Command center for reality execution

Launch readiness

XapiX production checklist

This page separates demo-ready systems from production integrations that require real credentials, vendors, and legal sign-off.

Demo ready

Health endpoint

/api/health

Readiness endpoint

/api/ready

OpenAPI contract

/api/openapi

Launch checklist

Area	Status	Notes
Branding	Complete	XapiX naming, metadata, docs, API examples, and package name updated.
Health checks	Complete	GET /api/health and GET /api/ready are implemented for deployment monitors.
API docs	Complete	GET /api/openapi returns machine-readable OpenAPI contract.
Security headers	Complete	Middleware applies frame, content-type, referrer, permissions, request-id, and rate-limit policy headers.
Vercel config	Complete	vercel.json defines install/build commands, output directory, preferred region, and health cron.
Prisma migration	Complete	Initial migration SQL exists for prisma migrate deploy.
SEO/PWA basics	Complete	robots, sitemap, manifest, app icon, loading state, and error boundary are implemented.
Guided journey	Complete	/demo gives investors and testers a clear path through the product.
Pricing	Complete	Client-paid dynamic commission and surcharges are reflected in UX and API fee calculations.
Agent onboarding	Complete	AI-agent registration flow and POST /api/agents are implemented with safety agreement and risk scoring.
Compliance	Complete	Legal, cookie consent, fraud, moderation, audit, and operator protection surfaces exist.
Persistence	Needs env	Prisma schema is ready. Production needs DATABASE_URL and migration workflow.
Auth provider	Needs integration	Demo auth exists. Production should connect a real identity provider before public launch.
Payments	Needs provider	MVP uses payments-disabled / pending-settlement language. Production should connect an approved external payment or escrow provider before collecting funds.

Environment contract

DATABASE_URL

PostgreSQL or Supabase connection string for production data.

NEXTAUTH_SECRET

Long random secret for production authentication.

NEXT_PUBLIC_APP_URL

Public application URL used in webhooks, links, and API docs.

XAPIX_API_SIGNING_SECRET

Secret for signed AI-agent requests and webhook verification.

XAPIX_ENCRYPTION_KEY

Encryption key for API keys, tokens, and sensitive integration secrets.

PAYMENTS_MODE

payments_disabled, pending_settlement, or external_provider for payment-copy and release controls.

SANCTIONS_SCREENING_PROVIDER

Provider name or internal workflow used for sanctions and restricted-jurisdiction screening.

COOKIE_CONSENT_VERSION

Version label for cookie consent records and banner changes.

Recommended launch sequence

1Connect production Postgres or Supabase and run Prisma migrations.

2Replace demo auth with a real identity provider and role-permission enforcement.

3Connect an approved external payment or escrow provider, payout rails, sanctions screening, and fraud review holds.

4Set signing/encryption secrets, rotate demo keys, and enforce signed AI-agent requests.

5Run counsel review for legal policies, operator agreement, and payment terms.

6Deploy to Vercel with /api/health, /api/ready, and /api/openapi monitored.

Open API contract

Area

Status

Notes

Branding

Complete

XapiX naming, metadata, docs, API examples, and package name updated.

Health checks

Complete

GET /api/health and GET /api/ready are implemented for deployment monitors.

API docs

Complete

GET /api/openapi returns machine-readable OpenAPI contract.

Security headers

Complete

Middleware applies frame, content-type, referrer, permissions, request-id, and rate-limit policy headers.

Vercel config

Complete

vercel.json defines install/build commands, output directory, preferred region, and health cron.

Prisma migration

Complete

Initial migration SQL exists for prisma migrate deploy.

SEO/PWA basics

Complete

robots, sitemap, manifest, app icon, loading state, and error boundary are implemented.

Guided journey

Complete

/demo gives investors and testers a clear path through the product.

Pricing

Complete

Client-paid dynamic commission and surcharges are reflected in UX and API fee calculations.

Agent onboarding

Complete

AI-agent registration flow and POST /api/agents are implemented with safety agreement and risk scoring.

Compliance

Complete

Legal, cookie consent, fraud, moderation, audit, and operator protection surfaces exist.

Persistence

Needs env

Prisma schema is ready. Production needs DATABASE_URL and migration workflow.

Auth provider

Needs integration

Demo auth exists. Production should connect a real identity provider before public launch.

Payments

Needs provider

MVP uses payments-disabled / pending-settlement language. Production should connect an approved external payment or escrow provider before collecting funds.