Is your Lovable app production ready? A pre-launch checklist

There's a moment in every Lovable build where the app feels finished. The screens work, your test data flows through, you've shown it to a couple of friends and they nodded politely. The urge to hit publish is enormous.

Don't.

A Lovable app that works on your machine is a long way from a Lovable app that's ready for real users, real money, and the unpredictable chaos of the open internet. I've shipped enough of these to know exactly which corners get cut, because they're the same corners every time.

This isn't the full checklist — that's Appendix B of the Field Guide, and it's line by line. This is the shape of the thing: the nine categories you have to look in the eye before you hit publish.

1. Security

The single highest-cost, highest-likelihood failure mode for a vibe-coded app. If your database is connected directly from the browser (which is most of Lovable's magic), you have to assume anyone can poke at it. The interface doesn't protect data; the database does.

That means proper row-level rules, properly stored secrets, and a hardened authentication setup. The Field Guide has a whole chapter on this, including the specific rules to put in place and the red-team prompts I use to try and break my own app before launch.

2. Payments

If you're taking money, the bar goes up. Stripe in test mode is not Stripe in live mode. Webhooks behave differently. Real cards behave differently from the test ones.

You need to know that a real payment, made by a real human, lands the user in the right state in your database. Test that flow with your own card before any customer touches the site.

3. Data

Your app is a shell. The data is the value. Two questions: if the database vanished overnight, could you recover it? And as the data grows, will queries still feel fast?

Backups and indexes are unglamorous and easy to defer. Defer them and you'll regret it in front of paying customers.

4. User experience under stress

Almost every Lovable app I've seen reviewed is gorgeous on the happy path and ugly the moment something goes wrong. What does a user see when:

• They're on a flaky 4G connection?
• An API call fails?
• They're a brand-new user with no data?
• They try to do something they're not allowed to?

These are not edge cases. They're most of the experience for a chunk of your users.

5. Mobile

Over half your traffic will be mobile. Test the app on an actual phone, not the browser simulator. Tap targets, font sizes, scroll behaviour, the keyboard covering inputs — all of it. The Field Guide has the specific prompt I use to fix this in one Lovable pass.

6. Domain and email

Free .lovable.app URLs are fine for demos. Real customers want a real domain and a sending email that doesn't go to spam. Both need setting up before you go live — domain DNS propagates slowly and email sender verification can take a day.

7. Monitoring

If something breaks at 11pm on a Tuesday, do you know? Most beginner apps find out when a customer emails. By then it's already cost you.

You don't need anything fancy. You need something.

8. SEO basics

If you want anyone to find your app via Google, you need the basics: titles, descriptions, a sitemap, structured data. These are five-minute jobs that almost everyone skips. They're also the difference between launching to silence and launching to traffic.

9. Legal & GDPR

Privacy policy. Cookie behaviour. What data you collect and why. Where it's stored. How users delete themselves. These are not optional, especially in the UK and EU.

---

That's the map. The Field Guide is the actual checklist — Appendix B is the specific, line-by-line pre-launch run-through I do on every app I ship. The chapters before it cover the security rules, the payment flow, the data setup, and the domain + email walkthrough in proper detail.

Don't ship without going through it. Genuinely.