AI Agent Production Deployment Checklist: 27 Things to Verify
Deploying an AI agent to production is different from running it locally. This checklist covers everything you need to verify before your agent goes live.
Use this as a pre-flight check. If you can't check every box, you're not ready.
Authentication & Access Control
1. [ ] Authentication is required
No anonymous access to your agent. Every request must authenticate.
Verify:
- Admin panel requires login
- API endpoints require tokens
- WebSocket connections authenticate
Red flag: If you can access the agent UI from a fresh browser with no credentials.
2. [ ] Strong authentication mechanism
Basic auth isn't enough for production.
Verify:
- Token-based or OAuth authentication
- Tokens are long enough (256+ bits)
- Tokens rotate or expire
- Failed attempts are rate-limited
3. [ ] Role-based access control
Not everyone needs the same permissions.
Verify:
- Different roles defined (admin, user, viewer)
- Permissions enforced server-side
- Least privilege applied
4. [ ] Session management
Sessions should timeout and be revocable.
Verify:
- Sessions expire after inactivity
- Active sessions can be listed
- Sessions can be revoked
Network Security
5. [ ] Not bound to 0.0.0.0
Binding to all interfaces exposes your agent to the network.
Verify:
- Agent binds to localhost only
- External access via gateway/proxy
- Firewall blocks direct access
6. [ ] HTTPS only
All traffic must be encrypted.
Verify:
- TLS 1.2+ required
- HTTP redirects to HTTPS
- Certificates valid and renewed
7. [ ] Egress controls configured
Your agent shouldn't call arbitrary domains.
Verify:
- Allowlist of permitted domains
- Default-deny for unlisted domains
- Blocked requests logged
8. [ ] Network isolation
Your agent should be isolated from other systems.
Verify:
- Agent in separate network segment
- Access to internal systems restricted
- Firewall rules documented
Credential Security
9. [ ] No plaintext credentials
API keys and passwords must be encrypted.
Verify:
- Credentials encrypted at rest
- No credentials in config files
- No credentials in logs
- No credentials in error messages
10. [ ] Credentials injected at runtime
Credentials shouldn't be stored where the agent runs.
Verify:
- Credentials fetched from secrets manager
- Injected as environment variables at runtime
- Never written to disk
11. [ ] LLM API keys protected
Your most valuable credentials need extra protection.
Verify:
- Anthropic/OpenAI keys encrypted
- Keys not visible in admin UI
- Usage monitored for anomalies
12. [ ] Credential rotation possible
You should be able to rotate credentials without downtime.
Verify:
- Rotation procedure documented
- Rotation tested
- Old credentials revocable
Audit & Logging
13. [ ] All actions logged
Every agent action must be recorded.
Verify:
- Prompts logged
- Tool calls logged
- Outputs logged
- Timestamps included
14. [ ] Logs are searchable
You need to find specific events quickly.
Verify:
- Search by time range
- Search by action type
- Search by user/session
15. [ ] Logs are exportable
You'll need to share logs with security, compliance, or debugging.
Verify:
- Export to JSON/CSV
- API access available
- SIEM integration possible
16. [ ] Log retention configured
Keep logs long enough for compliance, not forever.
Verify:
- Retention period defined
- Automatic cleanup
- Meets compliance requirements
Operational Controls
17. [ ] Kill switch available
You must be able to stop the agent immediately.
Verify:
- Single command/click to stop
- Stops all running operations
- Resume possible without data loss
18. [ ] Human-in-the-loop configured
Sensitive actions should require approval.
Verify:
- High-risk actions identified
- Approval workflow configured
- Approvals logged
19. [ ] Rate limits configured
Prevent runaway agents and abuse.
Verify:
- Rate limits on API calls
- Rate limits on tool usage
- Alerts on limit approach
20. [ ] Resource limits set
Agents shouldn't consume unlimited resources.
Verify:
- CPU/memory limits
- Execution time limits
- Storage limits
Data Protection
21. [ ] Data classification understood
Know what data your agent accesses.
Verify:
- Data types documented
- Sensitivity levels identified
- Handling requirements clear
22. [ ] Data encrypted at rest
Stored data must be encrypted.
