K
KoladrDocs
Sign in

Production Checklist

Use this checklist to ensure your Koladr setup is ready for production. Complete each section before your agents start handling real customer actions.

Before You Go Live

Going live means your agents will be taking real actions that affect real customers and real data. This checklist helps you verify that every layer of governance is in place.

Do not skip testing

Even with a complete checklist, run at least one full end-to-end test with realistic data before enabling production traffic. The cost of catching a problem in testing is always lower than catching it in production.

Workspace

  • Workspace name is set to something recognizable to your team
  • Workspace description is filled in (optional but helpful for multi-workspace setups)
  • You are using a dedicated production workspace (not a test workspace)

Team & Roles

  • All team members who need access have been invited
  • Roles are assigned correctly:
    • At least one Admin who can manage configuration
    • Designated Approvers for action review
    • Operators for monitoring and incident response
    • Viewers for stakeholders who need visibility
  • Team members have accepted their invitations and can sign in
  • Approval ownership is agreed (who reviews which action types)

Agents

  • All production agents are registered with clear, descriptive names
  • Agent descriptions are filled in
  • Development and staging agents are registered separately (not mixed with production)
  • Each agent has been tested with at least one successful run

Security

  • API keys are stored in environment variables or a secrets manager
  • API keys are not committed to source control
  • Each environment has its own API key
  • Old or test API keys have been deleted
  • Team members have strong passwords and email verification completed

Policies

  • Policies exist for every action type that carries risk
  • High-value or sensitive actions require approval
  • Actions that should never happen are blocked by policy
  • The default behavior (no matching policy = allow) is acceptable for remaining actions
  • Policies have been tested with realistic action requests
  • Policy names and descriptions are clear enough for audit review

Policy philosophy

When in doubt, require approval. You can always loosen policies later. You cannot undo an action that has already executed.

Connectors

  • Required connectors are configured and tested
  • OAuth tokens are active and not expired
  • API keys for external services are production keys (not test/sandbox keys)
  • Each connector has been verified with a test action
  • Unused connectors are disconnected

Testing

  • At least one full end-to-end test run has been completed for each agent
  • Test runs include action requests that trigger each policy effect (allow, block, require approval)
  • Approval workflow has been tested: action pending → approver reviews → approve/reject
  • Connector execution has been verified for each action type
  • Error handling has been tested: what happens when the agent errors out?
  • The run timeline accurately reflects the agent's activity

Operations

  • Incident response workflow is documented and agreed with the team
  • Operators know how to find and investigate incidents
  • Approvers know where to review pending actions and the expected response time
  • The dashboard is accessible to all relevant team members
  • Escalation paths are defined (who to contact when something unexpected happens)

Final Review

Before flipping the switch:

  1. Walk through this entire checklist with your team
  2. Run one final end-to-end test with production configuration
  3. Confirm that the approval queue is empty and no test incidents are open
  4. Ensure all team members know the go-live timeline
  5. Start with a small subset of traffic if possible, then ramp up

Gradual rollout

If you can, start by routing a small percentage of your agent's traffic through Koladr and increase gradually. This gives you time to observe, tune policies, and build confidence before full production load.

Next

Troubleshooting

Common questions and how to resolve them