Skip to content

Production Checklist

Alpha

These guidelines apply to alpha deployments. Production SLAs and guarantees will be defined before general availability.

Before deploying auditors to production, ensure your images meet the Lucid security requirements.

Auditor Image Requirements

1. Notarized Images

In production, the Lucid platform refuses to run auditors that are not cryptographically notarized.

  • Run lucid auditor publish for every custom auditor image
  • Verify the image digest matches the one registered in the Lucid Verifier
lucid auditor publish my-auditor:v1Pushing image to registry...
Registering digest with Verifier...
[+] Auditor published and notarized.

2. Compliance Verification

Before publishing, verify your auditor meets the Lucid Standard:

lucid auditor verify my-auditor:v1[+] Basic labels found.
[+] Compliance probe successful!
[*] Verification complete. Auditor is compliant.

3. Non-Root Execution

  • Ensure your Auditor Dockerfile uses a non-root user (UID > 1000)
# Example Dockerfile
FROM python:3.12-slim

# Create non-root user
RUN useradd -m -u 1001 appuser
USER appuser

WORKDIR /app
COPY --chown=appuser:appuser . .
RUN pip install --user lucid-sdk

CMD ["python", "main.py"]

Hardware Verification

AI Passport Verification

After deploying your agent, verify that attestation is working:

  • Deploy a test workload
  • Verify that the returned AI Passport shows hardware_attested: true
  • Ensure the signature chain reflects the hardware manufacturer's certificate (Intel/AMD)
lucid passport show <passport-id>Passport ID: pass-001
Hardware Attested: true
TEE Type: AMD SEV-SNP
Signature: Valid (AMD Root CA)

Monitoring Setup

Log Monitoring

  • Connect your agents to the Lucid Observer dashboard
  • Verify that audit logs for blocked/redacted requests appear in real-time

Access the Observer dashboard at https://observer.lucid.sh.

Support

For assistance with production deployments, contact the Lucid Engineering team at support@lucid.sh.