Verify:
- Database encryption enabled
- File system encryption (if applicable)
- Backup encryption
23. [ ] Data retention policy defined
Don't keep data longer than needed.
Verify:
- Retention periods defined
- Automatic deletion configured
- Deletion verified
Compliance & Documentation
24. [ ] Security documentation complete
Document your security controls.
Verify:
- Architecture diagram
- Control descriptions
- Data flow documented
- Threat model created
25. [ ] Compliance requirements identified
Know what regulations apply.
Verify:
- SOC 2 requirements (if applicable)
- GDPR requirements (if applicable)
- Industry-specific requirements
26. [ ] Incident response plan exists
Know what to do when things go wrong.
Verify:
- Response procedures documented
- Contacts identified
- Communication plan ready
- Recovery procedures tested
27. [ ] Regular review scheduled
Security isn't one-and-done.
Verify:
- Security review cadence set
- Patch management process
- Access review scheduled
The Quick Version
Must-Haves (Deploy Blockers)
- Authentication required
- HTTPS only
- Not bound to 0.0.0.0
- Credentials encrypted
- Kill switch available
- Basic logging enabled
Should-Haves (Production Quality)
- Egress controls
- Human-in-the-loop
- Comprehensive audit logging
- Rate limiting
- Security documentation
Nice-to-Haves (Enterprise Ready)
- SSO integration
- SIEM export
- Compliance certifications
- Custom retention policies
How Many Can You Check?
| Score | Status |
|---|---|
| 27/27 | Production ready |
| 20-26 | Almost there—address gaps |
| 15-19 | Significant work needed |
| <15 | Not ready for production |
The Shortcut: Clawctl
Building all 27 controls takes weeks. Clawctl includes them by default:
| Checklist Item | Self-Build | Clawctl |
|---|---|---|
| Gateway authentication | 8-16 hours | Included |
| Egress controls | 4-8 hours | Included |
| Audit logging | 8-16 hours | Included |
| Kill switch | 4-8 hours | Included |
| Encryption | 4-8 hours | Included |
| Human-in-the-loop | 8-16 hours | Included |
| Total | 36-72 hours | 60 seconds |
Frequently Asked Questions
Do I really need all 27 items?
For production with real users or sensitive data? Yes. For internal experimentation? You can skip some, but understand the risks.
What's the minimum for a pilot?
Must-haves: Authentication, HTTPS, not 0.0.0.0, basic logging, kill switch. That's the minimum responsible deployment.
How often should I review this checklist?
Before initial deployment, after major changes, and quarterly for ongoing deployments.
What if my security team has additional requirements?
This checklist is a foundation. Your organization may have additional requirements based on industry, compliance, or risk tolerance.
Download the Checklist
Print this checklist and verify each item before deployment:
AI AGENT PRODUCTION DEPLOYMENT CHECKLIST
AUTHENTICATION & ACCESS
[ ] 1. Authentication required
[ ] 2. Strong auth mechanism
[ ] 3. Role-based access
[ ] 4. Session management
NETWORK SECURITY
[ ] 5. Not bound to 0.0.0.0
[ ] 6. HTTPS only
[ ] 7. Egress controls
[ ] 8. Network isolation
CREDENTIAL SECURITY
[ ] 9. No plaintext credentials
[ ] 10. Runtime injection
[ ] 11. LLM keys protected
[ ] 12. Rotation possible
AUDIT & LOGGING
[ ] 13. All actions logged
[ ] 14. Logs searchable
[ ] 15. Logs exportable
[ ] 16. Retention configured
OPERATIONAL CONTROLS
[ ] 17. Kill switch available
[ ] 18. Human-in-the-loop
[ ] 19. Rate limits set
[ ] 20. Resource limits set
DATA PROTECTION
[ ] 21. Data classification
[ ] 22. Encryption at rest
[ ] 23. Retention policy
COMPLIANCE
[ ] 24. Documentation complete
[ ] 25. Requirements identified
[ ] 26. Incident response plan
[ ] 27. Review scheduled
Score: ___/27
Deploy with all 27 controls built-in → | Security deep dive →