# WEPESI HMS UAT Release Checklist Use this checklist before every production release. A release is **GO** only when all Critical checks pass and no unresolved blocker remains. ## Release Metadata - Release version: - Release date: - Environment: `staging` / `production-candidate` - UAT owner: - Technical owner: - Final decision: `GO` / `NO-GO` ## Global Critical Gates (Must Pass) - [ ] Authentication works for expected roles (`admin`, `staff`, `super_admin`) - [ ] Tenant isolation checks pass (no cross-hotel view/update/delete) - [ ] CI pipeline green (`syntax + tenant/core tests`) - [ ] No blocker errors in logs during UAT run - [ ] Backup/restore point created before deployment ## Module UAT Matrix Record outcome and evidence for each module. | Module | Key Flow | Expected Outcome | Result (Pass/Fail) | Evidence (URL/screenshot/log) | Notes | |---|---|---|---|---|---| | Rooms | Create/update room, status update, bulk action | Data saved under current hotel only | | | | | Reservations | Create/update/check-in/check-out/cancel | Correct status transitions and room state updates | | | | | In/Out | Invoice generation, payment recording | Accurate totals and ledger impact | | | | | Accounting | Journal create/post/reverse, reports | Balanced entries, correct status changes | | | | | Documents | Upload/view/share/delete | Access limited by tenant and owner rules | | | | | Inventory | Item CRUD, stock adjustment, order processing | Correct stock math, scoped validation | | | | | HR (Staff/Attendance/Leave) | Staff actions, attendance, leave approvals | Cross-hotel records blocked, valid workflows | | | | | F&B (Menu/Service/POS) | Menu CRUD, service assign, POS order | Foreign IDs blocked, expected totals | | | | | Surveys | Invitation stats and responses | Tenant survey boundaries respected | | | | ## Tenant Isolation Spot Checks (Critical) Run at least one negative test per area using Hotel A user + Hotel B record ID. - [ ] Reservation with foreign `room_id` rejected - [ ] Staff bulk action with foreign `staff_ids` rejected - [ ] Accounting tag assignment with foreign tags rejected - [ ] Document access to foreign document blocked - [ ] Menu/service actions with foreign IDs rejected ## Functional Regression Checks - [ ] Dashboard loads without 500/404 - [ ] Reports pages render and filters work - [ ] Export endpoints return expected files - [ ] No broken links/routes in side navigation - [ ] No JS console blocker errors in core pages ## Data Integrity Checks - [ ] No orphaned key transactional records (reservation, invoice, payment) - [ ] Journal entries balanced (debit == credit) - [ ] Reservation/payment totals consistent - [ ] Soft-deleted data behaves as expected in UI/API ## Performance/Operational Checks - [ ] P95 response acceptable for top pages (dashboard, reservations, reports) - [ ] Queue/cron jobs healthy (if enabled) - [ ] Storage and logs writable - [ ] Error rate acceptable during UAT session ## Security/Access Checks - [ ] Unauthorized access returns expected deny behavior - [ ] Super admin hotel context switching works correctly - [ ] Sensitive actions require authenticated user - [ ] No debug data leaks in production-like mode ## Deployment Readiness - [ ] Migration plan reviewed and rollback steps prepared - [ ] Environment variables validated - [ ] Maintenance window confirmed (if needed) - [ ] Deployment owner and on-call contact assigned ## Production Readiness Gate (Pass/Fail) Use this section as the final launch gate after UAT. ### A) Infrastructure and Runtime - [ ] `APP_ENV=production`, `APP_DEBUG=false`, `APP_URL` set correctly - [ ] HTTPS certificate valid and forced redirects enabled - [ ] Config/route/view cache prepared for production - [ ] Queue worker process manager configured (Supervisor/systemd equivalent) - [ ] Scheduler/cron running every minute (`schedule:run`) - [ ] File storage permissions correct (`storage`, `bootstrap/cache`) ### B) Email Delivery (Required for reminders/notifications) - [ ] SMTP/provider credentials validated in settings - [ ] Test email delivered successfully from system - [ ] Sender domain DNS records configured (SPF, DKIM, DMARC) - [ ] Bounce/reject handling mailbox monitored ### C) PesaPal and Payment Webhooks - [ ] Live/sandbox keys configured correctly for target environment - [ ] PesaPal connection test passes in app settings - [ ] Public callback and IPN URLs reachable over HTTPS - [ ] End-to-end payment test completed (initiate -> pay -> callback/IPN -> status update) - [ ] Duplicate webhook replay does not create duplicate business effects - [ ] Payment failures and pending states visible to admin users ### D) Data Safety and Recovery - [ ] Automated backups enabled (database + storage) - [ ] Offsite backup copy verified - [ ] Restore drill executed successfully in non-production - [ ] Pre-deployment restore point created ### E) Observability and Incident Readiness - [ ] Application error monitoring enabled - [ ] Uptime monitoring enabled for app and payment callback endpoints - [ ] Log retention/rotation configured - [ ] Alert channel verified (email/Slack/WhatsApp/on-call) - [ ] Incident owner assigned for launch window ### F) Security Hardening - [ ] Strong admin passwords + lockout/rate limiting active - [ ] API keys/secrets only in secure settings/env (not committed in code) - [ ] CSRF/session settings verified for production domain - [ ] Access control smoke test passed for sensitive actions - [ ] No default credentials left in production ### G) Go-Live Validation Runbook (Must Pass) - [ ] Login as super admin and tenant user works - [ ] Create reservation -> check-in -> invoice -> payment completes - [ ] Accounting reflects transaction correctly (no duplicate journals) - [ ] Notification bell and notifications list update for key events - [ ] Subscription reminder trigger sends due reminders as expected - [ ] PesaPal payment updates subscription status automatically ### Production Decision - Production readiness status: `PASS` / `FAIL` - Blocking issues (if any): - Approved by: - Approval timestamp: ## Sign-Off - UAT owner sign-off: - Technical owner sign-off: - Business owner sign-off: - Final comments: