Field Notes · 11 · July 18, 2026 · Kyle Tysvaer

How to tell if your app is actually production-ready

The question I get most often lately isn't "can you build me an app." It's some version of "is my app production ready?" Someone built something with Cursor, Claude, Lovable, or Bolt, clicked through it themselves a dozen times, and now they're staring at a launch date wondering if "it works" is actually true in the way that matters.

Here's the uncomfortable part: "it works in the demo" and "it's production-ready" are not the same claim, and nothing on the screen tells you which one you're looking at. The gap between those two sits exactly where AI-built apps get hurt — the tool built what you asked for, and stayed quiet about everything you didn't think to ask for.

I get why the gap is invisible. You built the thing, or you watched it get built, one prompt at a time. Every prompt you wrote turned into working code. What never turned into code is the pile of things you never thought to prompt for — because you didn't know they were load-bearing until something breaks against them. AI tools are extraordinarily good at building exactly the feature you describe. They have no opinion at all about the thing you didn't mention.

So instead of trusting a gut feeling, I run every app I take seriously through the same plain-language check before I'll call it ready. Thirteen layers, one line each. You don't need to be technical to run this yourself — you just need to be honest about the answers, and willing to say "I don't actually know" instead of assuming the best.

1. Frontend. Does it hold up on a phone, or only on the laptop you built it on? Most of your traffic is mobile, and that's not where you were testing.

2. APIs. When something goes wrong on submit, does the user get an error message, or silence? Silent failure means you lose the lead and never even hear about it.

3. Data. Can one customer see another customer's data if they poke at the URL? "It works" and "each user only sees their own data" are different claims, and AI tools ship the first one by default.

4. Auth. Is every protected action actually checked on the server, or just hidden behind a button in the interface? Hiding a button isn't security.

5. Hosting. Is this one server that falls over if it hiccups, or something that survives a bad night?

6. Cost. Is there anything between a bot, a bad loop, or a traffic spike and a bill you don't want to open?

7. CI/CD. Can you ship a fix through a normal process, or does someone need to hand-edit files on a live server at 11pm?

8. Security. Are there secrets sitting in client-side code? Is anything typed into a form trusted without being checked first?

9. Rate limits. What actually happens to your API bill and your uptime at 500 requests a minute from something that isn't a real customer?

10. Caching. Is every single page load recomputing everything from scratch, or is anything actually cached?

11. Scaling. What happens the day a post of yours goes semi-viral and ten times the normal traffic shows up at once?

12. Monitoring. Would you find out about an outage from a dashboard, or from a customer's angry email?

13. Recovery. Have you actually restored the app from a backup, or do you just believe one exists?

So — is my app production ready?

Run through those thirteen honestly. A "no" or a "not sure" on one or two isn't a crisis — most apps have a couple of soft spots, and you can usually patch them before launch with an afternoon of focused work. But if you're stacking up four, five, six "not sure"s, that's not a small-business problem anymore, that's a launch-day problem waiting for a customer to find it before you do.

Notice something about that list: not one of the thirteen is about whether the app "works." Working is the low bar — you already cleared it, or you wouldn't be reading a checklist about launching. What these thirteen actually test is what happens when the app meets conditions you didn't design for: a phone instead of a laptop, a stranger's traffic instead of yours, a bad actor instead of a beta tester, a bad night instead of a clean demo. That's the entire difference between a project and a product. I wrote more about the specific five gaps that show up almost every time in what your AI-built app is missing before launch, if you want the deeper version of any one of these.

None of this is a knock on building with AI. It's genuinely the best thing to happen to small operators in years — it just optimizes for the part of the work you can see, which means the load-bearing, unglamorous half quietly stays exactly where it was. That's the whole reason the Launch-Ready Audit exists: someone runs your build through all thirteen layers, hands you a scorecard with the specific holes and evidence, and ranks the fixes by what'll actually bite first. Two of the thirteen — data isolation and auth — are hard stops regardless of how good everything else looks.

Your Turn: pull up your own app right now and go line by line through the thirteen above. If you get through it clean, good — that's worth knowing too. If you don't, better you find the gap on a Tuesday afternoon than a customer finds it for you.

See how the Launch-Ready Audit works →

— Kyle Tysvaer, Founder, Insightful Eye Marketing

Your Turn

Find out what your build is missing

The Launch-Ready Audit runs your AI-built app through all 13 layers — frontend, APIs, data, auth, hosting, security, rate limits, and recovery — and hands you a scorecard, the specific holes with evidence, and a fix list ranked by what'll bite first.

See the Launch-Ready Audit