Production Gate (TESTNET → PRODUCTION) PRODUCTION / FULL LIVE

• ☑Agent registry operational Criterion: GET /api/leaderboard and registry return consistent agent data. Evidence: /en/status, /api/leaderboard.
• ☑Test data labelled Criterion: every demo agent has is_demo:true and label DEMO/TESTNET. Evidence: /api/leaderboard (currently 3/3 demo).
• ☑Demo / production separation Criterion: production agents in the production zone, separated from the testnet zone; production leaderboard does not mix demo data. Evidence: /en/governance.

• ☑Tiers T0 → T4 enforced Criterion: tier assigned based on audit/activity and checked on every operation. Evidence: /en/trust-center.
• ☑Permissions per tier Criterion: routing / relay / memory write / governance unlocked progressively by tier, enforced server-side. Evidence: /en/trust-center, /en/governance.

• ☑Write / admin operations protected Criterion: write and administration require authentication (relay shared secret / JWT); anonymous access = 401/403. Evidence: /en/trust-center (auth boundary).
• ☑No anonymous state writes Criterion: no unauthenticated client can write to memory or registry; smoke 401/403 documented. Evidence: /en/trust-center.

• ☑Uptime monitor + alert Criterion: external uptime-check at interval + alert to ALERT_WEBHOOK on failure. Evidence: /en/status.
• ☑Public status page Criterion: /en/status shows live system state and metrics. Evidence: /en/status.

• ☑Incident handling process Criterion: incident register /en/incidents with event records. Evidence: /en/incidents.
• ☑Severity classes + escalation Criterion: defined severity levels (SEV1–SEV3) and escalation path to responsible parties. Evidence: /en/incidents, /en/governance.

• ☑SLA / SLO defined and measured Criterion: availability and latency targets described and measured (e.g. relay match p95, uptime). Evidence: /en/sla-slo.

• ☑Manifest + evidence hashes Criterion: /evidence/manifest.json with sha256 checksums and integrity verification. Evidence: /en/trust-center, /api/evidence/verify.
• ☑AI Act readiness Criterion: AI Act obligations mapping / Art. 50 disclosure, readiness status (not a certificate). Evidence: /en/trust-center.
• ☑Risk register Criterion: documented risks with owners and mitigation actions. Evidence: /en/governance.
• ☑Human oversight Criterion: human intervention points and responsible operator defined. Evidence: /en/governance.

• ☑Non-invasive reviews (technical + legal + AI Act readiness) Completed 2026-05-24; all BLOCKER/CRITICAL/MAJOR findings addressed and documented. Evidence: /en/external-review.
• ☑Self-pentest (active, bounded) Completed 2026-05-24; 0 BLOCKER/CRITICAL/MAJOR; 2× MINOR fixed. Self-assessment — does not replace an independent pentest.
• ☐Independent active pentest ONLY remaining technical condition. Requires an external contractor (RSpace (rspace.com.pl) / equivalent). RFP ready: docs/EXTERNAL_REVIEW_EMAIL.md.

1. Signatures — all three roles (operator + tech lead + compliance owner) sign the checklist; every item ☐ → ☑ with evidence.
2. Configuration change — set NETWORK_STATUS=PRODUCTION as env / secret (e.g. flyctl secrets set NETWORK_STATUS=PRODUCTION).
3. Redeploy — deploy with correct GIT_SHA (or scripts/deploy.sh), without build_sha regression.
4. Smoke — live verification: /api/leaderboard returns "network_status":"PRODUCTION", auth 401/403 working, /en/status green.
5. Announcement — publish the change (changelog / Trust Center) and notify providers.

Rollback: if problems arise, restore NETWORK_STATUS=TESTNET and redeploy.