{ "rules": { "C001": { "name": "Functions should not exceed 50 lines", "description": "Improve readability and maintainability, reduce cognitive load, and enhance testability.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SonarQube", "detekt", "ESLint", "PMD" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C002": { "name": "Avoid code duplication > 10 lines", "description": "Prevent messy code, make refactoring easier, and apply the DRY principle.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "PMD", "SonarQube", "jscpd" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C003": { "name": "Use clear variable names; avoid arbitrary abbreviations", "description": "Improve readability, searchability, and enable self-documenting code.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "ESLint (custom rule)", "detekt" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C004": { "name": "No TODOs older than 14 days", "description": "Keep the codebase clean and updated, avoid accumulating technical debt.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom Git hook", "linter TODO scanner" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C005": { "name": "Each function should do only one thing", "description": "Ensure single responsibility, better testability and readability.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SonarQube", "CodeClimate" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C006": { "name": "Function names must be verbs or verb-noun combinations", "description": "Clearly express the purpose of the action and promote self-documenting code.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "PR review", "AI Suggestion (Copilot Review)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C007": { "name": "Avoid comments that just restate the code", "description": "Eliminate redundancy and encourage self-explanatory code.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "AI review", "Lint static analyzer" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C008": { "name": "Declare variables close to where they are used", "description": "Improve locality, avoid \"dangling\" variables, and reduce cognitive load.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Linter (e.g.", "ktlint", "ESLint)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C009": { "name": "Each class should have a single responsibility", "description": "Improve maintainability and scalability, avoid bloated classes.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SonarQube", "CodeClimate" ], "framework": "All", "principles": [ "CODE_QUALITY", "DESIGN_PATTERNS" ] }, "C010": { "name": "Avoid more than 3 levels of nested blocks", "description": "Reduce code complexity by limiting nesting, improving readability and maintainability.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "ESLint", "SonarQube", "TSLint", "Detekt", "PMD" ], "framework": "All", "principles": [ "CODE_QUALITY", "DESIGN_PATTERNS" ] }, "C011": { "name": "Avoid catching generic exceptions (e.g., `catch (Exception)`)", "description": "Prevent hiding real issues and ensure specific and recoverable error handling.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static analysis", "SonarQube" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C012": { "name": "Clearly separate Command and Query", "description": "Ensure single responsibility and clear side-effects following the Command Query Separation (CQS) principle.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "PR review", "AI code review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C013": { "name": "Do not use dead code", "description": "Keep the codebase clean; rely on Git history instead of commenting out code.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Linter + Git hook" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C014": { "name": "Use Dependency Injection instead of directly instantiating dependencies", "description": "Improve testability and decoupling by applying the Dependency Inversion Principle.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static analyzer", "PR review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C015": { "name": "Use domain language in class/function names", "description": "Ensure correct domain understanding, reduce cognitive load, and improve communication with domain experts.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Review + AI Suggestion" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C016": { "name": "TODOs must have a specific reason", "description": "Avoid vague TODOs and ensure traceability and accountability.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Regex + Linter rule" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C017": { "name": "Do not put business logic inside constructors", "description": "Ensure constructors only initialize objects, not perform business logic, to improve testability.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static analyzer / Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY", "TESTABILITY", "RELIABILITY", "INTEGRATION" ] }, "C018": { "name": "Do not throw generic errors; always provide detailed messages", "description": "Facilitate debugging, ensure traceability, and provide full context.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Linter + Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C019": { "name": "Do not use `error` log level for non-critical issues", "description": "Prevent noisy logs and false alarms; ensure consistent and meaningful log levels across the system.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Log linter / Custom rule" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C020": { "name": "Do not import unused modules or libraries", "description": "Reduce noise, improve build performance and code readability, and minimize bundle size.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Linter (e.g.", "ESLint", "ktlint)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C021": { "name": "Consistently order import statements", "description": "Improve consistency, readability, and manageability of imports; reduce merge conflicts.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Import sorter (e.g.", "ESLint sort-imports", "IntelliJ organize imports", "ktlint)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C022": { "name": "Do not leave unused variables", "description": "Eliminate clutter, improve code clarity, and reduce memory footprint.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Linter / Compiler warning" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C023": { "name": "Do not declare duplicate variable names in the same scope, including nested closures", "description": "Avoid confusion and hard-to-trace bugs; prevent variable shadowing.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Compiler / Linter" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C024": { "name": "Do not scatter hardcoded constants throughout the logic", "description": "Improve reusability, readability, and ease of configuration changes.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Linter / Convention" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY" ] }, "C025": { "name": "Each file should contain only one main class", "description": "Reduce cognitive load when reading code; improve searchability and maintainability.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Convention / Linter warning" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C026": { "name": "Avoid functions with too many parameters (>6)", "description": "Simplify functions, reduce confusion when calling, and minimize coupling.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SonarQube", "Static Analyzer" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C027": { "name": "Each module should have a README.md if it is independent", "description": "Improve onboarding, maintenance, and knowledge sharing.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "CI check / Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C028": { "name": "Use guard clauses instead of nested ifs", "description": "Improve readability and avoid deep nesting, reducing cognitive complexity.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "PR review", "linter" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C029": { "name": "All `catch` blocks must log the root cause of the error", "description": "Improve traceability and incident resolution; avoid silent failures.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static analyzer / PR review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C030": { "name": "Use custom error classes instead of generic system errors", "description": "Improve error classification and handling; increase maintainability.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Linter / Convention" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C031": { "name": "Validation logic must be separated", "description": "No description available", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Convention", "PR review" ], "framework": "All", "principles": [ "CODE_QUALITY", "TESTABILITY", "MAINTAINABILITY" ] }, "C032": { "name": "Do not call external APIs in constructors or static blocks", "description": "No description available", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static analyzer" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C033": { "name": "Separate processing logic and data access in the service layer", "description": "No description available", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Architectural review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C034": { "name": "Avoid directly accessing global state in domain logic", "description": "No description available", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static analyzer", "Code review" ], "framework": "All", "principles": [ "CODE_QUALITY", "DESIGN_PATTERNS" ] }, "C035": { "name": "Log all relevant context when handling errors", "description": "No description available", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Logging framework" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C036": { "name": "Do not throw generic exceptions like `RuntimeException` or `Exception`", "description": "No description available", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static analyzer" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C037": { "name": "API handler functions should return a standardized response object (not raw strings)", "description": "No description available", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "API documentation tools" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C038": { "name": "Avoid logic that depends on file/module load order", "description": "No description available", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Architectural Review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C039": { "name": "Do not store temporary data in global or static mutable fields", "description": "Prevent issues related to shared state and race conditions in concurrent environments. Ensure thread-safety and testability. Using global or static mutable fields can introduce hard-to-detect and hard-to-fix bugs.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static Analyzer" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C040": { "name": "Do not spread validation logic across multiple classes", "description": "Centralize validation logic to simplify maintenance, increase reusability, and ensure consistency. Centralized validation helps reduce bugs and simplifies updating validation rules.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Architectural Refactor Review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C041": { "name": "Do not hardcode or push sensitive information (token, API key, secret, URL) into the repo", "description": "Protect sensitive application data, avoid security risks, and comply with security standards. Exposing sensitive information can lead to serious security and privacy issues.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Git Hooks", "Secret Scanner" ], "framework": "All", "principles": [ "SECURITY" ] }, "C042": { "name": "Boolean variable names should start with `is`, `has`, or `should`", "description": "Ensure clarity and readability by making boolean variables self-explanatory. This naming convention improves code maintainability and documentation.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Linter (ESLint", "SonarQube)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C043": { "name": "Do not use `print` or `console.log` in production code", "description": "Ensure logging is done in a controlled and effective manner in production. Using `print` or `console.log` can lead to performance issues, security risks, and log management difficulties.