Definition of Done

:::info Source Sourced from docs/standards/DEFINITION_OF_DONE.md in the documentation repo. :::

Every PR must satisfy every applicable box before merge. PR template enforces this checklist.

Universal (every PR)

• Code reviewed and approved by at least one other engineer.
• Conventional commit messages (feat, fix, refactor, docs, test, chore, perf, ci).
• Lint + format + typecheck pass locally and in CI.
• Unit tests pass. Coverage thresholds met (95% aggregates, 100% VOs, 90% domain services).
• Mutation testing on changed files ≥75% (aggregates), ≥85% (VOs).
• No new TODO / FIXME without a linked issue.
• No .only, .skip, debugger, console.log left behind.
• Secrets are not committed. .env.example updated if new env vars added.

Features that touch data / domain

• tenant_id + RLS policy on any new table.
• Migration is backward-compatible within current major version.
• Repository methods accept tenantId as explicit parameter.
• Domain aggregate guards against cross-tenant references.
• Branded ID types used (no raw string IDs).
• Integration tests with Testcontainers cover happy path + failure path.
• services/<name>/DATA_MODEL.md updated.

Features that touch API

• OpenAPI generated, committed, and diff-reviewed.
• services/<name>/API_CONTRACTS.md updated.
• Pact consumer contract test added/updated; Pact broker green.
• Error responses use canonical codes from ERROR_CODES.md.
• Idempotency-Key handling verified on write endpoints.
• Cursor-only pagination used.
• No response leaks domain entities — DTOs only.
• Deprecation headers set if deprecating.

Features that touch events

• New event types added to event-schemas/{service}/{aggregate}/{event}/v{N}.json.
• services/<name>/EVENT_SCHEMAS.md updated.
• Outbox pattern used in producer (transactional with aggregate write).
• Inbox pattern used in consumer (dedupe + idempotent apply).
• Schema conformance contract test added.
• No PII in event payload. References by ID only.
• Retention class (operational / regulated / audit) declared.

Features that touch security

• services/<name>/SECURITY_MODEL.md updated.
• RBAC/ABAC matrix updated in tests.
• security-reviewer agent run; no critical/high findings.
• Secrets managed via KMS + Vault.
• argon2id for any new password handling.
• JWT TTLs respected (≤15 min access, ≤30d refresh).
• No PII in logs.
• test/integration/tenant-isolation.spec.ts still passes.

Features that touch AI

• All provider calls go through ai-gateway-service.
• No direct import of openai / anthropic / etc. outside the gateway.
• AIProvenance VO attached to every persisted AI artifact.
• HITL flow: draft_ai → reviewed requires decisionId.
• Pre-call + post-call moderation applied.
• Prompt regression suite green (≥parity vs baseline).
• Safety adversarial corpus green (zero policy violations).
• AI telemetry fields present (ai.purpose, ai.model, ai.cost_usd, ai.safety.action, …).
• Feature flag default-off, per-tenant opt-in.

Features that touch frontend

• WCAG 2.2 AA — axe-playwright scan shows zero new serious/critical.
• Both LTR and RTL Storybook stories added.
• Logical CSS properties only (padding-inline, etc.).
• All user-facing strings through ICU MessageFormat — no hardcoded English.
• Animations gated on prefers-reduced-motion.
• Lighthouse budgets met (LCP/INP/CLS/JS gzip per page).
• No Redux, no Recharts, no dangerouslySetInnerHTML on user content.
• Forms use React Hook Form + shared Zod schemas.

Features that touch observability

• @ghasi/telemetry used (no vendor SDKs).
• Log lines include trace_id, tenant_id, request_id.
• Required span attributes present on DB/cache/HTTP/NATS/S3/AI calls.
• SLIs/SLOs updated in services/<name>/OBSERVABILITY.md.
• Any new alert has a runbook + named owner.

Bug fixes (in addition to above)

• A regression test is included in the same commit.
• Root cause documented in the PR body (not just the symptom).

New service (in addition to above)

• All 17 docs from SERVICE_TEMPLATE.md exist (stubs acceptable initially).
• Directory skeleton in place.
• tenant-isolation.spec.ts, outbox.spec.ts, inbox.spec.ts passing.
• Pact broker + schema registry updated.
• OpenTelemetry verified in staging (traces + logs + metrics visible).
• Helm chart + Terraform module added.
• SERVICE_READINESS.md signed off by tech lead + SRE before prod.

Before production deploy

• Canary 5% for 30 min passed in staging.
• Rollback plan verified.
• On-call alerted of deploy window.
• Feature flags set as intended.

Spec vs code

• If this PR changes behavior that contradicts a spec doc, update the spec (with user approval) in the same PR.
• If this PR adds a new rule worth remembering, add it to AGENTS.md, the matching .cursor/rules/*.mdc, or docs/standards/*.md in the same PR.