Browse 354 rules, 42 knowledge articles, and 28 prompt templates across security, performance, architecture, and quality.
BeforeMerge scans your pull requests against these rules automatically. Get actionable feedback before code ships to production.
354 rules
Use union string literals instead of `enum` for simpler types, better inference, and zero runtime cost.
Turn on `noUncheckedIndexedAccess` so index access includes `undefined` and forces a presence check.
Mark properties and arrays `readonly` so accidental mutation is a compile error.
Give string/number IDs a branded type so a `UserId` can't be passed where an `OrderId` is expected.
Use `satisfies` to check a value against a type while keeping its precise inferred literal type.
Add a `default` branch that assigns to `never` so adding a union member becomes a compile error until handled.
Let TypeScript infer local types; add explicit annotations on exported functions and module boundaries.
The `!` operator lies to the compiler about null/undefined. Check and handle the empty case explicitly.
Run dependency and container-image vulnerability scans in the pipeline and fail on critical findings.
Pipelines must stop immediately on the first error instead of masking failures and continuing.
Restore dependency and build-layer caches keyed on the lockfile to avoid redundant work each run.
Maintain distinct dev/staging/prod environments and drive their differences through configuration, not branching code paths.
Produce one immutable build artifact and promote that same artifact through staging to production.
Inject secrets from the CI secret manager at runtime; never commit them or print them to logs.
Define infrastructure as code in version control and change it through reviewed, auditable commits.
Every pull request must run linting and the test suite, and merging must be blocked when they fail.
Deploy through an automated pipeline and keep a one-step rollback to the previous known-good release.
Gate deployments on a passing CI run so only verified commits can be promoted to an environment.
Apply schema migrations through a dedicated, version-controlled, gated pipeline step — not ad hoc or implicitly on deploy.
Design pipeline steps to produce the same result on re-run, with no reliance on hidden state or run order.
Release connections, timers, locks, and file handles in finally so they are freed on both success and error paths. Cleanup in the try body alone leaks on failure.
Model predictable outcomes (validation, not-found, parse failures) as typed return values; reserve throwing for truly exceptional conditions. This makes failure paths explicit and type-checked.
Retry idempotent operations that fail transiently (network blips, rate limits) using exponential backoff with jitter and a max attempt cap — but never retry non-idempotent or permanent failures.
Await promises inside try/catch and never leave a promise unhandled. An unhandled rejection can crash the process or silently drop a failure.