# CTO Review Checklist Before Merge Or CEO Demo

Use this before merging major PRs or showing Navi to CEO, investors, partners, or providers.

## Architecture

1. Mobile, website, dashboard, and API remain separate.
2. Business logic is in the API.
3. Shared packages contain only safe shared logic.
4. Provider integrations use adapter interfaces.
5. No category pretends to be live if it is not live.

## Security

1. No secrets in repo.
2. .env.example has placeholders only.
3. Auth and RBAC are not weakened.
4. Partner scope isolation is enforced in API.
5. Super Admin access is explicit and audited.
6. Audit logs exist for critical actions.
7. Payment code never touches PAN or CVV.
8. Demo providers cannot run in production.

## Payments And Operations

1. Money uses integer minor units.
2. Idempotency exists for payment and booking operations.
3. Webhooks are verified.
4. Refund workflow has states and audit logs.
5. Commission logic is testable.
6. Payouts are not sent without explicit approval.
7. Customer movement or reassignment requires reason and audit.
8. Reports respect partner scope.

## Provider Dashboard

1. Provider configuration is manageable from dashboard.
2. Secret values are never stored or displayed.
3. Sandbox and live are clearly separated.
4. Test connection exists.
5. Health status is visible.
6. Capabilities are explicit.
7. Changes are audited.

## Mobile

1. Main flows open without crash.
2. EN and AR are prepared.
3. RTL does not break core screens.
4. Error, empty, loading, and permission states exist.
5. Checkout is limited to enabled live categories.

## Website

1. SEO pages load.
2. Partner apply flow works.
3. All categories are shown as vision or provider opportunity.
4. Live booking claims are accurate.
5. Privacy and terms are accessible.

## Dashboard

1. Role-based pages are protected.
2. Partner users see only their data.
3. Super Admin sees all data.
4. Reports are scoped.
5. Critical actions require confirmation.

## QA

1. Typecheck passes.
2. Lint passes.
3. Tests pass.
4. Smoke flows pass.
5. Known failures are documented.
6. Rollback plan exists.

## Go or no-go decision

No-go if any of these are true:

1. Secrets are exposed.
2. Production can use demo payment/provider code.
3. Partner data isolation is broken.
4. Payment webhook is not verified.
5. Refund or commission math is wrong.
6. App crashes on launch.
7. Dashboard lets unauthorized users access admin data.