Bỏ qua

Implementation Checklist - Football Field Booking System

Version: 1.0 Last Updated: 2026-01-13 Owner: Tech Lead / PM Total Tasks: 320+ (Phases 0–10) Status Values: todo | in-progress | done


How to Use This Checklist

  • Update Status, Assigned To, and Done Date as you progress.
  • Use Dependencies to sequence work.
  • Use story points as estimates (1,2,3,5,8,13).

Summary Milestones & Success Criteria

Milestone Criteria
M0 - Foundations NX repo stable, CI green, infra runs locally
M1 - Auth & User Keycloak integrated, user profiles working
M2 - Field Catalog Field CRUD + search + approval workflow
M3 - Booking Core Booking create/cancel, no double booking, basic availability
M4 - Payment MVP Payment intents + webhook confirmation + idempotency
M5 - Notifications Kafka event flow + email notifications + logs
M6 - Security Hardening Rate limiting, RBAC, webhook security, audit logs
M7 - Observability Traces/metrics/logs in Signoz + alerting
M8 - Deployment K8s manifests + staging/prod pipeline + backups
M9 - Testing Unit/integration/e2e + load testing + reports
M10 - Release Runbook complete, go-live checklist passed

Phase 0 (P0) - Project Setup & Standards (35 tasks)

ID Task Priority SP Assigned To Status Dependencies
P0-01 Create NX workspace and verify nx.json configuration P0 3 - todo -
P0-02 Ensure Node.js >= 20 and Yarn configured in docs P1 1 - todo -
P0-03 Configure TypeScript base config (tsconfig.base.json) P0 2 - todo P0-01
P0-04 Setup ESLint + Prettier + lint-staged + husky P0 3 - todo P0-01
P0-05 Enforce Conventional Commits via commitlint P1 1 - todo P0-04
P0-06 Add repo-level scripts: lint, test, build, format P1 1 - todo P0-04
P0-07 Configure CI workflow (lint/typecheck/test/build) P0 3 - todo P0-04
P0-08 Enable CodeQL workflow for TypeScript P1 1 - todo P0-07
P0-09 Create service skeletons for 6 services (ports 3000–3005) P0 5 - todo P0-01
P0-10 Verify each service has /health endpoint P0 2 - todo P0-09
P0-11 Add shared libs: libs/shared (DTOs, enums) P0 3 - todo P0-09
P0-12 Add shared libs: libs/database (TypeORM config) P0 3 - todo P0-09
P0-13 Add shared libs: libs/messaging (Kafka + BullMQ) P1 5 - todo P0-09
P0-14 Add shared libs: libs/cache (Redis client/lock helper) P1 3 - todo P0-09
P0-15 Add shared libs: libs/observability (OTEL bootstrap) P1 3 - todo P0-09
P0-16 Define global error response model in gateway P0 2 - todo P0-09
P0-17 Define shared error codes enum in libs/shared P1 2 - todo P0-11
P0-18 Create initial environment templates .env.example P0 2 - todo P0-09
P0-19 Configure docker-compose.dev.yml infra (Postgres, Kafka, Redis, Keycloak, Signoz) P0 5 - todo P0-18
P0-20 Verify docker-compose brings up infra cleanly P0 2 - todo P0-19
P0-21 Add local tooling docs (PgAdmin/Mongo Express/Kafka UI) P2 1 - todo P0-19
P0-22 Add Swagger setup to each service /api/docs P1 3 - todo P0-09
P0-23 Add requestId + traceId propagation middleware/interceptors P0 3 - todo P0-15
P0-24 Add centralized logging format (JSON logs) P1 2 - todo P0-23
P0-25 Add basic RBAC guard scaffolding P0 2 - todo P0-09
P0-26 Add DTO validation pipeline (class-validator) P0 2 - todo P0-09
P0-27 Add global exception filters mapping to error model P0 3 - todo P0-16
P0-28 Add baseline unit test setup for each service P1 3 - todo P0-09
P0-29 Add integration test harness (testcontainers or docker compose) P2 5 - todo P0-19
P0-30 Add API Gateway routing to each service P0 3 - todo P0-09
P0-31 Add API Gateway auth middleware stub (Keycloak) P0 3 - todo P0-30
P0-32 Add basic rate limiting middleware at gateway P1 3 - todo P0-30
P0-33 Add repo documentation index in docs/ P2 1 - todo P0-01
P0-34 Add service README templates and run instructions P2 2 - todo P0-33
P0-35 Release tagging/versioning strategy documented P2 1 - todo P0-07

