Quality Checklist
Run through this before committing changes.
Build Verification
- •
npm run devboots without errors - •
npm run buildpasses - •
npm run lintpasses (if enabled) - •
npm run serverstarts and serves/api/data
Frontend (src/**/*)
React + State
- •
FinanceContextderived data stays consistent - • Filters behave correctly for date/category
- • No unnecessary re-renders for charts or grid
- • CRUD operations use
useCallback - • Derived data uses
useMemo
UI/UX
- • Glassmorphic styles preserved (
glass-card,mesh-gradient) - • Contrast readable on dark backgrounds (
text-white/50minimum) - • Buttons and inputs show hover/focus states
- • Focus rings visible (
focus-visible:ring-2) - • Empty states and loading states are clear
- • Mobile sidebar works (hamburger menu)
- • Touch targets at least 44px
Utilities
- • Using
cn()fromsrc/lib/utils.jsfor conditional classes - • Using formatters from
src/lib/formatters.js - • Using helpers from
src/lib/helpers.js
Error Handling
- •
ErrorBoundarywraps the app - • Save errors show in
Toast - • Forms show inline validation errors
- • Loading states during fetch/save
Backend (server/index.js)
Data Integrity
- •
db.jsonwrites are atomic (temp file + rename) - • API responses return valid JSON
- • No hardcoded secrets or private data
Validation
- • UUIDs validated
- • Strings sanitized (HTML stripped)
- • Types enforced (expense/income)
- • Amounts are non-negative numbers
- • Colors are valid hex format
- • Array limits enforced (10k transactions, 100 categories)
Security
- • CORS restricted to localhost origins
- • No arbitrary file access
- • Input length limits enforced
Documentation
If API Changed
- •
README.mdupdated - •
ARCHITECTURE.mdupdated - • Any new endpoints documented
If UI Changed
- • New components documented in code
- • Pattern changes reflected in
ui-patternsskill
If Utilities Changed
- •
project-guideskill updated - • JSDoc comments added to new functions
Git Hygiene
- • Commit message describes the "why"
- • No stray
console.logleft in production paths - • No commented-out code blocks
- •
.gitignorecovers generated artifacts
Quick Checks
bash
npm run build npm run lint npm run server
Manual Testing
- •Add a transaction → verify it appears
- •Edit a transaction → verify changes persist
- •Delete a transaction → verify removal
- •Stop server → try to save → verify toast appears
- •Test mobile sidebar on narrow viewport
- •Verify focus states are visible on all buttons