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Linter", "Log Analyzer" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "C044": { "name": "Avoid reimplementing functions that already exist in standard libraries or helper utilities", "description": "Leverage well-tested, optimized, and community-maintained libraries to reduce bugs and improve development efficiency.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Package Manager", "Dependency Analyzer" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "C045": { "name": "APIs should not return 500 errors for known business errors", "description": "Ensure APIs return appropriate HTTP status codes so clients can handle errors effectively. HTTP 500 should be reserved for unexpected system errors.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "API Testing", "Error Monitoring" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C046": { "name": "Avoid complex and lengthy regular expressions in core logic", "description": "Keep code readable, maintainable, and efficient by avoiding the use of overly complex regular expressions in business-critical logic.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Code Review", "Static Code Analyzer" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "C047": { "name": "Retry logic must not be duplicated in multiple places", "description": "Centralize retry logic to improve consistency, maintainability, and observability of error handling and retry mechanisms.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Code Review", "Static Code Analyzer" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C048": { "name": "Do not bypass architectural layers (controller/service/repository)", "description": "Maintain a clear layered architecture, ensuring logic and data flow are well-structured and maintainable.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static Analyzer", "Architectural boundary checker" ], "framework": "All", "principles": [ "DESIGN_PATTERNS", "MAINTAINABILITY" ] }, "C049": { "name": "Always include a clear default case in switch/case statements", "description": "Avoid missing logic for unexpected values, increasing stability and safety of the application.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Linter" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C050": { "name": "Do not call APIs in loops without batching or throttling", "description": "Prevent system overload, resource contention, API rate limit violations, or the backend being perceived as under attack (DDoS).", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Performance review" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "C051": { "name": "Do not use `sleep`, `wait`, or `delay` in business logic", "description": "Avoid uncontrolled delays that cause asynchronous issues, make debugging and testing harder, and increase the risk of race conditions in production environments.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static analyzer", "manual review" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "C052": { "name": "Parsing or data transformation logic must be separated from controllers", "description": "Enforce separation of concerns — controllers should only handle requests and delegate processing, improving testability, maintainability, and reuse.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Code review / Architecture enforcement" ], "framework": "All", "principles": [ "CODE_QUALITY", "DESIGN_PATTERNS", "MAINTAINABILITY" ] }, "C053": { "name": "Avoid vague function names like \"handle\" or \"process\"", "description": "Clarify function behavior, reduce hidden logic, and improve code readability and traceability.", "category": "Common", "severity": "minor", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "AI reviewer / naming linter" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C054": { "name": "Do not process large datasets without pagination or lazy loading", "description": "Prevent loading all data into memory, avoid out-of-memory errors, and improve performance and response time.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Code review", "ORM warning", "API response profiler" ], "framework": "All", "principles": [ "PERFORMANCE" ] }, "C055": { "name": "Cache results of expensive functions if reused", "description": "Reduce processing time and resource usage by caching results of resource-heavy operations.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Code review", "performance profiler" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "C056": { "name": "Do not process large datasets without logging or resource monitoring", "description": "Track resource usage (CPU, RAM, I/O), detect anomalies early, and ensure system stability.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Logging", "APM (Application Performance Monitoring)" ], "framework": "All", "principles": [ "PERFORMANCE", "RELIABILITY" ] }, "C057": { "name": "Use optimal data structures instead of arrays for frequent lookups", "description": "Reduce algorithm complexity, improve access speed, and optimize performance.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static analyzer", "AI reviewer" ], "framework": "All", "principles": [ "PERFORMANCE" ] }, "C058": { "name": "Enums must have clear display labels", "description": "Ensure enums shown in logs, UIs, or APIs are understandable and user-friendly.", "category": "Common", "severity": "minor", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C059": { "name": "Do not create abstractions just to group constants", "description": "Avoid unnecessary abstractions (class, enum) that add complexity without behavior or clear domain meaning.", "category": "Common", "severity": "minor", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY" ] }, "C060": { "name": "Do not override superclass methods and ignore critical logic", "description": "Preserve important behavior or lifecycle logic defined in the superclass to ensure correctness and prevent silent errors.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C061": { "name": "Write unit tests for business logic", "description": "Ensure that core business flows are verifiable, help catch bugs early, avoid regressions, and increase system reliability.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY", "TESTABILITY", "MAINTAINABILITY" ] }, "C062": { "name": "Interfaces or abstractions should not hold state", "description": "Keep interfaces focused on defining behavior, making them easier to mock, implement, and test.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY", "DESIGN_PATTERNS" ] }, "C063": { "name": "Do not repeat the same test logic", "description": "Avoid duplication in tests, making them easier to maintain, read, and extend when business logic changes.", "category": "Common", "severity": "minor", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY", "TESTABILITY", "MAINTAINABILITY" ] }, "C064": { "name": "Interfaces should expose only necessary behavior", "description": "Prevent leaking implementation details, improve encapsulation, and reduce coupling between modules.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY", "DESIGN_PATTERNS" ] }, "C065": { "name": "Each test case should verify only one behavior", "description": "Make test failures easier to diagnose and ensure clarity and maintainability in test code.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY", "TESTABILITY" ] }, "C066": { "name": "Test names should reflect what is being tested", "description": "Help readers quickly understand the purpose of a test, making the test suite self-documenting and easier to trace on failure.", "category": "Common", "severity": "minor", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY", "TESTABILITY" ] }, "C067": { "name": "Do not hardcode configuration inside code", "description": "Improve configurability, reduce risk when changing environments, and make configuration management flexible and maintainable.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY" ] }, "C068": { "name": "Avoid unclear return types in functions", "description": "Help callers know what data they receive, enable type checking, reduce hidden errors, and improve predictability.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C069": { "name": "Components should communicate via abstractions", "description": "Reduce module coupling, improve testability, ease mocking, and ensure replaceability without affecting callers.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY", "DESIGN_PATTERNS", "TESTABILITY" ] }, "C070": { "name": "Tests should not rely on real time", "description": "Improve test stability and speed; avoid flaky tests caused by system clock or real-world timing.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual review" ], "framework": "All", "principles": [ "CODE_QUALITY", "TESTABILITY" ] }, "C071": { "name": "Test class names should reflect the corresponding module", "description": "Make it easy to identify the scope of testing, improve discoverability, and provide clear organization in the test structure.", "category": "Common", "severity": "minor", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY" ] }, "C072": { "name": "Each test should assert only one behavior", "description": "Reduce ambiguity when a test fails, ensuring each test case validates a single, specific logic path.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "TESTABILITY" ] }, "C073": { "name": "All required configurations must be validated at startup", "description": "Prevent unclear runtime errors due to missing or incorrect config. Ensure the app fails fast if essential settings are absent.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C074": { "name": "Avoid magic numbers/values in code", "description": "Improve clarity and self-documentation in code, so readers can understand the meaning of values without additional context.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Linter (ESLint", "PMD", "Detekt", "etc.)" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY" ] }, "C075": { "name": "All functions must explicitly declare return types", "description": "Improve clarity, predictability, and enforce strict type control to avoid silent errors during refactoring or logic changes.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Type checker", "Linter" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "C076": { "name": "All public functions must declare explicit types for arguments", "description": "Ensure type safety for function inputs, reduce runtime errors, and enable static analysis during compilation or code review.", "category": "Common", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Type checker", "Linter" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY" ] }, "D001": { "name": "Recommended Lint Rules Should Be Enabled", "description": "Ensure code quality through standard lint configurations", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D001)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "D002": { "name": "Always Dispose Resources and Remove Listeners", "description": "Prevent memory leaks by ensuring proper resource disposal", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D002)" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "D003": { "name": "Prefer Widgets Over Methods Returning Widgets", "description": "Improve performance and maintainability by extracting widget-returning methods into widget classes", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D003)" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "D004": { "name": "Avoid shrinkWrap in ListView", "description": "Prevent performance issues caused by shrinkWrap in scrollable widgets", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D004)" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "D005": { "name": "Limit Widget Nesting Depth to 6", "description": "Maintain code readability and prevent performance issues caused by deeply nested widgets", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D005)" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY", "PERFORMANCE" ] }, "D006": { "name": "Prefer Extracting Large Callbacks from Build", "description": "Improve code readability and testability by extracting large callback functions", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D006)" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY", "TESTABILITY" ] }, "D007": { "name": "Prefer Init First, Dispose Last", "description": "Ensure proper lifecycle method ordering in StatefulWidget", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D007)" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY", "LIFECYCLE_MANAGEMENT" ] }, "D008": { "name": "Avoid Long Functions", "description": "Improve code readability and maintainability by limiting function length", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D008)" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY", "READABILITY" ] }, "D009": { "name": "Limit Function Parameters", "description": "Improve code readability by limiting the number of function