T-8 sprint plan — 2026-05-15 UTC to 2026-05-23 UTC launch
Summary
The trace epic merge train (SC-2 through most of SC-15) completed just before this sprint window, clearing the largest in-flight work block. Queue staging is healthy, Stripe webhook handler is live and flag-gated behind FLAG_QUEUE_BILLING, Sentry is capturing real events, and Velvet is stable with no launch-blocking cards. The console Alembic chain is now at 0069 after the merge train; next PR adding a console migration starts at 0070.
The 8-day window is tightly constrained. The dominant risks are (a) the WAF cutover soak timeline — Phase 4f requires 7 days in block mode on prod, which means it cannot possibly complete before 2026-05-23 UTC unless it has already been running; (b) the Raptor Postgres prod cutover (RM-10) depends on 72-hour staging soak that may not have started; and (c) the Quebec geoblock flag is deployed but not yet activated — signups must not open without it. A pre-existing multi-head Alembic state from 0037/0047 branches is a known cleanup item and should be surfaced if not already tracked.
Engineering capacity this window should flow entirely to Bucket A. Bucket B work should only be picked up once every Bucket A card is either merged or confirmed not blocking the launch gate. Several support-portal and console-dashboard cards in the backlog have no launch dependency and should be deferred to post-launch rather than consuming sprint bandwidth.
Bucket A — pre-launch blockers (must land before 2026-05-23 UTC)
| # | Title | Size | Area | Notes |
|---|---|---|---|---|
| #1976 | ops(compliance): activate FLAG_QUEBEC_GEOBLOCK on staging + prod | s | raptor / devops | Has pre-launch-blocker + v1-launch-blocker + operator-action; still has needs-grooming — groomer should clear that. Activation is a heroku config:set + smoke + migration PR. Must fire before signups open. |
| #1645 | reliability: remove CF Access gate from getraxx.com before v1 launch | xs | devops / terraform | Operator-executed (vault creds needed at runtime). Terraform destroy + noindex header removal. Must happen on launch day. |
| #1741 | SC-WAF-07: Flip FLAG_ENFORCE_CF_ORIGIN ON on raxx-api-prod + raxx-console-prod | xs | devops / security | Depends on Phase 4f soak of #1740 completing first. Cannot dispatch until #1740 Phase 4f gate is confirmed clear. |
| #1740 | SC-WAF-04/05: WAF cutover challenge to block (staging) + prod rollout | l | devops / security | Has pre-launch-blocker but currently lacks ready-for-dev. Phase 4f requires 7 days of prod block-mode soak — this timeline is now critical to assess. If prod block mode has not started, #1741 may be unreachable before launch. |
| #1568 | docs(raptor): prod Postgres cutover SOP (RM-10) | xs | raptor / devops | Has priority:critical, no ready-for-dev. Depends on RM-9 72-hour staging soak completing first. Soak status must be confirmed before dispatching. |
| #2126 | Migration number collision: 7 trace PRs claim 025_ and 0063_ | — | infra | Not itself a card to dispatch — it is a coordination tracker. Operator needs to confirm the renumbering scheme has been applied to all open trace PRs before any further migration-bearing PRs merge. |
Additional Bucket A context — #197:
#197 Securities-attorney review of MBT narrative copy is severity:critical + blocked (on attorney engagement from #196). This is not a ready-for-dev card — it is an operator action item. Blocking MBT v1 GA specifically, not core Raxx v1, but must not be forgotten.
Bucket B — launch-aligned (ship if capacity allows)
| # | Title | Size | Notes |
|---|---|---|---|
| #1568 | RM-10 prod Postgres cutover SOP | xs | Once RM-9 soak confirmed complete, this is a same-day execution + doc commit. High-value. |
| #536 | fix(infra): inject CF zone_id + account_id from vault, remove from terraform.tfvars | s | Security hygiene, medium-low severity. Safe to land any time this window. |
| #596 | ops(vault): Phase 1 — audit per-secret env coverage | s | Pre-launch vault hygiene. Straightforward audit pass. |
| #402 | review: secrets-store organization (folders, naming, RBAC) | s | Related to #596. Can be batched. |
| #492 | Wire demo_founders_cta_variant flag to Founders seat count | s | Founders-seat CTA wiring. Launch-narrative-relevant. |
| #474 | Capture first name and account display name during onboarding | m | Onboarding UX quality. Launch-relevant for first customer impression. |
| #376 | feat(deploy): add production environment approval gate (soak gate — Option B) | s | Deployment safety. Good to have before first customer deploy. |
| #1449 | design(rbac): audit Antlers customer-facing flag surfaces for RBAC-flippability | s | RBAC audit. Milestone #6, due 2026-05-22 UTC. |
| #515 | SC-12 Ed25519 subsystem signing for sys_* events | m | Trace completion. Ship after merge-train renumbering is resolved. |
| #279 | DPIA documentation + operator runbook | s | Pre-EU-customer blocker, not pre-v1 blocker, but easy win while in compliance mode. |
Bucket C — defer post-launch (recommended label swap)
These cards are ready-for-dev but have no dependency on v1 launch. Recommend adding defer:post-launch and removing ready-for-dev so the active backlog stays clean.
