Skip to main content

Pull Request Checklist

Before merge, verify:

  • Layering is respected (router -> handler -> service -> model/repository).
  • API routes and status codes follow documented conventions.
  • Validation is explicit for path/query/body inputs.
  • Response and error shapes stay consistent for the domain.
  • DB changes include migrations (and rollback files).
  • List endpoints are paginated and bounded.
  • Logs do not expose sensitive information.
  • Cache keys include namespace, TTL, and invalidation logic (if cache touched).

Operational Safety Checks

  • Startup/shutdown behavior is clean and graceful.
  • New background jobs have failure handling and clear lifecycle controls.
  • Feature flags/config toggles are used for optional middleware/features.

Reviewer Pass Order

  1. Contract pass (routes, DTOs, status codes)
  2. Data pass (queries, transactions, migrations)
  3. Runtime pass (timeouts, middleware order, logging)
  4. Reliability pass (jobs, cache invalidation, failure behavior)