Ship checklist
Pre-launch verification for AICW-powered apps
Before shipping your AICW-powered app, verify each item in this checklist. Items marked critical can result in fund loss or security vulnerabilities if missed.
Security (critical)
| Check | Why |
|---|
| MPC_WALLET_ID is never in client-side code or logs | Equivalent to exposing a private key |
| MPC_BRIDGE_URL is not publicly accessible | Unauthorized parties could request signatures |
| Environment variables are not committed to git | Check .gitignore includes .env files |
| HTTPS used for all Bridge communication | Prevents man-in-the-middle attacks on signing requests |
| Transfer amount caps enforced server-side | Client-side validation alone can be bypassed |
Operations
| Check | Why |
|---|
| Heartbeat scheduler running and monitored | Missed heartbeat → eventual will execution |
| Agent pubkey has fee buffer | Zero SOL = all operations fail silently |
| Bridge health monitoring in place | Bridge down = no signing possible |
| Will activated with correct beneficiaries | Inactive will means no recovery if agent dies |
| Error alerting configured | Silent failures can cascade |
Testing
| Check | Why |
|---|
| All flows tested on devnet with real transactions | Simulation differs from actual on-chain behavior |
| Tested heartbeat recovery after simulated downtime | Verifies agent can resume after restart |
| Tested transfer failure cases (insufficient balance, dead wallet) | Error handling must work in production |
| Tested will execution in controlled scenario | Understand what happens when agent actually dies |
Documentation
- Document which network and program ID your app uses
- Provide clear error messages for AICW-specific failures
- Link to aicw.ai/docs for protocol reference
- Document your app's transfer limits and business rules
- Include recovery procedures for common failure scenarios