Skip to content

🚀 OmniButler Production Readiness Checklist

🔥 HIGH PRIORITY ITEMS (Start Immediately)

1. 🟢 Domain Registration & SSL Setup (1-2 days)

Estimated Time: 1-2 days

Step-by-Step Instructions:

1. Register omnibutler.com domain (DONE) - Use Google Domains, Namecheap, or your preferred registrar - Enable domain privacy protection

2. Set up DNS in Google Cloud DNS 

# Create DNS zone
gcloud dns managed-zones create omnibutler-production \
  --description="Production DNS zone for omnibutler.com" \
  --dns-name="omnibutler.com"

# Get name servers and update at your registrar
gcloud dns managed-zones describe omnibutler-production

3. Configure DNS records 

# Add A record for apex domain (optional)
gcloud dns record-sets transaction start --zone=omnibutler-production
gcloud dns record-sets transaction add YOUR_LOAD_BALANCER_IP \
  --name=omnibutler.com. --ttl=300 --type=A --zone=omnibutler-production

# Add CNAME for app subdomain (Firebase Hosting)
gcloud dns record-sets transaction add app.omnibutler.com.web.app. \
  --name=app.omnibutler.com. --ttl=300 --type=CNAME --zone=omnibutler-production

gcloud dns record-sets transaction execute --zone=omnibutler-production

  1. Set up SSL certificates
  2. Firebase Hosting will auto-generate SSL for app.omnibutler.com
  3. Cloud Run will auto-generate SSL for api.omnibutler.com when you map the domain

Completion Criteria: - [ ] Domain registered and DNS configured - [ ] SSL certificates active for all subdomains - [ ] DNS propagation complete (check with dig omnibutler.com)

2. 🟡 Production GCP Project Setup (1 day)

Estimated Time: 1 day

Step-by-Step Instructions:

  1. Create Production GCP Project 

    # Create project
gcloud projects create omnibutler-production --name="OmniButler Production"

# Set as current project
gcloud config set project omnibutler-production

# Link billing account
gcloud billing projects link omnibutler-production \
  --billing-account=YOUR_BILLING_ACCOUNT_ID

  2. Enable Required APIs 

    gcloud services enable \
  run.googleapis.com \
  cloudbuild.googleapis.com \
  cloudtasks.googleapis.com \
  cloudscheduler.googleapis.com \
  artifactregistry.googleapis.com \
  secretmanager.googleapis.com \
  firebase.googleapis.com \
  firestore.googleapis.com \
  redis.googleapis.com

  3. Create Service Accounts 

    # Deployment service account
gcloud iam service-accounts create github-deployment-production \
  --description="GitHub deployment service account for production" \
  --display-name="GitHub Deployment Production"

# Grant necessary roles
gcloud projects add-iam-policy-binding omnibutler-production \
  --member="serviceAccount:github-deployment-production@omnibutler-production.iam.gserviceaccount.com" \
  --role="roles/run.admin"

gcloud projects add-iam-policy-binding omnibutler-production \
  --member="serviceAccount:github-deployment-production@omnibutler-production.iam.gserviceaccount.com" \
  --role="roles/cloudbuild.builds.editor"

gcloud projects add-iam-policy-binding omnibutler-production \
  --member="serviceAccount:github-deployment-production@omnibutler-production.iam.gserviceaccount.com" \
  --role="roles/secretmanager.secretAccessor"

  4. Create Artifact Registry 

    gcloud artifacts repositories create omnibutler-backend \
  --repository-format=docker \
  --location=europe-west1 \
  --description="Production Docker repository"

  5. Set up Cloud Tasks queues 

    gcloud tasks queues create email-sync-production \
  --location=europe-west1 \
  --max-attempts=5

gcloud tasks queues create transaction-sync-production \
  --location=europe-west1 \
  --max-attempts=5

gcloud tasks queues create whatsapp-messages-production \
  --location=europe-west1 \
  --max-attempts=3 \
  --max-dispatches-per-second=100

Completion Criteria: - [ ] Production GCP project created and configured - [ ] All required APIs enabled - [ ] Service accounts created with proper permissions - [ ] Artifact Registry repository created - [ ] Cloud Tasks queues created

3. 🟡 Production OpenAI & LLM Setup (2-3 days)

Estimated Time: 2-3 days

Step-by-Step Instructions:

  1. Upgrade OpenAI API to Production
  2. Go to https://platform.openai.com/account/billing
  3. Add payment method and set up billing
  4. Create new API key specifically for production

  5. Set usage limits and alerts: 

    Recommended limits for production:
- Hard limit: $200/month initially
- Soft limit: $150/month  
- Email alerts at $100/month

