SOT

SOT Navigator

Deterministic codebase risk artifacts
Back to Release Protection Pack

Release Protection Pack

Pre-flight checklist for a risky release

Use this before a release path depends on scattered build logs, screenshots, device checks, and handoffs. The goal is not perfect coverage. The goal is one readable go, no-go, or unknown decision with evidence behind it.

This checklist is public and safe to use without private access. Commercial onboarding and readiness checks still apply before any private repo review, production access, or paid delivery starts.

What to collect first

  1. The exact release path: branch, build job, artifact, install route, and owner.
  2. The primary platform for this pass: iOS, Android, web, desktop, or one packaged lane.
  3. A short list of critical flows that represent real business risk if they break.
  4. Known environment dependencies: auth, APIs, config, feature flags, and app-store steps.
  5. Existing evidence sources: CI logs, screenshots, video, test output, links, and notes.

Release path checks

  • Build completes from the intended branch or tag.
  • Artifact version matches the planned release identifier.
  • Install/update route is known and reproducible.
  • Rollback or previous-good build is identified.
  • One human owner can say whether the release is blocked.

Critical flow checks

  • App launches cleanly on the target device or environment.
  • Login, selection, purchase, sync, or other top-value flow completes.
  • Failures are visible, not silent.
  • Telemetry or logging exists for the top-risk path.
  • Any untested area is marked unknown, not assumed safe.

Escalate before release when

  • No one can reproduce the release path from current notes.
  • The build passes but install, launch, or update evidence is missing.
  • Critical-flow proof depends on one informal message or memory.
  • Offline, slow-network, or integration-failure behavior is business-critical and untested.
  • The team cannot name the smallest safe cut for this release.

What this checklist is not

  • Not a penetration test, certification, or legal/compliance signoff.
  • Not unlimited device coverage or a full QA replacement.
  • Not a promise that unknowns can be removed without scoped follow-up.
  • Not an excuse to skip release ownership or rollback planning.

Fast decision rule

Go

Release path is reproducible, critical flows are evidenced, and remaining risk is explicit.

No-go

A high-value flow fails, ownership is unclear, or rollback/recovery is not credible.

Unknown

Evidence is incomplete. Mark the gap, keep the scope narrow, and decide whether to test or defer.

Next step if you need help

The safe next move is a limited preview request around one release path and one primary platform, or a review of the sample report if you want to see the output shape first.

Request limited preview Open intake template Review sample report View release pack Review proof bundle