Client Portal — Scoping & Delivery Checklist¶

SCOPE_ITEM: Comprehensive checklist for scoping and delivering client portal projects. Used during intake (Aimee), architecture (Anna), and project management (Faye/Sytske).

Phase 1: Discovery & Scoping¶

Business Context¶

CHECK: What type of company operates the portal (services, agency, construction, IT)? CHECK: Who are the portal's end users (client contacts, client teams, external partners)? CHECK: What problem does the portal solve (replace email, centralise docs, project visibility)? CHECK: How many clients will use the portal (initial and 12-month projection)? CHECK: How many users per client (1 contact or full team)? CHECK: Is there an existing portal or system being replaced?

Authentication & Access¶

CHECK: How should client users authenticate? - [ ] Magic link (recommended default — no passwords) - [ ] Email + password - [ ] SSO via client's corporate IdP (enterprise clients) CHECK: Are there multiple user roles per client org (admin, member, read-only)? CHECK: Should client primary contact manage their own users? CHECK: How should company staff authenticate? CHECK: Is impersonation needed (company views as client for debugging)?

Dashboard & Projects¶

CHECK: What does the client see on their dashboard after login? CHECK: How many active projects does a typical client have? CHECK: What project information should be visible to clients? CHECK: Are milestones / timeline views needed? CHECK: What KPIs should be displayed (if any)? CHECK: Is real-time data needed or is periodic refresh sufficient?

Document Management¶

CHECK: Who uploads documents (company only, or clients too)? CHECK: Is document versioning required? CHECK: What document types/categories will be used? CHECK: Are e-signatures needed? Which provider preference? CHECK: Is document-level access control needed (beyond per-client)? CHECK: Are there regulatory retention requirements? CHECK: What is the typical document size and volume per client? CHECK: Is full-text search within documents needed?

Communication¶

CHECK: Is in-portal messaging needed? CHECK: Does the company need internal notes (not visible to client)? CHECK: Is a support ticket system needed? CHECK: What are the SLA targets for support (if applicable)? CHECK: Is email-to-portal reply needed? CHECK: Is a knowledge base / FAQ needed?

Invoicing & Payments¶

CHECK: Should invoices be visible in the portal? CHECK: Should clients be able to pay invoices through the portal? CHECK: What payment methods (iDEAL, cards, bank transfer)? CHECK: Does the company use an invoicing system to integrate with?

Calendar & Scheduling¶

CHECK: Should clients be able to book meetings? CHECK: Which calendar system does the company use (Outlook, Google)? CHECK: Is a project timeline / Gantt view needed?

Compliance¶

CHECK: GDPR applicability confirmed (EU data subjects). CHECK: Data residency requirements (EU-only hosting). CHECK: Audit trail requirements (document access, downloads, messages). CHECK: Data retention requirements (per document type). CHECK: Industry-specific regulations (healthcare, finance, legal)? CHECK: Data export capability (right to portability).

Phase 2: Architecture & Design¶

Technical Architecture¶

[ ] Stack confirmed: Next.js + Hono + PostgreSQL + Drizzle.
[ ] Authentication approach selected (magic link / password / SSO).
[ ] Multi-tenancy model confirmed (row-level client_id scoping).
[ ] File storage approach confirmed (S3-compatible, EU region).
[ ] Email provider selected (Brevo or Mailjet preferred — EU-hosted. Resend/Postmark secondary — US-based, EU data sovereignty risk).
[ ] Database schema designed (ERD reviewed).
[ ] API route structure defined.
[ ] Background job strategy defined (BullMQ for notifications, reports).

Multi-Tenancy Design¶

[ ] Every table with client data has client_org_id column.
[ ] Data access layer enforces client_id filter on all queries.
[ ] API middleware extracts and validates client_id from session.
[ ] Admin endpoints allow cross-client access with explicit context.
[ ] Automated test: verify no cross-client data leakage.

Security Design¶

[ ] Authentication flow documented.
[ ] RBAC model defined (company admin, company staff, client primary, client member, client read-only).
[ ] Document access control rules documented.
[ ] File upload security (type validation, virus scanning, size limits).
[ ] Internal notes visibility enforcement documented.
[ ] Session management (lifetime, secure cookies, CSRF).

Document Architecture¶

[ ] S3 bucket structure defined (per-client prefix or flat with metadata).
[ ] Upload flow documented (presigned URLs, virus scanning).
[ ] Versioning strategy documented.
[ ] Retention policy implementation documented.
[ ] E-signature integration approach documented (if applicable).

