Review Scope
- reproducible builds
- health check coverage
- environment variable safety
- runtime compatibility
Current Render Hardening
render.yaml now includes:
- frozen lockfile install in build command
- explicit health check path:
/api/health - generated secrets for JWT/session in Render
Checklist
- build uses deterministic dependency install
- app exposes reliable health endpoint
- no secrets committed in repository
- production origin and short-link domain configured correctly
Suggested Operational Verification
- deploy latest commit
- verify health endpoint in Render dashboard
- verify short-link redirects and auth-protected routes
- verify background jobs start without runtime errors