83 lines
2.9 KiB
Markdown
83 lines
2.9 KiB
Markdown
# Task Review Checklist
|
|
|
|
Complete this checklist before implementation starts.
|
|
|
|
## Foundation Review
|
|
|
|
- [ ] Reviewed `AGENTS.md`
|
|
- [ ] Reviewed `docs/standards/project-foundations.md`
|
|
- [ ] Reviewed the relevant reusable foundations under `src/features/foundation/**`
|
|
- [ ] Reviewed the relevant CRM feature foundations under `src/features/crm/**`
|
|
- [ ] Confirmed whether the task extends an existing service before creating a new one
|
|
|
|
## ADR Review
|
|
|
|
- [ ] Reviewed relevant `docs/adr/**`
|
|
- [ ] Confirmed whether the requested behavior conflicts with an accepted ADR
|
|
- [ ] Documented if a new ADR is required
|
|
|
|
## Historical Task Review
|
|
|
|
- [ ] Identified related foundations in `docs/standards/project-foundations.md`
|
|
- [ ] Identified related ADRs
|
|
- [ ] Identified the tasks that created or changed those foundations in `docs/standards/task-catalog.md`
|
|
- [ ] Reviewed the related completed task documents in `docs/implementation/**`
|
|
- [ ] Documented historical findings before implementation
|
|
|
|
Implementation without historical review is prohibited.
|
|
|
|
## Business Context Review
|
|
|
|
- [ ] Reviewed relevant `docs/business/**`
|
|
- [ ] Confirmed business terminology and scope
|
|
- [ ] Checked whether Thai CRM terminology rules apply
|
|
|
|
## API Review
|
|
|
|
- [ ] Reviewed existing route handlers under the affected `src/app/api/**` area
|
|
- [ ] Confirmed whether an existing API can be extended instead of duplicated
|
|
- [ ] Confirmed request/response contracts and validation approach
|
|
|
|
## Permission Review
|
|
|
|
- [ ] Reviewed `src/lib/auth/session.ts`
|
|
- [ ] Reviewed `src/lib/auth/crm-access.ts` if CRM scope is involved
|
|
- [ ] Reviewed `src/features/crm/security/server/service.ts` if CRM security is involved
|
|
- [ ] Reviewed relevant `docs/security/**`
|
|
- [ ] Confirmed server-side enforcement points
|
|
|
|
## Audit Review
|
|
|
|
- [ ] Reviewed `src/features/foundation/audit-log/service.ts`
|
|
- [ ] Checked existing entity/action names for the affected module
|
|
- [ ] Confirmed whether security-denial auditing is required
|
|
- [ ] Confirmed audit payload expectations
|
|
|
|
## Duplication Review
|
|
|
|
- [ ] No duplicate services
|
|
- [ ] No duplicate APIs
|
|
- [ ] No duplicate permissions or role models
|
|
- [ ] No duplicate export/report systems
|
|
- [ ] No duplicate PDF rendering path
|
|
- [ ] No duplicate approval workflow logic
|
|
|
|
## Security Review
|
|
|
|
- [ ] Direct role-string authorization is not used
|
|
- [ ] Scope enforcement is server-side
|
|
- [ ] Branch/product/ownership/pricing visibility is enforced where applicable
|
|
- [ ] Client-side visibility is treated as UX-only, not as security
|
|
|
|
## UI / UX Review
|
|
|
|
- [ ] Reviewed `docs/standards/ui-ux-rules.md`
|
|
- [ ] Reused `PageContainer`, table, filter, and form patterns where applicable
|
|
- [ ] Confirmed terminology consistency with `docs/business/crm-terminology.md`
|
|
|
|
## Verification Review
|
|
|
|
- [ ] Defined typecheck/lint/test verification
|
|
- [ ] Defined manual scenarios for scope/security-sensitive work
|
|
- [ ] Recorded known risks and follow-up items
|