CredoCommerce Deployment Checklist Pre-Deployment All environment variables set in Vercel and Railway Supabase RLS policies verified in production DIDKit binary included in Dockerfile and functional Polygon Amoy testnet wallet funded with test MATIC APScheduler Scout job confirmed running (check admin dashboard) Supabase Realtime subscriptions confirmed active in admin dashboard SSL certificates provisioned for all domains CORS configured for production domain only Rate limiting active on /api/support/chat and /api/orders Sentry error tracking confirmed (trigger test error) Smoke test: place a full order through production URL Smoke test: supplier onboard through production URL Environment Variables Frontend (Vercel) NEXT_PUBLIC_SUPABASE_URL= NEXT_PUBLIC_SUPABASE_ANON_KEY= SUPABASE_SERVICE_KEY= NEXT_PUBLIC_API_URL=https://api.credocommerce.io NEXTAUTH_SECRET= NEXTAUTH_URL=https://credocommerce.io Backend (Railway) OPENAI_API_KEY= ANTHROPIC_API_KEY= SUPABASE_URL= SUPABASE_SERVICE_KEY= X402_API_KEY= X402_BASE_URL=https://api.x402.io/v1 DIDKIT_PATH=/usr/local/bin/didkit DID_UNIVERSAL_RESOLVER=https://resolver.identity.foundation ESCROW_WALLET_PRIVATE_KEY= ESCROW_CONTRACT_ADDRESS= ESCROW_NETWORK=polygon-amoy SCOUT_INTERVAL_MINUTES=15 Smoke Test ./scripts/smoke-test.sh https://credocommerce.io https://api.credocommerce.io Rollback # Vercel: revert to previous deployment via dashboard # Railway: redeploy previous Docker image via dashboard # Supabase: restore from automated backup