Typescript Style Guide
Apply this checklist when writing or reviewing TypeScript code.
Trigger Reference
- •Use
references/trigger-matrix.mdas the canonical trigger and co-activation matrix. - •Resolve skill activation from changed files with
python3 scripts/resolve_style_guides.py <changed-path>...when automation is available. - •Validate trigger matrix consistency with
python3 scripts/validate_trigger_matrix_sync.py.
Architecture and boundaries
Quality Gate Reference
- •Use
references/quality-gate-command-matrix.mdfor CI check-only vs local autofix command mapping.
- •Keep modules focused and dependency direction explicit.
- •Separate domain logic from adapters (HTTP, DB, queue, storage).
- •Keep controllers/route handlers thin and orchestration-light.
- •Encapsulate external APIs behind typed client abstractions.
Naming and structure
- •Use descriptive names with consistent casing (
camelCase,PascalCase,UPPER_SNAKE_CASE). - •Keep functions small and single-purpose.
- •Replace magic numbers with named constants and units (
POLL_INTERVAL_MS). - •Avoid deep nesting; prefer guard clauses.
Type safety and data modeling
- •Use strict compiler options (
strict,noImplicitAny,noUncheckedIndexedAccesswhen possible). - •Prefer explicit
type/interface/discriminated unions over loose object bags. - •Avoid
any; useunknownplus narrowing when dynamic input is unavoidable. - •Model boundary contracts with explicit request/response types.
Runtime validation and error handling
- •Validate untrusted input at boundaries with runtime schemas (
zod, equivalent). - •Use specific error classes/codes and map them intentionally at boundaries.
- •Avoid broad catches that swallow failures.
- •Propagate failures explicitly (recover/retry/rethrow/log) with context.
- •Do not implement fallback logic that masks root causes by default.
Configuration and environment
- •Parse configuration once at startup and expose typed config objects.
- •Fail startup when required environment variables are missing.
- •Do not hardcode fallback defaults for required environment variables.
- •Keep secrets outside source control and logs.
Security and compliance
- •Treat all external input as untrusted and validate aggressively.
- •Prevent injection/XSS/SSRF via context-aware encoding and allow-lists.
- •Enforce auth/authz checks near entry points and sensitive operations.
- •Avoid logging secrets or personal data.
Performance and scalability
- •Avoid repeated expensive computations and unbounded async fan-out.
- •Use streaming/pagination for large payloads.
- •Bound retries and concurrency with named limits.
- •Profile before optimizing and verify gains with measurements.
Testing and verification
- •Add unit tests for domain logic and integration tests for boundaries.
- •Cover edge cases: invalid schema, timeout, cancellation, retry exhaustion.
- •Add regression tests for each bug fix.
- •Document manual verification where automation is not available.
Observability and operations
- •Emit structured logs with request/correlation IDs.
- •Track latency, error rate, and dependency metrics.
- •Keep error responses stable and actionable.
- •Add safeguards for timeout, retry, and circuit-breaking behavior.
CI required quality gates (check-only)
- •Run formatter check (
prettier --check ., or project equivalent). - •Run lint checks (
eslint . --max-warnings=0). - •Run type check (
tsc --noEmit). - •Run automated tests (
pnpm test/npm test/project equivalent).
Optional autofix commands (local)
- •Run
prettier --write .to apply formatting. - •Run
eslint . --fixfor safe lint autofixes, then re-run check-only gates.