Use this checklist before pointing production traffic at Histeeria.

Integration

  • SDK installed server-side (not in browser)
  • HISTEERIA_API_KEY in secrets manager / env, not git
  • Separate API keys for dev, staging, prod
  • agent_id values are stable and documented
  • session_id set for multi-turn conversations
  • flush() called in serverless handlers before return
  • domain set appropriately per use case

Agent profile

  • Production profile created with accurate role and policy description
  • API key linked to production profile
  • Public profile disabled unless intentionally shared

Observability

  • Test decisions visible in Monitoring
  • Warmup completed in staging with representative traffic
  • Dimension baselines recorded before major releases
  • Inbox reviewed by on-call or owner

Privacy & compliance

  • No secrets or raw PII in input, output, or metadata
  • Data retention understood for your plan
  • Team access limited to need-to-know

Operations

  • Key rotation procedure documented
  • Alerting path defined (Inbox + Slack/webhook when enabled)
  • Runbook for evaluation lag or API outage (agent continues — SDK fails silent)