Phase 8 — Production Hardening
Assessment against institutional production requirements (code-verified 2026-05-17).
| Requirement | Status | Notes |
|---|---|---|
| CI gates deploy | Partial | deploy-api-self-hosted.yml has workflow_run success gate; verify not bypassed |
| Deep health after deploy | Improved | Recent commits extend wait + jq probes |
| Secrets not world-readable | Improved | install -m 600 pattern in deploy scripts |
| Redis persistence | Done | AOF+RDB (#78) |
| Audit Merkle chain | Done | verify_audit_chain.py |
| Run manifest | Done | Wired in deploy-api-self-hosted.yml post-deploy |
make audit / make daily |
Done | Audit branch + P0 exec |
| Live trading gate | Done | Settings validator + docs/audit/LIVE_TRADING_GATE.md |
| Decay quarantine v1 | Done | DecayMonitor → _decay_quarantine in daemon |
| Independent DMS | Done | qgtm-watchdog.service + GH watchdog — DMS_INDEPENDENCE.md |
| Full backtest provenance | In progress | backtest_all.py synced to 52 PM; batch run pending |
| GC/SI mandate | Documented | ETF proxy — COMEX_ETF_MANDATE.md |
| K8s DR | Deferred | Docker/systemd path is canonical |
P0 items implemented in audit branch
docs/audit/*deliverables (phases 0–8)scripts/risk_report.py,scripts/audit/*,scripts/monitoring_dashboard.py- Makefile targets:
audit,daily,run-manifest
Not implemented (documented in FIX_PLAN)
- Deleting kill-list code (awaiting approval)
- Full
backtest_allbatch re-run - Production deploy to latest
mainSHA