Operations

Production Hardening Checklist

Runtime · security · backup · verification checklist for GNX HSP / Logicnoid Engine production operation.

1. Runtime Status

nginx, gnx-logicnoid, postgresql must be active.
Public ports: 80, 443. Internal engine port: 127.0.0.1:8088.
/api/healthz verifies engine runtime and DB status.
/api/readyz verifies active algorithm and reference table binding.

2. Public Docs Boundary

Public portal may expose White Book, Blue Book, SDK contract, API surface, security boundary, data room index.
Public web root must not expose credentials, server env, SSH keys, DB dumps, private bootstrap files, or internal source bundles.
Great Book or internal coding ledger must remain outside the public document portal.

3. Secret Separation

/etc/gnx-logicnoid/logicnoid.env is production-only and must not be copied into public packages.
Public SDK ZIP and data room ZIP must be no-secret packages.
Partner HMAC credentials must be delivered through a private channel only.

4. Backup and Retention

Run /opt/gnx-logicnoid/scripts/backup-db.sh.
Apply retention with /opt/gnx-logicnoid/scripts/backup-retention.sh 14.
Confirm recent backup files exist under /opt/gnx-logicnoid/backups.

5. Verification Routine

Run sudo nginx -t before reload.
Reload with sudo systemctl reload nginx.
Run gnxcheck after document or runtime changes.
Run E-1 through E-5 smoke tests before partner-facing delivery.