BMAD-METHOD/expansion-packs/bmad-nextjs-fullstack/checklists/base-controller-checklist.md

BaseController Implementation Checklist

Abstract Class Setup

• BaseController abstract class created in shared/core/
• Generic type parameter <T> properly defined
• Database client abstraction implemented
• Zod schema integration configured
• Constructor properly initializes dependencies

CRUD Operations Implementation

• getAll method implemented with pagination
• getById method implemented with proper error handling
• create method implemented with validation
• update method implemented with partial updates
• delete method implemented with proper checks
• All methods return proper HTTP responses

Search & Filtering

• Abstract buildSearchFilter method defined
• Search parameter extraction implemented
• Database-agnostic filter pattern established
• Query string parsing handled properly
• Default search behavior defined
• Search performance considered

Validation & Schema Integration

• Zod schema validation on all inputs
• Create schema validation implemented
• Update schema validation implemented
• Search parameter validation implemented
• Custom validation rules supported
• Validation error messages are user-friendly

Error Handling

• Consistent error response format
• HTTP status codes properly used
• Validation errors properly formatted
• Database errors caught and handled
• Logging implemented for debugging
• Error messages don't expose sensitive data

Database Abstraction

• Database client interface defined
• Connection management abstracted
• Database-specific operations isolated
• ORM/ODM integration patterns established
• Transaction support considered
• Connection pooling handled

Response Formatting

• Consistent API response structure
• Success responses properly formatted
• Error responses standardized
• Pagination metadata included
• Response types properly typed
• Content-Type headers set correctly

Feature Controller Extension

• Feature controller extends BaseController
• Entity-specific buildSearchFilter implemented
• Custom business logic methods added
• Database client properly injected
• Schema properly passed to parent
• Controller singleton pattern implemented (if needed)

Type Safety

• Generic types properly constrained
• Entity model interfaces defined
• API response types defined
• Database model types defined
• Method signatures properly typed
• Return types explicitly defined

Performance Optimization

• Database queries optimized
• Proper indexing strategy planned
• Pagination limits enforced
• Query result caching considered
• N+1 query problems avoided
• Database connection reuse implemented

Testing

• Unit tests for BaseController methods
• Mock database client created
• Test data fixtures defined
• Edge cases covered in tests
• Error scenarios tested
• Performance tests implemented

Documentation

• BaseController usage documented
• Extension patterns documented
• Database integration examples provided
• API response formats documented
• Error handling patterns documented
• Performance considerations documented

Logging & Monitoring

• Request/response logging implemented
• Error logging with stack traces
• Performance metrics captured
• Database operation monitoring
• Health check endpoints created
• Audit trail for data changes

Security Considerations

• Input sanitization implemented
• SQL injection prevention (for SQL databases)
• NoSQL injection prevention (for NoSQL databases)
• Access control integration points
• Rate limiting consideration
• Sensitive data handling

Database-Specific Implementations

For SQL Databases (Prisma/TypeORM)

• Proper WHERE clause generation
• JOIN operations handled
• Transaction support implemented
• Migration compatibility ensured
• Relationship loading optimized

For MongoDB (Mongoose)

• Query object generation
• Aggregation pipeline support
• Index utilization optimized
• Document validation aligned
• Connection string security

For Serverless Databases

• Connection pooling optimized
• Cold start mitigation
• Query timeout handling
• Retry logic implemented
• Cost optimization considered

Integration Points

• Authentication middleware integration
• Authorization checks implemented
• Audit logging integrated
• Event system integration (if applicable)
• Cache layer integration
• External API integration patterns

Production Readiness

• Environment variable configuration
• Production database connection
• Error monitoring integration
• Performance monitoring setup
• Load testing completed
• Backup and recovery procedures