Browse 225 rules, 42 knowledge articles, and 28 prompt templates across security, performance, architecture, and quality.
42 knowledge items
Environment variable management, SSRF prevention, input validation, rate limiting, CSP headers, and service role key protection.
Image optimization, font loading, dynamic imports, bundle analysis, Suspense streaming, and ISR patterns.
Error boundary hierarchy, structured logging with pino, user-friendly error messages, and Supabase error code reference.
Generated types workflow, type-safe database queries, discriminated unions for state, and generic CRUD helpers.
Testing RLS policies, server action isolation, integration tests with real database, and E2E patterns.
Migration naming, rollback strategies, seeding data, the moddatetime trigger pattern, and index strategy for Supabase PostgreSQL.
Deep dive into createClient(), createAdminClient(), and createReadOnlyClient(). Decision tree for choosing the right client in Next.js.
Common Row Level Security patterns: org-scoped access, public read with auth write, self-service profiles, and anti-patterns to avoid.
When to use server components and when to reach for "use client". Flowchart, refactoring patterns, and performance implications.
Comparison of data fetching approaches: server component fetching, SWR, React Query, and Supabase real-time subscriptions.
Complete guide to writing production server actions with requireAuth, Zod validation, structured error handling, and revalidation.
End-to-end auth flow: GitHub OAuth callback, session management, middleware protection, and logout handling in Next.js + Supabase.
How to set up and use the Supabase splinter linter for PostgreSQL schema security and performance auditing.
Set up Squawk to catch unsafe PostgreSQL migrations before they reach production.
Write pgTAP tests to verify your PostgreSQL schema, RLS policies, and constraints.
Comprehensive reference for MySQL and MariaDB linting and analysis tools.
Feature comparison of popular hosted database platforms: Supabase, Neon, PlanetScale, RDS, Cloud SQL, and more.
Conventional Commits specification: commit types, scope, breaking changes, multi-line bodies, and tooling for enforcement.
Setting up a CI/CD pipeline from scratch with GitHub Actions: test, lint, build stages, deployment gates, environment secrets, and caching.
Dockerizing a Node.js/Next.js application: multi-stage builds, .dockerignore, health checks, non-root users, and layer caching strategies.
How JWTs work, access vs refresh tokens, storage best practices, token rotation, and revocation strategies.
Common Row Level Security policy patterns for Supabase: owner-only, org-scoped, role-based, and public read access with SQL examples.
LCP, FID/INP, and CLS explained: what they measure, target values, how to diagnose issues, and how to fix common problems.
Modern image optimization: formats (WebP, AVIF), responsive images, the Next.js Image component, lazy loading, and CDN strategies.
BeforeMerge scans your pull requests against these rules automatically. Get actionable feedback before code ships to production.