| # | Title | Reason for deferral |
|---|---|---|
| #423 | feat(docs): public customer docs site at docs.raxx.app | Already has defer:post-launch; confirm label is in place, ready-for-dev can stay if it will be first card post-launch. No action needed — already labeled correctly. |
| #655 | support.raxx.app sub-4: React support portal SPA | Size:l, no customer-facing necessity at launch. Support portal is a post-launch build. |
| #664 | feat(support): autocomplete deflection — surface docs as customer types | Depends on support portal existing. Post-launch. |
| #663 | feat(support): inline docs panel on ticket detail page | Support portal dependency. Post-launch. |
| #1255 | FreeScout 'Promote to docs' button + sanitization wizard | Size:m, non-launch path. Post-launch. |
| #1256 | POST /api/support/promote-to-docs endpoint + audit log | Depends on #1255. Post-launch. |
| #1257 | docs PR merge → FreeScout ticket back-reference | Depends on #1256. Post-launch. |
| #1659 | arch: design WCB service — DB schema, scheduled jobs, API shape | WCB is a post-v1 feature arc. |
| #1660 | design(ux): WCB — trade history expandable row + settings panel mockups | WCB design. Post-launch. |
| #295 | [console-dashboard] M7: Status polling service + in-memory cache | Console dashboard build-out. Post-launch capacity. |
| #297 | [console-dashboard] M8: /api/status/* JSON endpoints | Console dashboard. Post-launch. |
| #299 | [console-dashboard] M10: Per-site drill-down + health sparkline + credentials panel | Console dashboard. Post-launch. |
| #350 | infra: console PR previews via Heroku review apps | Nice-to-have infra. Post-launch. |
| #649 | feat(devops): new-surface deploy/preview convention + scaffold script | Already labeled "deferred" in title. Post-launch. |
| #1009 | S6 — ticket list page + ticket thread page | Support portal. Post-launch. |
| #1012 | S9 — CF Pages provisioning + DNS + surface registry | Support portal. Post-launch. |
| #652 | support.raxx.app sub-1: architect data model + API contract | Support portal foundation. Post-launch. |
| #653 | support.raxx.app sub-2: DNS + CF Pages project + deploy workflow | Support portal. Post-launch. |
| #656 | support.raxx.app sub-5: FreeScout customer mailbox + customer_raxx_id field | Support portal. Post-launch. |
| #657 | support.raxx.app sub-6: email notifications — operator reply triggers branded email | Postmark flows ready, but support portal not needed at launch. Post-launch. |
| #658 | support.raxx.app sub-7: mobile + iOS Safari polish pass | Polish pass on unbuilt portal. Post-launch. |
| #659 | support.raxx.app sub-8: launch checklist — meta tags, brand lint, sitemap | Support portal meta. Post-launch. |
| #91 | Migrate Antlers from CRA to Vite | Already has defer:post-launch. Tech debt, not launch-blocking. |
| #213 | Instrument Antlers with Microsoft Clarity | Already has defer:post-launch. Post-launch analytics. |
| #1648 | ops(legal): designate EU Art. 27 representative before first EU customer | before-first-EU-customer label. Not a v1 US launch blocker — defer until EU customers are accepted. |
| #1647 | ops(legal): execute DPAs with vendors before first EU customer | Same — EU customer gate. Not v1 US launch blocker. |
| #1212 | ops(email): provision ops@, billing@, no-reply@ on raxx.app | Has priority:low. Post-launch operational clean-up. |
Bucket D — operator-decision queue
These cards are technically ready or near-ready but are blocked waiting on a specific Kristerpher decision or manual action before any agent can progress.
