Get Started. It's Free
or sign up with your email address

1. Project Management

1.1. Initiation

1.1.1. Flow business process

1.1.2. Design

1.1.3. Database / source data

1.1.4. Backend (API)

1.1.5. Third party

1.1.6. Define project team (internal & client)

1.2. Kick Off

1.2.1. Mapping documentation

1.2.2. QA business process QA design QA automation unit testing

1.2.3. Client confirmation

1.3. Development

1.3.1. Create communication channel

1.3.2. Create Zoho project

1.3.3. Split task for each team member (designer, slicer, backend, frontend)

1.3.4. Request testing to QA when flow is completed

1.4. Monitoring

1.4.1. Developer have to update To-Do Today

1.4.2. Developer have to start the log hours and update task status into "on progress" when task is going on

1.4.3. Developer have to posting comment on the related task when the task is completed

1.4.4. Project Manager control developer about task progress or if any blocking happen

1.4.5. Daily scrum meeting if needed

1.4.6. Review and filter any feedback from client according to mapping document

1.5. Reporting

1.5.1. Weekly report

1.5.2. Send the application under testing (apk or url)

1.5.3. Report task list of the week

1.5.4. Report project progress in percentage

1.5.5. Report task status

1.5.6. Report known/happening issue

1.5.7. Report if any blocking

1.6. Deployment

1.6.1. Deployment documentation

1.6.2. Final flow testing according to UAT

1.7. Closing & Delivery

1.7.1. Berita acara serah terima (BAST)

1.7.2. Business process document

1.7.3. Deployment document

1.7.4. API document

1.7.5. UAT from the client side

2. Server

2.1. Development

2.1.1. Auto deploy on git push

2.1.2. Logging

2.1.3. Auto restart container on crash

2.2. Production

2.2.1. Run as non root user

2.2.2. PM2 run as systemd daemon

2.2.3. Bind service to localhost

2.2.4. Use special key for deployment

2.2.5. Use ecosystem.js for Nodejs project

2.2.6. Use HTTPS for every domain

2.2.7. Logging

2.2.8. Setup utility script (cron, backup) if necessary

2.2.9. Monitoring

2.2.10. Firewall

3. Design

3.1. Text & Localization

3.1.1. All sentences must be end with proper punctuation mark

3.1.2. No grammatical/spelling errors

3.1.3. All label written with Upper case in first letter

3.1.4. Text must be fit the screen

3.1.5. All text must be readable

3.1.6. Consistency Text, Alignment, Margin and Font

3.2. Field & Button

3.2.1. Add placeholder for ease of use

3.2.2. Button is touchable friendly

3.2.3. Inactive button/linktext that can't be clicked should be grayed out

3.3. Screen

3.3.1. There must be feedback for empty state of function Search, List, Retrieve Detail

3.3.2. Make sure all design mock ups is retrieved for potrait/landscape or both

4. Mobile

4.1. App

4.1.1. Write code as simple as possible to make app size is not big

4.1.2. Keep all label text in dictionary

4.1.3. Use readable variabel and name function

4.1.4. Give comment to each function for future use

4.1.5. Make reusable component / class

4.1.6. Keep all configuration variable in one file / class (ex: baseURL)

4.1.7. Handling when app is loading, empty state, if data not found or failed

4.1.8. Delete console log on release version

4.1.9. Camera should have resize & rotate feature

4.1.10. keystore should be uploaded into git

4.2. Error Pages

4.2.1. Should handle every possible error that happened in the app

4.3. Form

4.3.1. Validate inputs on submit

4.3.2. Should consider to disable whole page / part based on requirement

4.4. 3rd Party Library

4.4.1. Check the best library that will be used among the other library and make sure it still supported

4.5. Privacy Data

4.5.1. Only save token / other general setting, don't save user privacy data on the app

5. Backend

5.1. Database

5.1.1. Table name must plural

5.1.2. Table name should be snake case

5.1.3. Foreign key must have table prefix

5.1.4. Avoid subquery

5.1.5. Avoid SUM in query

5.1.6. Implement COUNT in query, rather than code level

5.1.7. Avoid using select *, all columns must be written explicitly

5.1.8. Index should be added

5.1.9. Avoid big query, separate the query using code

5.2. Authentication

5.2.1. JWT

5.2.2. Secret must be different for production and development

5.2.3. Use Header to send the Authorization

5.3. API Response

5.3.1. Single data must be an object

5.3.2. Multiple data, must be an array

5.3.3. HTTP status must be 200 for success

5.3.4. Output field must be same with input field

5.3.5. Response time should be 200-300ms

5.3.6. Error message should contain the invalid field name and message

5.4. API endpoint

5.4.1. Path must be plural

5.4.2. Path must use dash if needed

5.5. App

5.5.1. Cron is separated from main app

5.5.2. Enable Log Log request client, response server, and execution time

5.5.3. Do not use STATIC files on node.js, use CDN instead

5.5.4. Use config file or .env

5.5.5. Monitor the app status (using statuscake, etc)

5.6. Promise

5.6.1. Avoid async/await in model

5.6.2. Implement async/await in controller level

5.6.3. Wrap all independent promise in Promise.all

5.6.4. Add promise timeout if possible

