# Release Checklist

**Last reviewed:** 8 July 2026

Each release should check auth, signup, password reset, MFA/security settings, dashboard, imports, bookkeeping approval, reports, HMRC workflows, billing, admin and marketing routes.

## Operating principles

- Preserve tenant isolation and user authentication.
- Keep claims truthful and aligned with implemented features.
- Protect secrets and high-sensitivity financial records.
- Review changes before production deployment.

## Verification checklist

- Authentication and admin routes remain protected.
- Private app routes are not indexed.
- No secrets are exposed in logs, client code or documentation.
- HMRC and filing functionality is described by actual release status.
