2.9 KiB
2.9 KiB
Task Review Checklist
Complete this checklist before implementation starts.
Foundation Review
- Reviewed
AGENTS.md - Reviewed
docs/standards/project-foundations.md - Reviewed the relevant reusable foundations under
src/features/foundation/** - Reviewed the relevant CRM feature foundations under
src/features/crm/** - Confirmed whether the task extends an existing service before creating a new one
ADR Review
- Reviewed relevant
docs/adr/** - Confirmed whether the requested behavior conflicts with an accepted ADR
- Documented if a new ADR is required
Historical Task Review
- Identified related foundations in
docs/standards/project-foundations.md - Identified related ADRs
- Identified the tasks that created or changed those foundations in
docs/standards/task-catalog.md - Reviewed the related completed task documents in
docs/implementation/** - Documented historical findings before implementation
Implementation without historical review is prohibited.
Business Context Review
- Reviewed relevant
docs/business/** - Confirmed business terminology and scope
- Checked whether Thai CRM terminology rules apply
API Review
- Reviewed existing route handlers under the affected
src/app/api/**area - Confirmed whether an existing API can be extended instead of duplicated
- Confirmed request/response contracts and validation approach
Permission Review
- Reviewed
src/lib/auth/session.ts - Reviewed
src/lib/auth/crm-access.tsif CRM scope is involved - Reviewed
src/features/crm/security/server/service.tsif CRM security is involved - Reviewed relevant
docs/security/** - Confirmed server-side enforcement points
Audit Review
- Reviewed
src/features/foundation/audit-log/service.ts - Checked existing entity/action names for the affected module
- Confirmed whether security-denial auditing is required
- Confirmed audit payload expectations
Duplication Review
- No duplicate services
- No duplicate APIs
- No duplicate permissions or role models
- No duplicate export/report systems
- No duplicate PDF rendering path
- No duplicate approval workflow logic
Security Review
- Direct role-string authorization is not used
- Scope enforcement is server-side
- Branch/product/ownership/pricing visibility is enforced where applicable
- Client-side visibility is treated as UX-only, not as security
UI / UX Review
- Reviewed
docs/standards/ui-ux-rules.md - Reused
PageContainer, table, filter, and form patterns where applicable - Confirmed terminology consistency with
docs/business/crm-terminology.md
Verification Review
- Defined typecheck/lint/test verification
- Defined manual scenarios for scope/security-sensitive work
- Recorded known risks and follow-up items