Phase 1 (P0) - Authentication & User Management (38 tasks)

ID Task Priority SP Assigned To Status Dependencies
P1-01 Import Keycloak realm config (football-booking) P0 3 - todo P0-19
P1-02 Configure Keycloak clients: api-gateway, frontend-web, mobile-app P0 2 - todo P1-01
P1-03 Configure roles: ADMIN/OWNER/CUSTOMER in Keycloak P0 2 - todo P1-01
P1-04 Configure API Gateway token validation (jwks caching) P0 5 - todo P0-31
P1-05 Map roles from Keycloak claims to app roles P0 3 - todo P1-04
P1-06 Implement /auth/login (token exchange) in gateway P1 3 - todo P1-04
P1-07 Implement /auth/refresh P1 3 - todo P1-06
P1-08 Implement /auth/logout (refresh revoke) P2 2 - todo P1-07
P1-09 Create user DB migrations (users, user_profiles) P0 5 - todo P0-12
P1-10 Implement User entity + repository (TypeORM) P0 3 - todo P1-09
P1-11 Implement Profile entity (TypeORM) P1 2 - todo P1-09
P1-12 Implement GET /users/me P0 2 - todo P1-10
P1-13 Implement PUT /users/me P0 3 - todo P1-12
P1-14 Implement avatar upload endpoint P2 5 - todo P1-13
P1-15 Add validation rules for profile updates P0 2 - todo P1-13
P1-16 Add RBAC: protect admin endpoints P0 2 - todo P1-05
P1-17 Add resource-level auth helper (userId matching) P0 2 - todo P1-12
P1-18 Implement admin user list endpoint P2 3 - todo P1-16
P1-19 Implement admin ban/unban endpoints P2 3 - todo P1-16
P1-20 Add audit log event for admin actions P1 3 - todo P0-24
P1-21 Implement password reset flow (if not Keycloak-managed) P3 8 - todo P1-06
P1-22 Add Zalo user id field support in user model P1 2 - todo P1-10
P1-23 Create migration for zalo_user_id (if not already) P1 2 - todo P1-22
P1-24 Add service-to-service auth strategy (mTLS or internal token) P2 8 - todo P1-04
P1-25 Add user-service Swagger docs and examples P2 2 - todo P0-22
P1-26 Add unit tests for UsersService (happy + error) P1 3 - todo P1-10
P1-27 Add integration tests for /users/me P2 5 - todo P1-12
P1-28 Add contract tests for auth claims mapping P2 5 - todo P1-05
P1-29 Add monitoring dashboards for auth failures P2 3 - todo P0-15
P1-30 Add rate limit for auth endpoints P0 3 - todo P0-32
P1-31 Add account lockout policies (Phase 2) P3 5 - todo P1-30
P1-32 Add PII redaction in logs P1 3 - todo P0-24
P1-33 Add email verification strategy (Keycloak or app) P2 5 - todo P1-01
P1-34 Add user deletion (soft delete vs hard delete) decision P2 3 - todo P1-10
P1-35 Add GDPR export endpoint (Phase 2) P3 8 - todo P1-12
P1-36 Add user preferences schema P2 3 - todo P1-11
P1-37 Add user preferences update tests P2 3 - todo P1-36
P1-38 Add API gateway e2e auth smoke test P1 5 - todo P1-06

Phase 2 (P0/P1) - Field Management (33 tasks)

