Deploy Testing Checklist โ Retail Site
Use this checklist after every deployment to staging.scottsdalemint.com or www.scottsdalemint.com. Work through each section in order โ infrastructure first, then core commerce, then integrations.
Always complete this checklist on staging before promoting to production. Replace www.scottsdalemint.com with staging.scottsdalemint.com when testing on staging.
1. Infrastructure & Availabilityโ
1.1 Site Respondsโ
How to check: Navigate to https://www.scottsdalemint.com in a browser.
Expected: Homepage renders without a 5xx error or blank page. Response time should be under 3 seconds.
1.2 SSL Certificate Validโ
How to check: Click the padlock icon in the browser address bar.
Expected: Certificate is valid, not expired, and issued to scottsdalemint.com. No mixed-content warnings in the browser console.
1.3 HSTS Header Presentโ
How to check: In browser DevTools โ Network tab, load any page and inspect the response headers.
Expected: Response includes Strict-Transport-Security: max-age=... header.
1.4 Imperva WAF Activeโ
How to check: In the Imperva dashboard, verify the site is protected and traffic is flowing through Imperva โ CloudFront โ Lambda.
Expected: No alerts indicating the WAF is bypassed or disabled. Check that the site's origin IP is not publicly reachable (only Imperva IPs should reach CloudFront).
1.5 CloudFront CDN Cachingโ
How to check: Use curl -I https://www.scottsdalemint.com/some-product-page/ and inspect response headers.
Expected: X-Cache: Hit from cloudfront on the second request to an uncached page. Cache must not be set on /cart, /checkout, or /my-account paths.
1.6 Lambda Warmup โ No Cold Startsโ
How to check: In AWS CloudWatch โ Log Groups โ the Ymir Lambda log group, check for Init Duration entries in the function logs.
Expected: After the warmup cycle completes (100 requests in production), cold starts should be rare. If you see a high number of Init Duration entries immediately after deploy, wait 2โ3 minutes for warmup to finish.
1.7 Redis Object Cache Connectedโ
How to check: In WP Admin โ Tools โ Site Health (or via WP-CLI: wp cache get suma_pricing_cache).
Expected: Object cache is active and using the Redis backend (scottsdalemint-prod-v2). No Failed to connect to Redis notices.
2. WordPress Adminโ
2.1 WP Admin Login Page Loadsโ
How to check: Navigate to https://www.scottsdalemint.com/wp-admin/.
Expected: Login form renders. Page does not redirect to a 404 or display a fatal PHP error.
2.2 Two-Factor Authentication Requiredโ
How to check: Enter admin credentials on the login page and submit.
Expected: A 2FA challenge page appears (SMS code, email code, or TOTP prompt) before access is granted to the dashboard. Log in should not complete without the second factor.
2.3 WP Admin Dashboard Loadsโ
How to check: Complete admin login (including 2FA) and verify the WordPress dashboard.
Expected: Dashboard widgets load. No PHP fatal errors appear in the admin header area. WooCommerce and plugin update notices may appear โ these are normal.
2.4 WooCommerce Status Cleanโ
How to check: WP Admin โ WooCommerce โ Status โ System Status.
Expected: No red/critical errors. All required PHP extensions shown as passing. Database update notices should be addressed before deploying to production.
3. Precious Metals Pricingโ
3.1 Product Prices Display on Frontendโ
How to check: Navigate to any product page (e.g., a 1 oz Silver bar).
Expected: A valid numeric price (in USD) is displayed. No blank price, zero price, or "N/A" text.
3.2 Pricing Updates Within 2 Minutesโ
How to check: Note the current price displayed on a product page. Wait up to 2 minutes, then hard-refresh the page (Ctrl+Shift+R / Cmd+Shift+R).
Expected: If the spot price has moved, the displayed price updates to reflect the new middleware-pushed value. If prices have not moved, the existing price remains stable.
3.3 Live Price Chart Visibleโ
How to check: Navigate to the live price chart page (linked from the product or homepage).