Phase 3: Development¶

Sprint 0 — Foundation¶

[ ] Repository initialised with GE stack template.
[ ] Database provisioned (EU-hosted PostgreSQL).
[ ] Drizzle schema + initial migration created.
[ ] Authentication flow implemented (magic link or password).
[ ] Multi-tenancy middleware implemented and tested.
[ ] S3 bucket configured (EU region, encryption, CORS).
[ ] Email provider configured and tested.
[ ] CI/CD pipeline configured.
[ ] Staging environment provisioned.

Core: Client Experience¶

[ ] Client dashboard (project overview, KPIs, activity feed).
[ ] Project detail view (status, milestones, team, documents).
[ ] Document library (browse, download, categories).
[ ] Document upload (if client upload enabled).
[ ] Document versioning (version history, download any version).
[ ] Notification centre (in-app notifications).
[ ] Email notifications (document shared, status change, etc.).

Core: Communication (If Included)¶

[ ] Conversation threads (per project and general).
[ ] Message compose with formatting and attachments.
[ ] Internal notes (company-only, hidden from client).
[ ] Read receipts and unread indicators.
[ ] Message notifications (in-app + email).

Core: Company Admin¶

[ ] Client management (list, create, edit, deactivate).
[ ] Client user management (invite, deactivate, role assignment).
[ ] Project management (create, status updates, milestones).
[ ] Document upload and management.
[ ] Activity overview (cross-client dashboard).

Optional Modules¶

[ ] Support ticket system (create, assign, track, resolve).
[ ] E-signature integration (request, track, store signed docs).
[ ] Invoice display (list, detail, PDF download).
[ ] Online payment (Mollie preferred — NL-based. Stripe secondary if client requires international coverage. NOTE: Stripe is US-based — EU data sovereignty risk).
[ ] Calendar / appointment booking.
[ ] Knowledge base / FAQ.
[ ] Email-to-portal bridge (inbound email processing).

Phase 4: Quality Assurance¶

Functional Testing¶

[ ] Full client journey: login → dashboard → view project → download document → send message.
[ ] Full company journey: login → create client → create project → upload document → message client.
[ ] Multi-tenancy: Client A cannot see Client B's data (automated test).
[ ] Multi-tenancy: API endpoint returns 403 for wrong client_id.
[ ] Document upload: type validation, size limit, virus scan.
[ ] Document versioning: upload new version, download old version.
[ ] Notifications: sent on correct events, delivered to correct users.
[ ] Internal notes: not visible to client users (API + UI verified).
[ ] Authentication: magic link flow, session expiry, password reset.
[ ] Ticket system (if included): full lifecycle tested.
[ ] E-signatures (if included): request, sign, store flow tested.

Security Testing¶

[ ] Authentication bypass attempted (direct URL without login).
[ ] Multi-tenancy bypass attempted (modify client_id in request).
[ ] RBAC: client member cannot access admin endpoints.
[ ] RBAC: client read-only cannot send messages or upload.
[ ] File upload: malicious file types rejected.
[ ] Internal notes: not returned by API for client users.
[ ] Session: expired session redirects to login.
[ ] Rate limiting: login attempts, file uploads, API calls.

Performance Testing¶

[ ] Dashboard loads in <2 seconds.
[ ] Document library loads in <1 second (up to 500 documents).
[ ] Document download starts in <2 seconds (presigned URL generation).
[ ] Message send completes in <1 second.
[ ] Notification delivery within 30 seconds of trigger event.
[ ] File upload: 100 MB file completes in <60 seconds.

Phase 5: Deployment & Handover¶

Pre-Launch¶

[ ] Production environment provisioned (EU-hosted).
[ ] SSL certificate configured.
[ ] DNS configured (portal.{company-domain} or custom domain).
[ ] S3 bucket production configured (encryption, CORS, lifecycle).
[ ] Email provider production configured (SPF, DKIM, DMARC).
[ ] Backup strategy configured and tested (database + S3).
[ ] Monitoring configured (uptime, error rate, response time).
[ ] Seed data: create initial client organisations and admin users.
[ ] Client UAT completed and sign-off received.
[ ] Portal content populated (FAQ, terms, help text).

Go-Live¶

[ ] Production deployment executed.
[ ] Smoke test: full client journey on production.
[ ] Smoke test: full company admin journey on production.
[ ] Smoke test: document upload + download on production.
[ ] Smoke test: email notification delivery on production.
[ ] Smoke test: e-signature flow on production (if applicable).
[ ] Client notified, welcome communication sent.

Post-Launch¶

[ ] Hypercare period active (2 weeks, priority support).
[ ] Error monitoring reviewed daily during hypercare.
[ ] Document storage usage monitored.
[ ] Email deliverability monitored (bounce rate, complaint rate).
[ ] Client feedback collected after week 1 and week 2.
[ ] Company admin training completed (or documentation delivered).
[ ] Handover documentation delivered.
[ ] Support and maintenance agreement activated.