ID Task Priority SP Assigned To Status Dependencies
P2-01 Create field DB migrations (fields, images, amenities, hours) P0 5 - todo P0-12
P2-02 Implement Field entity + repository P0 3 - todo P2-01
P2-03 Implement POST /fields (OWNER only) P0 3 - todo P2-02
P2-04 Implement GET /fields/:id P0 2 - todo P2-02
P2-05 Implement PUT /fields/:id (OWNER only) P0 3 - todo P2-03
P2-06 Implement PUT /fields/:id/status (ADMIN) P1 3 - todo P2-03
P2-07 Implement GET /fields/search filters (sportType, price, amenities) P0 5 - todo P2-02
P2-08 Implement geo search (radius lat/lng) P1 8 - todo P2-07
P2-09 Add indexes for search performance P0 3 - todo P2-01
P2-10 Add caching for field details P1 3 - todo P0-14
P2-11 Add caching for field search results P2 5 - todo P2-07
P2-12 Add image upload strategy (object storage) P2 8 - todo P2-03
P2-13 Add owner phone display policy P2 2 - todo P1-32
P2-14 Add field availability endpoint contract P0 3 - todo P2-04
P2-15 Implement GET /fields/:id/availability in gateway to booking-service P0 3 - todo P2-14
P2-16 Add field service swagger docs P2 2 - todo P0-22
P2-17 Add unit tests for field CRUD P1 5 - todo P2-02
P2-18 Add integration tests for search endpoint P2 8 - todo P2-07
P2-19 Add admin approval audit log P1 2 - todo P2-06
P2-20 Implement owner-only field listing P2 3 - todo P2-02
P2-21 Implement public field listing P2 3 - todo P2-02
P2-22 Add field status transitions validation P1 3 - todo P2-06
P2-23 Add amenities normalization or enum strategy P2 3 - todo P2-01
P2-24 Add operating hours validation P2 3 - todo P2-01
P2-25 Add pagination defaults and limits P1 2 - todo P2-07
P2-26 Add response sorting options P2 2 - todo P2-07
P2-27 Add field rating/reviews design (Phase 2) P3 8 - todo P2-04
P2-28 Add field review DB tables (Phase 2) P3 8 - todo P2-27
P2-29 Add data seeding scripts for fields P2 3 - todo P2-01
P2-30 Add performance test for search (k6) P2 5 - todo P2-07
P2-31 Add caching invalidation on update P1 3 - todo P2-10
P2-32 Add trace spans for search pipeline P2 2 - todo P0-15
P2-33 Add error mapping and codes for field service P1 2 - todo P0-17

Phase 3 (P0) - Booking Core (42 tasks)

