# Deployment Runbook

**Last reviewed:** 8 July 2026

Deployment should include environment secret checks, Prisma generate, migration review, Next.js build, smoke tests, rollback planning and post-deployment monitoring.

## Operating principles

- Preserve tenant isolation and user authentication.
- Keep claims truthful and aligned with implemented features.
- Protect secrets and high-sensitivity financial records.
- Review changes before production deployment.

## Verification checklist

- Authentication and admin routes remain protected.
- Private app routes are not indexed.
- No secrets are exposed in logs, client code or documentation.
- HMRC and filing functionality is described by actual release status.
