Development Standards
Checklists

Run the right checklist before you call the work complete.

These are delivery gates, not optional reminders. Use the matching checklist before handoff, review, release, or go-live.

Browse Checklists Go to Standards
39 Checklist gates
7 Workstreams covered
1 rule Run them before done
Checklist Map

Every checklist index from the README, organized by how the team actually ships.

Start with the platform you are working in, then open the exact checklist for the feature, endpoint, page, or delivery step you are building.

General Frontend Supabase Xano Django Website Third-Party
Checklist Catalog

Review the right gate before the work leaves your hands.

All categories and descriptions here are based on the team checklist README.

Core Rule Run the relevant checklist before marking any task done. These are gates, not optional.
General Checklists

Core gates used across all roles and platforms.

These apply across all platforms and roles.

Who Uses It

Backend Checklist

Backend developer — before marking any API or feature complete.

 Who Uses It

Frontend Checklist

Frontend developer — before submitting any task.

 Who Uses It

Website Launch Checklist

Website builder — before going live.

 Who Uses It

Task Completion Checklist

All roles — universal task completion gate.
Frontend

Detailed frontend reviews for forms, UI, states, and page behavior.

Detailed checklists for specific frontend tasks and UI patterns.

Forms & Auth

Use these while building form flows, auth screens, and shared add/edit patterns.

Use When

Form Field Validation

Building any form — every input type: text, email, phone (E.164), location/Google Places, date, time, file upload (MIME type), OTP, autocomplete, and more.

 Use When

Login & Signup Standards

Building login, signup, forgot password, reset password, email verification, or OAuth/social login.

 Use When

Add / Edit Consistency

Building Add or Edit forms for the same entity — shared component, identical validation, pre-fill behavior.

 Use When

Multi-Step Forms

Building any wizard or multi-step flow — step validation, progress indicator, back/forward, data preservation.
Data Display

Use these for tables, search, filters, pagination, and every list-based delivery flow.

Use When

Tables & Data Lists

Building any table or list — skeleton loading, empty state, error state, sorting, filtering, pagination, row/bulk actions.

 Use When

Search, Filters & Pagination

Adding search, filters, or pagination — debounce, URL state, backend-sent, empty states.
UI Components

Use these when a feature depends on modals, feedback surfaces, or destructive actions.

Use When

Modals & Dialogs

Building any modal — open/close, focus trap, ESC key, form modals, confirmation dialogs, accessibility.

 Use When

Notifications & Toasts

Adding feedback to any async action — types, auto-dismiss, stacking, inline banners, message standards.

 Use When

Delete & Destructive Actions

Any delete, archive, or irreversible action — risk levels, confirmation standards, type-to-confirm, soft vs hard delete.
States & Behavior

Use these for async behavior, error handling, settings UX, and role-based access rules.

Use When

Loading States & Skeletons

Any async action or data fetch — button loading, skeleton screens, page loading, table loading.

 Use When

Error Handling

Any page or feature calling an API — field errors, form banners, page errors, network failures, auth errors.

 Use When

Settings & Profile Pages

Building any settings section — save behavior, password change, avatar upload, notification prefs, danger zone.

 Use When

Permissions & Role-Based UI

Any UI dependent on the user's role — hide vs disable, tooltip for disabled, page access, role read from backend.
Supabase

Backend delivery reviews for schema, permissions, APIs, functions, storage, and triggers.

Step-by-step checklists for every Supabase backend task.

Use When

New Table

Creating any new database table — schema, required columns, naming conventions, constraints, indexes, RLS setup, migration file, documentation.

 Use When

RLS Policies

Writing or reviewing Row Level Security — policy patterns by access type, role permission matrix, anti-patterns, full testing guide per role.

 Use When

New API Endpoint

Building any new endpoint (direct query / RPC / Edge Function) — auth, input validation, response format, error codes, testing requirements.

 Use When

Edge Function

Building a Supabase Edge Function — required structure, CORS, auth pattern, secrets management, error handling, webhook signature verification.

 Use When

RPC Function

Writing any Postgres RPC function — SECURITY mode, parameter naming, validation order, error format, transaction safety.

 Use When

Storage Bucket

Creating a storage bucket — visibility, RLS policies, file path structure, signed URLs, upload/delete flow.

 Use When

Database Trigger

Writing a database trigger — BEFORE vs AFTER, trigger function standards, timestamps, audit log pattern.
Xano

Delivery reviews for endpoint logic, reusable functions, and webhook handling.

Step-by-step checklists for every Xano delivery flow.

Use When

New API Endpoint

Building any Xano endpoint — auth token as first step, DB-based permission check, input validation order, standard error format, reusable function extraction.

 Use When

Reusable Function

Extracting shared logic into a Xano Custom Function — naming, single responsibility, inputs/outputs, error raising, testing.

 Use When

Webhook Endpoint

Building a Xano webhook receiver — signature verification, idempotency, payload handling, response standards, logging.
Django

Checklist gates for views, templates, models, serializers, and API views.

Step-by-step checklists for common Django implementation work.

Use When

New View

Building any Django view — auth decorators, form/serializer validation, services.py pattern, response handling, error mapping, testing.

 Use When

Template

Building any Django HTML template — 3-folder structure, base.html inheritance, zero inline styles/scripts, data-* attribute pattern, CSRF helper.

 Use When

Model

Creating or modifying a Django model — field types, relationships, on_delete, null/blank, constraints, indexes, Meta class, migrations.

 Use When

Form / Serializer

Building a Django Form or DRF Serializer — field definitions, field-level vs cross-field validation, read_only/write_only fields.

 Use When

DRF API View

Building a DRF API view — view type selection, permission classes, serializer wiring, service delegation, response format, pagination.
Website

Launch and page-build reviews for websites across different delivery stacks.

Checklist gates for launch readiness and page builds across platforms.

Use When

Website Launch Checklist

Pre-launch gate — design, responsive testing, forms, SEO, migration redirects, analytics, performance, accessibility, go-live, client handoff.

 Use When

WeWeb Page Build

Building a WeWeb page — global layout, data binding (all 4 states), Xano calls, forms, reusable components, mobile.

 Use When

React Page Build

Building a React page — component structure, data fetching hooks, shared Add/Edit forms, TypeScript, accessibility, mobile.
Third-Party Integrations

Integration delivery reviews for payments, email, and external service handoffs.

Checklist gates for external payment and email integration work.

Use When

Stripe Integration

Adding any Stripe payment flow — keys, customers, Payment Intents, Checkout, subscriptions, webhooks, metadata, error handling, refunds.

 Use When

Razorpay Integration

Adding any Razorpay payment flow — keys, order creation, payment verification (HMAC SHA256), Checkout.js, subscriptions, webhooks, refunds.

 Use When

SendGrid Integration

Setting up SendGrid — domain auth, API key, template decision, code-rendered vs dynamic templates, error handling, bounce management.

 Use When

Gmail Integration

Using Gmail SMTP — App Passwords, Django config, environment check, when to switch to SendGrid.