ID Task Priority SP Assigned To Status Dependencies
P3-01 Create booking DB migrations (bookings table) P0 5 - todo P0-12
P3-02 Implement Booking entity + repository P0 3 - todo P3-01
P3-03 Implement booking status machine P0 5 - todo P3-02
P3-04 Implement POST /bookings P0 5 - todo P3-03
P3-05 Implement conflict detection logic (overlap check) P0 5 - todo P3-02
P3-06 Implement Redis distributed lock for create booking P0 5 - todo P0-14
P3-07 Combine lock + DB check for no-double-booking P0 5 - todo P3-05,P3-06
P3-08 Implement booking expiry policy (PENDING timeout) P1 3 - todo P3-03
P3-09 Implement GET /bookings/me P0 3 - todo P3-02
P3-10 Implement GET /bookings/:id + authz P0 3 - todo P3-02,P1-17
P3-11 Implement PUT /bookings/:id/cancel P0 3 - todo P3-10
P3-12 Implement receipt generation contract P2 5 - todo P3-10
P3-13 Implement GET /bookings/:id/receipt (PDF) P2 8 - todo P3-12
P3-14 Implement availability query by date P0 5 - todo P3-02
P3-15 Add caching for availability (short TTL) P1 3 - todo P3-14
P3-16 Invalidate availability cache on booking changes P1 3 - todo P3-11
P3-17 Emit BOOKING_CREATED/BOOKING_CANCELLED events to Kafka P1 5 - todo P0-13
P3-18 Define Kafka topics enum in shared lib P1 2 - todo P0-11
P3-19 Add booking-service swagger docs P2 2 - todo P0-22
P3-20 Add unit tests for overlap detection P0 3 - todo P3-05
P3-21 Add unit tests for lock acquisition/release P0 3 - todo P3-06
P3-22 Add integration test: 2 concurrent bookings, 1 fails P0 8 - todo P3-07
P3-23 Add integration test: 10 concurrent bookings P1 8 - todo P3-07
P3-24 Add error mapping: 409 CONFLICT on overlap P0 2 - todo P3-07
P3-25 Add booking cancellation policy (refund windows) P2 5 - todo P4-01
P3-26 Add booking completion flow P2 3 - todo P3-03
P3-27 Add cron/job for expiring PENDING bookings P2 5 - todo P0-13
P3-28 Add tracing spans for lock + db tx P2 2 - todo P0-15
P3-29 Add booking search/filter for owners P2 5 - todo P3-02
P3-30 Add admin booking audit/report endpoint P3 8 - todo P3-02
P3-31 Add booking notes sanitization P2 2 - todo P0-26
P3-32 Add validation: startTime < endTime, max duration P0 2 - todo P3-04
P3-33 Add pricing calculation rules (hourly + rounding) P0 3 - todo P3-04
P3-34 Add field ownership verification for owner views P1 3 - todo P2-02
P3-35 Add gateway routing for booking endpoints P0 2 - todo P0-30
P3-36 Add booking export (CSV) (Phase 2) P3 8 - todo P3-30
P3-37 Add booking status transitions tests P1 5 - todo P3-03
P3-38 Add performance test for booking create (k6) P1 5 - todo P3-04
P3-39 Add DB indexes for time range queries P0 2 - todo P3-01
P3-40 Add anti-overbooking fallback strategy if Redis down P1 5 - todo P3-07
P3-41 Add structured logging for booking lifecycle events P1 2 - todo P0-24
P3-42 Add booking SLO dashboards P2 3 - todo P0-15

Phase 4 (P0/P1) - Payment Processing (40 tasks)

ID Task Priority SP Assigned To Status Dependencies
P4-01 Create payment DB migrations (payments + idempotency) P0 5 - todo P0-12
P4-02 Implement Payment entity + repository P0 3 - todo P4-01
P4-03 Implement POST /payments/create P0 5 - todo P4-02
P4-04 Implement idempotency key strategy P0 5 - todo P4-03
P4-05 Add provider integration abstraction (Stripe/VNPay) P1 8 - todo P4-03
P4-06 Implement Stripe webhook verification P0 5 - todo P4-05
P4-07 Implement VNPay webhook verification P1 8 - todo P4-05
P4-08 Deduplicate webhook events (provider event id) P0 3 - todo P4-06
P4-09 Implement GET /payments/:id P1 3 - todo P4-02
P4-10 Implement payment state machine P0 3 - todo P4-02
P4-11 Publish PAYMENT_SUCCESS / PAYMENT_FAILED events to Kafka P0 5 - todo P0-13
P4-12 Update booking status on payment success (Saga) P0 5 - todo P3-03,P4-11
P4-13 Implement refunds (Phase 2) P2 13 - todo P4-10
P4-14 Add payment transaction log table P1 5 - todo P4-01
P4-15 Store only non-sensitive payment references P0 2 - todo P4-02
P4-16 Add audit log for payment transitions P1 3 - todo P0-24
P4-17 Add retry strategy for provider calls P1 3 - todo P4-05
P4-18 Add circuit breaker for provider calls P1 5 - todo P4-05
P4-19 Add payment-service swagger docs P2 2 - todo P0-22
P4-20 Add unit tests for idempotency P0 3 - todo P4-04
P4-21 Add unit tests for webhook verification P0 3 - todo P4-06
P4-22 Add integration test: payment intent + webhook success P1 8 - todo P4-06
P4-23 Add integration test: webhook replay ignored P0 5 - todo P4-08
P4-24 Add gateway routing for payment endpoints P0 2 - todo P0-30
P4-25 Add secure storage of webhook secrets P0 2 - todo P8-10
P4-26 Add outbox pattern for payment events (Phase 2) P2 8 - todo P4-11
P4-27 Add payment expiration policy P2 5 - todo P4-03
P4-28 Add job to reconcile pending payments (Phase 2) P3 8 - todo P0-13
P4-29 Add metrics: payment success rate, webhook failures P1 3 - todo P0-15
P4-30 Add tracing spans for payment workflow P2 2 - todo P0-15
P4-31 Add load test for webhook handler P2 5 - todo P4-06
P4-32 Add provider sandbox setup docs P2 2 - todo P4-05
P4-33 Add admin endpoint to view payments (Phase 2) P3 8 - todo P4-02
P4-34 Add DB indexes for payment queries P1 2 - todo P4-01
P4-35 Add refund policy doc and implementation flags P2 3 - todo P4-13
P4-36 Add notification hooks for payment outcomes P1 3 - todo P5-01
P4-37 Add security tests for webhook invalid signature P0 3 - todo P4-06
P4-38 Add security tests for webhook replay P0 3 - todo P4-08
P4-39 Add payment database backup plan P1 2 - todo P8-20
P4-40 Add SLO dashboards for payments P2 3 - todo P0-15

