Next.js 16 production checklist: 90 minutes from MVP to launch-ready (UK guide)

You shipped your MVP. Claude Code wrote most of it, Vercel deployed it, and you're tempted to tell the internet right now. Don't. Spend 90 minutes on this checklist first. It's the difference between a launch that converts the first ten people and a launch that gets a screenshot on Twitter with a red error banner.

This is a pre-launch checklist for UK solo builders shipping a Next.js 16 app. Every item is either a thing that will bite you in the first week of real users, or a thing that costs nothing to do now and £££ to fix later.

The 90-minute rundown

Twelve sections, five to ten minutes each. Do them in order.

1. Environment variables — you've probably got this wrong

Vercel scopes env vars to Development, Preview, and Production. Most AI-built projects only set Development. Run through every env var and confirm it's set for Production too.

Rules:

• NEXT_PUBLIC_* vars are exposed to the browser. Anything secret MUST NOT have that prefix.
• Use vercel env pull .env.local to pull down current config locally. If there's a key you don't recognise, investigate before overwriting it.
• Rotate any secret that was committed to git — even in an early commit you've since deleted. Git never forgets.

2. Database — dev and prod should be different projects

If your Supabase or Neon project is shared between local development and production, stop and split them now. One shared project means any Claude Code session that runs a migration against your local .env will also hit prod.

While you're there:

• Confirm Row Level Security (RLS) is enabled on every table that holds user data. A Supabase policy of USING (auth.uid() = user_id) is the minimum.
• Schedule daily backups. Supabase Pro and Neon Pro both include point-in-time recovery — use it.
• Note your Postgres version. Upgrade in the low-risk window (weekend morning), not on launch day.

3. Error monitoring — Sentry's free tier is enough

If your app throws an error in production and you don't know about it, you're going to find out from a user email two hours later. Install Sentry now.

npx @sentry/wizard@latest -i nextjs

The free tier covers 5,000 errors a month — comfortably more than a solo-builder MVP will produce. Configure source maps so stack traces are readable, and add your Vercel deployment URL to the allowed origins list.

As a second layer, turn on Vercel Log Drains to a service like BetterStack. Logs are where you'll find the weird stuff Sentry didn't catch.

4. Analytics — Vercel Analytics first, GA4 only if you need ecom

Vercel Analytics is cookieless, fast, GDPR-friendly out of the box, and takes one line to install:

npm install @vercel/analytics

Then <Analytics /> in your root layout. Done. You'll see traffic within an hour.

GA4 is a tax, not a gift. Only install it if you need ecommerce event data or if a future buyer will want a full GA history. For most solo-builder SaaS, Vercel Analytics plus Plausible (£6/mo) is a better stack than the GA4 / Consent Banner dance.

5. SEO basics — five things Google will hold against you

None of these are optional:

1. robots.txt — allow everything except what you don't want indexed (admin, API, preview URLs).
2. A dynamic sitemap at /sitemap.xml. In Next.js 16, use app/sitemap.ts and pull URLs from your database if you have a blog or product catalogue. Generating 8 URLs when you have 40 pages is the single most common self-inflicted indexing wound.
3. OG images. Use next/og to generate per-page images — it takes one file in app/opengraph-image.tsx.
4. Canonical tags on every page (the Next.js metadata API does this automatically if you set metadataBase).
5. A 404 page that doesn't 200. Next.js gets this right by default — don't break it.

6. Legal — the bits that are cheap if you do them now

Solo UK builders cut corners here and regret it on day 30 when a customer asks for the DPA.

• ICO registration fee. £40 a year if you're a data controller in the UK (you almost certainly are, the moment you take a name and email). Pay it: ico.org.uk/fee.
• Privacy policy. Use a template like Termly or iubenda (~£7/mo) or write your own from the ICO's checklist. Link to it from the footer.
• Cookies policy. If you use only cookieless analytics and essential session cookies, a short "we don't use tracking cookies" note is fine. If you add Stripe, Intercom, or anything else — you need a consent banner.
• Terms of service. Even a short one-pager is better than none.
• Company details. If you're trading as a limited company, the Companies Act 2006 requires your registered name, number, and address on the site (footer is fine).

