Browse 158 rules, 25 knowledge articles, and 25 prompt templates across security, performance, architecture, and quality.
25 knowledge items
Common Row Level Security policy patterns for Supabase: owner-only, org-scoped, role-based, and public read access with SQL examples.
Complete reference for server-side authentication in Supabase: client types, user retrieval methods, cookie handling, and middleware patterns.
Building and deploying Supabase Edge Functions: project structure, environment variables, CORS handling, client invocation, and error handling.
When to use Server Components, Client Components, and Server Actions. Includes a decision tree with concrete examples.
Practical guide to Partial, Required, Pick, Omit, Record, Extract, Exclude, ReturnType, Parameters, and Awaited with real-world examples.
Next.js caching layers explained: Request Memoization, Data Cache, Full Route Cache, and Router Cache. How each works and common pitfalls.
Middleware use cases for Next.js: auth guards, redirects, geolocation, A/B testing, with matcher config examples and edge runtime limitations.
Rules of Hooks explained: why they exist, what breaks when violated, and how to structure custom hooks correctly.
When to use useState, useReducer, Context, or external state libraries. Decision tree based on scope, complexity, and sharing needs.
Every TypeScript strict flag explained: what each catches, why it matters, and the migration path from loose to strict.
Step-by-step checklist for designing REST APIs: naming conventions, versioning, pagination, filtering, error format, authentication, and rate limiting.
Standard error response format, HTTP status code mapping, error codes, client-friendly messages, and retry guidance for APIs.
When and how to add database indexes: B-tree, GIN, partial, and composite indexes. Includes EXPLAIN ANALYZE examples and read/write tradeoffs.
How SQL injection works, parameterized queries in Node.js and Python, ORM safety, and common bypass techniques to test for.
Unit, integration, and E2E testing: what each level tests, recommended ratios, tooling recommendations, and cost/benefit analysis.
Building test factories with the builder pattern: createUser(), createOrder(), with overrides, traits, and sequences in TypeScript.
WCAG 2.1 AA compliance checklist organized by principle: Perceivable, Operable, Understandable, Robust. Includes automated testing tools.
Conventional Commits specification: commit types, scope, breaking changes, multi-line bodies, and tooling for enforcement.
Setting up a CI/CD pipeline from scratch with GitHub Actions: test, lint, build stages, deployment gates, environment secrets, and caching.
Dockerizing a Node.js/Next.js application: multi-stage builds, .dockerignore, health checks, non-root users, and layer caching strategies.
How JWTs work, access vs refresh tokens, storage best practices, token rotation, and revocation strategies.
Every important security header explained: CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Permissions-Policy. Includes Next.js configuration examples.
LCP, FID/INP, and CLS explained: what they measure, target values, how to diagnose issues, and how to fix common problems.
Modern image optimization: formats (WebP, AVIF), responsive images, the Next.js Image component, lazy loading, and CDN strategies.
BeforeMerge scans your pull requests against these rules automatically. Get actionable feedback before code ships to production.