Go-Live & Evidence-Pipeline Checklist
Operationalize the live Vercel deploy: finish auth, deploy the validation
service, and start the 30-day evidence clock. Companion to
deployment.md(../deployment.md).
Replace `<PROD_URL>` with the production URL (e.g. `https://metamuseum-sundog358s-projects.vercel.app`
or a custom domain). No trailing slash.
---
1. Vercel — finish the app config
Project → Settings → Environment Variables (Production), then redeploy:
| Var | Value | Why |
|---|---|---|
| `DATABASE_URL` | Neon pooled string | already set |
| `METAMUSEUM_STORAGE_MODE` | `postgres` | already set |
| `AUTH_SECRET` | (already set) | — |
| `BASE_URL` | `<PROD_URL>` | canonical URL, SLO target |
| `METAMUSEUM_PUBLIC_READ_BASE_URL` | `<PROD_URL>` | uptime/probe target |
| `AUTH_GITHUB_ID` | GitHub OAuth app client ID | last preflight blocker; enables sign-in |
| `AUTH_GITHUB_SECRET` | GitHub OAuth app secret | (pair for the above) |
| `VALIDATION_SERVICE_URL` | `https://metamuseum-validation.onrender.com/validate` | after step 2 |
Also: Settings → Deployment Protection → Vercel Authentication → Disabled
(so the public can reach the read-only demo).
GitHub OAuth app: https://github.com/settings/developers → New OAuth App →
Homepage `<PROD_URL>`, callback `<PROD_URL>/api/auth/callback/github`.
---
2. Render — deploy the validation service
The data-quality report (validation) is the literal pilot deliverable, so it's
the priority Python service. `render.yaml` blueprints validation +
reconciliation (+ Redis); the AG2 worker is intentionally excluded.
- Render → New → Blueprint → select this repo (reads `render.yaml`).
- Confirm `metamuseum-validation` builds (`pip install -r requirements.txt`)
and starts (`uvicorn main:APP --host 0.0.0.0 --port $PORT`), health `/health`.
- Copy its URL → set `VALIDATION_SERVICE_URL=https://<svc>.onrender.com/validate`
on Vercel → redeploy.
- (Optional) reconciliation comes up alongside with its Redis cache wired in.
Free Render web services cold-start in ~30–60s; fine for pilots, upgrade for SLAs.
---
3. GitHub Actions — start the evidence clock
The nightly `era-c-exit-gate-evidence.yml` workflow reads these. Set under
Settings → Secrets and variables → Actions.
Variables (Repository variables) — minimum to start k6 + AI evidence
| Variable | Value | Unlocks |
|---|---|---|
| `METAMUSEUM_EVIDENCE_BASE_URL` | `<PROD_URL>` | k6 SLO + AI-query evidence |
| `METAMUSEUM_PUBLIC_READ_BASE_URL` | `<PROD_URL>` | uptime probe target |
| `METAMUSEUM_EVIDENCE_IIIF_TILE_URL` | `<PROD_URL>/icon.jpg` | required gate for the k6 step |
With just those three, the nightly run begins retaining k6 p95 samples and AI
cost telemetry. `SPARQL_URL` defaults to `<PROD_URL>/api/getty/sparql`.
CLI (run once `<PROD_URL>` is known):
gh variable set METAMUSEUM_EVIDENCE_BASE_URL --body "<PROD_URL>"
gh variable set METAMUSEUM_PUBLIC_READ_BASE_URL --body "<PROD_URL>"
gh variable set METAMUSEUM_EVIDENCE_IIIF_TILE_URL --body "<PROD_URL>/icon.jpg"
Still gated (separate workstreams, not just config)
| Evidence | Needs | Note |
|---|---|---|
| Public-read uptime (99.9% / 30d) | `METAMUSEUM_UPTIME_PROMETHEUS_URL` (secret) + `METAMUSEUM_UPTIME_PROMQL_*` vars | requires a Prometheus/monitoring backend scraping the app — infra decision |
| Activity-feed adoption (3/3) | `METAMUSEUM_ACTIVITY_CONSUMER_IDS` | requires 3 real external consumers sending `x-linked-art-consumer-id` — partnerships, not config |
| SOTA §26 KPIs | production export to `monitoring/kpi-evidence.json` | record-enrichment + reconciliation review counts |
---
Sequence
- Set Vercel env vars + GitHub OAuth + disable Deployment Protection → rerun
`pnpm launch:preflight:production` until the `AUTH_GITHUB_ID` failure clears.
- Deploy validation on Render → set `VALIDATION_SERVICE_URL` → redeploy Vercel.
- Set the 3 GitHub evidence variables → the nightly clock starts.
- Decide the uptime-monitoring approach (Prometheus stack) and begin partner
outreach for the 3 activity consumers — these are the long-pole 30-day gates.