Skip to main content

Release Management and Quality

Release Strategy

Development → Staging → Testnet → Canary → Mainnet

Development (Local/Cloud)

  • Engineers test features in isolation
  • Unit tests, integration tests
  • No real user data, no real funds

Staging

  • Pre-production environment (mirrors mainnet)
  • QA testing, UAT (user acceptance testing)
  • Simulated user flows, test data
  • Performance testing, load testing

Testnet (Public Blockchain Testnets)

  • Deploy smart contracts to testnets
  • Community testing, bug bounty preview
  • Real blockchain conditions, test tokens
  • Minimum 2 weeks on testnet before mainnet

Mainnet (Limited Users)

  • 1-5% of production traffic
  • Real users, real funds (low stakes)
  • Monitor closely (24-48 hours)
  • Rollback if issues detected

Mainnet (Full Production)

  • 100% rollout if canary successful
  • Gradual rollout (5% → 25% → 100% over days)
  • Rollback plan ready (always)

Quality Gates

Gate 1: Code Quality

Automated Checks:

  • Unit test coverage >80%
  • Integration tests pass (100%)
  • Linting/formatting passes
  • No critical security warnings
  • Build succeeds on all platforms

Manual Review:

  • Code review by 2+ engineers (4-eyes principle)
  • Architecture review (for major changes)
  • Security review (for contract changes)

Gate 2: Security

Smart Contracts:

  • 2 independent audits completed
  • All critical/high findings resolved
  • Medium findings documented + accepted risk OR fixed
  • Audit reports published (transparency)

Backend/Infrastructure:

  • Penetration testing (for major releases)
  • Dependency scanning (no known vulnerabilities)
  • Secrets management reviewed (no hardcoded keys)
  • Security checklist completed

Gate 3: Testing

Functional Testing:

  • QA team validates all user flows
  • Edge cases tested (errors, failures, timeouts)
  • Cross-browser/device testing (web)
  • Regression testing (old features still work)

Performance Testing:

  • Load testing (can handle expected traffic)
  • Latency benchmarks met
  • Resource usage acceptable (CPU, memory)
  • Database queries optimized (no N+1 queries)

Gate 4: Observability

Monitoring Ready:

  • Metrics instrumented (RED/SRED)
  • Logs structured and indexed
  • Traces enabled (distributed tracing)
  • Alerts configured (SLO violations)
  • Dashboards created (grafana, datadog)

Documentation:

  • Runbook updated (how to operate new feature)
  • Rollback procedure documented
  • Incident response plan reviewed
  • Support team trained (if user-facing)

Gate 5: Business/Legal

Product Approval:

  • Feature meets requirements (acceptance criteria)
  • UX validated (user testing completed)
  • Stakeholder sign-off (product lead)

Legal/Compliance (if applicable):

  • Terms of Service updated
  • Privacy Policy reflects new data usage
  • Regulatory review completed (for regulated features)
  • Geo-restrictions enforced (if needed)
Safety-first deployment

Multi-stage release process with comprehensive monitoring ensures issues are caught early and users are protected from production failures.