at last nightlysuites: palette.contrast, translate.placeholders, content.brand_safety
Load test results within SLO targets🟡run pre-prod

3. Observability

ItemStatusNotes
Structured JSON logging with redaction
Trace + span attributes per the OBSERVABILITY doc
RED + domain metrics emitted
Dashboards committed to repoobservability/dashboards/
Alerts committed to repoobservability/alerts/
Burn-rate + paging policy reviewed by SRE🟡
Runbooks present for every alert
Health endpoints /healthz + /readyz
Cost attribution labels present

4. Security & compliance

ItemStatusNotes
Threat model documentedSECURITY_MODEL §1
RBAC matrix documented + tested
RLS enabled on every tenant-scoped table
tenant_id GUC set on every connectionenforced in repo wrapper
HTML/markdown sanitisation allow-listdompurify with platform allow-list
Asset URL allow-list
Preview-link hardening (256-bit secret, SHA storage, constant-time)
Bundle SHA verification at BFFrequires BFF readiness
Secrets in Secret Manager only
Workload Identity for all GCP API access
Container hardened (distroless, non-root, read-only fs)
Snyk + Trivy scans clean
OWASP ASVS mapping presentsecurity/ASVS_MAPPING.md
AI HITL gating tested

5. Operations

ItemStatusNotes
Cloud Run service definition (Terraform)infrastructure/terraform/services/theme-config-service/
Cloud SQL instance + RO replica provisioned
Memorystore Redis provisioned
GCS bundle bucket provisioned with versioning + lifecycle
Cloud CDN configured with tagged invalidation
Pub/Sub topics + subscriptions + DLQs created
API gateway routes registered
mTLS endpoints reachable from notification-service workload identity
Migration policy documentedMIGRATION_PLAN
Backup + PITR configurednightly + 7d PITR
DR replica + promotion runbook
Quarterly chaos GameDay scheduled🟡first one before launch

6. Cross-service contracts

ConsumerContractStatus
bff-tenant-booking-serviceReads GET /public/themes/:id/published.json
bff-consumer-serviceReads GET /public/themes/by-host/:host/published.json
bff-backoffice-serviceAuthoring REST + AI surfaces
notification-servicemTLS GET /internal/email-theme/:id + theme.email_theme_updated.v1
audit-serviceSubscribes to all theme.* events
analytics-serviceSubscribes to theme.published.v1, theme.tokens_changed.v1
tenant-serviceWe subscribe to tenant.*
file-storage-serviceWe call HEAD per asset; subscribe to media.deleted.v1
ai-orchestrator-serviceWe call its mTLS API
desktop-sync-serviceSync contract
Edge worker (meta-search detail page)Reads CDN bundle

Each cross-service consumer has acknowledged the contract via PR sign-off in the consumer repo.

7. Documentation completeness

DocStatus
docs/03-microservices/theme-config-service.md
services/theme-config-service/SERVICE_OVERVIEW.md
…/DOMAIN_MODEL.md
…/APPLICATION_LOGIC.md
…/API_CONTRACTS.md
…/EVENT_SCHEMAS.md
…/DATA_MODEL.md
…/SYNC_CONTRACT.md
…/AI_INTEGRATION.md
…/SECURITY_MODEL.md
…/OBSERVABILITY.md
…/TESTING_STRATEGY.md
…/DEPLOYMENT_TOPOLOGY.md
…/FAILURE_MODES.md
…/LOCAL_DEV_SETUP.md
…/SERVICE_READINESS.md✅ (this doc)
…/SERVICE_RISK_REGISTER.md
…/MIGRATION_PLAN.md
Runbooks per FAILURE_MODES §4
ADR(s) authored if architectural deviation➖ none required

8. Launch criteria — staging

All of:

  • §2 Build & test fully green.
  • §3 Observability dashboards & alerts deployed.
  • §4 Security review signed off.
  • §5 Operations infra provisioned.
  • §6 Cross-service contracts acknowledged by every consumer.
  • Soak test on staging ≥ 7 days with no SLO burn > 50 % of budget.

9. Launch criteria — production

All staging criteria plus:

  • Load test results meet DEPLOYMENT_TOPOLOGY §8 targets.
  • Chaos GameDay run with no sev1/sev2 unmitigated findings.
  • DR drill executed (DB failover + cross-region promotion runbooks).
  • On-call rotation staffed (primary + secondary across 3 time zones).
  • Customer-facing communication ready for first-tenant migration.
  • Two-person production deployment approval recorded.

10. Sunset / sunset-readiness

If this service ever sunsets (e.g. consolidation with tenant-service):

  • Bundle delivery responsibility transferred to the successor service or to a static export.
  • All theme.* event producers transitioned, .v1 deprecated per EVENT_SCHEMAS §5.
  • Data export to the successor; archival of bundle objects to cold storage with 7-year retention.

11. References