← Compliance hub
Secure development lifecycle
Release gates before production Workers deployments.
Maturity increases over time; gaps may exist between policy and automation.
Gates
- Review: Human review for auth, tenancy, and data-path changes.
- Typecheck & tests: TypeScript compile; Vitest for Worker pools where applicable.
- Secrets: No plaintext secrets in repo; Wrangler secrets for prod.
- IaC: Wrangler config changes reviewed alongside code.
Expanded checklist: docs/compliance/SECURE-SDLC.md