# Master Public Release Gate 7 - Deployment Hardening Date: 2026-06-16 ## Verdict Gate 7 status: **Approved for Gate 8.** This gate does not deploy FieldOps Cloud to a hosted production environment. It adds an explicit deployment-readiness contract and platform-admin visibility so public release cannot proceed with unsafe or missing deployment evidence. ## Implemented - Added `DeploymentReadinessService` to evaluate release evidence for: - production environment mode - disabled debug mode - non-placeholder application secret - explicit non-local production database DSN - disabled demo mode - HTTPS public URL - secure session cookie posture - trusted proxy policy - `public/` document-root boundary - writable runtime logging and retention setting - backup and restore drill timestamps - uptime monitoring and alert target - release/previous-release rollback proof - CI release gate activation - Extended `SystemHealthService` to include deployment readiness in `/platform-admin/health`. - Added a deployment-hardening table to the system health UI. - Updated `.env.example` with the required Gate 7 release-evidence variables. - Added `docs/ROLLBACK_RUNBOOK.md`. - Added regression tests for unsafe production configuration and fully evidenced production configuration. ## Routes Extended - `/platform-admin/health` - `/platform-admin#platform-system-health` No public release, external deploy, background worker, payment provider, or live integration endpoint was enabled. ## Services Created - `DeploymentReadinessService` ## Services Reused - `SystemHealthService` - `SessionCookiePolicy` - `AppEnvironment` - `RbacService` ## Database Changes None. ## Gate 7 Release Evidence Variables - `APP_ENV` - `APP_DEBUG` - `APP_SECRET` - `DB_DSN` - `DEMO_ENABLED` - `FIELDOPS_PUBLIC_URL` - `FIELDOPS_FORCE_SECURE_COOKIES` - `FIELDOPS_TRUSTED_PROXIES` - `FIELDOPS_LOG_DIR` - `FIELDOPS_LOG_RETENTION_DAYS` - `FIELDOPS_BACKUP_VERIFIED_AT` - `FIELDOPS_RESTORE_DRILL_VERIFIED_AT` - `FIELDOPS_UPTIME_MONITOR_URL` - `FIELDOPS_ERROR_ALERT_EMAIL` - `FIELDOPS_ALERT_WEBHOOK_URL` - `FIELDOPS_RELEASE_VERSION` - `FIELDOPS_PREVIOUS_RELEASE_VERSION` - `FIELDOPS_ROLLBACK_RUNBOOK_URL` - `FIELDOPS_CI_RELEASE_GATE` ## Verification | Check | Result | | --- | --- | | `php tests/run.php` | PASS | | Workspace `composer check` | PASS | | XAMPP `tools/browser-smoke.cjs` | PASS, `failureCount=0` | | XAMPP `tools/role-walkthrough.cjs` | PASS, `failureCount=0`, `scenarioCount=7` | | XAMPP `composer check` | PASS, 117 routes, 208 links, 65 form/action targets, 92 buttons, 0 findings | ## Remaining After Gate 7 - Live provider activation remains blocked until real credentials, encrypted token/key storage, provider webhook endpoints, retry workers, rate limits, audit logs, and owner approval exist. - Live payment capture remains blocked until provider credentials, price IDs, downstream subscription mutation, reconciliation, and payment audit trails are complete. - Android/iOS native build, signing, store metadata, privacy manifest, and physical-device QA remain open. - Accessibility audit remains open. - Large-data and performance gates remain open. - Hosted deployment still requires owner-provided infrastructure values and an actual deployment run; this gate only makes the required evidence testable and visible.