Expected: Chart renders with data points. Chart does not show a loading spinner indefinitely or a JavaScript error.
3.4 REST API Pricing Endpoint Accessible to Middlewareโ
How to check: From the Middleware Platform logs (in Filament admin โ Sync Logs), confirm the most recent sync for the Retail tenant completed with status success.
Expected: POST /wp-json/suma/v1/product/update-prices returns HTTP 200 when called by the middleware. Sync log shows processed > 0 SKUs.
4. Search (Algolia)โ
4.1 Search Bar Rendersโ
How to check: Load the homepage or any product category page.
Expected: The search input field is visible in the header. No JavaScript console errors related to Algolia.
4.2 Instant Search Returns Resultsโ
How to check: Click the search bar and type a partial product name (e.g., "silver").
Expected: Autocomplete / InstantSearch results appear within 1โ2 seconds. Results include product names, images, and prices.
4.3 Search Results Filtered Correctlyโ
How to check: Apply a metal type filter (e.g., Gold) via the search facet panel.
Expected: Only Gold products appear. Filter counts update to reflect the active facet.
4.4 Search API Key Not Exposed as Admin Keyโ
How to check: In browser DevTools โ Network tab, search for an Algolia request. Inspect the X-Algolia-API-Key request header.
Expected: The key begins with the search-only API key (shorter, read-only). It must not match the admin key stored in ALGOLIA_ADMIN_API_KEY. If in doubt, paste the key into Algolia's dashboard API Keys section and confirm it has search scope only.
5. Checkout & Paymentsโ
5.1 Cart Page Loadsโ
How to check: Add a product to cart and navigate to /cart.
Expected: Cart page renders with correct product name, quantity, and price. Cart total is calculated.
5.2 AvaTax Calculates Tax at Checkoutโ
How to check: Proceed to /checkout, enter a US shipping address (try a taxable state, such as California), and wait for the order summary to update.
Expected: A tax line appears in the order total with a non-zero value. Tax should update automatically (via AJAX) when the address changes.
5.3 Kount JavaScript Data Collector Loadsโ
How to check: On the checkout page, open DevTools โ Network tab, filter by kaptcha or kount.
Expected: kdt.js (or the Kount SDK equivalent) loads from ssl.kaptcha.com (production) or tst.kaptcha.com (staging). A collect/sdk request fires, indicating the device fingerprint collection is active.
5.4 PayPal PPCP Hosted Fields Renderโ
How to check: On the checkout page, select the "Credit/Debit Card" or "PayPal" payment option.
Expected: PayPal-hosted card input fields (card number, expiry, CVV) render as iframes. The PayPal button renders as a branded PayPal button (not a plain HTML button).
5.5 ACH Payment Option Availableโ
How to check: On the checkout page, look for the ACH/bank transfer payment option.
Expected: The Scottsdale ACH gateway option is listed. Selecting it shows the Plaid bank-linking flow (Connect Bank Account button).
5.6 Crypto Payment Options Listedโ
How to check: On the checkout page, scroll through available payment methods.
Expected: At least Bitcoin (BTC) is listed as a payment option. Selecting it shows a crypto wallet address or QR code.
5.7 Test Order Placementโ
How to check: Place a test order using a PayPal sandbox card on staging.
Expected: Order is created in WooCommerce with status wc-processing. An order confirmation page renders with the order number. No PHP errors or white screen.
5.8 Order Confirmation Email Sentโ
How to check: After placing a test order, check the inbox of the test customer email address (or check Mailgun logs in the Mailgun dashboard).
Expected: A WooCommerce order confirmation email is delivered within 5 minutes.
6. Fraud Detection (Kount)โ
6.1 Kount Decision Logged on Orderโ
How to check: In WP Admin โ WooCommerce โ Orders, open a recently placed test order.
Expected: The order notes section should contain a Kount decision record (e.g., Kount RIS Response: AUTO=A, SCOR=12) or the order metadata includes Kount fields. If no notes appear, check that the Kount merchant ID environment variable is correctly set.
