Model Review Checklist

Use this checklist before generating code, sharing a model for sign-off, or deploying to SAAScade Cloud.

Language

  • Block names use business language.
  • Commands are imperative verb phrases.
  • Events are past-tense facts.
  • Ambiguous words are clarified or marked with hotspots.
  • The same word does not silently mean different things inside one bounded context.

Commands

  • Every command has an initiator.
  • Every command targets one primary aggregate or external system.
  • Every command has required input fields.
  • Every command has expected success event or events.
  • Every command has known rejection reasons.
  • Authorization is clear for sensitive commands.

Events

  • Every event has an owning context.
  • Every event has a source aggregate, policy, or external system.
  • Event payloads include the facts consumers need.
  • Events are not named after technical implementation details.
  • Events that cross boundaries are modelled as integration events.

Aggregates And Rules

  • Every aggregate has an identity.
  • Every aggregate lists the commands it handles.
  • Every aggregate lists the events it emits.
  • Invariants are visible and testable.
  • Aggregates are not oversized collections of unrelated behaviour.
  • Child entities and value objects are inside the correct aggregate boundary.

Policies And Processes

  • Every policy has a trigger event.
  • Every policy has a condition or says it always applies.
  • Every policy has a resulting command, notification, or integration event.
  • Long-running policies are promoted to sagas or process managers.
  • Retries, deadlines, and failure paths are clear for automated workflows.

Read Side

  • Every important user decision has a read model.
  • Every read model has a consumer.
  • Every read model has update sources.
  • Queries do not change business state.
  • Read model freshness expectations are clear.

Boundaries And Integrations

  • Bounded contexts are named after business capabilities.
  • External systems have owners and integration types.
  • Integration events have publishers, subscribers, and contract payloads.
  • Failure handling is defined for unreliable external systems.
  • Privacy-sensitive data crossing boundaries is reviewed.

Generation Readiness

  • Generation scope is clear.
  • Persistence and hosting options are selected.
  • Open hotspots are resolved, downgraded, or accepted as risk.
  • Test scenarios exist for key commands, events, policies, and read models.
  • Business owner and technical owner agree the model is ready.