  6. LangSmith Production Setup

  7. Go to https://smith.langchain.com
  8. Create new project: "omnibutler-production"
  9. Generate production API key

  10. Configure project settings for production tracing

  11. TogetherAI Production Setup

  12. Go to https://api.together.xyz/settings/api-keys
  13. Generate production API key

  14. Set up usage monitoring and limits

  15. Store API Keys in Secret Manager 

    # OpenAI
echo "sk-prod-YOUR_PRODUCTION_KEY" | gcloud secrets create openai-api-key-production --data-file=-

# LangSmith
echo "lsv2_pt_YOUR_PRODUCTION_KEY" | gcloud secrets create langsmith-api-key-production --data-file=-

# TogetherAI
echo "YOUR_PRODUCTION_KEY" | gcloud secrets create togetherai-api-key-production --data-file=-

Completion Criteria: - [ ] OpenAI production API key with billing setup - [ ] LangSmith production project and API key - [ ] TogetherAI production API key - [ ] All keys stored in Secret Manager with proper access controls

4. 🟡 Production Firebase Project Setup (2-3 days)

Estimated Time: 2-3 days

Step-by-Step Instructions:

1. Create Production Firebase Project - Go to https://console.firebase.google.com - Click "Create a project" - Project name: "OmniButler Production" - Link to existing GCP project: omnibutler-production

2. Enable Required Services - Authentication (with Google provider) - Firestore Database - Hosting (for frontend)

3. Configure Authentication 

# Enable Google Auth provider
# Go to Authentication > Sign-in method > Google > Enable
# Add authorized domains: omnibutler.com, app.omnibutler.com

4. Set up Firestore - Create Firestore database in native mode - Region: europe-west3 (matches your other services) - Configure security rules for production

5. Configure Hosting 

# Add custom domain
firebase hosting:sites:create omnibutler-production
firebase target:apply hosting production omnibutler-production

# This will require DNS verification

  1. Generate Service Account Key 
    # Create and download service account key
gcloud iam service-accounts keys create firebase-admin-key.json \
  --iam-account=firebase-adminsdk-SERVICE_ID@omnibutler-production.iac.gserviceaccount.com

# Store in Secret Manager
gcloud secrets create firebase-admin-key-production --data-file=firebase-admin-key.json

# Clean up local file
rm firebase-admin-key.json

Completion Criteria: - [ ] Production Firebase project created and linked to GCP - [ ] Authentication configured with production domains - [ ] Firestore database created with production security rules - [ ] Custom domain configured for hosting - [ ] Service account key generated and stored securely

5. 🟢 Plaid Production Environment ✅ COMPLETED

Status: Production access already granted

Next Steps: - [x] Production access confirmed - [ ] Store production credentials in Secret Manager: 

# Store production credentials in Secret Manager
echo "YOUR_PROD_CLIENT_ID" | gcloud secrets create plaid-client-id-production --data-file=-
echo "YOUR_PROD_SECRET" | gcloud secrets create plaid-secret-production --data-file=-
- [ ] Configure production webhook URL: https://api.omnibutler.com/api/v1/plaid/webhook - [ ] Test webhook signature verification - [ ] Integration tested in production environment

6. 🔴 Google OAuth Production Approval (2-6 weeks)

Estimated Time: 2-6 weeks (longest approval process)

Step-by-Step Instructions:

0. Update Legal Documents First (CRITICAL) ✅ COMPLETED July 25, 2025 - ✅ Privacy Policy updated with: - Clear Gmail data usage explanation - Strong security messaging ("We NEVER see bank passwords") - AI limitations disclaimer - EU data hosting emphasis - Proper WhatsApp data collection description - ✅ Terms of Service updated with: - ALL CAPS financial advice disclaimer - Clear Plaid security explanation - AI limitations and accuracy warnings - Family sharing terms (up to 6 members) - Modern arbitration clause with opt-out - ✅ DEPLOYED to https://app.omnibutler.com/privacy-policy and /terms-of-service - Updated documents: /docs/PRIVACY_POLICY_UPDATED.md and /docs/TERMS_OF_SERVICE_UPDATED.md

  1. Prepare OAuth Consent Screen
  2. Go to https://console.cloud.google.com
  3. Select omnibutler-production project

  4. Navigate to APIs & Services > OAuth consent screen

  5. Configure Production Consent Screen 

    Application name: OmniButler
User support email: support@omnibutler.com
Application home page: https://app.omnibutler.com
Application privacy policy: https://app.omnibutler.com/privacy-policy
Application terms of service: https://app.omnibutler.com/terms-of-service
Authorized domains: omnibutler.com