parameters", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D009)" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY", "READABILITY" ] }, "D010": { "name": "Limit Cyclomatic Complexity", "description": "Improve code readability and maintainability by limiting cyclomatic complexity", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D010)" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY", "READABILITY" ] }, "D011": { "name": "Prefer Named Parameters", "description": "Improve code readability and prevent parameter confusion", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D011)" ], "framework": "All", "principles": [ "CODE_QUALITY", "READABILITY", "MAINTAINABILITY" ] }, "D012": { "name": "Prefer Named Boolean Parameters", "description": "Improve code readability by avoiding unclear boolean parameters", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D012)" ], "framework": "All", "principles": [ "CODE_QUALITY", "READABILITY", "MAINTAINABILITY" ] }, "D013": { "name": "Prefer a Single Public Class Per File", "description": "Improve code organization and maintainability", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D013)" ], "framework": "All", "principles": [ "CODE_QUALITY", "ORGANIZATION", "MAINTAINABILITY" ] }, "D014": { "name": "Avoid Unsafe Collection Access", "description": "Prevent runtime errors from accessing empty collections", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D014)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SAFETY", "ERROR_PREVENTION" ] }, "D015": { "name": "Ensure copyWith includes all constructor parameters", "description": "Maintain data integrity and completeness in immutable objects", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D015)" ], "framework": "All", "principles": [ "CODE_QUALITY", "IMMUTABILITY", "DATA_INTEGRITY" ] }, "D016": { "name": "Project should have tests", "description": "Ensure code quality and prevent regressions through automated testing", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D016)" ], "framework": "All", "principles": [ "CODE_QUALITY", "TESTING", "MAINTAINABILITY" ] }, "D017": { "name": "Pubspec dependencies should be reviewed regularly", "description": "Ensure dependencies are kept up-to-date for security and stability", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D017)" ], "framework": "All", "principles": [ "SECURITY", "MAINTAINABILITY", "CODE_QUALITY" ] }, "D018": { "name": "Remove Commented-Out Code", "description": "Keep codebase clean by removing commented-out code", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D018)" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY", "READABILITY" ] }, "D019": { "name": "Avoid Single Child in Multi-Child Widget", "description": "Use appropriate widget types for the number of children", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D019)" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE", "MAINTAINABILITY" ] }, "D020": { "name": "Limit If/Else Branches", "description": "Reduce complexity by limiting the number of if/else branches", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D020)" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY", "READABILITY" ] }, "D021": { "name": "Avoid Negated Boolean Checks", "description": "Improve code readability by avoiding inverted or negated boolean conditions", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D021)" ], "framework": "All", "principles": [ "CODE_QUALITY", "READABILITY" ] }, "D022": { "name": "Use setState Correctly", "description": "Ensure setState is used correctly in StatefulWidget to avoid performance issues and bugs", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D022)" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE", "BEST_PRACTICES" ] }, "D023": { "name": "Avoid Unnecessary Method Overrides", "description": "Remove methods that only call super with the same parameters as they add no value", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D023)" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY", "READABILITY" ] }, "D024": { "name": "Avoid Unnecessary StatefulWidget", "description": "Use StatelessWidget when no state management is needed to improve performance", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D024)" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE", "BEST_PRACTICES" ] }, "D025": { "name": "Avoid Nested Conditional Expressions", "description": "Improve code readability by avoiding nested ternary operators", "category": "Mobile", "severity": "major", "languages": [ "dart" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom analyzer (D025)" ], "framework": "All", "principles": [ "CODE_QUALITY", "READABILITY", "MAINTAINABILITY" ] }, "G001": { "name": "Explicitly check ALL errors", "description": "Prevent silent failures and ensure robust error recovery.", "category": "Backend", "severity": "critical", "languages": [ "golang" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "errcheck", "golangci-lint" ], "framework": "All", "principles": [] }, "G002": { "name": "Context MUST be the first argument", "description": "Follow Go idiomatic patterns for cancellation and timeouts.", "category": "Backend", "severity": "major", "languages": [ "golang" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "golangci-lint", "contextcheck" ], "framework": "All", "principles": [] }, "G003": { "name": "Consistent Receiver Naming", "description": "Improve readability and consistency across methods.", "category": "Backend", "severity": "minor", "languages": [ "golang" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "golangci-lint", "stylecheck" ], "framework": "All", "principles": [] }, "G004": { "name": "No panic() in production business logic", "description": "Prevent application crashes and enable graceful recovery.", "category": "Backend", "severity": "critical", "languages": [ "golang" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "golangci-lint", "staticcheck" ], "framework": "All", "principles": [] }, "G005": { "name": "Goroutine Leak Prevention", "description": "Prevent memory exhaustion and zombie processes.", "category": "Backend", "severity": "major", "languages": [ "golang" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "goleak", "golangci-lint" ], "framework": "All", "principles": [] }, "G006": { "name": "Define interfaces at consumer side", "description": "Promote decoupling and simplify testing.", "category": "Backend", "severity": "major", "languages": [ "golang" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "Architecture rules" ], "framework": "All", "principles": [] }, "GN001": { "name": "Use Gin binding for validation", "description": "Simplify input handling and ensure consistent validation.", "category": "Backend", "severity": "major", "languages": [ "golang, Gin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Gin", "validator" ], "framework": "All", "principles": [] }, "GN002": { "name": "Abort with status for fatal errors", "description": "Ensure middleware chain is interrupted and consistent response is sent.", "category": "Backend", "severity": "major", "languages": [ "golang, Gin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Gin" ], "framework": "All", "principles": [] }, "GN003": { "name": "Implement Graceful Shutdown", "description": "Prevent data loss and ensure clean connection handling.", "category": "Backend", "severity": "major", "languages": [ "golang, Gin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Go Standard Library", "Gin" ], "framework": "All", "principles": [] }, "GN004": { "name": "Logical Route Grouping", "description": "Improve code organization and shared middleware management.", "category": "Backend", "severity": "major", "languages": [ "golang, Gin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Gin" ], "framework": "All", "principles": [] }, "J001": { "name": "Use Null Object or Optional instead of repetitive null checks", "description": "Reduce the risk of NullPointerException (NPE) and avoid repeating `if (x != null)` throughout the code.", "category": "Backend", "severity": "major", "languages": [ "java" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Linter", "PR guideline" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "J002": { "name": "Do not use `null` as a default value unless absolutely necessary", "description": "Prevent NullPointerException by promoting clearer use of Optional or nullable types.", "category": "Backend", "severity": "major", "languages": [ "java" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static Analyzer" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "J003": { "name": "Every enum must provide a clear toString or description when used in UI/logs", "description": "Avoid unclear log messages such as `STATUS_1`, and improve readability.", "category": "Backend", "severity": "major", "languages": [ "java" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "Enum Linter" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "J004": { "name": "Avoid creating enums/classes just to wrap fixed constants", "description": "Prevent unnecessary abstractions that clutter the codebase.", "category": "Backend", "severity": "major", "languages": [ "java" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Review or static pattern detector" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "J005": { "name": "Always use `final` or `const` for variables that do not change", "description": "Clearly express intent and prevent unintended modifications.", "category": "Backend", "severity": "major", "languages": [ "java" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Linter", "Static Analyzer" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "J006": { "name": "Do not override methods without calling `super` when required", "description": "Preserve expected behavior and side effects in inherited logic.", "category": "Backend", "severity": "major", "languages": [ "java" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Linter", "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K001": { "name": "Use Named Arguments when functions have more than 3 parameters", "description": "Improve readability, avoid errors from parameter order confusion, and make function calls clearer.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`NamedArguments`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K002": { "name": "Limit function complexity (Cyclomatic Complexity)", "description": "Reduce logic complexity and branching to improve readability, testability, and maintainability.", "category": "Mobile", "severity": "critical", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`CognitiveComplexMethod`", "`CyclomaticComplexMethod`)", "SonarQube" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY" ] }, "K003": { "name": "Avoid overly complex conditions", "description": "Write clear, readable conditions that are easy to control and understand.", "category": "Mobile", "severity": "critical", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`ComplexCondition`)", "SonarQube" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY" ] }, "K004": { "name": "Avoid nesting code more than 4 levels deep in functions", "description": "Simplify logic to improve testability and maintainability.", "category": "Mobile", "severity": "critical", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`NestedBlockDepth`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K005": { "name": "Do not use `GlobalScope`", "description": "Avoid coroutines that exist beyond their intended lifecycle.", "category": "Mobile", "severity": "critical", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`GlobalCoroutineUsage`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K006": { "name": "Avoid using `suspend` when not necessary", "description": "Avoid creating the misconception that a function contains asynchronous logic when it actually doesn't need it.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`RedundantSuspendModifier`)" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "K007": { "name": "Use `delay()` instead of `sleep()` in coroutines", "description": "Optimize concurrency, avoid unnecessarily blocking threads.", "category": "Mobile", "severity": "critical", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`SleepInsteadOfDelay`)" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "K008": { "name": "Do not swallow `CancellationException` in coroutines", "description": "Ensure coroutine cancellation is properly propagated to avoid leaks or logic errors.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`SuspendFunSwallowedCancellation`)" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "K009": { "name": "Do not use `suspend` for functions returning `Flow`", "description": "Avoid unnecessary asynchronous declarations, keep code clean.", "category": "Mobile", "severity": "critical", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`SuspendFunWithFlowReturnType`)" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "K010": { "name": "Do not check/cast exceptions in `catch` blocks", "description": "Handle errors clearly, readably, and with the correct error type.