Skip to content
HXES — Heytronix Ecosystem
Journal

Engineering

Pre-GA readiness · the gates we set ourselves

The internal checklist that sits between 'feature complete' and 'generally available'.

2 min read

Shipping software is easy. Shipping software that's genuinely ready for production is a different discipline.

For eQuinox GA — targeted for 7 July 2026 — we defined a set of gates that must all pass before we flip the waitlist to open. This post documents them publicly because we think transparency about readiness criteria matters more than announcing a date and hoping for the best.

Gate 1: Security audit

All three public API routes (/api/contact, /api/waitlist, /api/concierge/lead) pass a manual OWASP Top 10 review. Checklist:

  • Input validation with Zod at the boundary.
  • Rate limiting on all mutation endpoints (Upstash sliding window, 5 req / 10 s per IP).
  • No secrets in client bundles (verified via @next/bundle-analyzer).
  • Security headers (CSP, HSTS, X-Frame-Options, Referrer-Policy) on all routes.
  • Admin routes protected by constant-time token comparison.

Status: In review.

Gate 2: Performance baseline

next build output must show:

  • First Load JS (shared) ≤ 120 kB gzipped.
  • Largest Contentful Paint (LCP) ≤ 2.5 s on a simulated 4G connection (Lighthouse).
  • No layout shift above CLS 0.1.

We run Lighthouse in CI against a production build. Any regression blocks the release.

Gate 3: Closed pilot

Two customer sites run eQuinox in a monitored environment for a minimum of three weeks. We collect:

  • Task completion rate for the six core workflows (raise WO, assign, close, log fault, run checklist, export report).
  • Error rate from server logs.
  • Qualitative feedback from at least four users per site.

Any task completion rate below 90% triggers a design iteration before GA.

Gate 4: Legal sign-off

Our standard Terms of Service, Privacy Policy and Cookie Policy have been reviewed by counsel. Draft banners are removed from the live site.

Gate 5: Observability

Production environment has:

  • Uptime monitoring (5-minute interval, alert to PagerDuty equivalent).
  • Error tracking (Sentry or equivalent) with source maps uploaded.
  • Structured server logs retained for 30 days.

Gate 6: Rollback procedure

A tested rollback procedure exists and has been exercised in staging. We can return to the previous release within 15 minutes of a go/no-go call.

We publish this list because it sets an expectation — for our customers, and for ourselves. If we miss the July 7 date because a gate hasn't passed, we'll say so plainly and give a revised date.

That's the discipline we're holding ourselves to.