BMAD-METHOD/bmad-core/checklists/architect-checklist.md

Architect Solution Validation Checklist

This checklist serves as a comprehensive framework for the Architect to validate the technical design and architecture before development execution. The Architect should systematically work through each item, ensuring the architecture is robust, scalable, secure, and aligned with the product requirements.

[[LLM: INITIALIZATION INSTRUCTIONS - REQUIRED ARTIFACTS

Before proceeding with this checklist, ensure you have access to:

1. architecture.md - The primary architecture document (check docs/architecture.md)
2. prd.md - Product Requirements Document for requirements alignment (check docs/prd.md)
3. Any system diagrams referenced in the architecture
4. API documentation if available
5. Technology stack details and version specifications

IMPORTANT: If any required documents are missing or inaccessible, immediately ask the user for their location or content before proceeding.

VALIDATION APPROACH: For each section, you must:

1. Deep Analysis - Don't just check boxes, thoroughly analyze each item against the provided documentation
2. Evidence-Based - Cite specific sections or quotes from the documents when validating
3. Critical Thinking - Question assumptions and identify gaps, not just confirm what's present
4. Risk Assessment - Consider what could go wrong with each architectural decision

EXECUTION MODE: Ask the user if they want to work through the checklist:

• Section by section (interactive mode) - Review each section, present findings, get confirmation before proceeding
• All at once (comprehensive mode) - Complete full analysis and present comprehensive report at end]]

1. REQUIREMENTS ALIGNMENT

LLM: Before evaluating this section, take a moment to fully understand the product's purpose and goals from the PRD. What is the core problem being solved? Who are the users? What are the critical success factors? Keep these in mind as you validate alignment. For each item, don't just check if it's mentioned - verify that the architecture provides a concrete technical solution.

1.1 Functional Requirements Coverage

• Architecture supports all functional requirements in the PRD
• Technical approaches for all epics and stories are addressed
• Edge cases and performance scenarios are considered
• All required integrations are accounted for
• User journeys are supported by the technical architecture

1.2 Non-Functional Requirements Alignment

• Performance requirements are addressed with specific solutions
• Scalability considerations are documented with approach
• Security requirements have corresponding technical controls
• Reliability and resilience approaches are defined
• Compliance requirements have technical implementations

1.3 Technical Constraints Adherence

• All technical constraints from PRD are satisfied
• Platform/language requirements are followed
• Infrastructure constraints are accommodated
• Third-party service constraints are addressed
• Organizational technical standards are followed

2. ARCHITECTURE FUNDAMENTALS

LLM: Architecture clarity is crucial for successful implementation. As you review this section, visualize the system as if you were explaining it to a new developer. Are there any ambiguities that could lead to misinterpretation? Would an AI agent be able to implement this architecture without confusion? Look for specific diagrams, component definitions, and clear interaction patterns.

2.1 Architecture Clarity

• Architecture is documented with clear diagrams
• Major components and their responsibilities are defined
• Component interactions and dependencies are mapped
• Data flows are clearly illustrated
• Technology choices for each component are specified

2.2 Separation of Concerns

• Clear boundaries between UI, business logic, and data layers
• Responsibilities are cleanly divided between components
• Interfaces between components are well-defined
• Components adhere to single responsibility principle
• Cross-cutting concerns (logging, auth, etc.) are properly addressed

2.3 Design Patterns & Best Practices

• Appropriate design patterns are employed
• Industry best practices are followed
• Anti-patterns are avoided
• Consistent architectural style throughout
• Pattern usage is documented and explained

2.4 Modularity & Maintainability

• System is divided into cohesive, loosely-coupled modules
• Components can be developed and tested independently
• Changes can be localized to specific components
• Code organization promotes discoverability
• Architecture specifically designed for AI agent implementation

3. TECHNICAL STACK & DECISIONS

LLM: Technology choices have long-term implications. For each technology decision, consider: Is this the simplest solution that could work? Are we over-engineering? Will this scale? What are the maintenance implications? Are there security vulnerabilities in the chosen versions? Verify that specific versions are defined, not ranges.

3.1 Technology Selection

• Selected technologies meet all requirements
• Technology versions are specifically defined (not ranges)
• Technology choices are justified with clear rationale
• Alternatives considered are documented with pros/cons
• Selected stack components work well together

3.2 Frontend Architecture

• UI framework and libraries are specifically selected
• State management approach is defined
• Component structure and organization is specified
• Responsive/adaptive design approach is outlined
• Build and bundling strategy is determined

3.3 Backend Architecture

• API design and standards are defined
• Service organization and boundaries are clear
• Authentication and authorization approach is specified
• Error handling strategy is outlined
• Backend scaling approach is defined

3.4 Data Architecture

• Data models are fully defined
• Database technologies are selected with justification
• Data access patterns are documented
• Data migration/seeding approach is specified
• Data backup and recovery strategies are outlined

4. RESILIENCE & OPERATIONAL READINESS

LLM: Production systems fail in unexpected ways. As you review this section, think about Murphy's Law - what could go wrong? Consider real-world scenarios: What happens during peak load? How does the system behave when a critical service is down? Can the operations team diagnose issues at 3 AM? Look for specific resilience patterns, not just mentions of "error handling".