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`InstanceOfCheckForException`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K011": { "name": "Use `class` instead of `object` when extending `Throwable`", "description": "Avoid using global singletons for exceptions, ensure exceptions carry separate information.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`ObjectExtendsThrowable`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K012": { "name": "Do not `return` or `throw` in `finally`", "description": "Do not lose main logic when handling errors, avoid overriding original exceptions.", "category": "Mobile", "severity": "critical", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`ReturnFromFinally`", "`ThrowingExceptionFromFinally`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K013": { "name": "Do not wrap and rethrow the same exception type", "description": "Preserve the original error cause and stack trace.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`ThrowingNewInstanceOfSameException`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K014": { "name": "Use `ArrayPrimitive` instead of `Array`", "description": "Improve performance, avoid unnecessary boxing/unboxing.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`ArrayPrimitive`)" ], "framework": "All", "principles": [ "PERFORMANCE" ] }, "K015": { "name": "Use `for` instead of `forEach` on ranges", "description": "Avoid creating unnecessary lambdas, improve runtime performance.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`ForEachOnRange`)" ], "framework": "All", "principles": [ "PERFORMANCE" ] }, "K016": { "name": "Do not use `else` in `when` with `enum` or `sealed` classes", "description": "Ensure all cases are handled explicitly and are easy to control.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`ElseCaseInsteadOfExhaustiveWhen`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K017": { "name": "Do not directly call Garbage Collector (GC)", "description": "Avoid poor performance or unpredictable behavior.", "category": "Mobile", "severity": "critical", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`ExplicitGarbageCollectionCall`)" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "K018": { "name": "Do not ignore function return values", "description": "Avoid losing useful information, handle function results properly.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`IgnoredReturnValue`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K019": { "name": "Avoid using not-null assertion (!!) to get values from Map", "description": "Avoid `NullPointerException` when accessing Map.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`MapGetWithNotNullAssertionOperator`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K020": { "name": "Do not call `toString()` on nullable objects", "description": "Avoid displaying unwanted `\"null\"` strings.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`NullableToStringCall`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K021": { "name": "Avoid unreachable catch blocks", "description": "Remove redundant logic and unreachable code.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`UnreachableCatchBlock`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K022": { "name": "Avoid unsafe casting", "description": "Avoid `ClassCastException` and unnecessary runtime errors.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`UnsafeCast`", "`DontDowncastCollectionTypes`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K023": { "name": "Do not use properties before declaration", "description": "Avoid logic errors from using uninitialized variables.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`PropertyUsedBeforeDeclaration`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K024": { "name": "Ensure proper modifier order", "description": "Improve consistency and readability in the codebase.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "`detekt` (`ModifierOrder`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K025": { "name": "Ensure proper parameter order in Composable functions", "description": "Ensure usability, memorability, and extensibility of Composable APIs.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom rule", "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K026": { "name": "Each component should serve a single purpose", "description": "Ensure components are easy to maintain, understand, and test.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Code Review", "Custom Lint" ], "framework": "All", "principles": [ "CODE_QUALITY", "DESIGN_PATTERNS" ] }, "K027": { "name": "Composables returning Unit should use PascalCase and be nouns", "description": "Follow naming conventions for Composables in Compose.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom rule", "Code Review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K028": { "name": "`@Composable` factory functions that return values should use camelCase", "description": "Follow standard Kotlin function naming conventions.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom rule", "Code Review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K029": { "name": "Prefer Stateless `@Composable` functions", "description": "Increase reusability, reduce complexity and side effects.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom rule", "Code Review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K030": { "name": "Enhance extensibility by declaring state using interfaces", "description": "Improve extensibility, reduce coupling with specific implementations.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Code Review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K031": { "name": "Create different components instead of multiple style classes", "description": "Increase maintainability and reusability.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Code Review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "K032": { "name": "Don't use `null` as default for nullable parameters", "description": "Avoid misleading default logic.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom rule", "Code Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "K033": { "name": "Don't pass `MutableState` to `@Composable`", "description": "Prevent unclear state ownership sharing.", "category": "Mobile", "severity": "critical", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom rule", "Code Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "DESIGN_PATTERNS" ] }, "K034": { "name": "Prefer `Slot` parameters for extensibility", "description": "Allow users to customize content flexibly.", "category": "Mobile", "severity": "major", "languages": [ "kotlin" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom rule", "Code Review" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "P001": { "name": "Follow PSR-12 Coding Standard", "description": "Maintain consistent code formatting across all PHP projects.", "category": "Backend", "severity": "major", "languages": [ "php" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "PHP_CodeSniffer", "Laravel Pint" ], "framework": "All", "principles": [] }, "P002": { "name": "Skinny Controllers, Fat Models/Services", "description": "Maintain clear separation of concerns and keep controllers easy to read.", "category": "Backend", "severity": "major", "languages": [ "php" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "Architecture Rules" ], "framework": "All", "principles": [] }, "P003": { "name": "Use Eloquent over Raw SQL/Query Builder", "description": "Improve code readability and leverage Laravel's built-in security features.", "category": "Backend", "severity": "major", "languages": [ "php" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review" ], "framework": "All", "principles": [] }, "P004": { "name": "Form Requests for Validation", "description": "Separate validation logic from business logic.", "category": "Backend", "severity": "major", "languages": [ "php" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "PHPStan" ], "framework": "All", "principles": [] }, "P005": { "name": "Typed Properties and Return Types", "description": "Increase code reliability and allow static analysis to catch errors.", "category": "Backend", "severity": "major", "languages": [ "php" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "PHPStan", "Psalm" ], "framework": "All", "principles": [] }, "P006": { "name": "Prevent N+1 with Eager Loading", "description": "Optimize performance by reducing the number of database queries.", "category": "Backend", "severity": "critical", "languages": [ "php" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Laravel Telescope", "Clockwork", "laravel-query-detector" ], "framework": "All", "principles": [] }, "PY001": { "name": "Adhere to PEP 8 Style Guide", "description": "Maintain a consistent and readable codebase following Python's official standards.", "category": "Backend", "severity": "major", "languages": [ "python" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "ruff", "flake8", "black" ], "framework": "All", "principles": [] }, "PY002": { "name": "Mandatory Type Hinting", "description": "Improve code clarity, enable better IDE support, and catch type-related bugs early.", "category": "Backend", "severity": "major", "languages": [ "python" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "mypy", "Pyright" ], "framework": "All", "principles": [] }, "PY003": { "name": "Explicit Error Handling", "description": "Prevent catching unexpected errors and ensure specific failure handling.", "category": "Backend", "severity": "critical", "languages": [ "python" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "pylint", "ruff" ], "framework": "All", "principles": [] }, "PY004": { "name": "Use logging instead of print", "description": "Better event tracking, filtering, and production observability.", "category": "Backend", "severity": "major", "languages": [ "python" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "ruff" ], "framework": "All", "principles": [] }, "PY005": { "name": "Context Managers for Resource Handling", "description": "Ensure resources like files and network connections are closed properly.", "category": "Backend", "severity": "major", "languages": [ "python" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "pylint", "ruff" ], "framework": "All", "principles": [] }, "PY006": { "name": "Avoid Mutable Default Arguments", "description": "Prevent unexpected state sharing between function calls.", "category": "Backend", "severity": "major", "languages": [ "python" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "pylint", "ruff" ], "framework": "All", "principles": [] }, "R001": { "name": "Components must be idempotent", "description": "Ensure that React components always return the same output for the same inputs (props, state, context).", "category": "Frontend", "severity": "major", "languages": [ "typescript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "R002": { "name": "Side effects must run outside of render", "description": "Prevent side effects from executing during render to avoid bugs and improve performance.", "category": "Frontend", "severity": "major", "languages": [ "typescript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [], "framework": "All", "principles": [ "DESIGN_PATTERNS", "PERFORMANCE" ] }, "R003": { "name": "Props and state are immutable", "description": "Prevent direct mutation of props and state to avoid bugs and ensure proper behavior in React.", "category": "Frontend", "severity": "major", "languages": [ "typescript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "R004": { "name": "Return values and arguments to Hooks are immutable", "description": "Ensure that values passed into Hooks are not modified to prevent subtle bugs.", "category": "Frontend", "severity": "major", "languages": [ "typescript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "R005": { "name": "Values are immutable after being passed to JSX", "description": "Prevent mutation of values after they've been passed to JSX.", "category": "Frontend", "severity": "major", "languages": [ "typescript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "R006": { "name": "Never call component functions directly", "description": "Let React fully control when and how components are rendered.", "category": "Frontend", "severity": "major", "languages": [ "typescript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [], "framework": "All", "principles": [ "CODE_QUALITY", "DESIGN_PATTERNS" ] }, "R007": { "name": "Never pass hooks as regular values", "description": "Ensure that Hooks are used only as intended within React components.", "category": "Frontend", "severity": "major", "languages": [ "typescript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [], "framework": "All", "principles": [ "DESIGN_PATTERNS" ] }, "R008": { "name": "Only call Hooks at the top level", "description": "Maintain the correct order of Hook calls so React can manage state properly.", "category": "Frontend", "severity": "major", "languages": [ "typescript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [], "framework": "All", "principles": [ "DESIGN_PATTERNS" ] }, "R009": { "name": "Only call Hooks from React functions", "description": "Ensure Hooks are only called from valid React functions to prevent unexpected behavior.", "category": "Frontend", "severity": "major", "languages": [ "typescript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [], "framework": "All", "principles": [ "DESIGN_PATTERNS" ] }, "RB001": { "name": "Use snake_case for symbols, methods, and variables", "description": "Follow Ruby community naming conventions for consistency and readability.