Phase 5 (P0/P1) - Notifications & Messaging (32 tasks)

ID Task Priority SP Assigned To Status Dependencies
P5-01 Define Kafka topics: BOOKING_CONFIRMED, PAYMENT_SUCCESS, etc. P0 2 - todo P3-18
P5-02 Implement Kafka producer wrapper in libs P0 3 - todo P0-13
P5-03 Implement Kafka consumer module in notification-service P0 5 - todo P0-13
P5-04 Consume PAYMENT_SUCCESS and send email confirmation P0 5 - todo P5-03,P4-11
P5-05 Consume BOOKING_CONFIRMED and send email P1 5 - todo P5-03,P3-17
P5-06 Store notification delivery logs to MongoDB P1 3 - todo P5-03
P5-07 Add Mongo indexes for logs queries P2 2 - todo P5-06
P5-08 Add retry strategy for provider failures P1 5 - todo P5-04
P5-09 Add BullMQ for background retries (optional) P2 8 - todo P0-13
P5-10 Add templating system for email content P2 8 - todo P5-04
P5-11 Add BOOKING_REMINDER scheduled job (Phase 2) P3 13 - todo P5-09
P5-12 Add SMS support (Phase 2) P3 13 - todo P5-08
P5-13 Add ZNS integration (Phase 2) - service + credentials P2 13 - todo P1-22
P5-14 Consume events and send ZNS (Phase 2) P2 8 - todo P5-13
P5-15 Add dead-letter queue strategy P2 8 - todo P5-03
P5-16 Add message schema/versioning policy P1 3 - todo P5-01
P5-17 Add contract tests for Kafka payloads P2 8 - todo P5-16
P5-18 Add end-to-end test: booking→payment→notification P1 13 - todo P3-04,P4-06,P5-04
P5-19 Add metrics: send success rate, queue depth P1 3 - todo P0-15
P5-20 Add tracing for event consumption P2 2 - todo P0-15
P5-21 Add email provider configuration + secrets P0 3 - todo P8-10
P5-22 Add notification-service swagger docs (admin endpoints optional) P3 3 - todo P0-22
P5-23 Add admin endpoint to view notification logs P3 8 - todo P5-06
P5-24 Add data retention policy for Mongo logs P2 3 - todo P5-06
P5-25 Add failure playbook for provider outages P2 3 - todo P8-30
P5-26 Add consumer scaling strategy (partitions) P2 3 - todo P5-03
P5-27 Add schema registry strategy (Phase 2) P3 13 - todo P5-16
P5-28 Add notification preference checks P2 5 - todo P1-36
P5-29 Add opt-out compliance (Phase 2) P3 8 - todo P5-28
P5-30 Add spam prevention and throttling P2 5 - todo P5-08
P5-31 Add security tests for PII leakage in logs P1 3 - todo P1-32
P5-32 Add SLO dashboards for notifications P2 3 - todo P0-15

