Agent-Skills.md

Agent Skills: Evernote Production Checklist

|

UncategorizedID: jeremylongshore/claude-code-plugins-plus-skills/evernote-prod-checklist

Repository

jeremylongshore/claude-code-plugins-plus-skills
jeremylongshoreLicense: NOASSERTION
1,723221

Install this agent skill to your local

pnpm dlx add-skill https://github.com/jeremylongshore/claude-code-plugins-plus-skills/tree/HEAD/plugins/saas-packs/evernote-pack/skills/evernote-prod-checklist

Skill Files

Browse the full folder contents for evernote-prod-checklist.

Download Skill

Loading file tree…

plugins/saas-packs/evernote-pack/skills/evernote-prod-checklist/SKILL.md

Skill Metadata

Name
evernote-prod-checklist
Description
|

Evernote Production Checklist

Overview

Comprehensive checklist for deploying Evernote integrations to production, covering API key activation, security hardening, rate limit handling, monitoring, and go-live verification.

Prerequisites

  • Completed development and testing in sandbox
  • Production API key approved by Evernote (requires review process)
  • Production infrastructure provisioned

Instructions

API Key & Authentication

  • [ ] Production API key requested and approved by Evernote
  • [ ] EVERNOTE_SANDBOX=false in production config
  • [ ] Consumer key and secret stored in secrets manager (not env files)
  • [ ] OAuth callback URL uses HTTPS on production domain
  • [ ] Token expiration tracking implemented (edam_expires)
  • [ ] Token refresh/re-auth flow tested end-to-end

Security

  • [ ] Access tokens encrypted at rest (AES-256-GCM)
  • [ ] CSRF protection on OAuth flow
  • [ ] API credentials not in source control (.env in .gitignore)
  • [ ] Log output redacts tokens and PII
  • [ ] Input validation on all user-supplied content (ENML sanitization)
  • [ ] Rate limit handling prevents API key suspension

Rate Limits & Performance

  • [ ] Exponential backoff on RATE_LIMIT_REACHED errors
  • [ ] Minimum delay between API calls (100-200ms)
  • [ ] Response caching for listNotebooks() and listTags() (5-10 min TTL)
  • [ ] findNotesMetadata() used instead of findNotes() for listings
  • [ ] Batch operations use sequential processing with delays

Monitoring & Alerting

  • [ ] Health check endpoint verifies Evernote API connectivity
  • [ ] Metrics tracked: API call count, latency, error rate, rate limits
  • [ ] Alerts configured for rate limits, auth failures, and high error rates
  • [ ] Structured logging with correlation IDs
  • [ ] Quota usage monitoring with threshold alerts (75%, 90%)

Data Integrity

  • [ ] ENML validation before every createNote/updateNote call
  • [ ] Note titles sanitized (max 255 chars, no newlines)
  • [ ] Tag names validated (max 100 chars, no commas)
  • [ ] Resource hashes verified (MD5 match)
  • [ ] Sync state (USN) tracked and persisted for incremental sync

Deployment

  • [ ] Production Docker image built with multi-stage build
  • [ ] NODE_ENV=production set in container
  • [ ] Graceful shutdown handles in-flight API calls
  • [ ] Rollback plan documented and tested
  • [ ] Deployment verification script runs post-deploy

Verification Script

#!/bin/bash
set -euo pipefail

echo "Verifying Evernote production deployment..."

# 1. Health check
curl -sf "$APP_URL/health" | jq '.evernoteApi' | grep -q '"connected"'
echo "  Health check: PASS"

# 2. Create test note
GUID=$(curl -sf "$APP_URL/api/test-note" | jq -r '.guid')
echo "  Note creation: PASS (GUID: $GUID)"

# 3. Clean up test note
curl -sf -X DELETE "$APP_URL/api/notes/$GUID"
echo "  Cleanup: PASS"

echo "All checks passed."

For the complete checklist details and verification scripts, see Implementation Guide.

Output

  • Production readiness checklist (API keys, security, performance, monitoring)
  • Verification script for post-deployment testing
  • Security audit checklist for credential and token management
  • Monitoring setup verification

Error Handling

| Error | Cause | Solution | |-------|-------|----------| | INVALID_AUTH in production | Using sandbox token with production endpoint | Verify EVERNOTE_SANDBOX=false matches production key | | Verification script fails | Service not healthy after deploy | Check logs, rollback if needed | | Rate limits on launch | Burst of API calls at startup | Add startup delay, warm caches gradually | | PERMISSION_DENIED | Production key missing permissions | Contact Evernote developer support |

Resources

Next Steps

For version upgrades, see evernote-upgrade-migration.

Examples

Go-live checklist: Walk through each section, check off items, run the verification script, and sign off with the team before switching DNS to the production deployment.

Security audit: Review encrypted token storage, verify log redaction, confirm CSRF protection, and test token expiration handling before the production launch.