Production Readiness
Prepare Sentinel for production as a controlled platform service, not as a thin reverse proxy. For public launch, treat Sentinel as a hosted Caldorus product with explicit traffic, operator, and governance boundaries.
Minimum production topology
For teams adopting the hosted product, the minimum production topology usually includes:
- the gateway for model-access traffic
- the console for operator configuration and review
- Sentinel-managed provider credential handling
- request visibility and audit review paths
Treat the gateway as the runtime path for model access, and treat the console as the operator surface for configuration, review, and control.
Production domains and environment separation
Production deployments should use stable domains for:
- data-plane traffic
- operator-facing surfaces
- any public docs or support material linked from those surfaces
Keep environment separation explicit. Do not mix development and production provider credentials, keys, or routing state.
Secrets and configuration
A production rollout should assume:
- provider credentials are stored as managed secrets
- route plans and policy are promoted intentionally between environments
- configuration changes are reviewable and auditable
- custom domains and environment boundaries are settled before broad rollout
The goal is to make production behavior predictable before traffic scale increases.
Production rollout checklist
Before broad rollout:
- validate provider connectivity in staging
- confirm route plans, retries, and endpoint safety behavior
- verify policy, budgets, and limits against real test traffic
- confirm audit and telemetry retention and export expectations
- test operator workflows such as key management, provider setup, and request triage
- roll out one application or environment before wider adoption
A production rollout should prove both request flow and operator control flow.
Observability requirements
Sentinel should be observable from day one.
That usually means:
- health endpoints
- request visibility
- audit access
- error and timeout alerting
- provider failure visibility
Operators should be able to move quickly from a client-visible issue to the relevant Sentinel request path, policy outcome, and provider behavior.
What a production review should answer
A production review should be able to answer questions such as:
- which systems own keys, provider secrets, and route definitions
- how environments are separated
- how a team detects provider failure or policy misconfiguration
- how a request moves from client-visible error to Sentinel request record
If those questions cannot be answered clearly, the rollout is not yet operationally ready.