  6. Add Required Scopes 

    Required scopes:
- openid
- email  
- profile
- https://www.googleapis.com/auth/gmail.readonly

  7. Domain Verification 

    # Add domain verification
# Go to Google Search Console
# Add property: omnibutler.com
# Verify ownership via DNS record or HTML file

  8. Submit for Verification

  9. Provide detailed app description
  10. Upload app screenshots/demo video
  11. Explain why you need Gmail access

  12. Submit privacy policy and terms of service links

  13. Create Production OAuth Client 

    # After approval, create OAuth client
# Go to APIs & Services > Credentials > Create OAuth Client ID
# Application type: Web application
# Authorized redirect URIs:
#   - https://app.omnibutler.com/auth/callback
#   - https://omnibutler.com/auth/callback

Completion Criteria: - [ ] Domain ownership verified - [ ] OAuth consent screen configured and submitted - [ ] Gmail API scopes approved - [ ] Production OAuth client created - [ ] Credentials stored in Secret Manager

7. 🔴 WhatsApp Business API Application (2-4 weeks)

Estimated Time: 2-4 weeks (complex approval process)

Step-by-Step Instructions:

  1. Prepare Business Documentation
  2. Business registration certificate
  3. Tax identification documents
  4. Proof of business address
  5. Business bank statement

  6. Website with clear business information

  7. Apply for WhatsApp Business API

  8. Go to https://www.twilio.com/whatsapp
  9. Start WhatsApp Business API application

  10. Or use Facebook Business Manager route:

    • Go to https://business.facebook.com
    • Navigate to WhatsApp Manager
    • Request access to WhatsApp Business API

  11. Complete Business Verification 

    Required Information:
- Legal business name: [Your Business Name]
- Business address: [Physical address]
- Business phone number: [Must be different from WhatsApp number]
- Business website: https://omnibutler.com
- Business description: Personal financial management assistant
- Use case: Customer support and financial notifications

  12. Phone Number Verification

  13. Must be a real phone number (not VoIP)
  14. Cannot be previously used for WhatsApp personal account
  15. Consider getting dedicated business line

  16. Must be able to receive SMS for verification

  17. Business Profile Setup 

    Business Profile:
- Display name: OmniButler
- Category: Financial Services / Technology
- Description: AI-powered personal financial assistant
- Website: https://omnibutler.com
- Business hours
- Profile photo (professional logo)

  18. Template Message Approval

  19. Create template messages for notifications
  20. Submit for approval (each template needs approval)

  21. Examples: 

    Template 1: Account balance alert
Template 2: Transaction notification  
Template 3: Bill reminder

  22. Webhook Configuration 

    # Configure webhook URL
Webhook URL: https://api.omnibutler.com/api/v1/whatsapp/webhook
Verify Token: omnibutler_whatsapp_webhook_token

# Test webhook connectivity
curl -X GET "https://api.omnibutler.com/api/v1/whatsapp/webhook?hub.mode=subscribe&hub.challenge=test&hub.verify_token=omnibutler_whatsapp_webhook_token"

  23. After Approval 

    # Store production credentials
echo "YOUR_PROD_ACCOUNT_SID" | gcloud secrets create twilio-account-sid-production --data-file=-
echo "YOUR_PROD_AUTH_TOKEN" | gcloud secrets create twilio-auth-token-production --data-file=-
echo "YOUR_WHATSAPP_API_TOKEN" | gcloud secrets create whatsapp-api-token-production --data-file=-

Completion Criteria: - [ ] Business verification completed - [ ] WhatsApp Business API access approved - [ ] Production phone number verified and configured - [ ] Business profile approved and live - [ ] Template messages approved - [ ] Webhook configured and tested - [ ] Production credentials stored securely

8. 🟡 User Data Rights Implementation (1-2 weeks)

Features Promised in Privacy Policy/Terms but Need Implementation:

8.1 Data Export Functionality

  • Current: No dedicated data export endpoint found
  • Required: "Download all your data anytime from settings"
  • Implementation Tasks:
  • Create /api/v1/user/export endpoint
  • Export user profile, transactions, emails, settings
  • Support standard formats (JSON, CSV)
  • Include all data from Firestore, Turso, and Redis

8.2 Account Deletion Enhancement

  • Current: Basic account deletion exists in user_bank_accounts.py
  • Required: Complete account deletion with 30-day timeline
  • Implementation Tasks:
  • Create /api/v1/user/delete-account endpoint
  • Delete from all databases (Firestore, Turso, Redis)
  • Implement 30-day grace period with soft delete
  • Delete conversation history immediately
  • Handle family member data properly