Phase 6 (P0/P1) - Security Hardening (30 tasks)

ID Task Priority SP Assigned To Status Dependencies
P6-01 Implement gateway rate limiting policies P0 5 - todo P0-32
P6-02 Implement brute-force detection for auth P1 5 - todo P6-01
P6-03 Implement RBAC guards on all endpoints P0 5 - todo P1-05
P6-04 Implement resource-level authorization checks (booking/field) P0 5 - todo P3-10,P2-05
P6-05 Implement webhook signature verification (Stripe/VNPay) P0 5 - todo P4-06
P6-06 Implement webhook replay protection P0 3 - todo P4-08
P6-07 Implement secret scanning in CI P1 3 - todo P0-07
P6-08 Configure dependency scanning gating (no critical) P1 3 - todo P0-07
P6-09 Enforce TLS in prod (Ingress) P0 3 - todo P8-01
P6-10 Add PII redaction middleware P0 3 - todo P1-32
P6-11 Add audit logs for admin actions P1 5 - todo P1-20
P6-12 Add audit logs for payments P1 5 - todo P4-16
P6-13 Add security headers at gateway P1 2 - todo P0-30
P6-14 Configure CORS allowlist per env P0 2 - todo P0-30
P6-15 Add request payload size limits P1 2 - todo P0-30
P6-16 Add WAF/CDN rules (Phase 2) P3 8 - todo P6-01
P6-17 Add network policies in Kubernetes P1 8 - todo P8-02
P6-18 Lock down DB access to cluster only P0 3 - todo P8-02
P6-19 Rotate secrets policy documented P2 2 - todo P6-07
P6-20 Add incident response runbook P2 3 - todo P8-30
P6-21 Security regression test suite P1 8 - todo P9-01
P6-22 OWASP ZAP baseline scan on staging P2 8 - todo P8-10
P6-23 Add SAST custom rules (Phase 2) P3 13 - todo P6-08
P6-24 Add SSRF allowlist for outbound providers P1 3 - todo P4-05
P6-25 Add file upload restrictions (type/size) P1 3 - todo P1-14
P6-26 Add malware scan for uploads (Phase 2) P3 13 - todo P6-25
P6-27 Add admin MFA policy (Phase 2) P2 8 - todo P1-03
P6-28 Add security monitoring alerts (auth anomalies) P1 3 - todo P7-10
P6-29 Add webhook failure spike alerts P1 3 - todo P7-10
P6-30 Add compliance checklist (PII, retention) P2 3 - todo P10-05

Phase 7 (P0/P1) - Observability & Operations (24 tasks)

ID Task Priority SP Assigned To Status Dependencies
P7-01 Enable OpenTelemetry in all services P0 5 - todo P0-15
P7-02 Configure collector endpoint per env P0 3 - todo P7-01
P7-03 Add trace propagation to Kafka headers P1 5 - todo P5-02
P7-04 Add requestId middleware in gateway P0 2 - todo P0-23
P7-05 Add structured logs with traceId P0 3 - todo P0-24
P7-06 Define dashboards for RED metrics P1 5 - todo P7-01
P7-07 Define dashboards for USE metrics P1 5 - todo P7-01
P7-08 Add Kafka lag dashboards P1 3 - todo P5-03
P7-09 Add DB pool metrics dashboards P2 3 - todo P0-12
P7-10 Configure alert rules (latency/error/lag) P0 5 - todo P7-06
P7-11 Add SLO reports per service P2 5 - todo P7-10
P7-12 Add log retention policies P2 3 - todo P7-05
P7-13 Add runbook for incident triage P1 3 - todo P7-10
P7-14 Add on-call rotation placeholder P3 1 - todo P7-13
P7-15 Add synthetic health checks P2 5 - todo P8-01
P7-16 Add tracing spans for DB queries P2 3 - todo P7-01
P7-17 Add tracing spans for Redis locks P2 2 - todo P7-01
P7-18 Add tracing spans for external providers P2 2 - todo P7-01
P7-19 Add error budget policy P2 3 - todo P7-11
P7-20 Add capacity planning doc P3 5 - todo P7-07
P7-21 Add chaos testing plan (Phase 2) P3 13 - todo P7-13
P7-22 Add backlog processing KPIs for notifications P2 3 - todo P5-09
P7-23 Add audit log dashboards P2 3 - todo P6-11
P7-24 Add cost monitoring (Phase 2) P3 8 - todo P7-07

