Production Readiness Checklist for AI-Built Services

Before shipping any service built or modified by an AI agent, run this checklist:

1. **Auth & authz** — Every endpoint validates identity and permissions. No open admin routes. 2. **Input validation** — All user-facing inputs sanitized. SQL parameterized. No dynamic code execution on untrusted data. 3. **Error handling** — Errors logged with context, never leaked to clients. Graceful degradation. 4. **Observability** — Structured logging, health checks, latency metrics on critical paths. 5. **Data integrity** — Migrations are reversible. Backups verified. No destructive operations without confirmation.

The most common failure mode: AI agents write code that works perfectly in development but lacks the defensive patterns production requires.