5.7. 3rd Party

5.7.1. All requests must implement timeout

5.7.2. Should check the timezone for 3rd party

5.7.3. All request and response from 3rd party should be recorded to log

5.8. Image Processing

5.8.1. Avoid Base64, use form-data instead

5.8.2. Recommended to use cloud CDN (AWS, etc)

5.8.3. Should have image resize from backend to optimize mobile image?

5.9. PM2

5.9.1. Should implement cluster mode

6. Frontend

6.1. App

6.1.1. Use single config file or .env if supported, Do not hardcode.

6.1.2. Log the error (using sentry or bugnsag)

6.1.3. Do not use STATIC files on node.js, use CDN instead

6.1.4. Do not forget to delete console.log on production

6.1.5. Handle difference between loading and empty state

6.2. Error Pages

6.2.1. Should handle every error status on specific page

6.3. Form

6.3.1. Validate on form submit

6.3.2. Should disable whole page actions

6.4. 3rd Party Library

6.4.1. Use single coding rules, and linter

6.4.2. Check the github repo first if it still supported or not

6.4.3. Determine if it really used for one function or benefit the whole project

6.5. Privacy Data

6.5.1. Don't save anything beside token on cookie

7. Flow Register

7.1. Mandatory field

7.1.1. First & Last Name Email Password & re-type password

7.1.2. Link for Sign up

7.2. Validation

7.2.1. Hidden password character

7.2.2. Email already registered

7.2.3. Can't left blank

7.2.4. Invalid character

7.2.5. Password didn't match

7.3. Redirection

7.3.1. Resend Email

7.3.2. Back to Home

8. Flow Login

8.1. Element Design

8.1.1. Email & Password

8.1.2. Link for Forget Password

8.1.3. Link for Register

8.2. Test Case

8.2.1. Wrong Email or Password Can't left blank

8.2.2. Email/Account is inactive

8.2.3. Hidden password character

8.3. Flow

8.3.1. Login Action 1. Input Username/Email and password 2. Validate input 3. Submit to API 4. If credential is not valid, then display the error messages 5. If credential is valid, then redirect to profile page

8.3.2. Redirection OTP (Fresh account/if applicable) Home

9. Flow Social Login

9.1. Element Design

9.1.1. provider_type provider_id provider_token

9.2. Test Case

9.2.1. provider_type can't be blank provider_id can't be blank provider_token can't be blank

9.2.2. Registered User using social login, can't change the password

9.3. Flow

9.3.1. If user is not exist, create the user

9.3.2. If user is exist, login the user

10. Flow Create Data

10.1. Test Case

10.1.1. Duplicate data

10.1.2. Allow emoji

10.1.3. ACL / Permissions

11. Flow Delete Data

11.1. Rule

11.1.1. Avoid hard delete

11.1.2. Change the status of data to disabled

12. Flow Update Data

12.1. Test Case

12.1.1. Data not exist

12.1.2. Partial update

12.1.3. Allow emoji

12.1.4. ACL / Permissions

13. Flow Search

13.1. Rule

13.1.1. Partial Text or Full Text Search

13.1.2. Search URL must be copied

13.1.3. Pager should be exist if data is more than 1 page

13.1.4. Page count should be exist if data is exist

13.1.5. Display the search query information

14. Flow Payment

14.1. Test Case

14.1.1. Data must be synchronized between payment gateway and local db

14.1.2. Payment notification (email, sms) etc)

14.1.3. Amount mest be same

14.1.4. OTP/3d secure

14.1.5. Payment Failed (Fraud, expired, limit, etc)

15. Flow Coupon

15.1. Test Case

15.1.1. Coupon Expiry

15.1.2. Max Usage

15.1.3. Platform based (web, mobile app, etc)

15.1.4. Unique user

15.1.5. Minimum amount

15.1.6. Specific product / product type

16. Flow Multi Currency

16.1. Source

16.1.1. Use 3rd Party to get today currencies

16.2. Backend

16.2.1. Use cron to update daily currencies

16.2.2. Calculate the price as today currencies

16.2.3. Recomended to save the base price in 1 currency

16.2.4. Should use 1 currency as base price

17. Flow Multi Language

17.1. Backend

17.1.1. Source XLS Google Spreadsheet

17.1.2. Return message code

17.1.3. Language ID must be provided when request notification API

17.1.4. Provide the dictionary as .json file

17.2. Frontend

17.2.1. Parse the .json file as dictionary and translate to selected language

17.2.2. Translate the message code into string

18. Flow Third Party

18.1. Provide key - secret

18.2. env dev & prod

18.3. save the data to local?

19. Flow Admin

19.1. Display data list

19.2. Create data

19.3. Update data

19.4. Delete data

19.5. ACL / permissions

20. Flow Error Message

20.1. error field and message must be shown

20.2. inline in field or alert

21. QA

21.1. Kick Off

21.1.1. Checking Flow Business process

21.1.2. Checking Design

21.2. Test Execution

21.2.1. Functionality UAT Test Case (Positive) Test Case (Negative) Test Case (Destructive) Test Scenario Localization Third Party Unit Test

21.2.2. Non- Functionality Perfomance/Load Test Stress Test

21.3. Defect Reporting

21.3.1. Record defect

21.3.2. Follow up old defect in next version

21.3.3. Verify defect list from client

22. Monitoring

22.1. database

22.2. Status Cake

22.2.1. third party

22.2.2. server

22.2.3. api

22.2.4. web

22.3. server load

23. Flow Order

23.1. Anonymous Checkout

23.2. Need Cart?

23.3. Save user address?