# MediLink — Build Checklist (Module by Module)

> Source of truth for build progress. Derived from `Telemedicine_PRD_Source_of_Truth.docx` (§8 Module Specifications).
> Stack: Laravel 13 + Inertia (Vue 3) · **MySQL/MariaDB** · WebRTC · session auth · **custom-built (no Breeze/starter kits)**.
> **Target = shared hosting (cPanel): no root, no daemons, no custom ports.** Deployment intentionally excluded.

## How we build
- **One module at a time, build → test → done.** Each module owns its migrations, models, factories, services, Form Requests, policies, Inertia pages, and tests. Don't start the next module until the current one's exit criteria pass.
- **Cross-cutting concerns are wired *as each module is built*** (audit logging, RBAC policies, notifications, consent) — Module 0 lays their foundation; later modules hook into them; Module 9 closes any gaps.
- **Tests ship with the module.** Every module ends with passing unit + feature + authorization tests before it's marked done.

## Shared-hosting locked decisions
- **DB:** MySQL/MariaDB (not Postgres — shared hosts rarely offer it)
- **WebRTC = Path A:** Pusher/Ably signalling + `simple-peer` (Vue) + Metered/managed TURN + public STUN. No Reverb, no self-hosted coturn.
- **Queue:** `database` driver via single cron (`schedule:run` → `queue:work --stop-when-empty`), or `sync` for low volume. No Supervisor.

Legend: `[ ]` todo · `[~]` in progress · `[x]` done

## Data-model ownership (PRD §12)
| Table | Owning module |
|---|---|
| `users` | M0 / M1 |
| `audit_logs` | M0 (foundation) |
| `consents` | M1 (capture) → M7 (full) |
| `patient_profiles`, `provider_profiles` | M2 |
| `provider_availability`, `appointments` | M3 |
| `notifications` | M3 (introduced) → M9 (full) |
| `consultations` | M4 |
| `medical_records`, `prescriptions` | M5 |

---

## Module 0 — Foundation & Scaffolding
PRD: §11/§13 conventions · cross-cutting
- [x] Install & wire Inertia + Vue 3 (server adapter, client, Vite, root Blade, app.js)
- [x] MySQL connection confirmed (replaces default SQLite)
- [x] Base layouts: guest layout + authenticated app layout
- [x] Tailwind v4 design tokens / theme setup
- [x] Shared frontend plumbing: page resolver, flash messages
- [x] Role-aware nav/sidebar shell (currently hardcoded role via `?role=`)
- [x] Conventions baseline: service-class pattern (per-model `*Service`), thin controllers, **Role + UserStatus enums** (Form Request & Policy patterns documented in `.ai/guidelines`, applied per module)
- [x] **Audit-log foundation** — `audit_logs` migration + model + factory + writer service (`AuditLogService::log()`)
- [x] Base test setup + shared factories (`User` role/status states, `AuditLog`) + `RefreshDatabase` conventions
- [x] CI/CD baseline: single `.github/workflows/deploy.yml` on push to `main` — Pint lint gate + Vite build, then FTP deploy to cPanel (no tests by request; run `php artisan test` locally)
- **Exit:** styled landing page renders; role-aware dashboard shell reachable; audit writer can record an event; enums + conventions in place; CI green

## Module 1 — Authentication & Identity · FR-01/02/03, FR-17(partial) · §8.1
- [x] `users` finalized (role, status) + factory states per role
- [x] Registration (patient & provider, role selection) — `RegistrationService` + `RegisterController` + `Auth/Register.vue`
- [x] Login / logout (session-based) with **login throttling** (`LoginRequest` rate limiter, 5/min)
- [x] Secure session config + bcrypt hashing + CSRF (session regenerate on login/register/logout)
- [~] Email verification — **deferred by request** (accounts are Active immediately for seamless login)
- [~] Password reset (custom forgot/reset flow) — **deferred** (needs email infra; pairs with verification)
- [x] **RBAC spine** — Role enum + `role` middleware (`EnsureUserHasRole`, alias registered); Policy foundation per module
- [x] Consent capture at registration (`consents` table/model/factory; `registration_terms` v1.0 recorded)
- [x] Audit hooks: login, failed login, blocked login, logout (`Audit` facade) + registration (`Auditable` on User/Consent)
- [x] Tests: register/login/logout happy/failure/edge; role-route blocking; throttling; suspended-block (Auth/* tests)
- **Exit:** patient register→login→logout works; patient blocked from admin/provider routes; auth actions audited; tests green ✅ (email verification & reset deferred)

