0x0LearnReferenceLibraries0x0.jmp0x1b.com

Live Framework Operator Runbook

This runbook describes production operation for 0x0 Live framework apps. It is

app-neutral, with Kukulkan as the current first-party adoption example.

Startup

Startup must use release-owned artifacts and explicit service units. For

Kukulkan, the bounded checks are:


make kukulkan-live-adoption-check
make kukulkan-app-deploy-check

The adoption check verifies the framework endpoint, router, auth, scopes,

templates, browser client asset, CSP, domains, rollback, and smoke evidence.

Health And Readiness

Each live app should expose an HTTP health path and a Live readiness path.

Kukulkan uses API and UI framework units and checks /readyz plus

/live/readiness.json in deploy dry-run evidence.

Rollback

Rollback restores a previous 0x0 release link and restarts the same framework

units. Do not roll back to a test fixture or an app-local shim.

Bounded evidence:


make kukulkan-deployment-production-check

Observability

Every production live app should emit correlated request, session, route,

event, metric, and trace evidence. Debug annotations must be safe in production

and must not expose secrets.

Gate:


make live-observability-check

Security

Production operation requires CSP, asset integrity, origin checks, host checks,

body limits, upload scanning, rate limits, scope denial, capability denial,

session secret rotation, and key custody.

Gate:


make live-security-check

Performance

Track initial render, connect, event latency, patch size, reconnect, streams,

uploads, concurrent sessions, memory, CPU, compression, and regression status.

Gate:


make live-performance-check

Logs And Incidents

Use the observability report to map a failing browser action to session id,

request id, event id, route id, trace id, and error class. If the incident

affects security, run the live security gate before redeploying.

Deployment Checklist

1. Run the app-specific adoption gate.

2. Run the endpoint, auth, scope, security, performance, and persistence gates

that match the changed surface.

3. Confirm rollback metadata names a previous 0x0 release.

4. Confirm public docs and release notes changed when behavior changed.