494 lines
6.9 KiB
Markdown
494 lines
6.9 KiB
Markdown
# Employee Training History Audit (Read Only)
|
|
|
|
## Role
|
|
|
|
You are a Senior Full Stack Engineer, Software Architect, QA Engineer, UX/UI Reviewer, Security Reviewer, and Product Analyst.
|
|
|
|
Your responsibility is to perform a comprehensive READ-ONLY audit of the Employee Training History flow.
|
|
|
|
Do NOT modify any source code.
|
|
|
|
Do NOT generate implementation code.
|
|
|
|
Do NOT create pull requests.
|
|
|
|
Only inspect the project and produce documentation.
|
|
|
|
---
|
|
|
|
# Before Starting
|
|
|
|
Read and understand the existing project before reviewing.
|
|
|
|
Review these documents first (follow project priority):
|
|
|
|
1. AGENTS.md
|
|
2. docs/AI_DEVELOPMENT_GUIDE.md
|
|
3. docs/PROJECT_ARCHITECTURE.md
|
|
|
|
Then inspect the existing implementation and reuse patterns already used throughout the project.
|
|
|
|
---
|
|
|
|
# Scope
|
|
|
|
Review everything related to Employee Training History.
|
|
|
|
Including but not limited to:
|
|
|
|
- Route
|
|
- Page
|
|
- Listing
|
|
- Detail / edit flow
|
|
- Data table
|
|
- Filters
|
|
- Sorting
|
|
- Search
|
|
- Empty state
|
|
- Loading UI
|
|
- Error UI
|
|
- Responsive design
|
|
- Action menu
|
|
- Create / update / delete affordances
|
|
- Review status visibility
|
|
- Certificate preview and download visibility
|
|
- API
|
|
- Queries
|
|
- Mutations
|
|
- Validation
|
|
- Server Components
|
|
- Client Components
|
|
- Route handlers
|
|
- Access control
|
|
|
|
---
|
|
|
|
# Functional Review
|
|
|
|
Verify every feature.
|
|
|
|
Examples
|
|
|
|
## Training History Listing
|
|
|
|
- List own training records
|
|
- Search by employee/course text
|
|
- Filter by status
|
|
- Filter by type
|
|
- Sort by date and visible columns
|
|
- Pagination
|
|
- Empty state
|
|
|
|
Verify
|
|
|
|
- Is the displayed data correct?
|
|
- Does sorting reflect the visible field?
|
|
- Does status/type filtering work correctly?
|
|
- Are old records separated correctly by year if required by business rules?
|
|
|
|
---
|
|
|
|
## Record Detail / Edit
|
|
|
|
Review
|
|
|
|
- Open detail
|
|
- Open edit
|
|
- Read-only behavior
|
|
- Pending record update/delete behavior
|
|
- Certificate management visibility
|
|
|
|
Verify
|
|
|
|
- Employees can edit only what business rules allow
|
|
- HRD / admin actions are separated correctly
|
|
- UI affordances match server-side permission outcomes
|
|
|
|
---
|
|
|
|
## Submission Flow
|
|
|
|
Verify
|
|
|
|
- Create new training history
|
|
- Validation messages
|
|
- Upload certificate after create
|
|
- Redirect and refresh behavior
|
|
- Cache invalidation
|
|
|
|
---
|
|
|
|
# Business Rule Review
|
|
|
|
Verify the training history flow follows project requirements.
|
|
|
|
Examples
|
|
|
|
- Employee only sees their own training history
|
|
- HRD / admin can see organization-scoped records
|
|
- Pending / approved / rejected / needs revision statuses are shown correctly
|
|
- Training duration values are displayed correctly
|
|
- Certificate preview/download is scoped correctly
|
|
- Calendar year behavior is handled correctly
|
|
|
|
Document any inconsistencies.
|
|
|
|
---
|
|
|
|
# Role Review
|
|
|
|
Review every permission.
|
|
|
|
Employee
|
|
|
|
Verify the employee can
|
|
|
|
- View own training history
|
|
- View own record detail
|
|
- Create own training history
|
|
- Edit only records that should remain editable
|
|
- Delete only records that should remain deletable
|
|
- View own certificates
|
|
|
|
Verify the employee cannot
|
|
|
|
- View other employees' records
|
|
- Edit approved records
|
|
- Review records
|
|
- Access HRD-only review flows
|
|
|
|
Check
|
|
|
|
- UI permission
|
|
- API permission
|
|
- Route protection
|
|
- Hidden navigation
|
|
- Direct URL access
|
|
|
|
Report every permission issue.
|
|
|
|
---
|
|
|
|
# UI Review
|
|
|
|
Review
|
|
|
|
- Layout consistency
|
|
- Table readability
|
|
- Card spacing
|
|
- Typography
|
|
- Status badges
|
|
- Action menu labels
|
|
- Empty state clarity
|
|
- Mobile layout
|
|
- Tablet layout
|
|
- Desktop layout
|
|
|
|
Identify inconsistent UI.
|
|
|
|
---
|
|
|
|
# UX Review
|
|
|
|
Evaluate
|
|
|
|
- Information hierarchy
|
|
- Discoverability of filters
|
|
- Readability of record statuses
|
|
- Feedback after create/update/delete
|
|
- Clarity of detail vs edit flow
|
|
- Error message quality
|
|
- Empty state quality
|
|
|
|
Suggest improvements without implementing them.
|
|
|
|
---
|
|
|
|
# Accessibility Review
|
|
|
|
Inspect
|
|
|
|
- Keyboard navigation
|
|
- Focus indicators
|
|
- Color contrast
|
|
- Screen reader labels
|
|
- Button accessibility
|
|
- Table accessibility
|
|
|
|
Report accessibility issues.