4.1 Error Handling & Resilience

• Error handling strategy is comprehensive
• Retry policies are defined where appropriate
• Circuit breakers or fallbacks are specified for critical services
• Graceful degradation approaches are defined
• System can recover from partial failures

4.2 Monitoring & Observability

• Logging strategy is defined
• Monitoring approach is specified
• Key metrics for system health are identified
• Alerting thresholds and strategies are outlined
• Debugging and troubleshooting capabilities are built in

4.3 Performance & Scaling

• Performance bottlenecks are identified and addressed
• Caching strategy is defined where appropriate
• Load balancing approach is specified
• Horizontal and vertical scaling strategies are outlined
• Resource sizing recommendations are provided

4.4 Deployment & DevOps

• Deployment strategy is defined
• CI/CD pipeline approach is outlined
• Environment strategy (dev, staging, prod) is specified
• Infrastructure as Code approach is defined
• Rollback and recovery procedures are outlined

5. SECURITY & COMPLIANCE

LLM: Security is not optional. Review this section with a hacker's mindset - how could someone exploit this system? Also consider compliance: Are there industry-specific regulations that apply? GDPR? HIPAA? PCI? Ensure the architecture addresses these proactively. Look for specific security controls, not just general statements.

5.1 Authentication & Authorization

• Authentication mechanism is clearly defined
• Authorization model is specified
• Role-based access control is outlined if required
• Session management approach is defined
• Credential management is addressed

5.2 Data Security

• Data encryption approach (at rest and in transit) is specified
• Sensitive data handling procedures are defined
• Data retention and purging policies are outlined
• Backup encryption is addressed if required
• Data access audit trails are specified if required

5.3 API & Service Security

• API security controls are defined
• Rate limiting and throttling approaches are specified
• Input validation strategy is outlined
• CSRF/XSS prevention measures are addressed
• Secure communication protocols are specified

5.4 Infrastructure Security

• Network security design is outlined
• Firewall and security group configurations are specified
• Service isolation approach is defined
• Least privilege principle is applied
• Security monitoring strategy is outlined

6. IMPLEMENTATION GUIDANCE

LLM: Clear implementation guidance prevents costly mistakes. As you review this section, imagine you're a developer starting on day one. Do they have everything they need to be productive? Are coding standards clear enough to maintain consistency across the team? Look for specific examples and patterns.

6.1 Coding Standards & Practices

• Coding standards are defined
• Documentation requirements are specified
• Testing expectations are outlined
• Code organization principles are defined
• Naming conventions are specified

6.2 Testing Strategy

• Unit testing approach is defined
• Integration testing strategy is outlined
• E2E testing approach is specified
• Performance testing requirements are outlined
• Security testing approach is defined

6.3 Development Environment

• Local development environment setup is documented
• Required tools and configurations are specified
• Development workflows are outlined
• Source control practices are defined
• Dependency management approach is specified

6.4 Technical Documentation

• API documentation standards are defined
• Architecture documentation requirements are specified
• Code documentation expectations are outlined
• System diagrams and visualizations are included
• Decision records for key choices are included

7. DEPENDENCY & INTEGRATION MANAGEMENT

LLM: Dependencies are often the source of production issues. For each dependency, consider: What happens if it's unavailable? Is there a newer version with security patches? Are we locked into a vendor? What's our contingency plan? Verify specific versions and fallback strategies.

7.1 External Dependencies

• All external dependencies are identified
• Versioning strategy for dependencies is defined
• Fallback approaches for critical dependencies are specified
• Licensing implications are addressed
• Update and patching strategy is outlined

7.2 Internal Dependencies

• Component dependencies are clearly mapped
• Build order dependencies are addressed
• Shared services and utilities are identified
• Circular dependencies are eliminated
• Versioning strategy for internal components is defined

7.3 Third-Party Integrations

• All third-party integrations are identified
• Integration approaches are defined
• Authentication with third parties is addressed
• Error handling for integration failures is specified
• Rate limits and quotas are considered

8. AI AGENT IMPLEMENTATION SUITABILITY

LLM: This architecture may be implemented by AI agents. Review with extreme clarity in mind. Are patterns consistent? Is complexity minimized? Would an AI agent make incorrect assumptions? Remember: explicit is better than implicit. Look for clear file structures, naming conventions, and implementation patterns.

8.1 Modularity for AI Agents

• Components are sized appropriately for AI agent implementation
• Dependencies between components are minimized
• Clear interfaces between components are defined
• Components have singular, well-defined responsibilities
• File and code organization optimized for AI agent understanding

8.2 Clarity & Predictability

• Patterns are consistent and predictable
• Complex logic is broken down into simpler steps
• Architecture avoids overly clever or obscure approaches
• Examples are provided for unfamiliar patterns
• Component responsibilities are explicit and clear

8.3 Implementation Guidance

• Detailed implementation guidance is provided
• Code structure templates are defined
• Specific implementation patterns are documented
• Common pitfalls are identified with solutions
• References to similar implementations are provided when helpful

8.4 Error Prevention & Handling

• Design reduces opportunities for implementation errors
• Validation and error checking approaches are defined
• Self-healing mechanisms are incorporated where possible
• Testing patterns are clearly defined
• Debugging guidance is provided

[[LLM: FINAL VALIDATION REPORT GENERATION

Now that you've completed the checklist, generate a comprehensive validation report that includes:

1. Executive Summary

   • Overall architecture readiness (High/Medium/Low)
   • Critical risks identified
   • Key strengths of the architecture

2. Section Analysis

   • Pass rate for each major section (percentage of items passed)
   • Most concerning failures or gaps
   • Sections requiring immediate attention

3. Risk Assessment

   • Top 5 risks by severity
   • Mitigation recommendations for each
   • Timeline impact of addressing issues

4. Recommendations

   • Must-fix items before development
   • Should-fix items for better quality
   • Nice-to-have improvements

5. AI Implementation Readiness

   • Specific concerns for AI agent implementation
   • Areas needing additional clarification
   • Complexity hotspots to address

After presenting the report, ask the user if they would like detailed analysis of any specific section, especially those with warnings or failures.]]