claude-git-hooks

# General Code Quality Guidelines ## Security Fundamentals ### Input Validation ✅ Validate all user input ✅ Sanitize data before use ✅ Use parameterized queries ✅ Escape output properly ✅ Validate file paths ### Credentials and Secrets ✅ Never hardcode credentials ✅ Use environment variables or secure vaults ✅ Don't log sensitive data ✅ Rotate keys regularly ✅ Use secure random generators ### Authentication & Authorization ✅ Implement proper authentication ✅ Check permissions before operations ✅ Use secure session management ✅ Implement rate limiting ✅ Log security events ## Reliability ### Error Handling ✅ Handle all error cases ✅ Provide meaningful error messages ✅ Clean up resources in finally blocks ✅ Don't swallow exceptions silently ✅ Log errors appropriately ### Null Safety ✅ Check for null/undefined values ✅ Use optional chaining where supported ✅ Provide default values ✅ Document when null is valid ✅ Avoid null pointer exceptions ### Resource Management ✅ Close files and connections ✅ Free allocated memory ✅ Use try-with-resources patterns ✅ Implement proper cleanup ✅ Avoid resource leaks ## Maintainability ### Code Organization ✅ Keep functions small and focused ✅ Use descriptive names ✅ Follow consistent naming conventions ✅ Organize code logically ✅ Limit nesting depth ### Documentation ✅ Document complex logic ✅ Explain non-obvious decisions ✅ Keep comments up to date ✅ Use inline documentation ✅ Document public APIs ### Code Duplication ✅ Extract common code into functions ✅ Use appropriate design patterns ✅ Don't copy-paste code ✅ Refactor when you see duplication ✅ Keep DRY (Don't Repeat Yourself) ## Performance ### General Guidelines ✅ Choose appropriate data structures ✅ Avoid unnecessary loops ✅ Cache expensive computations ✅ Use lazy loading when appropriate ✅ Profile before optimizing ### Resource Usage ✅ Limit memory allocations ✅ Use streaming for large data ✅ Implement pagination ✅ Clean up resources promptly ✅ Avoid memory leaks ## Common Issues to Avoid ### Critical Issues (BLOCKER) ❌ Security vulnerabilities (SQL injection, XSS, etc.) ❌ Exposed credentials or secrets ❌ Data loss risks ❌ Critical bugs that crash the application ### Major Issues (CRITICAL/MAJOR) ❌ Unhandled exceptions ❌ Resource leaks ❌ Missing input validation ❌ Poor error handling ❌ Performance bottlenecks ### Minor Issues (MINOR/INFO) ❌ Code duplication ❌ Poor naming ❌ Missing documentation ❌ Style inconsistencies ❌ Unused code ## Testing ✅ Write tests for new functionality ✅ Test error scenarios ✅ Test edge cases ✅ Mock external dependencies ✅ Aim for reasonable coverage ## Version Control ✅ Write clear commit messages ✅ Keep commits focused and atomic ✅ Don't commit sensitive data ✅ Review your own changes first ✅ Rebase/clean up before pushing ## Language-Specific Different languages have specific best practices: - **JavaScript/Node.js**: Use strict mode, handle promises, avoid callback hell - **Python**: Follow PEP 8, use virtual environments, handle exceptions - **Java**: Follow naming conventions, use proper access modifiers, handle checked exceptions - **SQL**: Use parameterized queries, optimize for performance, maintain data integrity - **Shell scripts**: Quote variables, check exit codes, handle errors ## Quality Standards Strive for: - **Reliability**: A or B - **Security**: A or B - **Maintainability**: A or B - **Coverage**: 70%+ for new code - **Complexity**: Keep cyclomatic complexity low Remember: The goal is to write code that is secure, reliable, maintainable, and performs well.