docs/PRODUCTION.md lists what to set but defers procedure. Each docs/guides/ guide covers one slice (aws-signers, observability, dashboard). No single guide assembles all production recommendations end-to-end.
Deliverable
Create docs/guides/production/README.md — a copy-pasteable walkthrough that lands an operator on a deployment satisfying every docs/PRODUCTION.md checklist item:
- DEPLOY_STAGE=prod, GUARDIAN_SERVER_FEATURES=postgres (+evm variant)
- RDS for state/metadata/audit; backup retention + deletion protection
- ACK signing: Falcon (Secrets Manager) + ECDSA (KMS, with SwitchGuardian caveat)
- Verified DB TLS (verify-full + sslrootcert)
- Explicit GUARDIAN_CORS_ALLOWED_ORIGINS
- Dashboard allowlist + pinned GUARDIAN_DASHBOARD_CURSOR_SECRET (multi-task)
- Prometheus metrics + bearer token
- Storage encryption
- Post-deploy validation of /, /pubkey, smoke path
Then add it to the docs/guides/README.md table and link it from docs/PRODUCTION.md "Step-by-step setup".
Rules
- Link to CONFIGURATION.md / SERVER_AWS_DEPLOY.md / runbooks for meanings and procedure — don't duplicate them.
- If a Compose stack is committed (matching aws-signers/), add a smoke test.
Open question
docs/PRODUCTION.md lists what to set but defers procedure. Each docs/guides/ guide covers one slice (aws-signers, observability, dashboard). No single guide assembles all production recommendations end-to-end.
Deliverable
Create docs/guides/production/README.md — a copy-pasteable walkthrough that lands an operator on a deployment satisfying every docs/PRODUCTION.md checklist item:
Then add it to the docs/guides/README.md table and link it from docs/PRODUCTION.md "Step-by-step setup".
Rules
Open question