Files
alla-allaos-fullstack/docs/standards/task-review-checklist.md
phaichayon c1ecd5ea50 commit
2026-06-23 22:13:08 +07:00

2.9 KiB

Task Review Checklist

Complete this checklist before implementation starts.

Foundation Review

  • Reviewed AGENTS.md
  • Reviewed docs/standards/project-foundations.md
  • Reviewed the relevant reusable foundations under src/features/foundation/**
  • Reviewed the relevant CRM feature foundations under src/features/crm/**
  • Confirmed whether the task extends an existing service before creating a new one

ADR Review

  • Reviewed relevant docs/adr/**
  • Confirmed whether the requested behavior conflicts with an accepted ADR
  • Documented if a new ADR is required

Historical Task Review

  • Identified related foundations in docs/standards/project-foundations.md
  • Identified related ADRs
  • Identified the tasks that created or changed those foundations in docs/standards/task-catalog.md
  • Reviewed the related completed task documents in docs/implementation/**
  • Documented historical findings before implementation

Implementation without historical review is prohibited.

Business Context Review

  • Reviewed relevant docs/business/**
  • Confirmed business terminology and scope
  • Checked whether Thai CRM terminology rules apply

API Review

  • Reviewed existing route handlers under the affected src/app/api/** area
  • Confirmed whether an existing API can be extended instead of duplicated
  • Confirmed request/response contracts and validation approach

Permission Review

  • Reviewed src/lib/auth/session.ts
  • Reviewed src/lib/auth/crm-access.ts if CRM scope is involved
  • Reviewed src/features/crm/security/server/service.ts if CRM security is involved
  • Reviewed relevant docs/security/**
  • Confirmed server-side enforcement points

Audit Review

  • Reviewed src/features/foundation/audit-log/service.ts
  • Checked existing entity/action names for the affected module
  • Confirmed whether security-denial auditing is required
  • Confirmed audit payload expectations

Duplication Review

  • No duplicate services
  • No duplicate APIs
  • No duplicate permissions or role models
  • No duplicate export/report systems
  • No duplicate PDF rendering path
  • No duplicate approval workflow logic

Security Review

  • Direct role-string authorization is not used
  • Scope enforcement is server-side
  • Branch/product/ownership/pricing visibility is enforced where applicable
  • Client-side visibility is treated as UX-only, not as security

UI / UX Review

  • Reviewed docs/standards/ui-ux-rules.md
  • Reused PageContainer, table, filter, and form patterns where applicable
  • Confirmed terminology consistency with docs/business/crm-terminology.md

Verification Review

  • Defined typecheck/lint/test verification
  • Defined manual scenarios for scope/security-sensitive work
  • Recorded known risks and follow-up items