Phase 8 (P0/P1) - Deployment & Platform (30 tasks)

ID Task Priority SP Assigned To Status Dependencies
P8-01 Create Kubernetes namespace per env P0 2 - todo -
P8-02 Create NetworkPolicies for services and datastores P1 8 - todo P8-01
P8-03 Create Deployment/Service manifests for all services P0 8 - todo P8-01
P8-04 Create Ingress for gateway with TLS P0 5 - todo P8-03
P8-05 Configure HPA for gateway/booking/payment P1 5 - todo P8-03
P8-06 Setup container registry and image tagging P0 3 - todo P0-07
P8-07 Setup secrets management in cluster P0 5 - todo P8-01
P8-08 Setup configmaps per service P1 3 - todo P8-03
P8-09 Setup Postgres in prod (managed recommended) P0 8 - todo P8-01
P8-10 Setup CI/CD pipeline: build/push/deploy staging P0 8 - todo P8-06
P8-11 Add manual approval gate for production deploy P1 3 - todo P8-10
P8-12 Add smoke tests post-deploy P1 5 - todo P8-10
P8-13 Add rollback automation P1 5 - todo P8-10
P8-14 Configure Keycloak in staging/prod P0 5 - todo P1-01
P8-15 Configure Kafka in staging/prod P1 8 - todo P0-13
P8-16 Configure Redis in staging/prod P1 5 - todo P0-14
P8-17 Configure MongoDB in staging/prod P2 5 - todo P5-06
P8-18 Configure Signoz in staging/prod P1 8 - todo P7-01
P8-19 Implement migration jobs per service P0 8 - todo P8-03
P8-20 Setup backup policy for all Postgres DBs P0 5 - todo P8-09
P8-21 Setup restore test automation (weekly) P1 5 - todo P8-20
P8-22 Setup DR documentation and RTO/RPO P1 3 - todo P8-20
P8-23 Setup staging data seeding P2 5 - todo P2-29
P8-24 Setup environment parity checklist P2 3 - todo P8-03
P8-25 Setup domain/DNS + certificates P0 5 - todo P8-04
P8-26 Add WAF/rate-limiting at edge (Phase 2) P3 8 - todo P8-25
P8-27 Add blue/green deploy strategy (optional) P3 13 - todo P8-10
P8-28 Add log retention policies per env P2 3 - todo P7-12
P8-29 Add cost optimization review (Phase 2) P3 8 - todo P7-24
P8-30 Create full operations runbook P1 5 - todo P7-13

Phase 9 (P0/P1) - Testing & Quality (33 tasks)

