Browse 354 rules, 42 knowledge articles, and 28 prompt templates across security, performance, architecture, and quality.
42 knowledge items
Migration naming, rollback strategies, seeding data, the moddatetime trigger pattern, and index strategy for Supabase PostgreSQL.
BeforeMerge scans your pull requests against these rules automatically. Get actionable feedback before code ships to production.
Error boundary hierarchy, structured logging with pino, user-friendly error messages, and Supabase error code reference.
Generated types workflow, type-safe database queries, discriminated unions for state, and generic CRUD helpers.
Testing RLS policies, server action isolation, integration tests with real database, and E2E patterns.
Image optimization, font loading, dynamic imports, bundle analysis, Suspense streaming, and ISR patterns.
Environment variable management, SSRF prevention, input validation, rate limiting, CSP headers, and service role key protection.
Deep dive into createClient(), createAdminClient(), and createReadOnlyClient(). Decision tree for choosing the right client in Next.js.
Common Row Level Security patterns: org-scoped access, public read with auth write, self-service profiles, and anti-patterns to avoid.
When to use server components and when to reach for "use client". Flowchart, refactoring patterns, and performance implications.
Comparison of data fetching approaches: server component fetching, SWR, React Query, and Supabase real-time subscriptions.
Complete guide to writing production server actions with requireAuth, Zod validation, structured error handling, and revalidation.
End-to-end auth flow: GitHub OAuth callback, session management, middleware protection, and logout handling in Next.js + Supabase.
Write pgTAP tests to verify your PostgreSQL schema, RLS policies, and constraints.
Comprehensive reference for MySQL and MariaDB linting and analysis tools.
Feature comparison of popular hosted database platforms: Supabase, Neon, PlanetScale, RDS, Cloud SQL, and more.
Set up Squawk to catch unsafe PostgreSQL migrations before they reach production.
How to set up and use the Supabase splinter linter for PostgreSQL schema security and performance auditing.
Dockerizing a Node.js/Next.js application: multi-stage builds, .dockerignore, health checks, non-root users, and layer caching strategies.
How JWTs work, access vs refresh tokens, storage best practices, token rotation, and revocation strategies.
Every important security header explained: CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Permissions-Policy. Includes Next.js configuration examples.
LCP, FID/INP, and CLS explained: what they measure, target values, how to diagnose issues, and how to fix common problems.
Common Row Level Security policy patterns for Supabase: owner-only, org-scoped, role-based, and public read access with SQL examples.
Error handling patterns: Result types, Error Boundaries, try/catch strategies, structured logging, and error monitoring setup.
WCAG 2.1 AA compliance checklist organized by principle: Perceivable, Operable, Understandable, Robust. Includes automated testing tools.