Skip to content

Production checklist

Use this checklist as a release gate, not as a substitute for the platform-specific tests.

  • [ ] Wrapper and native artifact are both pinned to SDK 1.0.0.
  • [ ] The package contains only supported target architectures.
  • [ ] Production API key and consent configuration are supplied through the approved onboarding channel.
  • [ ] Debug logging is disabled unless support explicitly requested it.
  • [ ] No runtime token, consent receipt, private signing key, or full service response is embedded or logged.
  • [ ] Accept, decline, cancel, expired receipt, mismatched receipt, and revoke states have intentional product behavior.
  • [ ] The SDK is never created after a non-accepted result.
  • [ ] A persistent revoke control is available from application settings.
  • [ ] Rewards are granted according to product policy and not merely because connect() returned.
  • [ ] Consent copy and version match the configuration shipped with the package.
  • [ ] One component clearly owns each SDK instance.
  • [ ] Online state is driven by connected/disconnected events or isOnline.
  • [ ] Disconnect, final close/free/dispose, and app shutdown paths are deterministic.
  • [ ] No SDK method is called after the terminal release operation.
  • [ ] Network interruption and reconnection were tested on real target devices.
  • [ ] Background behavior was tested with the screen off, app minimized, and OS restrictions active.
  • [ ] Android notification permission and foreground-service policy were reviewed when background mode is enabled.
  • [ ] iOS behavior assumes normal OS suspension and does not promise continuous background operation.
  • [ ] Electron keeps SDK ownership in the main process and exposes only minimal state over validated IPC.
  • [ ] Native callbacks are marshalled safely before touching UI or managed runtime state.
  • [ ] Sanitized connected/disconnected events, error categories, and SDK version are available to telemetry.
  • [ ] Support can identify wrapper/native filenames, OS, architecture, ABI, and lifecycle order without receiving secrets.
  • [ ] A rollback plan removes or disables SDK startup without corrupting stored consent state.

Run the complete integration test matrix before approving release.