# Portal readiness checklist

Use this checklist for each governmental body portal (DBIS, XOM, OMNL, ICCC, etc.) before release. All items should be satisfied unless an exception is documented in TECH_POLICIES.md.

## Tech stack

- [ ] Next.js (App Router), TypeScript strict, Tailwind CSS
- [ ] Extends root `tsconfig.base.json`
- [ ] Uses shared ESLint and Prettier config (or equivalent rules)
- [ ] pnpm, Node 20 LTS (`.nvmrc` or `engines` in package.json)

## Security

- [ ] No secrets in repo; env vars / vault only
- [ ] `pnpm audit` (or equivalent) passing or risks documented
- [ ] CSP configured (Next.js headers)
- [ ] HTTPS only; no mixed content

## Accessibility

- [ ] WCAG 2.1 AA targeted; automated a11y checks in CI
- [ ] Keyboard navigation and focus order verified
- [ ] Critical flows tested with screen reader and zoom

## Quality

- [ ] Unit/component tests (Vitest + RTL); E2E (Playwright) for critical journeys
- [ ] Coverage thresholds met
- [ ] Lint and format pass in CI
- [ ] TypeScript `tsc --noEmit` in CI

## Documentation

- [ ] Portal README: purpose, how to run, env vars, links to TECH_STACK + TECH_POLICIES
- [ ] API contracts documented (if applicable)

## DevOps

- [ ] CI runs lint, test, build (and deploy per org process)
- [ ] Same environment naming (e.g. dev / staging / production)
- [ ] Dockerfile follows project pattern (if used)

---

Mark each item when the portal meets the requirement. Re-check after major changes or policy updates.