8.3 Conversation History Auto-Expiry

  • Current: Redis TTL exists but no user settings
  • Required: "Auto-expires based on your settings"
  • Implementation Tasks:
  • Add conversation retention settings to user profile
  • Create UI for users to configure TTL
  • Implement variable TTL based on user preference
  • Default to 14 days, allow 7-90 day range

8.4 Family Member Management

  • Current: Family sharing exists but limited controls
  • Required: "Revoke access anytime", "Members can leave"
  • Implementation Tasks:
  • Add /api/v1/family/leave endpoint
  • Add /api/v1/family/revoke-member endpoint
  • Implement proper data visibility controls
  • Handle historical shared data on member removal

8.5 Connection Management UI

  • Current: Backend support exists
  • Required: "Disconnect bank accounts instantly"
  • Implementation Tasks:
  • Ensure UI has disconnect buttons for each connection
  • Add Gmail revoke access button
  • Add WhatsApp unlink button
  • Show connection status clearly

8.6 Notifications System

  • Current: Balance alert service exists but not user-facing
  • Required: "Alert you about important financial events"
  • Implementation Tasks:
  • Create notification preferences in user profile
  • Implement email notifications via SendGrid/similar
  • Add in-app notification system
  • Create notification types: balance alerts, large transactions, bills due

8.7 Privacy & Security Features

  • Current: Database isolation exists
  • Required: "24/7 security monitoring", "Report suspicious activity"
  • Implementation Tasks:
  • Implement security event logging
  • Create suspicious activity detection rules
  • Add "Report Issue" feature in app
  • Set up alerting for security events

8.8 Data Correction Features

  • Current: No dedicated correction endpoints
  • Required: "Update incorrect information directly in the app"
  • Implementation Tasks:
  • Allow transaction recategorization
  • Enable custom account names
  • Add notes/tags to transactions
  • Profile information update endpoint

8.9 Subscription & Billing

  • Current: No subscription management found
  • Required: Terms mention tiers, billing, refunds
  • Implementation Tasks:
  • Integrate Stripe for subscription management
  • Implement free tier limits
  • Add upgrade/downgrade flows
  • Handle prorated refunds
  • Implement usage tracking
  • Current: Basic implementation
  • Required: CCPA rights, audit logs
  • Implementation Tasks:
  • Add CCPA request handling workflow
  • Implement comprehensive audit logging
  • Add data retention automation
  • Create compliance dashboard

Estimated Total Time: 3-4 weeks with 2 developers

Priority Order: 1. Data Export (legally required) 2. Account Deletion Enhancement (legally required) 3. Family Member Management (core feature) 4. Subscription & Billing (revenue critical) 5. Notifications (user experience) 6. Other features

📊 Progress Tracking

Quick Wins (Can complete this week)

  • Domain Registration & SSL Setup
  • Production GCP Project Setup
  • Production OpenAI & LLM Setup
  • Production Firebase Project Setup

Medium Term (2-4 weeks)

  • Plaid Production Environment (Already have access)
  • Google OAuth Production Approval (Application submitted)
  • WhatsApp Business API Application (Start immediately!)

Long Term Dependencies

  • All external service approvals received
  • Security testing completed
  • Load testing completed
  • Production deployment pipeline ready
  • All promised features implemented (Section 8)
  • Legal compliance features complete

🚨 Critical Path Analysis

The longest pole items that should be started IMMEDIATELY:

  1. Google OAuth Approval - Can take up to 6 weeks (✅ Application submitted)
  2. WhatsApp Business API - Can take up to 4 weeks (⚠️ Not started - START NOW!)
  3. Plaid Production - Already have access

Recommended Action Plan: - Today: Start Google OAuth and WhatsApp applications - This Week: Complete infrastructure setup (GCP, domains, etc.) - Next Week: Submit Plaid application - Week 3-4: Complete configuration and testing while waiting for approvals - Week 4-8: Approvals should come through, complete integration testing - Week 8-10: Production deployment and go-live

💡 Pro Tips

  1. Start approvals immediately - These are your critical path
  2. Prepare all documentation upfront - Approvals require comprehensive docs
  3. Set up staging first - Test the entire flow before production
  4. Have backup plans - Consider alternative providers if approvals are delayed
  5. Document everything - You'll need detailed docs for compliance and approvals
  6. Implement promised features - Don't launch with features mentioned in legal docs but not built
  7. Test data rights - Ensure GDPR/CCPA compliance features work before launch

This checklist should be updated as items are completed and new requirements are discovered.