Next.js implementation checklist

Verify that revalidatePath or revalidateTag is called within Server Actions following any data mutation to clear stale cache.

Identify sequential 'await' calls in Server Components and replace them with Promise.all() or individual Suspense boundaries to prevent waterfalls.

Wrap database queries (Prisma/Drizzle) in unstable_cache to ensure results are cached across requests rather than refetched on every render.

Explicitly set fetch('url', { cache: 'no-store' }) for real-time data or 'force-cache' for static assets to avoid default behavior ambiguity.

Ensure every route segment has a loading.tsx file or manual Suspense boundary to prevent blank screens during async operations.

Use a schema library like Zod to parse and validate all arguments passed to 'use server' functions before processing.

Audit .env files to ensure sensitive keys (OpenAI, Stripe secret) are NOT prefixed with NEXT_PUBLIC_ to prevent browser exposure.

Implement route protection in middleware.ts to redirect unauthenticated users before they hit Server Component rendering logic.

Verify that Server Actions check the Origin header against the host domain to prevent cross-site request forgery.

Verify that session checks (auth() or getAuth()) are performed in the Server Component body, not just the client-side UI.

Ensure next/image components have 'priority' set for LCP elements and utilize 'placeholder="blur"' for large hero images.

Configure next/font to use specific subsets (e.g., 'latin') and swap display properties to minimize Layout Shift (CLS).

Run @next/bundle-analyzer and move heavy client-side libraries (e.g., Lucide, Lodash) to Server Components or dynamic imports.

Review third-party scripts in layout.tsx and assign 'strategy="lazyOnload"' or 'strategy="afterInteractive"' appropriately.

Explicitly define 'export const dynamic = "force-static"' for pages that do not require per-request data to optimize build-time generation.

Implement generateMetadata() in dynamic routes ([id]) to populate unique titles and descriptions for search engine crawlers.

Verify that sitemap.ts and robots.ts files are present in the app directory and returning valid XML/text content.

Set a base metadata URL in the root layout to ensure all generated canonical tags use the correct production domain.

Test dynamic OG images using the Vercel OG library to ensure social shares display correct preview content.

Ensure only one H1 exists per page and that the document structure follows a logical heading hierarchy (H2-H6).

Verify that AI SDK responses use 'StreamingTextResponse' and the frontend utilizes 'useChat' or 'useCompletion' for real-time UI updates.

Increase the 'maxDuration' config in route.ts or page.tsx for AI routes to prevent functions from timing out during long LLM generations.

Apply middleware-based rate limiting using Upstash Redis to prevent AI API credit exhaustion from automated bots.

Verify that AI routes use 'export const runtime = "edge"' if they require minimal latency and support the Edge runtime environment.

Implement try/catch blocks in Server Actions that return user-friendly error messages when AI providers hit rate limits.

Create a root error.tsx file to catch unhandled exceptions and provide a 'reset' functionality to the user.

Use the notFound() function in dynamic segments and ensure a custom not-found.tsx is styled and functional.

Connect a service like Sentry or Axiom to capture server-side console errors that are otherwise invisible in production.

Create an /api/health route that checks database connectivity to allow external monitors to verify service uptime.

Ensure production builds generate source maps for error tracking but keep them restricted from public access.