| # | Title | Decision / Action needed |
|---|---|---|
| #1976 | Activate FLAG_QUEBEC_GEOBLOCK | Card has operator-action label. Kristerpher must execute the heroku config:set commands directly (vault creds required). The feature_flags.yaml PR can be dispatched to feature-developer, but the activation step is operator-only. Confirm: is staging smoke already done, or does staging need to go first? |
| #1740 | SC-WAF-04/05: WAF prod rollout Phase 4f | Critical timeline question: Has prod block mode started? Phase 4f requires 7-day soak before #1741 can fire. If it has not started by 2026-05-15 UTC, the soak cannot complete before launch day. Kristerpher needs to assess: proceed with launch knowing CF-origin enforcement will land T+1 to T+7 post-launch, OR compress the soak window with elevated monitoring. Each phase step also requires explicit operator sign-off documented on the issue. |
| #1568 | RM-10: Raptor prod Postgres cutover | Depends on RM-9 72-hour staging soak. What is the current soak status? If RM-9 soak is not yet started, Kristerpher needs to trigger it immediately — 72 hours puts cutover at 2026-05-18 UTC at the earliest. This must be done before first customer account is created. |
| #1645 | Remove CF Access gate from getraxx.com | Operator-executed. Requires running terraform destroy with vault credentials. This is a launch-day action — needs to be in Kristerpher's personal launch checklist, not dispatched to an agent. |
| #197 | Securities-attorney review of MBT narrative copy | Currently blocked. Has #196 (referral) as dependency. Kristerpher needs to make first contact with the attorney referral from Matthew Crosby and initiate the engagement. MBT v1 GA cannot launch without this. |
| #2126 | Migration collision tracker — trace PR renumbering | Kristerpher needs to confirm the merge order from #2126 has been applied across all still-open trace PRs. If any remain unrenumbered, merging them will corrupt the Alembic head chain or Raptor migration sequence. |
Recommended dispatch wave — top 7
Ordered by: unblocked status, launch-criticality, size.
-
#1976 — Activate FLAG_QUEBEC_GEOBLOCK (
sre-agentfor thefeature_flags.yamlPR + B1 promotion migration; Kristerpher executes the Heroku config:set steps). Size: s. Unblocked today. Hard deadline: before signups open. -
#536 — Inject CF zone_id + account_id from vault (
feature-developer). Size: s. Fully unblocked. Security hygiene that is embarrassing to miss at launch. -
#596 + #402 — Vault env coverage audit + secrets-store organization review (
sre-agent, can batch). Both size: s. Vault hygiene pass. Low risk, high signal. -
#474 — Capture first name + account display name during onboarding (
feature-developer). Size: m. Launch-critical UX — first customer sees this immediately. -
#492 — Wire demo_founders_cta_variant flag to Founders seat count (
feature-developer). Size: s. Unblocked. Marketing-facing, launch-narrative-relevant. -
#1449 — Audit Antlers customer-facing flag surfaces for RBAC-flippability (
qa-agentfor audit;feature-developerfor any code changes surfaced). Size: s. Milestone #6, due 2026-05-22 UTC. -
#515 — SC-12 Ed25519 subsystem signing (
feature-developer). Size: m. Trace epic completion. Dispatch only after confirming #2126 migration renumbering is resolved — this card may need a0070+console migration slot.
Risks + dependencies
WAF timeline is the biggest structural risk. Phase 4f (7-day prod block-mode soak) cannot be compressed to fit in 8 days unless it is already underway. If it has not started, SC-WAF-07 (#1741) will slip past launch, meaning FLAG_ENFORCE_CF_ORIGIN will not be flipped before 2026-05-23 UTC. The mitigation is to proceed with launch with origin enforcement deferred and accept the residual risk of direct-Heroku access for the first days of production traffic.
Raptor Postgres prod cutover dependency chain is tight. RM-9 staging soak (72 hours) must complete before RM-10 dispatches. If RM-9 soak has not started, the earliest possible RM-10 execution is 2026-05-18 UTC — leaving 5 days before launch for any migration issues to surface. This is workable but not comfortable.
Multi-head Alembic pre-existing state (0037/0047) is a known dirty state on main. Any agent running alembic upgrade head will fail with a multiple-heads error until this is resolved. A cleanup card should be filed if one does not already exist — recommend card-groomer verify.
Migration numbering for any new cards this sprint: next console Alembic migration must be 0070. Raptor SQL migrations: confirm the current high-water mark post-merge-train (was 024, the trace train likely consumed 025 through 027). Any new migration PR must verify before claiming a slot.
Operator action items
-
Confirm WAF Phase 4f soak status: Is prod block mode currently running? What date did it start? This determines whether #1741 can land before 2026-05-23 UTC.
-
Confirm RM-9 staging soak status: Has the 72-hour soak started? Target completion date for RM-10 cutover?
-
Execute #1976 Quebec geoblock activation: The
heroku config:setsteps require Kristerpher's vault credentials. Thefeature_flags.yamlPR can be agent-dispatched in parallel. -
Add #1645 CF Access removal to personal launch-day runbook: This is a Terraform destroy that only Kristerpher can run. It should be step 1 on launch morning.
-
Initiate securities-attorney engagement (#197): Contact the referral from Matthew Crosby. MBT v1 GA is gated on written attorney sign-off.
-
Confirm #2126 trace PR renumbering is complete: Before any new migration-bearing PRs merge, verify all still-open trace PRs have been renumbered per the scheme in #2126.