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Naming/VariableName`", "`Naming/MethodName`)" ], "framework": "All", "principles": [] }, "RB002": { "name": "Use CamelCase for classes and modules", "description": "Follow Ruby community naming conventions for classes and modules.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Naming/ClassName`)" ], "framework": "All", "principles": [] }, "RB003": { "name": "Use SCREAMING_SNAKE_CASE for constants", "description": "Clearly distinguish constants from other identifiers.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Naming/ConstantName`)" ], "framework": "All", "principles": [] }, "RB004": { "name": "Predicate methods should end with ?", "description": "Make boolean-returning methods immediately recognizable.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Naming/PredicateName`)" ], "framework": "All", "principles": [] }, "RB005": { "name": "Dangerous methods should end with !", "description": "Clearly indicate methods that modify the receiver or can raise exceptions.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Style/BangPredicate`)" ], "framework": "All", "principles": [] }, "RB006": { "name": "Use 2 spaces for indentation", "description": "Follow Ruby community standard for code formatting.", "category": "Backend", "severity": "minor", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Layout/IndentationWidth`)" ], "framework": "All", "principles": [] }, "RB007": { "name": "Keep lines under 120 characters", "description": "Improve code readability and prevent horizontal scrolling.", "category": "Backend", "severity": "minor", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Layout/LineLength`)" ], "framework": "All", "principles": [] }, "RB008": { "name": "Avoid rescuing the Exception class", "description": "Prevent hiding critical system errors.", "category": "Backend", "severity": "critical", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Lint/RescueException`)" ], "framework": "All", "principles": [] }, "RB009": { "name": "Use save! or handle return values", "description": "Ensure database operations are properly validated and errors are not silently ignored.", "category": "Backend", "severity": "critical", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Rails/SaveBang`)" ], "framework": "All", "principles": [] }, "RB010": { "name": "Avoid N+1 queries with eager loading", "description": "Prevent performance issues caused by N+1 query problems.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Bullet gem", "RuboCop Rails (`Rails/FindEach`)" ], "framework": "All", "principles": [] }, "RB011": { "name": "Use find_each for large collections", "description": "Reduce memory consumption when iterating over large datasets.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Rails/FindEach`)" ], "framework": "All", "principles": [] }, "RB012": { "name": "Avoid SQL injection with parameterized queries", "description": "Prevent SQL injection vulnerabilities.", "category": "Backend", "severity": "critical", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Brakeman", "RuboCop (`Rails/SquishedSQLHeredocs`)" ], "framework": "All", "principles": [] }, "RB013": { "name": "Prefer has_many :through over HABTM", "description": "Allow for additional attributes and validations on join models.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Rails/HasAndBelongsToMany`)" ], "framework": "All", "principles": [] }, "RB014": { "name": "Always define dependent option for associations", "description": "Prevent orphaned records and ensure data integrity.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom linter" ], "framework": "All", "principles": [] }, "RB015": { "name": "Use new-style validations", "description": "Follow modern Rails conventions for model validations.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Rails/Validation`)" ], "framework": "All", "principles": [] }, "RB016": { "name": "Keep controllers thin", "description": "Maintain single responsibility and improve testability.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Metrics/MethodLength`)" ], "framework": "All", "principles": [] }, "RB017": { "name": "Avoid fat models", "description": "Prevent models from becoming monolithic and hard to maintain.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Metrics/ClassLength`)" ], "framework": "All", "principles": [] }, "RB018": { "name": "Use service objects for complex business logic", "description": "Improve code organization and testability.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom linter" ], "framework": "All", "principles": [] }, "RB019": { "name": "Avoid needless metaprogramming", "description": "Maintain code clarity and debuggability.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Style/MethodMissingSuper`)" ], "framework": "All", "principles": [] }, "RB020": { "name": "Use pluck for selecting specific columns", "description": "Improve query performance by selecting only needed columns.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Rails/Pluck`", "`Rails/PluckId`)" ], "framework": "All", "principles": [] }, "RB021": { "name": "Use size over count or length", "description": "Optimize performance by using the most efficient method.", "category": "Backend", "severity": "minor", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Rails/SkipsModelValidations`)" ], "framework": "All", "principles": [] }, "RB022": { "name": "Order by timestamp columns, not id", "description": "Ensure consistent ordering across database systems.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom linter" ], "framework": "All", "principles": [] }, "RB023": { "name": "Use where.missing for Rails 6.1+", "description": "Use modern Rails APIs for finding records with missing associations.", "category": "Backend", "severity": "minor", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Rails/WhereMissing`)" ], "framework": "All", "principles": [] }, "RB024": { "name": "Keep methods under 10 lines", "description": "Improve code readability and maintainability.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Metrics/MethodLength`)" ], "framework": "All", "principles": [] }, "RB025": { "name": "Limit method parameters to 4", "description": "Reduce method complexity and improve readability.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Metrics/ParameterLists`)" ], "framework": "All", "principles": [] }, "RB026": { "name": "Avoid deep nesting (max 3 levels)", "description": "Improve code readability and reduce cyclomatic complexity.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Metrics/BlockNesting`)" ], "framework": "All", "principles": [] }, "RB027": { "name": "Use guard clauses for early returns", "description": "Reduce nesting and improve code clarity.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Style/GuardClause`)" ], "framework": "All", "principles": [] }, "RB028": { "name": "Keep classes under 100 lines", "description": "Maintain single responsibility and improve maintainability.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Metrics/ClassLength`)" ], "framework": "All", "principles": [] }, "RB029": { "name": "Use meaningful variable and method names", "description": "Improve code self-documentation and readability.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Naming/VariableName`)" ], "framework": "All", "principles": [] }, "RB030": { "name": "Don't Repeat Yourself (DRY)", "description": "Reduce code duplication and improve maintainability.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Reek", "RuboCop (`Style/IdenticalConditionalBranches`)" ], "framework": "All", "principles": [] }, "RB031": { "name": "Follow MVC architecture strictly", "description": "Maintain clear separation of concerns.", "category": "Backend", "severity": "critical", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom linter" ], "framework": "All", "principles": [] }, "RB032": { "name": "Use concerns judiciously", "description": "Prevent concerns from becoming dumping grounds for unrelated code.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom linter" ], "framework": "All", "principles": [] }, "RB033": { "name": "Document callbacks and use them sparingly", "description": "Prevent hidden side effects and improve code clarity.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom linter" ], "framework": "All", "principles": [] }, "RB034": { "name": "Use decorators for view logic", "description": "Keep models and views clean by separating presentation logic.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Custom linter" ], "framework": "All", "principles": [] }, "RB035": { "name": "Write comprehensive tests", "description": "Ensure code quality and prevent regressions.", "category": "Backend", "severity": "critical", "languages": [ "ruby" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RSpec", "Minitest", "SimpleCov" ], "framework": "All", "principles": [] }, "RB036": { "name": "Use frozen_string_literal: true", "description": "Improve memory efficiency and prepare for Ruby 4.0 string immutability.", "category": "Backend", "severity": "minor", "languages": [ "ruby" ], "version": "1.1", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Style/FrozenStringLiteralComment`)" ], "framework": "All", "principles": [] }, "RB037": { "name": "Use 'it' as a default block parameter (Ruby 3.4+)", "description": "Enhance code readability for concise block operations.", "category": "Backend", "severity": "minor", "languages": [ "ruby" ], "version": "1.1", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Style/ItAssignment`)" ], "framework": "All", "principles": [] }, "RB038": { "name": "Use modern hash-based enum syntax", "description": "Use the more readable and explicit enum configuration in ActiveRecord.", "category": "Backend", "severity": "major", "languages": [ "Rails 7+" ], "version": "1.1", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`Rails/EnumSyntax`)" ], "framework": "All", "principles": [] }, "RB039": { "name": "Prefer Solid Adapters for Infrastructure (Rails 8+)", "description": "Simplify deployment and reduce external dependencies.", "category": "Backend", "severity": "major", "languages": [ "Rails 8+" ], "version": "1.1", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review" ], "framework": "All", "principles": [] }, "RB040": { "name": "Use built-in Rails 8 Authentication for greenfield projects", "description": "Use the native, lightweight authentication system to reduce dependency on Devise.", "category": "Backend", "severity": "major", "languages": [ "Rails 8+" ], "version": "1.1", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review" ], "framework": "All", "principles": [] }, "RB041": { "name": "Use Async Query Loading for slow interactions", "description": "Improve web performance by loading database data concurrently with view rendering.", "category": "Backend", "severity": "major", "languages": [ "Rails 7.1+" ], "version": "1.1", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review" ], "framework": "All", "principles": [] }, "RB042": { "name": "Minimize custom JavaScript with Hotwire/Turbo 2.0", "description": "Focus on the Rails \"Majestic Monolith\" approach for better maintainability.", "category": "Backend", "severity": "major", "languages": [ "Rails 7+" ], "version": "1.1", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review" ], "framework": "All", "principles": [] }, "RB043": { "name": "Use Propshaft as the default asset pipeline", "description": "Use the modern, simplified asset pipeline instead of Sprockets.", "category": "Backend", "severity": "minor", "languages": [ "Rails 7+" ], "version": "1.1", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review" ], "framework": "All", "principles": [] }, "RB044": { "name": "Use Structured Logging for Observability", "description": "Improve log parsing and searching in production environments.", "category": "Backend", "severity": "major", "languages": [ "ruby" ], "version": "1.1", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Lograge gem" ], "framework": "All", "principles": [] }, "RB045": { "name": "Use Prism as the default parser for tooling", "description": "Leverage the faster, more accurate Ruby parser.", "category": "Backend", "severity": "minor", "languages": [ "ruby" ], "version": "1.1", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "RuboCop (`ParserEngine: prism`)" ], "framework": "All", "principles": [] }, "S001": { "name": "Authenticate backend component communications securely", "description": "Ensure all communications between backend components (APIs, middleware, data layers) are authenticated using secure, short-lived credentials instead of static secrets.", "category": "Security", "severity": "critical", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "IAM Policy Audit", "mTLS Scanner", "Secret Rotation Checker" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S002": { "name": "Protect against OS command injection", "description": "Prevent OS command injection attacks by ensuring all operating system calls use parameterized queries or proper output encoding.", "category": "Security", "severity": "critical", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SonarQube (S2076", "S4721)", "Semgrep (command-injection)", "Bandit (B602", "B603)", "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S003": { "name": "URL redirects must be within an allow list", "description": "Prevent Open Redirect vulnerabilities, protecting users from being redirected to malicious pages through spoofed input.