7. Payments — Stripe test to live is one switch and three gotchas

Stripe makes live mode easy. The three things that get missed:

1. Swap STRIPE_SECRET_KEY from sk_test_... to sk_live_... in Vercel Production env vars (see step 1).
2. Create a new webhook endpoint in Stripe's live dashboard and copy the signing secret to STRIPE_WEBHOOK_SECRET for Production. The test and live secrets are different.
3. Add your business tax ID if you'll hit the VAT threshold (£90,000 in any 12-month rolling period, 2026 figure). You can add it later — just don't forget.

8. Performance — the three numbers Google will grade you on

Run npm run build and read the output. Anything >200 kB in a client bundle for a single route needs investigation.

Then load your production URL in Chrome Incognito and open DevTools → Lighthouse → Mobile.

Target scores:

• Performance: >85 (90+ is achievable with Vercel)
• LCP: <2.5s
• CLS: <0.1

Common wins:

• Use next/image for every image (never a raw <img> tag).
• Use next/font for custom fonts.
• Move anything that doesn't need to be interactive into a Server Component.

9. Observability — one dashboard you'll actually look at

Pick one tool you'll check each morning. If you pick two, you'll check neither.

For a solo-builder SaaS:

• BetterStack (free tier: 1 monitor) for uptime.
• Vercel Speed Insights for real-user performance.
• Sentry for errors (already installed in step 3).

Set one alert only: your production domain going down. Delete everything else. You don't need to know your p95 latency at 2am.

10. Launch-day smoke test — ten minutes, every time

Before you tell anyone, do this in a private window:

1. Load the landing page. Check it renders in under 3 seconds.
2. Sign up with a real email.
3. Confirm the verification email arrives.
4. Log out. Log back in.
5. Complete the main user journey (in a SaaS: create something, save it, reload, check it's still there).
6. Make a payment (Stripe live mode, you can refund it in the dashboard).
7. Confirm the receipt email arrives.
8. Check Sentry — any errors? Any warnings?
9. Check your database — did the payment create the expected row?
10. Sign up with a different email, confirm existing user data is isolated (RLS is working).

If any of these fail, don't launch. Fix and re-test.

11. A rollback plan

Vercel makes this easy — every deployment is a permanent URL, and you can promote any past deployment back to production in three clicks. Know where that button is before you need it (Vercel dashboard → Project → Deployments → three-dot menu → Promote to Production).

12. The thing I forgot to mention

Tell people. Not because marketing is hard — because nobody finds you by accident. Before you post anywhere, queue up: your launch tweet, a Show HN or r/SideHustleUK post (check subreddit rules first), an email to anyone who joined your waitlist, and one LinkedIn update.

Don't DM people cold. Don't buy traffic. Just make sure the people who said they wanted this actually know it exists.

What this checklist costs you

Item	Cost
Sentry	Free
Vercel Analytics	Free (included)
BetterStack	Free (1 monitor)
ICO fee	£40/year
Privacy policy template	~£7/mo (or free, DIY)
Domain + SSL	~£12/year (Vercel handles SSL)
Total first-year	~£100

A hundred quid for a launch-ready Next.js 16 app. That's less than a week's groceries.

What this checklist saves you

One production incident at 10pm on a Friday, fixed by a rollback because you knew where the button was. That alone is the 90 minutes back.

Next steps

• If you haven't deployed yet, start with deploy your AI-built app to Vercel.
• If you haven't added auth, do that first: add authentication to your AI-built SaaS.
• If you haven't integrated payments: Stripe subscriptions for AI-built SaaS in the UK.

---

Ready to build? Get this week's free data-backed UK business idea — full keyword data, SERP analysis, competitor research, and a builder prompt you can paste straight into Claude Code. Read the latest free report →