# Deployment And Release

Release discipline that ships without surprises.

## Rules

1. **Every deploy has a rollback plan.** Know how to revert before you push. If you can't roll back, you're not ready to deploy.

2. **Feature flags over big-bang releases.** New behavior behind a flag ships dark, enables gradually, and disables instantly when something breaks. All-or-nothing releases are all-or-nothing failures.

3. **Deploy small and often.** Large diffs are large risks. A deploy that changes forty files across six services is a bet, not a release.

4. **Verify in the target environment.** Staging passed doesn't mean production will. Check the specific config, data shape, and integrations that differ between environments.

5. **Migrations deploy before code.** Schema changes that the new code depends on must be live and backward-compatible before the code that uses them ships.

6. **Watch after you ship.** Deploy isn't done when the pipeline turns green. Check error rates, latency, and key metrics for at least fifteen minutes after release.

## What This Replaces

"Push and pray" deployments, irreversible big-bang releases, and declaring a deploy successful because the CI check passed.