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Semgrep (custom rule)", "Manual Review", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "SECURITY" ] }, "S004": { "name": "Do not log login credentials, payment information, and unencrypted tokens", "description": "Prevent leakage of sensitive information through log systems – a common attack vector if logs are shared, stored incorrectly, or exploited.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SonarQube (S2068", "S5334)", "Semgrep (custom rule)", "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S005": { "name": "Enforce authorization at trusted service layer", "description": "Ensure authorization rules are enforced at a trusted server-side service layer, not relying on client-side controls that can be manipulated.", "category": "Security", "severity": "critical", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "Static Analysis", "Penetration Testing", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S006": { "name": "Do not use default credentials for service authentication", "description": "Ensure service authentication never uses default or well-known credentials that attackers can easily guess or find in documentation.", "category": "Security", "severity": "critical", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "Secret Scanner", "GitLeaks", "TruffleHog", "CI/CD Policy Checks" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S007": { "name": "Perform output encoding before interpreter use", "description": "Ensure the application performs proper output encoding and escaping as a final step before data is used by the target interpreter, preventing injection attacks.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SonarQube (S5131", "S2076)", "Semgrep (injection rules)", "ESLint", "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S008": { "name": "Validate and sanitize SVG content", "description": "Ensure user-supplied SVG (Scalable Vector Graphics) content is validated or sanitized to prevent script injection and other attacks.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "DOMPurify", "svg-sanitizer", "Manual Review", "CSP Headers" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S009": { "name": "Use only approved cryptographic algorithms, modes, and hash functions", "description": "Prevent cryptographic vulnerabilities by ensuring only secure block modes, padding schemes, ciphers, and hash functions are used throughout the application.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SonarQube (S2070", "S4790", "S5547)", "Semgrep (crypto rules)", "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S010": { "name": "Must use cryptographically secure random number generators (CSPRNG) for security purposes", "description": "Prevent attackers from guessing security random values like OTP, session ID, recovery tokens... by ensuring they are generated from Cryptographically Secure PRNG provided by cryptographic libraries/modules.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SonarQube (S2245)", "Semgrep (random-insecure)", "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S011": { "name": "Enable Encrypted Client Hello (ECH) for TLS", "description": "Prevent exposure of sensitive metadata during TLS handshake by enabling Encrypted Client Hello (ECH) to protect Server Name Indication (SNI) and other client hello fields.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SSL Labs", "testssl.sh", "Browser DevTools", "Manual TLS Config Review" ], "framework": "All", "principles": [ "SECURITY" ] }, "S012": { "name": "Use secrets management solution for backend secrets", "description": "Ensure all backend secrets are securely managed using a dedicated secrets management solution, never stored in source code or build artifacts.", "category": "Security", "severity": "critical", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Vault", "AWS Secrets Manager", "Azure Key Vault", "GitLeaks", "TruffleHog", "HSM" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S013": { "name": "Always use TLS for all connections", "description": "Protect data in transit from leakage and Man-In-The-Middle (MITM) attacks by requiring all connections to use TLS (HTTPS), not allowing fallback to unencrypted protocols like HTTP.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "OWASP ZAP", "SSLyze", "Lighthouse", "Static Analyzer (Semgrep/ESLint)", "Manual Review", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S014": { "name": "Only use TLS 1.2 or 1.3", "description": "Protect network communication from attacks exploiting older TLS versions like BEAST, POODLE, Heartbleed, or downgrade attacks by only allowing TLS 1.2 or 1.3.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SSLyze", "testssl.sh", "OWASP ZAP", "Manual Review", "Configuration Scanner" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S015": { "name": "Only accept trusted TLS certificates and eliminate weak ciphers", "description": "Protect client-server connections from MITM attacks by only trusting valid TLS certificates signed by trusted CAs, and rejecting all unknown certificates or weak ciphers.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SSL Labs", "testssl.sh", "nmap ssl-enum-ciphers", "Manual Review" ], "framework": "All", "principles": [ "SECURITY" ] }, "S016": { "name": "Do not pass sensitive data via query string", "description": "Prevent leakage of sensitive data through URLs by not passing sensitive information via query string, instead using HTTP body or headers in authenticated requests or private operations.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Semgrep (hardcoded query pattern)", "Manual Review", "Proxy log scanner", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "SECURITY" ] }, "S017": { "name": "Always use parameterized queries", "description": "Prevent various forms of injection (SQL Injection, HQL Injection, NoSQL Injection) by always using parameterized queries or ORM when accessing data.", "category": "Security", "severity": "critical", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SonarQube (S2077", "S3649)", "Semgrep (injection rules)", "CodeQL", "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S018": { "name": "Do not store sensitive data in browser storage", "description": "Prevent sensitive data exposure by ensuring browser storage mechanisms do not contain sensitive information, except for session tokens.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Browser DevTools", "Static Analysis (Semgrep", "ESLint)", "Manual Code Review", "Security Audit" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S019": { "name": "Sanitize input before sending emails to prevent SMTP Injection", "description": "Prevent SMTP/IMAP injection by removing control characters and ensuring proper formatting of user input used in email sending.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Semgrep (regex match)", "Manual Review", "Static Analysis", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "SECURITY" ] }, "S020": { "name": "Avoid using `eval()` or executing dynamic code", "description": "Prevent Remote Code Execution (RCE) by disallowing use of dynamic code execution functions like `eval()`, `Function()`, `exec()`, `Runtime.exec()` with user-controlled input.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Semgrep (eval-detection rules)", "ESLint (`no-eval`)", "SonarQube (S1523)", "Static Analyzer" ], "framework": "All", "principles": [ "SECURITY" ] }, "S021": { "name": "Set Referrer-Policy to prevent sensitive data leakage", "description": "Prevent leakage of sensitive URL data (path, query parameters, hostname) to third-party services via the `Referer` HTTP header.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Browser DevTools", "Security Headers Scanner", "OWASP ZAP", "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S022": { "name": "Escape data properly based on output context", "description": "Prevent XSS, Header Injection, Email Injection by escaping output data according to context (HTML, JS, URL, Header, Email, etc).", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "ESLint (`no-script-url`", "`react/no-danger`)", "Bandit", "SonarQube (S2076)", "DOMPurify", "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S023": { "name": "Use output encoding when building dynamic JavaScript/JSON", "description": "Prevent JavaScript and JSON injection by applying proper output encoding when dynamically building JavaScript content or JSON data.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "ESLint (`no-eval`)", "Semgrep (json-injection)", "SonarQube (S1523", "S5334)", "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S024": { "name": "Protect against XPath Injection and XML External Entity (XXE)", "description": "Prevent XPath injection and XXE vulnerabilities that can expose files, trigger SSRF, or run malicious code.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.1", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Semgrep (xpath injection)", "Bandit (Python)", "SonarQube (S2755)", "Manual Config Review" ], "framework": "All", "principles": [ "SECURITY" ] }, "S025": { "name": "Always validate client-side data on the server", "description": "Ensure all data from clients is validated server-side to prevent attacks from forged or malicious input.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SonarQube (S5334)", "ESLint (`require-validate`)", "Bandit (Python)", "Static Analysis" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S026": { "name": "Use TLS encryption for all inbound and outbound connections", "description": "Ensure all application connections use encrypted TLS protocol, with no fallback to insecure or unencrypted protocols.", "category": "Security", "severity": "critical", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SSL Labs", "testssl.sh", "nmap", "Network Traffic Analysis", "Manual Config Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S027": { "name": "Validate mTLS client certificates before authentication", "description": "Ensure mTLS client certificates are properly validated and trusted before using certificate identity for authentication or authorization decisions.", "category": "Security", "severity": "critical", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "OpenSSL", "mTLS Testing Tools", "Certificate Validator", "Manual Config Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S028": { "name": "Limit upload file size and number of files per user", "description": "Prevent resource abuse and protect against DoS attacks by limiting file size, number of files, and user storage usage.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "Static Analysis", "API Gateway Limit", "Nginx Config", "WAF", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S029": { "name": "Apply CSRF protection for authentication-related features", "description": "Prevent Cross-Site Request Forgery (CSRF) attacks where an attacker triggers unauthorized actions using the victim's authenticated session.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Spring Security CSRF", "Express `csurf`", "Django CSRF middleware", "Helmet.js", "Manual Review", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S030": { "name": "Disable directory browsing and protect sensitive metadata files", "description": "Prevent unauthorized access to file listings or metadata files such as `.git`, `.env`, `.DS_Store`, which can reveal sensitive system or source code information.