Claude-code-plugins-plus-skills alchemy-prod-checklist
install
source · Clone the upstream repo
git clone https://github.com/jeremylongshore/claude-code-plugins-plus-skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/jeremylongshore/claude-code-plugins-plus-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/plugins/saas-packs/alchemy-pack/skills/alchemy-prod-checklist" ~/.claude/skills/jeremylongshore-claude-code-plugins-plus-skills-alchemy-prod-checklist && rm -rf "$T"
manifest:
plugins/saas-packs/alchemy-pack/skills/alchemy-prod-checklist/SKILL.mdsource content
Alchemy Production Checklist
Pre-Launch Checklist
API & Infrastructure
- API key restricted to production domains in Alchemy Dashboard
- Separate Alchemy apps for dev/staging/prod environments
- Rate limit headroom verified (< 70% of CU/sec budget)
- Retry logic with exponential backoff implemented
- Error monitoring configured (Sentry, Datadog, etc.)
- Webhook endpoints HTTPS-only with signature verification
Security
- API key NOT in frontend code — proxied through backend
- Private keys in secret manager (not env files)
- All user-supplied addresses validated and checksummed
- No
of sensitive data in production buildsconsole.log - npm audit clean — no critical vulnerabilities
Smart Contracts (if applicable)
- Contracts audited by reputable firm
- Deployed and verified on Etherscan/Polygonscan
- Admin keys secured in multi-sig wallet
- Emergency pause function tested
Performance
- Response caching for frequently-queried data (balances, metadata)
- Connection pooling for provider instances
- Batch requests where possible (NFT metadata, balances)
- WebSocket reconnection logic for real-time subscriptions
Validation Script
// src/prod/readiness.ts import { Alchemy, Network } from 'alchemy-sdk'; async function checkReadiness(): Promise<void> { const checks: Array<{ name: string; pass: boolean; detail: string }> = []; // 1. API connectivity const alchemy = new Alchemy({ apiKey: process.env.ALCHEMY_API_KEY, network: Network.ETH_MAINNET }); try { const block = await alchemy.core.getBlockNumber(); checks.push({ name: 'API Connectivity', pass: true, detail: `Block ${block}` }); } catch (err: any) { checks.push({ name: 'API Connectivity', pass: false, detail: err.message }); } // 2. Enhanced API try { await alchemy.core.getTokenBalances('0x0000000000000000000000000000000000000000'); checks.push({ name: 'Enhanced API', pass: true, detail: 'getTokenBalances works' }); } catch { checks.push({ name: 'Enhanced API', pass: false, detail: 'Enhanced API unavailable' }); } // 3. NFT API try { await alchemy.nft.getContractMetadata('0xBC4CA0EdA7647A8aB7C2061c2E118A18a936f13D'); checks.push({ name: 'NFT API', pass: true, detail: 'getContractMetadata works' }); } catch { checks.push({ name: 'NFT API', pass: false, detail: 'NFT API unavailable' }); } // 4. API key not in build output const fs = await import('fs'); const buildDir = './dist'; if (fs.existsSync(buildDir)) { const content = fs.readdirSync(buildDir, { recursive: true }) .filter((f: any) => f.toString().endsWith('.js')) .map((f: any) => fs.readFileSync(`${buildDir}/${f}`, 'utf8')) .join(''); const apiKeyExposed = content.includes(process.env.ALCHEMY_API_KEY || ''); checks.push({ name: 'API Key Safety', pass: !apiKeyExposed, detail: apiKeyExposed ? 'CRITICAL: API key found in build!' : 'API key not in build' }); } // Print results console.log('\n=== Alchemy Production Readiness ===\n'); for (const c of checks) { console.log(`[${c.pass ? 'PASS' : 'FAIL'}] ${c.name}: ${c.detail}`); } const failures = checks.filter(c => !c.pass); console.log(`\n${failures.length === 0 ? 'READY FOR PRODUCTION' : `${failures.length} BLOCKING ISSUES`}`); } checkReadiness().catch(console.error);
Output
- All checklist items validated
- Readiness script with pass/fail reporting
- API key exposure scan in build output
- Multi-network connectivity verified
Resources
Next Steps
For version upgrades, see
alchemy-upgrade-migration