attio-prod-checklist
Production readiness checklist for Attio API integrations -- auth, error handling, rate limits, health checks, monitoring, and rollback. Trigger: "attio production", "deploy attio", "attio go-live", "attio launch checklist", "attio production ready".
Best use case
attio-prod-checklist is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Production readiness checklist for Attio API integrations -- auth, error handling, rate limits, health checks, monitoring, and rollback. Trigger: "attio production", "deploy attio", "attio go-live", "attio launch checklist", "attio production ready".
Teams using attio-prod-checklist should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/attio-prod-checklist/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How attio-prod-checklist Compares
| Feature / Agent | attio-prod-checklist | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Production readiness checklist for Attio API integrations -- auth, error handling, rate limits, health checks, monitoring, and rollback. Trigger: "attio production", "deploy attio", "attio go-live", "attio launch checklist", "attio production ready".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Attio Production Checklist
## Overview
Systematic checklist for launching Attio API integrations in production. Covers the real failure modes observed in Attio integrations.
## Prerequisites
- Staging environment tested
- Production API token created with minimal scopes
- Monitoring infrastructure available
## Instructions
### Phase 1: Authentication & Secrets
```
[ ] Production token created with minimal scopes (see attio-security-basics)
[ ] Token stored in platform secrets manager (not env file on disk)
[ ] Separate tokens for dev/staging/prod environments
[ ] .env files in .gitignore
[ ] No tokens in logs, error messages, or client-side bundles
[ ] Token rotation procedure documented
```
**Verify:**
```bash
# Confirm production token works
curl -s -o /dev/null -w "%{http_code}" \
https://api.attio.com/v2/objects \
-H "Authorization: Bearer ${ATTIO_API_KEY_PROD}"
# Must return 200
```
### Phase 2: Error Handling
```
[ ] All API calls wrapped in try/catch
[ ] AttioApiError class distinguishes retryable (429, 5xx) from fatal errors
[ ] Exponential backoff with jitter on 429 responses
[ ] Retry-After header honored (Attio sends a date, not seconds)
[ ] 5xx errors retried (Attio may have transient issues)
[ ] 400/422 validation errors logged with request body for debugging
[ ] 403 scope errors produce actionable log messages
[ ] 404 errors handled gracefully (records can be deleted/merged)
```
### Phase 3: Rate Limiting
```
[ ] Queue-based throttling implemented (p-queue or similar)
[ ] Concurrency limited to 5-10 parallel requests
[ ] Bulk operations use query endpoint (1 POST) instead of N GETs
[ ] Batch imports use offset-based pagination, not individual fetches
[ ] Rate limit monitor logs approaching-limit warnings
```
**Key fact:** Attio uses a 10-second sliding window. Rate limit scores are summed across all tokens in the workspace.
### Phase 4: Data Integrity
```
[ ] Record creation uses PUT (assert) for idempotent upserts where possible
[ ] Email/domain values validated before sending to API
[ ] Phone numbers formatted in E.164 ("+14155551234")
[ ] Record-reference attributes use verified target_record_ids
[ ] Pagination handles all pages (check data.length === limit to know if more)
[ ] Webhook events processed idempotently (deduplicate by event ID)
```
### Phase 5: Health Check Endpoint
```typescript
// api/health.ts -- include Attio in your health check
export async function GET() {
const start = Date.now();
let attioStatus: "healthy" | "degraded" | "down" = "down";
let attioLatency = 0;
try {
const res = await fetch("https://api.attio.com/v2/objects", {
headers: { Authorization: `Bearer ${process.env.ATTIO_API_KEY}` },
signal: AbortSignal.timeout(5000),
});
attioLatency = Date.now() - start;
attioStatus = res.ok ? "healthy" : "degraded";
} catch {
attioLatency = Date.now() - start;
}
return Response.json({
status: attioStatus === "healthy" ? "healthy" : "degraded",
services: {
attio: { status: attioStatus, latencyMs: attioLatency },
},
timestamp: new Date().toISOString(),
});
}
```
### Phase 6: Monitoring & Alerting
```
[ ] Health check endpoint hits Attio every 60s
[ ] Alert on: 5xx errors > 3/min (P1)
[ ] Alert on: 429 errors > 5/min (P2)
[ ] Alert on: 401/403 errors > 0 (P1 -- token may be revoked)
[ ] Alert on: Health check latency > 3000ms (P2)
[ ] Alert on: Health check failure 3 consecutive times (P1)
[ ] Log all Attio API calls with: method, path, status, duration_ms
```
**Structured logging example:**
```typescript
function logAttioCall(
method: string,
path: string,
status: number,
durationMs: number,
error?: string
): void {
console.log(JSON.stringify({
service: "attio",
method,
path,
status,
durationMs,
error,
timestamp: new Date().toISOString(),
}));
}
```
### Phase 7: Graceful Degradation
```typescript
// Circuit breaker: stop calling Attio if consistently failing
class AttioCircuitBreaker {
private consecutiveFailures = 0;
private openUntil = 0;
async call<T>(operation: () => Promise<T>, fallback: T): Promise<T> {
if (Date.now() < this.openUntil) {
console.warn("Attio circuit open, using fallback");
return fallback;
}
try {
const result = await operation();
this.consecutiveFailures = 0;
return result;
} catch (err) {
this.consecutiveFailures++;
if (this.consecutiveFailures >= 5) {
this.openUntil = Date.now() + 30_000; // 30s cooldown
