Sourcegraph Cody App Production Checklist
The complete checklist for launching your Sourcegraph Cody app. Every check you need before going live, written for non-technical founders.
Sourcegraph Cody-specific concerns
For Cody, the key concern is ensuring that code graph-assisted generation uses the correct abstractions and doesn't inadvertently bypass security or performance layers
Security checklist
Authentication protects all private routes and API endpoints. Input validation on every form and data handler. No API keys or secrets in client-side code. Security headers configured (CSP, HSTS, X-Frame-Options). CORS restricted to your domain. Rate limiting on login and signup endpoints. HTTPS enforced everywhere.
Performance checklist
Images optimized and lazy-loaded. Code splitting implemented. Lighthouse performance score above 80. Database queries have indexes on filtered columns. Pagination on all data lists. Static assets served with cache headers. No unnecessary client-side JavaScript.
Reliability checklist
Error tracking configured (Sentry or similar). Custom error pages for 404 and 500 errors. Error boundaries catch rendering failures gracefully. Loading states on all async operations. Graceful handling of network failures. Health check endpoint for monitoring. Database backups configured.
Full checklist
Security middleware and abstractions used, not bypassed. Authentication and authorization not weakened by refactoring. All call sites of changed APIs updated. Generated tests follow existing test conventions. Performance-critical paths use established caching and batching. Cross-service integration tested, not just unit behavior. Code style matches existing codebase conventions. Deprecation warnings not introduced. Documentation updated for any public API changes. Cross-package impact of changes verified via full test suite. Generated code reviewed by someone familiar with the affected domain. No new technical debt introduced that contradicts existing architecture. Database access goes through the standard data access layer. Logging and metrics added to new code paths. Change reviewed for impact on all downstream consumers
Not sure if you pass?
Our security scan ($19) and code audit ($19) check for all of these issues automatically. Upload your code and get a detailed report within 24 hours. If you need help fixing what we find, our team is here for that too.
Need help with this?
Our team handles deploy & ship for AI-built apps every day. Get a fixed quote within 24 hours.
Start with a self-serve audit
Get a professional review of your app at a fixed price.
Security Scan
Black-box review of your public-facing app. No code access needed.
- OWASP Top 10 checks
- SSL/TLS analysis
- Security headers
- Expert review within 24h
Code Audit
In-depth review of your source code for security, quality, and best practices.
- Security vulnerabilities
- Code quality review
- Dependency audit
- AI pattern analysis
Complete Bundle
Both scans in one package with cross-referenced findings.
- Everything in both products
- Cross-referenced findings
- Unified action plan
100% credited toward any paid service. Start with an audit, then let us fix what we find.
Related guides
How to Deploy Your Sourcegraph Cody-Built App
Step-by-step guide to deploying your Sourcegraph Cody app to production.
Common Bugs in Sourcegraph Cody-Generated Code
The most common bugs we find in Sourcegraph Cody apps and how to fix them.
Security Issues in Sourcegraph Cody Code
Critical security vulnerabilities commonly found in Sourcegraph Cody-generated apps.
Optimizing Sourcegraph Cody-Generated Code for Performance
How to make your Sourcegraph Cody app faster.
Related technologies
Need help with your Sourcegraph Cody app?
Tell us about your project. We'll respond within 24 hours with a clear plan and fixed quote.