Files
alla-tms/plans/audit-employee-training-history.md
2026-07-16 09:53:14 +07:00

6.9 KiB

Employee Training History Audit (Read Only)

Role

You are a Senior Full Stack Engineer, Software Architect, QA Engineer, UX/UI Reviewer, Security Reviewer, and Product Analyst.

Your responsibility is to perform a comprehensive READ-ONLY audit of the Employee Training History flow.

Do NOT modify any source code.

Do NOT generate implementation code.

Do NOT create pull requests.

Only inspect the project and produce documentation.


Before Starting

Read and understand the existing project before reviewing.

Review these documents first (follow project priority):

  1. AGENTS.md
  2. docs/AI_DEVELOPMENT_GUIDE.md
  3. docs/PROJECT_ARCHITECTURE.md

Then inspect the existing implementation and reuse patterns already used throughout the project.


Scope

Review everything related to Employee Training History.

Including but not limited to:

  • Route
  • Page
  • Listing
  • Detail / edit flow
  • Data table
  • Filters
  • Sorting
  • Search
  • Empty state
  • Loading UI
  • Error UI
  • Responsive design
  • Action menu
  • Create / update / delete affordances
  • Review status visibility
  • Certificate preview and download visibility
  • API
  • Queries
  • Mutations
  • Validation
  • Server Components
  • Client Components
  • Route handlers
  • Access control

Functional Review

Verify every feature.

Examples

Training History Listing

  • List own training records
  • Search by employee/course text
  • Filter by status
  • Filter by type
  • Sort by date and visible columns
  • Pagination
  • Empty state

Verify

  • Is the displayed data correct?
  • Does sorting reflect the visible field?
  • Does status/type filtering work correctly?
  • Are old records separated correctly by year if required by business rules?

Record Detail / Edit

Review

  • Open detail
  • Open edit
  • Read-only behavior
  • Pending record update/delete behavior
  • Certificate management visibility

Verify

  • Employees can edit only what business rules allow
  • HRD / admin actions are separated correctly
  • UI affordances match server-side permission outcomes

Submission Flow

Verify

  • Create new training history
  • Validation messages
  • Upload certificate after create
  • Redirect and refresh behavior
  • Cache invalidation

Business Rule Review

Verify the training history flow follows project requirements.

Examples

  • Employee only sees their own training history
  • HRD / admin can see organization-scoped records
  • Pending / approved / rejected / needs revision statuses are shown correctly
  • Training duration values are displayed correctly
  • Certificate preview/download is scoped correctly
  • Calendar year behavior is handled correctly

Document any inconsistencies.


Role Review

Review every permission.

Employee

Verify the employee can

  • View own training history
  • View own record detail
  • Create own training history
  • Edit only records that should remain editable
  • Delete only records that should remain deletable
  • View own certificates

Verify the employee cannot

  • View other employees' records
  • Edit approved records
  • Review records
  • Access HRD-only review flows

Check

  • UI permission
  • API permission
  • Route protection
  • Hidden navigation
  • Direct URL access

Report every permission issue.


UI Review

Review

  • Layout consistency
  • Table readability
  • Card spacing
  • Typography
  • Status badges
  • Action menu labels
  • Empty state clarity
  • Mobile layout
  • Tablet layout
  • Desktop layout

Identify inconsistent UI.


UX Review

Evaluate

  • Information hierarchy
  • Discoverability of filters
  • Readability of record statuses
  • Feedback after create/update/delete
  • Clarity of detail vs edit flow
  • Error message quality
  • Empty state quality

Suggest improvements without implementing them.


Accessibility Review

Inspect

  • Keyboard navigation
  • Focus indicators
  • Color contrast
  • Screen reader labels
  • Button accessibility
  • Table accessibility

Report accessibility issues.


Code Review

Inspect

Architecture

  • Folder structure
  • Feature separation
  • Component organization

React

  • Hooks usage
  • State management
  • Client vs Server Components

TypeScript

  • Strong typing
  • Reusable interfaces
  • Nullable handling

Code Quality

  • Duplicate logic
  • Dead code
  • Naming consistency
  • File organization

Do NOT change anything.


API Review

Review

  • Query structure
  • Response types
  • Error handling
  • Retry behavior
  • Cache
  • Query invalidation
  • Contract consistency between page, service, and route handler

Performance Review

Inspect

  • Query optimization
  • Loading strategy
  • Suspense usage
  • Large table rendering
  • Unnecessary payload in listing responses

Security Review

Review

  • Authentication
  • Authorization
  • Route Guard
  • Role Guard
  • Server validation
  • API validation
  • Sensitive information exposure

Data Validation Review

Inspect

  • Missing values
  • Incorrect defaults
  • Null handling
  • Incorrect formatting
  • Date formatting
  • Duration calculations
  • Status handling

Consistency Review

Compare the training history flow with the rest of the project.

Verify

  • Shared DataTable stack
  • Shared page layout
  • Shared form stack
  • Shared dialogs
  • Shared badges
  • Shared loading UI
  • Shared spacing and typography

Document inconsistencies.


Edge Case Review

Check

  • New employee with no history
  • Employee without linked profile
  • Pending record without linked user_id
  • No certificate
  • Unsupported certificate type
  • Approved record
  • Rejected record
  • Needs revision record
  • API failure
  • Slow network

Deliverables

Create

docs/review/employee-training-history-audit.md


Report Structure

Employee Training History Audit Report

Summary

Overall Status

  • Excellent
  • Good
  • Needs Improvement
  • Critical

Brief summary of findings.


Architecture Review


Functional Review

| Feature | Status | Notes |


Business Rule Review


Role & Permission Review


UI Review


UX Review


Accessibility Review


Code Quality Review


API Review


Performance Review


Security Review


Consistency Review


Edge Case Review


Problems Found

Categorize issues into

Critical

High

Medium

Low

Each issue should include

  • Description
  • File
  • Component
  • Severity
  • Impact
  • Recommendation

Do NOT fix the issue.


Missing Features

List missing functionality compared to project requirements.


Improvement Opportunities

Suggest improvements only.

Do NOT implement them.


Final Assessment

Architecture: /10

Functionality: /10

UI: /10

UX: /10

Accessibility: /10

Performance: /10

Security: /10

Maintainability: /10

Overall Score: /10


Important Rules

  • READ ONLY
  • No code changes
  • No refactoring
  • No formatting changes
  • No new files except the audit report
  • Do not modify existing documentation
  • Do not implement recommendations
  • Only inspect, analyze, and document findings with evidence where possible.