Agent Skills: Anthropic Production Checklist

Anthropic Production Checklist

Overview

Before going live with a Claude-powered app, verify every item below.

Authentication & Security

• [ ] API key stored in secrets manager (not in code or env file on disk)
• [ ] Key rotated — not the same one used during development
• [ ] Server-side only — no key exposed to client/browser
• [ ] Per-user rate limiting in place
• [ ] Input validation: max length, content filtering
• [ ] System prompt includes injection guardrails

Output

• All checklist items verified (authentication, error handling, streaming, cost, monitoring, reliability, content, performance)
• Production API key configured with appropriate spending limits
• Monitoring and alerting in place
• Fallback behavior tested for API outages

Error Handling

• [ ] All Anthropic API calls wrapped in try/catch
• [ ] RateLimitError (429) → backoff and retry
• [ ] OverloadedError (529) → fallback model or queue
• [ ] AuthenticationError (401) → alert team, don't retry
• [ ] InvalidRequestError (400) → log and fix, don't retry
• [ ] Network errors → retry with backoff
• [ ] Request IDs logged for every error (for support tickets)

Streaming

• [ ] Using client.messages.stream() for user-facing responses
• [ ] Stream errors handled (connection drops, incomplete responses)
• [ ] stop_reason checked: end_turn vs max_tokens (incomplete)

Cost Controls

• [ ] max_tokens set to realistic values (not 4096 for short answers)
• [ ] Correct model for each task (Haiku for simple, Sonnet for balanced)
• [ ] Prompt caching enabled for repeated system prompts
• [ ] Usage logging in place — tracking tokens and cost per request
• [ ] Spending alerts set in Anthropic console

Monitoring

• [ ] Response latency tracked (TTFT and total)
• [ ] Token usage tracked (input/output per request)
• [ ] Error rates dashboarded (by error type)
• [ ] Anthropic status page monitored (status.anthropic.com)

Reliability

• [ ] SDK maxRetries set (default 2 is fine for most)
• [ ] Timeout configured for your use case (timeout option)
• [ ] Single client instance reused (not created per request)
• [ ] Graceful degradation if Claude is down (cached responses, fallback)

Content & Compliance

• [ ] System prompt tested against edge cases and adversarial inputs
• [ ] Output validated before showing to users (JSON parsing, length)
• [ ] Data retention settings configured in Anthropic console
• [ ] No unnecessary PII in prompts
• [ ] Usage policy compliance (Anthropic's Acceptable Use Policy)

Performance

• [ ] p95 latency acceptable for your UX
• [ ] Prompt caching for latency-sensitive paths
• [ ] Parallel requests where possible (Promise.all)
• [ ] Client-side streaming UI implemented

Examples

Each section above is a verifiable checklist. Work through Authentication & Security, Error Handling, Streaming, Cost Controls, Monitoring, Reliability, Content & Compliance, and Performance sections.

Resources

• API Best Practices
• Error Handling
• Rate Limits
• Acceptable Use Policy

Next Steps

See clade-observability for monitoring setup.

Prerequisites

• All other anthropic skills reviewed
• Application feature-complete and tested locally
• Production API key created (separate from dev)
• Deployment platform selected

Instructions

Step 1: Review the patterns below

Each section contains production-ready code examples. Copy and adapt them to your use case.

Step 2: Apply to your codebase

Integrate the patterns that match your requirements. Test each change individually.

Step 3: Verify

Run your test suite to confirm the integration works correctly.