## Module 2 — Profiles & Provider Verification · FR-04/05 · §8.2/8.3 + §8.7(verification)
- [x] `patient_profiles` + `provider_profiles` migrations + models + factories (auto-created at registration in `AuthService`)
- [x] Patient profile (demographics editable; `medical_record_number` read-only / not fillable)
- [x] Provider profile (professional/licence details; verification fields not fillable)
- [x] Provider verification workflow (admin: approve / reject / suspend) — `ProviderVerificationService` + `ProviderVerificationController`; uses shared `StatusEnum` (Verified/Rejected/Suspended)
- [x] Verification status **gates** features — `EnsureProviderVerified` middleware (`provider.verified` alias)
- [x] Admin user-management foundation (list + filter, suspend / reinstate) — `UserService` + `Admin\UserController`
- [x] Audit hooks: `provider.verified/rejected/suspended`, `user.suspended/reinstated`, profile changes (Auditable trait)
- [x] Tests: edit-boundary enforcement; verify/reject/suspend flow; unverified-provider gating; admin-only access (21 tests)
- **Exit:** admin verifies a provider; unverified provider blocked; profile edit boundaries enforced; tests green ✅

## Module 3 — Appointments & Availability · FR-06/07/08, FR-16(partial) · §8.4
- [ ] `provider_availability` + `appointments` migrations + models + factories (+ indexes on dates/statuses/FKs)
- [ ] Provider availability (recurring & one-off slots)
- [ ] Provider search/filter for patients (FR-16 partial, permission-scoped)
- [ ] Appointment booking (slot select + reason for consultation)
- [ ] **Overlap prevention** (DB constraint + service check on confirmed appointments)
- [ ] Appointment lifecycle status enum: pending / confirmed / completed / cancelled / missed
- [ ] Reschedule & cancel under configured rules
- [ ] `notifications` introduced + in-app + **queued email** on booking/status change (database queue via cron)
- [ ] Audit hooks: booking, status transitions
- [ ] Tests: booking happy path; conflicting booking rejected; lifecycle transitions; reschedule/cancel rules; pagination
- **Exit:** book available slot; conflicting booking rejected; status changes notify; lists paginate; tests green

## Module 4 — Consultations (WebRTC) · FR-09/10 · §8.5
- [ ] `consultations` migration + model + factory (appointment + participants + outcome/state)
- [ ] Secure room creation (booked patient + assigned provider only) + authorization gate on entry
- [ ] Room time-window (open before scheduled, close after completion)
- [ ] **Signalling via Pusher/Ably** (Laravel broadcasting + Echo over HTTPS — no Reverb)
- [ ] **`simple-peer`** peer-connection wrapper in Vue
- [ ] **Managed TURN (Metered)** + public STUN config
- [ ] In-call controls: mute, camera toggle, connection-status indicator
- [ ] **Audio-only fallback** on poor bandwidth
- [ ] Audit hooks: room entry
- [ ] **Decision to lock:** Pusher vs Ably + which TURN provider/credentials
- [ ] Tests: room authorization (only booked patient + assigned provider); time-window gating; consultation state transitions
- **Exit:** only booked patient + assigned provider enter room; call connects w/ controls; audio fallback works; tests green

## Module 5 — Medical Records, Prescriptions & Follow-up · FR-11/12/13/18 · §8.6
- [ ] `medical_records` + `prescriptions` migrations + models + factories (linked patient+provider+appointment)
- [ ] EMR: structured notes, diagnosis, history summary
- [ ] Record-level authorization (provider sees only assigned patients; patient read-only own summaries)
- [ ] **No hard deletes** — correction workflow preserves audit trail
- [ ] Prescriptions: issue linked to completed consult; patient view/download
- [ ] **Decision to lock:** PDF generation for prescriptions in MVP?
- [ ] Follow-up: recommend/schedule follow-up (loops into Module 3 booking)
- [ ] Session history (past summaries per access rights, FR-18)
- [ ] Audit hooks: record access, creation, correction
- [ ] Tests: record authorization; no-hard-delete + correction trail; prescription on completed consult; follow-up booking
- **Exit:** provider saves notes→patient sees summary; prescription on completed consult; no hard deletes; follow-up books; tests green

