Skip to main content

SERVICE_READINESS — bff-backoffice-service

Sibling: SERVICE_OVERVIEW · SERVICE_RISK_REGISTER · DEPLOYMENT_TOPOLOGY · TESTING_STRATEGY

Cross-cutting: Standards · DEFINITION_OF_DONE · Standards · SERVICE_TEMPLATE

Production-readiness gate for bff-backoffice-service. Owned by Frontend Platform tech lead + SRE on-call. Signed copy filed in services/bff-backoffice-service/_readiness/<release>.md.

1. Documentation completeness

  • All 17 specs in this folder complete (no TBD).
  • 03-microservices/bff-backoffice-service.md up to date.
  • OpenAPI generated and committed.
  • Event schemas registered in @ghasi/event-envelope/schemas/bff-backoffice/.
  • All ADRs that affect this BFF linked from SERVICE_OVERVIEW (notably ADR-0003).
  • contextBridge API surface documented in @ghasi/desktop-bridge-types and matches API_CONTRACTS §35.

2. Code quality

  • pnpm lint clean.
  • pnpm typecheck clean.
  • No any outside justified // allow-any.
  • Import-boundary lint passes (presentation→application→domain; no skips).

3. Test coverage

  • Unit ≥ 90% statements / 85% branches.
  • Critical-file coverage 100% (DPoP verifier, MFA store, lock-action proxy, mutation proxy, decide AI suggestion, single-flight, idempotency).
  • Integration tests pass against ephemeral stack.
  • Mandatory tenant-isolation.spec.ts passes.
  • Mandatory outbox.spec.ts and inbox.spec.ts pass.
  • Pact consumer pacts published; verification reports green for all upstreams.
  • Pact provider pact verified against @ghasi/app-desktop-backoffice's consumer pact.
  • Stryker mutation score ≥ 80% on critical files.
  • Playwright E2E nightly green for: refresh, dashboard, workbench, mutations, lock issue, lock revoke (with MFA), AI decide, alert ack, sync handshake, SSE channel, force-logout, SSE→polling fallback.

4. Performance

  • k6 steady-state passes (p95 < 600 ms; error < 0.1%).
  • k6 peak passes (p95 < 1 s; cache hit > 80%).
  • k6 mutation burst passes (mutation p95 < 1.5 s; idempotency correctness 100%).
  • Long soak passes 8 h (no memory growth > 10%).
  • /dashboard p95 < 600 ms warm; first-byte < 200 ms.
  • Force-logout E2E < 5 s p95.

5. Observability

  • All SLIs emitting; SLOs declared.
  • Dashboards: Operator effectiveness, Service SLO, Device health, Lock actions, AI decisions.
  • All P1 alerts have ack'd runbooks.
  • Trace-tag coverage verified (tenant.id, operator.id, device.id, route, lock.action, mfa.scope, dpop.outcome).
  • Log fields verified.
  • PII filter verified (no operator/guest names in logs or telemetry).

6. Security

  • Threat model reviewed (SECURITY_MODEL §14).
  • Secrets only in Secret Manager.
  • DPoP replay drill executed in stage in last 90 days.
  • MFA bypass simulation in pen test.
  • DPoP verifier covers all RFC 9449 conformance cases.
  • Cloud Armor active.
  • DAST report has zero high/critical.
  • pnpm audit clean.
  • Trivy scan clean.
  • Cosign signature verified by binary authorization.
  • CORS allow-list verified.
  • Tenant-isolation tests pass at all layers.
  • Pen test signed off in last 12 months.
  • Lock-audit completeness 100% in last 30 days.

7. Reliability

  • Cloud Run min instances = 2 / region.
  • Multi-region: primary asia-south1, DR-warm europe-west4.
  • DR drill executed in stage in last 90 days; RTO ≤ 30 min.
  • Circuit breakers configured for every upstream.
  • Per-route deadline + retry policy reviewed.
  • Two Memorystore tiers (cache + session) configured with HA.
  • Cloud SQL HA + cross-region replica.
  • SSE pre-stop drain verified.

8. Release process

  • CI: lint, typecheck, unit, integration, contract, build, scan, sign, deploy-dev, smoke.
  • Canary 10% / 50% / 100% with metric guardrails.
  • Rollback budget ≤ 5 min.
  • Feature flags documented; default off.
  • App-version-floor mechanism tested; rollback runbook in place.
  • Release notes drafted; coordinated with desktop release calendar.

9. Operations

  • On-call rotation assigned (Frontend Platform).
  • PagerDuty escalation policy verified.
  • Runbooks present for: F-1, F-4, F-10, F-13, F-17, F-18, F-27, F-28, F-30, F-32 (per FAILURE_MODES).
  • Cost dashboard with budget alerts at 50/80/100/120%.
  • On-call handoff doc in this folder.
  • Backup + restore tested for Cloud SQL.
  • Coordination matrix with desktop release calendar agreed (DEPLOYMENT_TOPOLOGY §5).

10. Compliance / data governance

  • PII inventory in SECURITY_MODEL §13 reviewed by data steward.
  • DPIA filed.
  • Cookie consent N/A (Electron app, not browser; no cookies served).
  • Data retention enforced: activity 90 d, alert ack 365 d, AI decision 7 y, lock audit 7 y.
  • Sharia-compliant tenants flagged with complianceProfile; AI suggestions filtered.
  • BAA / DPA verified for in-scope tenants.

11. Sign-off

RoleNameDateSignature
Service tech lead (Frontend Platform)
Desktop platform tech lead (Electron app)
SRE on-call (rotating)
Security reviewer
Data steward
Product manager (backoffice owner)
Eng manager / Director

A snapshot of this checklist is committed to services/bff-backoffice-service/_readiness/<release-tag>.md.