# Human Architect Review Checklist

## First 60 Minutes

- [ ] Confirm deployed branch/commit matches this handoff.
- [ ] Review `README-FIRST.md`.
- [ ] Review `FINAL-HANDOFF-MANIFEST-20260526.md`.
- [ ] Review `commercial-lite-production-readiness-report-20260526.md`.
- [ ] Confirm current dirty-tree/local changes are either pushed or intentionally local.
- [ ] Confirm no secrets are included in this pack.

## Architecture Review

- [ ] Confirm Commercial Lite scope: public buyer, customer, organiser, platform organiser, platform admin.
- [ ] Confirm deferred roles/features are not exposed as broken production UI.
- [ ] Confirm venue -> reusable seat map -> sections -> event selected seat map model.
- [ ] Confirm event-level ticket price/quantity/max-order model.
- [ ] Confirm section-specific ticket allocations work for reserved and non-reserved sections.

## Security Review

- [ ] Customer cannot access organiser/admin.
- [ ] Organiser cannot access platform admin.
- [ ] Platform organiser cannot access platform admin.
- [ ] Platform admin cannot unsafely assign/edit `platform_super_admin`.
- [ ] Tenant isolation verified for event, venue, seat map, media, ticketing, order APIs.
- [ ] Upload validation and non-executable storage verified.
- [ ] Public checkout only exposes online card/Stripe-safe methods.
- [ ] No secrets in HTML/JS/logs/static files.

## Payment Review

- [ ] Stripe keys configured in staging.
- [ ] Webhook secret configured.
- [ ] Signed webhook required for actionable events.
- [ ] Redirect alone cannot mark paid.
- [ ] Duplicate webhook idempotency verified.
- [ ] Ledger, service/platform fee, VAT/tax allocation reviewed.
- [ ] Connected account payout routing verified.

## UX / Testing Review

- [ ] Human testing workbook assigned to testers.
- [ ] P0 tests passed.
- [ ] Mobile/tablet real-device testing completed.
- [ ] Seat labels, section tabs, baskets, forms, and admin tables readable.
- [ ] Customer-facing seat-map PDF/image behavior verified.