6.2 Declined Transaction Blockedโ
How to check: On staging, trigger a Kount test decline using Kount's test merchant credentials and a known decline card/scenario.
Expected: The order is not created; the customer sees an error message at checkout and no charge is attempted.
7. KYC Verificationโ
7.1 KYC Triggered for High-Value Ordersโ
How to check: On staging, place a test order that exceeds the KYC dollar threshold (check WP Admin โ KYC plugin settings for the configured threshold).
Expected: Order is created with status wc-kyc-pending. Customer receives a KYC document upload email with a secure link.
7.2 KYC Documents Go to Private S3 Bucketโ
How to check: In AWS S3 console, check the KYC documents bucket after a test document upload.
Expected: The uploaded file appears in the private S3 bucket. The file is not publicly accessible (ACL is private; direct S3 URL returns 403).
8. Order Managementโ
8.1 Order Statuses Display Correctlyโ
How to check: In WP Admin โ WooCommerce โ Orders, review orders in various statuses.
Expected: Custom statuses (wc-pending-ach, wc-partially-paid, wc-payment-declined, wc-pending-crypto, wc-kyc-pending) appear with their correct labels.
8.2 Order Tracking Shows Shipment Infoโ
How to check: Open a fulfilled order in WP Admin โ WooCommerce โ Orders.
Expected: Tracking number and carrier name appear in the order details. The customer-facing tracking link is functional.
8.3 Fulfillment Flow to ShipStationโ
How to check: Check ShipStation for a recently processed wc-processing order.
Expected: The order appears in ShipStation. Line items, shipping address, and SKUs match the WooCommerce order.
9. Email & SMS (Klaviyo / Mailgun)โ
9.1 Transactional Emails Fire (Mailgun)โ
How to check: In Mailgun dashboard โ Logs, check for recent outbound messages.
Expected: Order confirmation, shipping notification, and other transactional emails are delivered. No temporary_fail or rejected log entries for the test customer email.
9.2 Klaviyo Events Trackedโ
How to check: In the Klaviyo dashboard โ Activity Feed, filter for the test customer email.
Expected: Events such as Placed Order, Started Checkout, or Viewed Product appear shortly after the corresponding actions were performed on the site.
10. Reviews (Yotpo)โ
10.1 Yotpo Reviews Widget Loadsโ
How to check: Navigate to a product page that has reviews.
Expected: The Yotpo star-rating widget and review list render on the page. No JavaScript console errors related to Yotpo.
11. Dealer Locatorโ
11.1 Dealer Locator Map Rendersโ
How to check: Navigate to the Dealer Locator page (check the nav menu or site map for the URL).
Expected: A map (Google Maps or equivalent) loads. Dealer pins are visible. The search/filter UI works.
12. User Accounts & Rolesโ
12.1 Customer Registration & Loginโ
How to check: Register a new account on the site, then log in.
Expected: Registration completes successfully. Login redirects to /my-account/. Account details page renders.
12.2 User Roles Enforcedโ
How to check: Log in as a standard customer and attempt to access WP Admin (/wp-admin/).
Expected: Access is denied or redirected. Customer accounts should not have access to the WP Admin dashboard.
13. Analyticsโ
13.1 Tracking Tags Fire on Key Pagesโ
How to check: Open browser DevTools โ Network tab, load the homepage and a product page, and filter for analytics-related requests (Google Analytics, GTM, etc.).
Expected: Analytics requests fire on page load. No blocked tags or consent-related script failures (unless cookie consent is pending).
14. Scenario Tests (Automated)โ
14.1 Run Jest/Puppeteer Scenario Tests on Stagingโ
How to check: From the scenario-testing/ directory, update config.json to point to the staging URL, then run:
cd scenario-testing
npm install
npm test
Expected: All tests pass. Any failures must be investigated before promoting to production. See Scenario Testing for full details.