> For the complete documentation index, see [llms.txt](https://docs.antivamp.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.antivamp.io/production/10_production_onboarding.md).

# Production Onboarding

Sandbox and production are **fully isolated**: separate API key prefixes (`av_sbx_` vs `av_live_`), separate signing keys (verified via different `keyId`s at `/v1/keys`), separate partner state, separate rate limits, and environment-tagged responses (`X-AntiVamp-Environment` header + `environment` field). A sandbox key can never produce a production decision, and vice versa.

## Partner lifecycle

```
sandbox_only → production_requested → under_review → approved → active
                                                          ↘ suspended ↔ active
                                                          ↘ revoked
```

## Steps to production

1. **Integrate in sandbox** with `av_sbx_…` (self-serve at `/integrations`).
2. **Pass conformance**: `npx antivamp-conformance` green.
3. **Request production access** — provide:
   * Verified organization + technical contact + **security contact**
   * Allowed launchpad domains and server IPs (where applicable)
   * Supported chains + expected request volume
   * Verified webhook endpoint
   * Failure-policy acknowledgment + terms accepted
4. **Review & approval** by an AntiVamp operator (ops console). On approval a **production key is issued once** over a secure channel, scoped and optionally expiring.
5. **Go live** against `av_live_…`. Higher rate limits; production-signed decisions (distinct `keyId`).

## Production key properties

Shown once · stored hashed (SHA-256) · env-prefixed · scoped · optional expiration · rotatable · revocable (with actor + reason) · `last_used_at` recorded · created/revoked actor recorded · never logged.

Scopes: `identity:read`, `launch:validate`, `launch:report`, `event:report`, `webhook:manage`, `usage:read`, `dispute:create`.

## Environment identification

Every partner API response includes the environment. Validation responses add `X-AntiVamp-Environment` and `X-AntiVamp-Decision` headers. Verify the decision `keyId` resolves to a key whose `environment` matches what you expect.

## Physical isolation note

Logical isolation (keys, signing, state, rate limits, env tagging) is enforced in code today. For maximum blast-radius isolation a separate production database/domain (`api.antivamp.io` vs `sandbox-api.antivamp.io`) is a deployment step — the app is env-driven to support it. See the deployment checklist.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.antivamp.io/production/10_production_onboarding.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