## Module 6 — Administration · FR-15, FR-14(review), FR-16 · §8.7
- [ ] Admin dashboard: user/role management, provider verification queue
- [ ] **Audit-log review UI** (filter/search by actor/action/entity/date)
- [ ] Basic operational reporting + system settings/config
- [ ] Admin correction process (no silent clinical-note edits — documented workflow)
- [ ] **Emergency guidance** surface (direct to emergency services)
- [ ] Complete search & filtering (FR-16) with permission scoping
- [ ] Audit hooks: admin actions (role change, suspension, settings)
- [ ] Tests: admin-only access; verification queue actions; audit review filters; search scoping
- **Exit:** admin manages users/roles/providers + reviews audit; correction process enforced; tests green

## Module 7 — Consent Management (full) · FR-17
- [ ] `consents` full model: types, versions, acceptance dates per user
- [ ] Consent versioning + re-consent prompt on version change
- [ ] Consent records viewable by user + admin
- [ ] Audit hooks: consent acceptance/withdrawal
- [ ] Tests: versioned acceptance; re-consent flow; record integrity
- **Exit:** consent is typed + versioned with per-user acceptance dates; re-consent enforced; tests green

## Module 8 — Audit Logging (completion) · FR-14
- [ ] **Complete coverage** consolidation — every sensitive/clinical action audited (login, approval, record access/creation/correction, admin actions)
- [ ] Timestamped + attributable + affected-entity metadata on every entry
- [ ] **No PII leakage** into audit metadata
- [ ] Tests: coverage assertions per sensitive action; immutability of audit records
- **Exit:** every §16 sensitive action produces an attributable, timestamped audit record; tests green

## Module 9 — Notifications (full surface) · FR-08
- [ ] In-app notification center (read/unread, per-user)
- [ ] Email across all events (booking, status, verification, prescription) via SMTP/HTTP API
- [ ] Events + queued jobs (database queue via cron) for non-blocking delivery
- [ ] **Decision to lock:** email/notification provider (shared-hosting-safe)
- [ ] Tests: event→notification fan-out; queued delivery; read-state
- **Exit:** in-app center + email fire across all events via queued jobs; tests green

## Module 10 — Hardening, Testing & Acceptance · NFR-01–10, §14/15/16/20
- [ ] Security pass: secure cookies, CSRF, SQLi safety, output encoding, validation, **no PII in logs**
- [ ] Performance/low-bandwidth pass: lazy-load, pagination audit, indexes, caching, asset compression, queued email
- [ ] Full test suite: unit, feature, API/route, **authorization** — happy/failure/edge paths
- [ ] Every §16 acceptance row has a passing test
- [ ] Responsive QA: desktop + mobile, supported WebRTC browsers
- [ ] Definition of Done (§20) walked per feature
- **Exit:** all §16 acceptance conditions pass; no open critical/high defects

---

## Cross-cutting (applied within every module as built)
- [ ] Audit logging wired into each module as it ships
- [ ] RBAC policies added per module
- [ ] Notifications via events/queued jobs
- [ ] Consent captured early (M1), formalized in M7
- [ ] Tests ship with each module
- [ ] Low-bandwidth considerations applied as built

## Open decisions (PRD §22)
- [x] ~~Auth strategy~~ → session-based (Inertia)
- [x] ~~Database~~ → MySQL/MariaDB (shared hosting)
- [x] ~~WebRTC approach~~ → Path A: Pusher/Ably + simple-peer + managed TURN
- [ ] Pusher vs Ably + specific TURN provider/credentials (Module 4)
- [ ] Email/notification provider — SMTP/HTTP API, shared-hosting-safe (Module 3/9)
- [ ] PDF generation for prescriptions in MVP (Module 5)
- [ ] Retention period for consultation & audit records (Module 8/10)