@paths.design/caws-cli 4.0.0 → 4.1.0

package/templates/.cursor/rules/05-production-readiness-checklist.mdc

@@ -1,214 +0,0 @@
----
-description: Quick reference checklist for production readiness verification
-globs:
-alwaysApply: true
----
-
-# Production Readiness Verification Checklist
-
-**Before claiming "production-ready", "production-grade", or similar, complete this entire checklist.**
-
-## 🔍 Pre-Claim Verification Process
-
-### □ Code Quality Gates
-
-- [ ] `npm run lint` shows **zero errors** (ESLint, TypeScript, etc.)
-- [ ] `npm run typecheck` passes with **zero TypeScript errors**
-- [ ] No TODOs, PLACEHOLDERs, or MOCK DATA in production code (`src/`)
-- [ ] No unused imports or dead code
-- [ ] Code formatting consistent (Prettier/ESLint rules)
-
-### □ Testing & Quality Assurance
-
-- [ ] `npm test` passes **all tests** (unit, integration, e2e)
-- [ ] **No tests skipped** in production code
-- [ ] Coverage meets thresholds: 80%+ lines, 90%+ branches
-- [ ] Database integration tests use **real database** (not mocked)
-- [ ] All external API integrations tested with real endpoints
-- [ ] Mutation testing scores: 70%+ for critical components
-- [ ] Performance tests meet documented SLAs
-
-### □ Infrastructure & Persistence
-
-- [ ] **Real database persistence** implemented (not in-memory mocks)
-- [ ] Database integration tests pass with real PostgreSQL/MySQL/etc.
-- [ ] Migration scripts tested and working
-- [ ] Data consistency and transaction handling verified
-- [ ] Connection pooling configured and tested
-- [ ] Backup and recovery procedures documented and tested
-
-### □ Security & Reliability
-
-- [ ] Security controls tested and validated (auth, authorization, input validation)
-- [ ] **Zero security scan violations** (SAST, dependency scans)
-- [ ] Circuit breakers implemented for external dependencies
-- [ ] Graceful degradation tested under failure conditions
-- [ ] Comprehensive logging and monitoring implemented
-- [ ] Rate limiting and DDoS protection configured
-
-### □ Documentation & Reality Alignment
-
-- [ ] **Documentation matches implementation reality** (no claims of missing features)
-- [ ] README installation instructions work on clean environment
-- [ ] API documentation current and all endpoints functional
-- [ ] Code examples in docs run without errors
-- [ ] Architecture diagrams reflect actual code structure
-- [ ] Changelog accurate and version numbers correct
-
-### □ Deployment & Operations
-
-- [ ] CI/CD pipeline passes all stages
-- [ ] Deployment automation tested and working
-- [ ] Rollback procedures documented and tested
-- [ ] Environment configuration validated
-- [ ] Health checks implemented and working
-- [ ] Monitoring and alerting configured
-
-### □ Scalability & Performance
-
-- [ ] Load testing completed with realistic user counts
-- [ ] Response times meet documented SLAs (P95 < defined limits)
-- [ ] Memory usage within acceptable bounds
-- [ ] Database query performance optimized
-- [ ] Caching strategy implemented and tested
-- [ ] Horizontal scaling capability verified
-
-## 🚫 If ANY Item Is Unchecked
-
-**DO NOT claim production readiness.** Instead use:
-
-- ❌ **"In development"** - Active development with known issues
-- ❌ **"Partially implemented"** - Some features working, major gaps remain
-- ❌ **"Proof of concept"** - Core concept demonstrated, not production-viable
-- ❌ **"Beta/Alpha release"** - Limited production use with close monitoring
-
-## 📊 Evidence Requirements
-
-When claiming production readiness, provide:
-
-- [ ] Test execution results (screenshots/logs)
-- [ ] Coverage reports showing adequate thresholds
-- [ ] Lint results showing zero errors
-- [ ] Security scan reports with zero violations
-- [ ] Performance benchmark results
-- [ ] Database connectivity and migration proofs
-- [ ] CI/CD pipeline success evidence
-- [ ] Deployment verification logs
-- [ ] User acceptance testing results