|
|
|
|
---
|
|
|
|
# Code Review
|
|
|
|
Inspect
|
|
|
|
## Architecture
|
|
|
|
- Folder structure
|
|
- Feature separation
|
|
- Component organization
|
|
|
|
## React
|
|
|
|
- Hooks usage
|
|
- State management
|
|
- Client vs Server Components
|
|
|
|
## TypeScript
|
|
|
|
- Strong typing
|
|
- Reusable interfaces
|
|
- Nullable handling
|
|
|
|
## Code Quality
|
|
|
|
- Duplicate logic
|
|
- Dead code
|
|
- Naming consistency
|
|
- File organization
|
|
|
|
Do NOT change anything.
|
|
|
|
---
|
|
|
|
# API Review
|
|
|
|
Review
|
|
|
|
- Query structure
|
|
- Response types
|
|
- Error handling
|
|
- Retry behavior
|
|
- Cache
|
|
- Query invalidation
|
|
- Contract consistency between page, service, and route handler
|
|
|
|
---
|
|
|
|
# Performance Review
|
|
|
|
Inspect
|
|
|
|
- Query optimization
|
|
- Loading strategy
|
|
- Suspense usage
|
|
- Large table rendering
|
|
- Unnecessary payload in listing responses
|
|
|
|
---
|
|
|
|
# Security Review
|
|
|
|
Review
|
|
|
|
- Authentication
|
|
- Authorization
|
|
- Route Guard
|
|
- Role Guard
|
|
- Server validation
|
|
- API validation
|
|
- Sensitive information exposure
|
|
|
|
---
|
|
|
|
# Data Validation Review
|
|
|
|
Inspect
|
|
|
|
- Missing values
|
|
- Incorrect defaults
|
|
- Null handling
|
|
- Incorrect formatting
|
|
- Date formatting
|
|
- Duration calculations
|
|
- Status handling
|
|
|
|
---
|
|
|
|
# Consistency Review
|
|
|
|
Compare the training history flow with the rest of the project.
|
|
|
|
Verify
|
|
|
|
- Shared DataTable stack
|
|
- Shared page layout
|
|
- Shared form stack
|
|
- Shared dialogs
|
|
- Shared badges
|
|
- Shared loading UI
|
|
- Shared spacing and typography
|
|
|
|
Document inconsistencies.
|
|
|
|
---
|
|
|
|
# Edge Case Review
|
|
|
|
Check
|
|
|
|
- New employee with no history
|
|
- Employee without linked profile
|
|
- Pending record without linked `user_id`
|
|
- No certificate
|
|
- Unsupported certificate type
|
|
- Approved record
|
|
- Rejected record
|
|
- Needs revision record
|
|
- API failure
|
|
- Slow network
|
|
|
|
---
|
|
|
|
# Deliverables
|
|
|
|
Create
|
|
|
|
docs/review/employee-training-history-audit.md
|
|
|
|
---
|
|
|
|
# Report Structure
|
|
|
|
# Employee Training History Audit Report
|
|
|
|
## Summary
|
|
|
|
Overall Status
|
|
|
|
- Excellent
|
|
- Good
|
|
- Needs Improvement
|
|
- Critical
|
|
|
|
Brief summary of findings.
|
|
|
|
---
|
|
|
|
## Architecture Review
|
|
|
|
---
|
|
|
|
## Functional Review
|
|
|
|
| Feature | Status | Notes |
|
|
|
|
---
|
|
|
|
## Business Rule Review
|
|
|
|
---
|
|
|
|
## Role & Permission Review
|
|
|
|
---
|
|
|
|
## UI Review
|
|
|
|
---
|
|
|
|
## UX Review
|
|
|
|
---
|
|
|
|
## Accessibility Review
|
|
|
|
---
|
|
|
|
## Code Quality Review
|
|
|
|
---
|
|
|
|
## API Review
|
|
|
|
---
|
|
|
|
## Performance Review
|
|
|
|
---
|
|
|
|
## Security Review
|
|
|
|
---
|
|
|
|
## Consistency Review
|
|
|
|
---
|
|
|
|
## Edge Case Review
|
|
|
|
---
|
|
|
|
## Problems Found
|
|
|
|
Categorize issues into
|
|
|
|
### Critical
|
|
|
|
### High
|
|
|
|
### Medium
|
|
|
|
### Low
|
|
|
|
Each issue should include
|
|
|
|
- Description
|
|
- File
|
|
- Component
|
|
- Severity
|
|
- Impact
|
|
- Recommendation
|
|
|
|
Do NOT fix the issue.
|
|
|
|
---
|
|
|
|
## Missing Features
|
|
|
|
List missing functionality compared to project requirements.
|
|
|
|
---
|
|
|
|
## Improvement Opportunities
|
|
|
|
Suggest improvements only.
|
|
|
|
Do NOT implement them.
|
|
|
|
---
|
|
|
|
## Final Assessment
|
|
|
|
Architecture: /10
|
|
|
|
Functionality: /10
|
|
|
|
UI: /10
|
|
|
|
UX: /10
|
|
|
|
Accessibility: /10
|
|
|
|
Performance: /10
|
|
|
|
Security: /10
|
|
|
|
Maintainability: /10
|
|
|
|
Overall Score: /10
|
|
|
|
---
|
|
|
|
# Important Rules
|
|
|
|
- READ ONLY
|
|
- No code changes
|
|
- No refactoring
|
|
- No formatting changes
|
|
- No new files except the audit report
|
|
- Do not modify existing documentation
|
|
- Do not implement recommendations
|
|
- Only inspect, analyze, and document findings with evidence where possible.
|