Jules App Production Checklist

Jules PRs need the same full review as any code contribution — asynchronous generation means edge cases and intent mismatches may not be obvious from a surface read

Authentication protects all private routes and API endpoints. Input validation on every form and data handler. No API keys or secrets in client-side code. Security headers configured (CSP, HSTS, X-Frame-Options). CORS restricted to your domain. Rate limiting on login and signup endpoints. HTTPS enforced everywhere.

Images optimized and lazy-loaded. Code splitting implemented. Lighthouse performance score above 80. Database queries have indexes on filtered columns. Pagination on all data lists. Static assets served with cache headers. No unnecessary client-side JavaScript.

Error tracking configured (Sentry or similar). Custom error pages for 404 and 500 errors. Error boundaries catch rendering failures gracefully. Loading states on all async operations. Graceful handling of network failures. Health check endpoint for monitoring. Database backups configured.

PR description accurately matches the intent of the original issue. Implementation solves the right problem, not just a literal reading of the description. All call sites of changed APIs updated. Tests included and cover both happy path and error cases. Full CI suite passes. SAST security scan passed. No credentials or secrets introduced. Conflicts with other in-progress work resolved. Code follows existing project conventions. Performance reviewed for any code on hot paths. Edge cases handled appropriately. Documentation updated for any API changes. Issue requirements fully satisfied, not just partially. Human reviewer familiar with the affected area approved. Integration tested, not just unit tested

Our security scan ($19) and code audit ($19) check for all of these issues automatically. Upload your code and get a detailed report within 24 hours. If you need help fixing what we find, our team is here for that too.