console.error("Attio circuit opened after 5 failures");
}
return fallback;
}
}
}
```
### Phase 8: Webhook Production Config
```
[ ] Webhook endpoint uses HTTPS (required)
[ ] Signature verification implemented (see attio-security-basics)
[ ] Replay attack protection: reject timestamps > 5 minutes old
[ ] Idempotency: deduplicate events by event ID
[ ] Webhook handler returns 200 quickly, processes async
[ ] Failed processing triggers retry (return 5xx to Attio)
[ ] Webhook secret stored in secrets manager
```
### Phase 9: Rollback Plan
```
[ ] Previous deployment artifact available
[ ] Database migrations are backwards-compatible
[ ] Feature flag to disable Attio integration without deploy
[ ] Documented: how to roll back, who to notify, what to monitor
```
```typescript
// Feature flag example
const ATTIO_ENABLED = process.env.ATTIO_ENABLED !== "false";
async function syncToAttio(data: any): Promise<void> {
if (!ATTIO_ENABLED) {
console.log("Attio sync disabled via feature flag");
return;
}
await client.post("/objects/people/records", { data });
}
```
## Error Handling
| Pre-launch check | Risk if skipped |
|-----------------|----------------|
| Token scoping | Data breach via over-permissioned token |
| Rate limit handling | Cascading failures during bulk operations |
| Retry-After parsing | Infinite retry loops or dropped requests |
| Health check | Silent failures go undetected |
| Webhook verification | Attacker can inject fake events |
| Circuit breaker | Attio outage takes down your entire app |
## Resources
- [Attio REST API Overview](https://docs.attio.com/rest-api/overview)
- [Attio Rate Limiting](https://docs.attio.com/rest-api/guides/rate-limiting)
- [Attio Status Page](https://status.attio.com)
- [Attio Webhooks Guide](https://docs.attio.com/rest-api/guides/webhooks)
## Next Steps
For version upgrades, see `attio-upgrade-migration`.Related Skills
product-brief
Structured product brief and PRD creation assistant. Use when the user needs to write a product brief, PRD, feature spec, or any document that defines what to build and why. Triggers include "product brief", "PRD", "spec", "feature doc", "write a brief", "define this feature", or when scoping work for engineering.
kafka-producer-consumer
Kafka Producer Consumer - Auto-activating skill for Backend Development. Triggers on: kafka producer consumer, kafka producer consumer Part of the Backend Development skill category.
governance-checklist-generator
Governance Checklist Generator - Auto-activating skill for Enterprise Workflows. Triggers on: governance checklist generator, governance checklist generator Part of the Enterprise Workflows skill category.
genkit-production-expert
Build production Firebase Genkit applications including RAG systems, multi-step flows, and tool calling for Node.js/Python/Go. Deploy to Firebase Functions or Cloud Run with AI monitoring. Use when asked to "create genkit flow" or "implement RAG". Trigger with relevant phrases based on skill purpose.
exa-prod-checklist
Execute Exa production deployment checklist with pre-flight, deploy, and rollback. Use when deploying Exa integrations to production, preparing for launch, or verifying production readiness. Trigger with phrases like "exa production", "deploy exa to prod", "exa go-live", "exa launch checklist", "exa production ready".
evernote-prod-checklist
Production readiness checklist for Evernote integrations. Use when preparing to deploy Evernote integration to production, or auditing production readiness. Trigger with phrases like "evernote production", "deploy evernote", "evernote go live", "production checklist evernote".
elevenlabs-prod-checklist
Execute ElevenLabs production deployment checklist with health checks and rollback. Use when deploying TTS/voice integrations to production, preparing for launch, or implementing go-live procedures for ElevenLabs-powered apps. Trigger: "elevenlabs production", "deploy elevenlabs", "elevenlabs go-live", "elevenlabs launch checklist", "production TTS".
documenso-prod-checklist
Execute Documenso production deployment checklist and rollback procedures. Use when deploying Documenso integrations to production, preparing for launch, or implementing go-live procedures. Trigger with phrases like "documenso production", "deploy documenso", "documenso go-live", "documenso launch checklist".
deepgram-prod-checklist
Execute Deepgram production deployment checklist. Use when preparing for production launch, auditing production readiness, or verifying deployment configurations. Trigger: "deepgram production", "deploy deepgram", "deepgram prod checklist", "deepgram go-live", "production ready deepgram".
databricks-prod-checklist
Execute Databricks production deployment checklist and rollback procedures. Use when deploying Databricks jobs to production, preparing for launch, or implementing go-live procedures. Trigger with phrases like "databricks production", "deploy databricks", "databricks go-live", "databricks launch checklist".
customerio-prod-checklist
Execute Customer.io production deployment checklist. Use when preparing for production launch, auditing integration quality, or performing pre-launch validation. Trigger: "customer.io production", "customer.io checklist", "deploy customer.io", "customer.io go-live", "customer.io launch".
cursor-prod-checklist
Production readiness checklist for Cursor IDE setup: security, rules, indexing, privacy, and team standards. Triggers on "cursor production", "cursor ready", "cursor checklist", "optimize cursor setup", "cursor onboarding".