Integration readiness
- The first private transaction succeeds in a test environment.
- Login or session restore creates the correct wallet row.
- Scan state starts from the correct indexer position for new users.
- Deposit checks, shielding, private spend, withdrawal, and balance refresh paths are tested.
- Status history is append-only or otherwise auditable.
- Product ledger updates are idempotent.
Security readiness
- Backend signing uses KMS, HSM, or an equivalent managed signing service.
- SDK, Solana RPC, indexer, relayer, Light RPC, and circuit configuration are server-side.
- Frontend never receives backend keys, proof signatures, decoded UTXOs, or encrypted output caches.
- Sessions are authenticated before using
owner_wallet_public_keyas wallet scope. - Deposit checks, private spend, withdrawal, and relayer endpoints are rate limited.
Operational readiness
- Support can find product records by transaction signature.
- Support can find SDK operation history by product record id.
- Retry behavior uses the same product reference unless a new product action is intentionally created.
- Arcane API, Solana RPC, proof generation, relayer submission, and product ledger updates are tracked as separate failure domains.
- Manual review states are defined for late funds, amount mismatch, suspicious destination, repeated failures, and disputes.
Disclosure readiness
- Disclosure workflow has an owner.
- Auditor and administrator permissions are configured.
- Report generation and downloads are logged.
- Production audit access is tested with sample records.
Go-live sequence
- Run a production dry run with minimal value.
- Confirm deposit, shielding, scanning, and reconciliation.
- Confirm private spend or withdrawal behavior if your product uses it.
- Confirm status tracking and retry behavior.
- Confirm support and disclosure access.
- Increase traffic gradually.