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static Analysis", "Manual Review", "Burp Suite", "Nikto", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S031": { "name": "Set the Secure flag on session cookies for HTTPS protection", "description": "Prevent attackers from stealing session cookies via unencrypted HTTP, especially on public or monitored networks (MITM).", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "OWASP ZAP", "Burp Suite", "Static Analysis", "Manual Review", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "SECURITY" ] }, "S032": { "name": "Enable HttpOnly attribute for Session Cookies to prevent JavaScript access", "description": "Prevent JavaScript (including malicious code during XSS attacks) from accessing session cookies, thereby limiting the risk of theft and session hijacking.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static Analysis", "OWASP ZAP", "Burp Suite", "Manual Review", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "SECURITY" ] }, "S033": { "name": "Set SameSite attribute for Session Cookies to reduce CSRF risk", "description": "Limit the browser's ability to automatically send cookies in cross-origin requests, thereby minimizing the risk of Cross-Site Request Forgery (CSRF) attacks.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "OWASP ZAP", "Postman", "Static Analysis", "Manual Review", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S034": { "name": "Use `__Host-` prefix for Session Cookies to prevent subdomain sharing", "description": "Prevent cookie theft between subdomains (e.g., `api.example.com` accessing cookies from `admin.example.com`) by using cookies prefixed with `__Host-`, which enforce strict security tied to the root domain.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "Static Analysis", "Chrome DevTools Audit", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S035": { "name": "Host separate applications on different hostnames", "description": "Leverage same-origin policy restrictions by hosting separate applications on different hostnames to isolate resources, cookies, and prevent cross-application attacks.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Architecture Review", "DNS Configuration Audit", "Browser DevTools" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S036": { "name": "Use internal data for file paths, validate user filenames strictly", "description": "Prevent path traversal, LFI, RFI, and SSRF attacks by using internally generated file paths instead of user-submitted filenames, with strict validation when user input is unavoidable.", "category": "Security", "severity": "critical", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static Analysis", "OWASP ZAP", "Burp Suite", "Semgrep (path-traversal)", "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S037": { "name": "Set anti-cache headers to prevent sensitive data leakage", "description": "Prevent browsers from caching sensitive data such as tokens, personal information, or financial content which could leak when users share devices or use back/forward navigation.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static Analysis", "Postman", "Chrome DevTools", "Manual Review", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "SECURITY" ] }, "S038": { "name": "Hide system version information in HTTP Headers", "description": "Prevent attackers from discovering backend technologies (e.g., server, framework, OS) via HTTP response headers that can be used to target known vulnerabilities.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.1", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static Analysis", "curl", "Postman", "Chrome DevTools", "Burp Suite", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "SECURITY" ] }, "S039": { "name": "TLS clients must validate server certificates", "description": "Ensure TLS clients validate certificates received from servers before establishing secure communication to prevent MITM attacks.", "category": "Security", "severity": "critical", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SSL Labs", "testssl.sh", "Static Analysis", "Manual Code Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S040": { "name": "Regenerate Session Token after login to prevent Session Fixation", "description": "Prevent attackers from setting a session ID before login and taking over the session post-login if the ID remains unchanged.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.1", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static Analysis", "Manual Review", "OWASP ZAP", "Burp Suite", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "SECURITY" ] }, "S041": { "name": "Session Tokens must be invalidated after logout or expiration", "description": "Prevent users from reusing old session tokens after logout or timeout, which could lead to session hijacking.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static Analysis", "Manual Review", "Postman", "DevTools", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S042": { "name": "Require re-authentication for long-lived sessions or sensitive actions", "description": "Reduce the risk of session hijacking or privilege misuse by forcing re-authentication after long idle periods or before critical actions.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "Static Analysis (JWT expiry", "session policy)", "Security Test", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S043": { "name": "Password changes must invalidate all other login sessions", "description": "Ensure attackers cannot continue using old session tokens after a password change. Enforce correct access control after sensitive updates.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.1", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "Static Analysis (Token Revocation Logic)", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S044": { "name": "Require re-authentication before modifying critical information", "description": "Prevent unauthorized changes to critical information when the session is not fully authenticated. Protect users in half-open session states.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "Static Analysis (flow check)", "Security Test", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S045": { "name": "Implement brute-force protection for login", "description": "Prevent brute-force and credential stuffing attacks by limiting failed login attempts and introducing friction for suspicious behavior.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "Static Analysis", "OWASP ZAP", "Custom Logging", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S046": { "name": "Use algorithm allowlist for self-contained tokens", "description": "Prevent algorithm confusion and downgrade attacks by restricting token signing/verification to an explicit allowlist of algorithms.", "category": "Security", "severity": "critical", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "JWT Debugger", "Static Analysis", "Manual Code Review", "Security Test" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S047": { "name": "Protect OAuth code flow against CSRF attacks", "description": "Prevent browser-based CSRF attacks that could trigger unauthorized OAuth token requests by implementing PKCE or state parameter validation.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "OAuth Security Testing", "Manual Code Review", "OWASP ZAP" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S048": { "name": "Validate OAuth redirect URIs with exact string comparison", "description": "Prevent OAuth redirect attacks by validating redirect URIs against a client-specific allowlist using exact string comparison, not pattern matching.", "category": "Security", "severity": "critical", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "OAuth Security Testing", "Manual Config Review", "Penetration Testing" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S049": { "name": "Authentication codes must expire quickly", "description": "Ensure that OTPs, reset tokens, and activation links expire quickly to reduce risk of interception or reuse.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "Static Analysis", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S050": { "name": "Reference tokens must be unique with 128-bit entropy using CSPRNG", "description": "Ensure reference tokens (session tokens, opaque tokens) are unpredictable and resistant to brute-force attacks by using cryptographically secure generation.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static Analysis", "Security Audit", "CSPRNG Verification", "Manual Code Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S051": { "name": "Support 12–64 character passwords; reject >128 characters", "description": "Allow users to use strong passphrases while preventing resource abuse from excessively long inputs.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "Static Analysis", "Unit Test", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S052": { "name": "OTPs must have at least 20-bit entropy", "description": "Ensure OTPs are strong enough to resist brute-force or statistical guessing attacks.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "Unit Test", "Static Analysis", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S053": { "name": "Return generic error messages, hide internal details", "description": "Prevent exposure of sensitive internal system data by returning generic error messages to consumers when unexpected or security-sensitive errors occur.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static Analysis", "Penetration Testing", "Error Response Audit", "Manual Code Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S054": { "name": "Avoid using default accounts like \"admin\", \"root\", \"sa\"", "description": "Prevent brute-force attacks and ensure traceability and accountability in auditing. Avoid predictable, shared accounts lacking identity association.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "CI Security Audit", "IAM Policy Scan", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S055": { "name": "Validate input Content-Type in REST services", "description": "Prevent attacks via malformed or improperly handled data by validating incoming data format (e.g., JSON, XML).", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "API Gateway Config", "Static Code Analysis (Semgrep)", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "SECURITY" ] }, "S056": { "name": "Protect against Log Injection attacks", "description": "Prevent attackers from injecting fake log entries that distort tracking or exploit log analysis systems.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SonarQube", "Semgrep", "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S057": { "name": "Use synchronized time and UTC in logs", "description": "Ensure consistent, accurate log timestamps to support auditing, investigation, and cross-system comparison.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Manual Review", "Audit Logging Middleware", "Centralized Logging Tools (ELK", "Fluentd", "Datadog)", "SonarQube (custom rule)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S058": { "name": "Protect applications from SSRF attacks", "description": "Prevent Server-Side Request Forgery (SSRF) and protect internal networks or cloud metadata services from unauthorized access via untrusted input.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SonarQube", "Manual Review", "Burp Suite Test" ], "framework": "All", "principles": [ "SECURITY" ] }, "S059": { "name": "Disable debug modes in production environments", "description": "Prevent exposure of debugging features and information leakage by ensuring all debug modes are disabled in production environments.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Configuration Audit", "Penetration Testing", "OWASP ZAP", "Environment Checker" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "S060": { "name": "Enforce minimum password length of 8 characters, recommend 15+", "description": "Ensure user-set passwords meet minimum length requirements to provide adequate security against brute-force and dictionary attacks.", "category": "Security", "severity": "major", "languages": [ "All languages" ], "version": "2.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "Static Analysis", "Unit Test", "Password Strength Libraries (zxcvbn)", "Manual Review" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "SW001": { "name": "Use Swift's observe property instead of legacy KVO", "description": "Avoid using outdated KVO mechanisms.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`block_based_kvo`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW002": { "name": "Delegate Protocols must be class-only", "description": "Allow the use of `weak` to avoid retain cycles (memory leaks).", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`class_delegate_protocol`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW003": { "name": "Do not directly instantiate system protocols", "description": "Avoid misusing protocols like `ExpressibleByArrayLiteral`.