Integration
- SDK installed server-side (not in browser)
-
HISTEERIA_API_KEYin secrets manager / env, not git - Separate API keys for dev, staging, prod
-
agent_idvalues are stable and documented -
session_idset for multi-turn conversations -
flush()called in serverless handlers before return -
domainset appropriately per use case
Agent profile
- Production profile created with accurate role and policy description
- API key linked to production profile
- Public profile disabled unless intentionally shared
Observability
- Test decisions visible in Monitoring
- Warmup completed in staging with representative traffic
- Dimension baselines recorded before major releases
- Inbox reviewed by on-call or owner
Privacy & compliance
- No secrets or raw PII in
input,output, ormetadata - Data retention understood for your plan
- Team access limited to need-to-know
Operations
- Key rotation procedure documented
- Alerting path defined (Inbox + Slack/webhook when enabled)
- Runbook for evaluation lag or API outage (agent continues — SDK fails silent)

