Browse 354 rules, 42 knowledge articles, and 28 prompt templates across security, performance, architecture, and quality.
BeforeMerge scans your pull requests against these rules automatically. Get actionable feedback before code ships to production.
354 rules
Store points in time as timestamptz so values are unambiguous across time zones and DST.
Tune autovacuum per-table on high-churn tables so dead tuples and bloat don't degrade performance.
Compute derived values with GENERATED ALWAYS AS ... STORED instead of duplicating logic in every writer.
Use GENERATED ... AS IDENTITY or uuid for surrogate keys instead of the legacy serial pseudo-type.
Index only the rows or computed expressions your queries actually filter on to cut index size and speed lookups.
Cap the maximum accepted request/payload size so large uploads cannot exhaust memory or bandwidth.
Run Node under a dedicated unprivileged user with only the permissions it needs; never run as root.
Return generic error messages to clients and log details server-side; never expose stack traces or internals.
Build database queries with parameter binding or an ORM, never by concatenating user input into SQL/NoSQL strings.
Apply per-IP / per-account rate limiting and throttling to login, signup, password-reset, and other public endpoints.
Keep API keys, tokens, and credentials out of source; load them from environment variables or a managed secret store.
Commit a lockfile and install with integrity verification (npm ci) so exact, tamper-checked versions are used.
Track and update dependencies regularly; run npm audit or an SCA tool in CI to block builds with known-vulnerable packages.
Protect non-idempotent requests with anti-CSRF tokens or SameSite cookies plus origin verification.
Serve all traffic over HTTPS and set Secure, HttpOnly, and SameSite attributes on session and auth cookies.
Reuse database connections through a pool instead of opening a new connection per request.
Enforce data integrity at the schema level with NOT NULL, UNIQUE, CHECK, and FK constraints.
Apply every schema change through ordered, reviewed migration files in version control.
Fetch related data with a join or a single batched query instead of one query per row.
Group related write operations in a single transaction so they commit or roll back atomically.
Paginate with a WHERE filter on the last seen key rather than OFFSET on deep pages.
Inspect the query plan with EXPLAIN ANALYZE to find sequential scans and missing indexes.
Pick the smallest type that fits the domain instead of defaulting everything to text or bigint.
Let TypeScript infer local types; add explicit annotations on exported functions and module boundaries.