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`compiler_protocol_init`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW004": { "name": "Prefer `.contains` for certain filtering operations", "description": "Improve performance and clarity.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`contains_over_*`)" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "SW005": { "name": "Use `enum` for types with only static members", "description": "Prevent unnecessary instantiation.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`convenience_type`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW006": { "name": "Always dispose NotificationCenter observers", "description": "Prevent memory leaks due to retain cycles.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`discarded_notification_center_observer`)" ], "framework": "All", "principles": [ "PERFORMANCE" ] }, "SW007": { "name": "Avoid direct instantiation of system types", "description": "Prevent creating types that may cause errors or are unnecessary.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`discouraged_direct_init`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW008": { "name": "Do not use optionals for Boolean values", "description": "Avoid ambiguous logic and hard-to-control conditions.", "category": "Security", "severity": "critical", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`discouraged_optional_boolean`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW009": { "name": "Prefer `.isEmpty` over `.count == 0`", "description": "Make code clearer and more efficient.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`empty_count`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW010": { "name": "Prefer `isEmpty` over comparing to `\"\"`", "description": "Increase clarity and avoid potential errors with empty strings.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`empty_string`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW011": { "name": "Do not use `.init()` unnecessarily", "description": "Increase code clarity.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`explicit_init`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW012": { "name": "Always provide a clear message when using `fatalError`", "description": "Make it easier to trace application crashes.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`fatal_error_message`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW013": { "name": "Prefer `for-where` over `if` inside loops", "description": "Make code clearer and express intent.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`for_where`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW014": { "name": "Avoid `as!` (force cast)", "description": "Prevent crashes due to incorrect type casting.", "category": "Security", "severity": "critical", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`force_cast`)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "SW015": { "name": "Avoid `try!` (force try)", "description": "Prevent crashes when errors occur.", "category": "Security", "severity": "critical", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`force_try`)" ], "framework": "All", "principles": [ "CODE_QUALITY", "SECURITY" ] }, "SW016": { "name": "Avoid using `!` (force unwrap)", "description": "Prevent crashes caused by `nil` values.", "category": "Security", "severity": "critical", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`force_unwrapping`)" ], "framework": "All", "principles": [ "SECURITY" ] }, "SW017": { "name": "Limit function parameters to less than 6", "description": "Improve readability and reduce complexity.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`function_parameter_count`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW018": { "name": "Do not use tuples with too many elements", "description": "Reduce complexity, improve readability and maintainability.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`large_tuple`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW019": { "name": "Use Swift initializers instead of Objective-C style", "description": "Keep Swift code pure, clear, and maintainable.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`legacy_constructor`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW020": { "name": "Data types should be nested at most 1 level", "description": "Avoid unreadable and hard-to-debug code due to deep nesting.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`nesting`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW021": { "name": "Do not use access modifiers with extensions", "description": "Keep extensions clear and consistent.", "category": "Security", "severity": "critical", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`no_extension_access_modifier`)" ], "framework": "All", "principles": [ "CODE_QUALITY", "MAINTAINABILITY" ] }, "SW022": { "name": "Call `super` in lifecycle methods", "description": "Ensure default behaviors are executed correctly.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`overridden_super_call`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW023": { "name": "Do not use `override` in extensions", "description": "Avoid changing original behavior and keep extensions for extension only.", "category": "Security", "severity": "critical", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`override_in_extension`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW024": { "name": "Prefer `private` over `fileprivate`", "description": "Restrict access scope more tightly.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`private_over_fileprivate`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW025": { "name": "Do not declare Unit Test functions as `private`", "description": "Ensure tests are executed from the test target.", "category": "Security", "severity": "critical", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`private_unit_test`)" ], "framework": "All", "principles": [ "TESTABILITY" ] }, "SW026": { "name": "Do not call `super` in specific methods", "description": "Avoid errors from unnecessary `super` calls.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`prohibited_super_call`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW027": { "name": "Prefer `.min()` or `.max()` over `sorted().first/last`", "description": "Improve performance and clarity.", "category": "Security", "severity": "critical", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`sorted_first_last`)" ], "framework": "All", "principles": [ "PERFORMANCE" ] }, "SW028": { "name": "Prefer shorthand syntax `[T]` over `Array`", "description": "Make code more idiomatic and concise.", "category": "Security", "severity": "critical", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`syntactic_sugar`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW029": { "name": "Warn for unused closure parameters", "description": "Avoid compile warnings and improve readability.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`unused_closure_parameter`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW030": { "name": "Avoid using `enumerated()` when index is not needed", "description": "Remove redundant code and avoid performance risks.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`unused_enumerated`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW031": { "name": "Do not use optional binding just to call a function or property", "description": "Increase clarity and avoid deep nesting.", "category": "Security", "severity": "critical", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`unused_optional_binding`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW032": { "name": "Do not use `@IBInspectable` with unsupported types and constants", "description": "Prevent crashes or compile-time errors.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`valid_ibinspectable`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW033": { "name": "Parameters must be vertically aligned when calling functions", "description": "Improve readability and maintain consistent code style.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`vertical_parameter_alignment_on_call`", "`vertical_parameter_alignment`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW034": { "name": "Use `-> Void` instead of `-> ()` for function types", "description": "Increase consistency and readability.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`void_return`)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "SW035": { "name": "Delegates must be marked as `weak`", "description": "Prevent retain cycles and memory leaks.", "category": "Security", "severity": "major", "languages": [ "swift" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "SwiftLint (`weak_delegate`)" ], "framework": "All", "principles": [ "CODE_QUALITY", "PERFORMANCE" ] }, "T002": { "name": "Interface names should start with 'I'", "description": "Ensure interface names follow naming conventions with 'I' prefix.", "category": "Frontend", "severity": "major", "languages": [ "javascript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "ESLint custom rule (custom/t002)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "T003": { "name": "Avoid using @ts-ignore without a clear justification", "description": "Avoid using @ts-ignore without a clear reason.", "category": "Frontend", "severity": "major", "languages": [ "javascript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "ESLint custom rule (custom/t003)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "T004": { "name": "Disallow declaring empty types like `type X = {}`", "description": "Avoid declaring meaningless empty data types.", "category": "Frontend", "severity": "major", "languages": [ "javascript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "ESLint custom rule (custom/t004)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "T007": { "name": "Avoid declaring functions inside constructors or class bodies", "description": "Avoid declaring functions inside constructors or class bodies.", "category": "Frontend", "severity": "major", "languages": [ "javascript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "ESLint custom rule (custom/t007)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "T010": { "name": "Avoid deeply nested union or tuple types", "description": "Avoid complex nested union or tuple types.", "category": "Frontend", "severity": "major", "languages": [ "javascript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "ESLint custom rule (custom/t010)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "T015": { "name": "Do not use `instanceof` to distinguish behavior when interfaces are available", "description": "Use polymorphism instead of branching with type checks.", "category": "Frontend", "severity": "major", "languages": [ "javascript" ], "version": "1.0.0", "status": "draft", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "AI review / static analyzer" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "T016": { "name": "Use strict type checking", "description": "Leverage TypeScript's type safety to reduce runtime errors.", "category": "Frontend", "severity": "critical", "languages": [ "javascript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "TypeScript compiler", "ESLint" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "T017": { "name": "Use async/await instead of Promises", "description": "Improve code readability and ease debugging of async operations.", "category": "Frontend", "severity": "major", "languages": [ "javascript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "ESLint", "Prettier" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "T018": { "name": "Use proper error handling", "description": "Ensure robust error handling and good user experience.", "category": "Frontend", "severity": "major", "languages": [ "javascript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "ESLint", "Custom error libraries" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "T019": { "name": "Do not assign to this arbitrarily", "description": "Maintain proper context and avoid this manipulation.", "category": "Frontend", "severity": "major", "languages": [ "javascript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "ESLint custom rule (custom/t019)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "T020": { "name": "Avoid export default for multi-responsibility modules", "description": "Improve tree-shaking and module clarity.", "category": "Frontend", "severity": "major", "languages": [ "javascript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "ESLint custom rule (custom/t020)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] }, "T021": { "name": "Limit deeply nested generics", "description": "Improve code readability and TypeScript performance.", "category": "Frontend", "severity": "major", "languages": [ "javascript" ], "version": "1.0", "status": "activated", "tags": [ "Common", "readability", "code-quality" ], "tools": [ "ESLint custom rule (custom/t021)" ], "framework": "All", "principles": [ "CODE_QUALITY" ] } } }