Project 3 · Done Checklist
If every box is ticked, your school SaaS is real. And you've completed the entire program.
This checklist is long because the project is. Every item is a real check — don't skip any.
Architecture
Before you move on — can you do all of this?
Click each item you're confident about. Bring the unchecked ones to your next session.
All 12 core tables created via numbered migrations in supabase/migrations/
Every table has branch_id (except profiles where it's nullable for super admins)
Every table has created_at and updated_at
Every table has deleted_at for soft delete
Every table has RLS enabled — verified via Supabase dashboard
is_super_admin() and current_branch_id() helper functions deployed
updated_at trigger function deployed and attached to every relevant table
TypeScript types regenerated after every schema change (pnpm supabase gen types)
Auth & Personas
Before you move on — can you do all of this?
Click each item you're confident about. Bring the unchecked ones to your next session.
Supabase Auth configured (email + password to start)
profiles row auto-created when a user signs up (use Supabase trigger or signup callback)
Test users seeded: 1 super admin, 1 branch admin per branch, 1 teacher, 2 parents
Middleware redirects unauthenticated requests to /login
Post-login routing by role works: super/branch → /admin, teacher → /teacher, parent → /parent
Each role can ONLY access its allowed routes (try logging in as parent, hitting /admin — should 403)
Module — Students
Before you move on — can you do all of this?
Click each item you're confident about. Bring the unchecked ones to your next session.
List page with search and filters works
Enrolment form validates and saves successfully
Profile page renders all student details
Edit form works and saves changes
Soft delete works and student can be restored
Branch admin sees only own branch's students
Teacher sees only own section's students
Parent sees only own child(ren) via parent dashboard
Module — Attendance
Before you move on — can you do all of this?
Click each item you're confident about. Bring the unchecked ones to your next session.
Teacher can mark daily attendance for their section in < 1 minute
"Mark all present" works as default
Re-marking the same day is idempotent (no duplicate rows)
Parent sees their child's attendance history
Admin sees per-section attendance % summary
marked_by and branch_id filled automatically via trigger
Module — Exams & Marks
Before you move on — can you do all of this?
Click each item you're confident about. Bring the unchecked ones to your next session.
Admin can schedule an exam with multiple subjects in one form
Teacher enters marks per subject for assigned section
Invalid marks (above max, negative) blocked client + server
Pass/fail indicator visible while entering marks
Admin can publish exam → parent sees report card
Parent CANNOT see marks before publish
Report card view shows all subjects, total, percentage, pass/fail
Module — Payments
Before you move on — can you do all of this?
Click each item you're confident about. Bring the unchecked ones to your next session.
Fee plans created per branch + grade
Fee payments generated per student per period
Parent can initiate payment via Razorpay (test mode)
Server-side amount verification (cannot pay less than owed)
Webhook signature verified — invalid signatures rejected
Idempotent — duplicate webhook does not double-mark
Receipt email sent within 30 seconds
Payment history visible to parent + admin
Module — Circulars
Before you move on — can you do all of this?
Click each item you're confident about. Bring the unchecked ones to your next session.
Admin can compose with rich text (markdown is enough for v1)
Audience picker: all / grade / section / individual parent
Live recipient count next to each audience option
Send triggers async email delivery
Per-recipient delivery status tracked
Failed sends don't block successful ones
Parent sees received circulars in reverse chronological order
Branch admin can resend a failed circular
Module — Branches
Before you move on — can you do all of this?
Click each item you're confident about. Bring the unchecked ones to your next session.
Super admin can create / edit / archive branches
Branch admin cannot access branch CRUD (UI hidden + RLS enforces)
Super admin's dashboard shows per-branch summary (students, fees, attendance %)
Branch switcher works for super admin
Branch admin auto-scoped (no switcher visible)
RLS Audit
Before you move on — can you do all of this?
Click each item you're confident about. Bring the unchecked ones to your next session.
Logged in as super admin → can see rows in every table across all branches
Logged in as branch admin → sees ONLY own branch rows for every relevant table
Logged in as teacher → sees ONLY assigned section students + attendance + marks
Logged in as parent → sees ONLY own children's records
Attempted cross-branch insert as branch admin → blocked by Postgres (RLS)
Attempted cross-parent read → blocked
Production Readiness
Before you move on — can you do all of this?
Click each item you're confident about. Bring the unchecked ones to your next session.
Sentry installed and capturing errors in production
Source maps uploaded to Sentry on deploy
UptimeRobot configured to ping public URLs + a health endpoint
All env vars set on Vercel (production + preview)
All edge function secrets set in Supabase (supabase secrets set)
Production CSP configured in next.config.ts
.env*.local confirmed in .gitignore
Service role key is NOT in any client code or NEXT_PUBLIC_* env
All credentials saved to VaultMate with "Production" labels
pnpm lint passes
pnpm tsc --noEmit passes
User Validation
Before you move on — can you do all of this?
Click each item you're confident about. Bring the unchecked ones to your next session.
One real person (teacher, principal, etc.) used the system for ≥ 15 minutes
Wrote down at least 5 pieces of feedback from that session
Fixed at least 2 of those pieces of feedback
Tested on a real phone (not just emulator) for the parent flows
Documentation
Before you move on — can you do all of this?
Click each item you're confident about. Bring the unchecked ones to your next session.
README.md at project root with stack, setup, deploy, architecture summary
CLAUDE.md updated with project-specific rules (RLS conventions, persona routing, etc.)
"Known Issues" section listing the edge cases you decided not to fully handle yet
Self-Reflection
Write your honest answers in a notebook or doc — these are for you, not for showing anyone.
- What's the single hardest bug you fixed in Project 3? What did you learn from it?
- One pattern you'll use on every future project? (Why?)
- One thing you'd architect differently if starting over?
- One module you'd prioritise differently? Either earlier or later.
- One thing you genuinely don't understand yet that you want to learn next.
The last question is the most important. The end of Project 3 isn't the end of learning — it's the start of targeted learning, driven by what you ran into.
Congratulations
You finished.
You started not knowing the difference between a frontend and a backend. You're now able to:
- Architect a multi-tenant SaaS with proper data isolation
- Build a working Razorpay payments flow with verified webhooks
- Write Row Level Security policies that protect real student data
- Ship to production with monitoring, error tracking, and uptime alerts
- Use AI as a serious technical partner — directing, reviewing, judging
Most people who say they want to learn to code stop at "ran a tutorial." You shipped three real projects, including one that a real school could actually use.
The next thing to build is whichever real problem in your life you most want to solve. The skills will transfer. The cycle is the same. Go ship.