Browse 225 rules, 42 knowledge articles, and 28 prompt templates across security, performance, architecture, and quality.
42 knowledge items
Error handling patterns: Result types, Error Boundaries, try/catch strategies, structured logging, and error monitoring setup.
Every important security header explained: CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Permissions-Policy. Includes Next.js configuration examples.
Complete reference for server-side authentication in Supabase: client types, user retrieval methods, cookie handling, and middleware patterns.
Building and deploying Supabase Edge Functions: project structure, environment variables, CORS handling, client invocation, and error handling.
When to use Server Components, Client Components, and Server Actions. Includes a decision tree with concrete examples.
Practical guide to Partial, Required, Pick, Omit, Record, Extract, Exclude, ReturnType, Parameters, and Awaited with real-world examples.
Next.js caching layers explained: Request Memoization, Data Cache, Full Route Cache, and Router Cache. How each works and common pitfalls.
Middleware use cases for Next.js: auth guards, redirects, geolocation, A/B testing, with matcher config examples and edge runtime limitations.
Rules of Hooks explained: why they exist, what breaks when violated, and how to structure custom hooks correctly.
When to use useState, useReducer, Context, or external state libraries. Decision tree based on scope, complexity, and sharing needs.
Every TypeScript strict flag explained: what each catches, why it matters, and the migration path from loose to strict.
Step-by-step checklist for designing REST APIs: naming conventions, versioning, pagination, filtering, error format, authentication, and rate limiting.
Standard error response format, HTTP status code mapping, error codes, client-friendly messages, and retry guidance for APIs.
When and how to add database indexes: B-tree, GIN, partial, and composite indexes. Includes EXPLAIN ANALYZE examples and read/write tradeoffs.
How SQL injection works, parameterized queries in Node.js and Python, ORM safety, and common bypass techniques to test for.
Unit, integration, and E2E testing: what each level tests, recommended ratios, tooling recommendations, and cost/benefit analysis.
Building test factories with the builder pattern: createUser(), createOrder(), with overrides, traits, and sequences in TypeScript.
WCAG 2.1 AA compliance checklist organized by principle: Perceivable, Operable, Understandable, Robust. Includes automated testing tools.
BeforeMerge scans your pull requests against these rules automatically. Get actionable feedback before code ships to production.