ID Task Priority SP Assigned To Status Dependencies
P9-01 Define testing pyramid and coverage goals P1 2 - todo P0-28
P9-02 Unit tests for user-service P1 5 - todo P1-26
P9-03 Unit tests for field-service P1 5 - todo P2-17
P9-04 Unit tests for booking-service P0 8 - todo P3-20
P9-05 Unit tests for payment-service P0 8 - todo P4-20
P9-06 Integration tests for gateway routes P1 8 - todo P0-30
P9-07 Integration tests: booking conflict P0 8 - todo P3-22
P9-08 Integration tests: payment webhook P0 8 - todo P4-22
P9-09 Integration tests: notification consumption P1 8 - todo P5-04
P9-10 End-to-end test: search→book→pay→notify P1 13 - todo P5-18
P9-11 Load test for field search P2 5 - todo P2-30
P9-12 Load test for booking create P1 5 - todo P3-38
P9-13 Load test for payment webhooks P2 5 - todo P4-31
P9-14 Soak test (Phase 2) P3 13 - todo P9-12
P9-15 Add contract tests for Kafka payload schemas P2 8 - todo P5-17
P9-16 Add API schema tests (OpenAPI) P2 5 - todo P0-22
P9-17 Add mutation tests (Phase 2) P3 13 - todo P9-04
P9-18 Add coverage reporting in CI P1 3 - todo P0-07
P9-19 Add quality gate: coverage >= 80% P1 3 - todo P9-18
P9-20 Add static analysis check in CI (typecheck + lint) P0 2 - todo P0-07
P9-21 Add security test suite (IDOR/webhook invalid) P1 8 - todo P6-21
P9-22 Add snapshot tests for email templates P3 5 - todo P5-10
P9-23 Add chaos experiment (Phase 2) P3 13 - todo P7-21
P9-24 Add regression test plan P2 3 - todo P9-01
P9-25 Add test data management strategy P2 5 - todo P9-10
P9-26 Add database migration test pipeline P2 5 - todo P8-19
P9-27 Add lint rules to prevent secrets P2 3 - todo P6-07
P9-28 Add API gateway authz tests P1 5 - todo P6-03
P9-29 Add booking state machine tests P1 5 - todo P3-37
P9-30 Add performance budget checks (p95/p99) P2 8 - todo P7-11
P9-31 Add flaky test tracking and quarantine P3 5 - todo P9-18
P9-32 Add test run documentation and commands P2 2 - todo P9-01
P9-33 Publish testing report template P3 2 - todo P9-32

Phase 10 (P0/P1) - Documentation, Release & Go-Live (26 tasks)

ID Task Priority SP Assigned To Status Dependencies
P10-01 Finalize requirements docs set P0 5 - todo -
P10-02 Ensure Swagger docs accurate for all services P1 3 - todo P0-22
P10-03 Create architecture diagrams and ADRs P2 5 - todo P0-33
P10-04 Create operations runbook and on-call guide P1 5 - todo P8-30
P10-05 Create security runbook + incident response P1 5 - todo P6-20
P10-06 Create go-live checklist (prod readiness) P0 5 - todo P10-04
P10-07 Validate backup/restore in prod P0 5 - todo P8-21
P10-08 Validate SLO dashboards and alerts P0 5 - todo P7-10
P10-09 Conduct load test on staging P1 8 - todo P9-12
P10-10 Conduct security scan on staging P1 8 - todo P6-22
P10-11 Run full end-to-end demo script P1 5 - todo P9-10
P10-12 Prepare release notes template P2 2 - todo P0-35
P10-13 Define versioning policy for API changes P1 3 - todo P0-35
P10-14 Create migration roll-forward/rollback guide P1 5 - todo P8-19
P10-15 Create “known issues” and mitigations list P2 3 - todo P10-11
P10-16 Create support escalation contacts P3 1 - todo P10-04
P10-17 Create SLA/SLO summary for stakeholders P2 3 - todo P7-11
P10-18 Prepare database retention and GDPR policy P3 5 - todo P6-30
P10-19 Verify secrets rotation process P2 3 - todo P6-19
P10-20 Validate audit logs coverage P1 3 - todo P6-11
P10-21 Create postmortem template P2 2 - todo P6-20
P10-22 Verify service scaling policies P2 5 - todo P8-05
P10-23 Validate cron/job schedules in prod P2 3 - todo P3-27
P10-24 Create data seeding / demo dataset for evaluation P2 5 - todo P8-23
P10-25 Run production readiness review meeting P1 2 - todo P10-06
P10-26 Go-live P0 1 - todo P10-25

Progress Tracking

Phase % Done Notes
0 0% -
1 0% -
2 0% -
3 0% -
4 0% -
5 0% -
6 0% -
7 0% -
8 0% -
9 0% -
10 0% -

Document Version: 1.0 Last Updated: 2026-01-13 Owner: Tech Lead / PM