Javascript Style Guide
Apply this checklist when writing or reviewing JavaScript code.
Trigger Reference
- •Use
references/trigger-matrix.mdas the canonical trigger and co-activation matrix. - •Resolve skill activation from changed files with
python3 scripts/resolve_style_guides.py <changed-path>...when automation is available. - •Validate trigger matrix consistency with
python3 scripts/validate_trigger_matrix_sync.py.
Architecture and boundaries
Quality Gate Reference
- •Use
references/quality-gate-command-matrix.mdfor CI check-only vs local autofix command mapping.
- •Keep modules focused and small; avoid cross-layer leakage.
- •Separate pure domain logic from side effects (I/O, network, storage).
- •Keep entry points thin and delegate behavior to reusable services.
- •Encapsulate third-party integrations behind adapter modules.
Naming and code structure
- •Use clear, intent-revealing names for functions and variables.
- •Prefer
const; useletonly when mutation is required. - •Replace magic numbers with named constants including units (
RETRY_DELAY_MS). - •Keep functions single-purpose and avoid deeply nested branching.
Data shapes and validation
- •Define explicit data contracts with schema validators (
zod,yup, or equivalent). - •Avoid untyped, ambiguous object bags for domain-critical paths.
- •Validate external payloads at boundaries before business logic executes.
- •Keep serialization/deserialization logic centralized.
Async behavior and error handling
- •Prefer
async/awaitover mixed promise chains. - •Throw and handle specific error classes with clear operational meaning.
- •Avoid blanket catch blocks that swallow failures.
- •Propagate errors intentionally (recover/retry/rethrow/log).
- •Do not add fallback logic that hides root-cause failures by default.
Configuration and environment
- •Validate required environment variables at process startup.
- •Fail fast if required configuration is missing.
- •Do not hardcode fallback defaults for required environment variables.
- •Keep secrets out of source control and logs.
Security and compliance
- •Treat all external input as untrusted; validate and sanitize it.
- •Prevent injection attacks by parameterizing queries and escaping output contexts.
- •Enforce auth/authz at API boundaries.
- •Avoid logging secrets, tokens, or PII.
Performance and efficiency
- •Avoid repeated expensive operations in loops; cache intentionally.
- •Bound concurrency for bulk async operations.
- •Stream or paginate large payloads.
- •Profile hot paths before optimization.
Testing and verification
- •Add unit tests for core logic and integration tests for boundary modules.
- •Cover edge cases: empty input, invalid schema, timeout, retry exhaustion.
- •Add regression tests for bug fixes.
- •Document manual verification steps when automated tests are missing.
Observability and operations
- •Use structured logs with request/correlation IDs.
- •Emit metrics for latency, throughput, and error rates.
- •Normalize error codes and statuses for incident response.
- •Add operational safeguards for retries, circuit breaking, and timeouts.
CI required quality gates (check-only)
- •Run
prettier --check .(or project equivalent). - •Run
eslint . --max-warnings=0. - •Run test suite (
npm test/pnpm test/project equivalent). - •Reject changes that weaken validation, security, or failure visibility.
Optional autofix commands (local)
- •Run
prettier --write .to apply formatting. - •Run
eslint . --fixfor safe lint autofixes, then re-run check-only gates.