-
-## 🏆 Production-Grade Status Requirements
-
-### Enterprise Production (Tier 1)
-
-- [ ] 99.9%+ uptime SLA
-- [ ] <1 second P95 API response times
-- [ ] 95%+ test coverage across all components
-- [ ] Zero critical security vulnerabilities
-- [ ] Automated deployment and rollback
-- [ ] 24/7 monitoring and incident response
-- [ ] Multi-region deployment capability
-- [ ] Comprehensive audit logging
-
-### Standard Production (Tier 2)
-
-- [ ] 99.5%+ uptime SLA
-- [ ] <3 second P95 API response times
-- [ ] 85%+ test coverage
-- [ ] No high-risk security vulnerabilities
-- [ ] Semi-automated deployment process
-- [ ] Business hours monitoring
-- [ ] Single-region deployment
-- [ ] Basic audit logging
-
-### Minimum Viable Production (Tier 3)
-
-- [ ] 99%+ uptime SLA
-- [ ] <10 second P95 API response times
-- [ ] 70%+ test coverage
-- [ ] No critical security vulnerabilities
-- [ ] Manual deployment process
-- [ ] Basic monitoring
-- [ ] Single environment
-- [ ] Error logging only
-
-## 🔄 Continuous Verification
-
-### Daily/Weekly Checks
-
-- [ ] All tests still passing
-- [ ] No new linting errors
-- [ ] Security scans clean
-- [ ] Performance within SLAs
-- [ ] No breaking changes without documentation updates
-
-### Monthly Reviews
-
-- [ ] Dependency updates applied
-- [ ] Security patches deployed
-- [ ] Performance optimizations reviewed
-- [ ] Documentation accuracy verified
-- [ ] Backup/recovery procedures tested
-
-### Quarterly Audits
-
-- [ ] Full security assessment
-- [ ] Penetration testing completed
-- [ ] Load testing under increased capacity
-- [ ] Disaster recovery simulation
-- [ ] Compliance requirements verified
-
-## ⚠️ Warning Signs of Unready Code
-
-### Red Flags (Immediate Rejection)
-
-- TODO comments in core business logic
-- Console.log statements in production code
-- Hardcoded configuration values
-- Missing error handling in critical paths
-- Database operations without transactions
-- API endpoints without authentication
-- Tests that mock the system under test
-- Documentation claiming 100% coverage with failing tests
-
-### Yellow Flags (Requires Investigation)
-
-- Complex functions > 50 lines
-- Classes with > 10 methods
-- Files > 500 lines
-- Test files with low coverage
-- Dependencies without security audits
-- Manual deployment processes
-- Limited monitoring capabilities
-
-### Green Flags (Positive Indicators)
-
-- Comprehensive error handling
-- Transaction-wrapped database operations
-- Input validation and sanitization
-- Automated testing and deployment
-- Security headers and controls
-- Performance monitoring and alerting
-- Clear separation of concerns
-- Well-documented APIs and contracts
-
-## 📋 Quick Assessment Matrix
-
-| Category       | Question                                   | Points   | Max    |
-| -------------- | ------------------------------------------ | -------- | ------ |
-| Code Quality   | Zero linting errors?                       | 0-10     | 10     |
-| Testing        | All tests pass + coverage >80%?            | 0-15     | 15     |
-| Security       | Security scans pass + controls tested?     | 0-15     | 15     |
-| Infrastructure | Real database + migrations + monitoring?   | 0-15     | 15     |
-| Documentation  | Matches implementation + working examples? | 0-10     | 10     |
-| Deployment     | Automated CI/CD + rollback capability?     | 0-10     | 10     |
-| Performance    | Meets SLAs + load tested?                  | 0-10     | 10     |
-| **TOTAL**      |                                            | **0-85** | **85** |
-
-### Scoring Guide
-
-- **70-85 points**: Production-ready (Tier 1)
-- **50-69 points**: Production-viable (Tier 2)
-- **30-49 points**: Minimum viable production (Tier 3)
-- **0-29 points**: Not production-ready
-
-**Only claim production readiness if scoring 50+ points with all critical categories (Testing, Security, Infrastructure) at 80%+.**