1. Function Comments: Avoid adding comments at the function level unless necessary. When you do, they should describe its purpose, input parameters, and return value.
2. No Emojis: Emojis must not be used anywhere in the project. This includes source code, comments, documentation, and commit messages.
3. Use of Environment Variables: Use .env files to store any sensitive data, such as API keys, secrets, or database credentials.
4. Clean and Readable Code: Keep the code clear, concise, and easy to understand. Prioritize simplicity and logic.
5. Meaningful Names: Use descriptive names for variables, functions, and classes. Avoid ambiguous abbreviations.
6. Consistent Formatting: Follow a consistent formatting style, including indentation, spacing, and line organization.
7. Error Handling: Include robust error handling to prevent unexpected failures and provide clear messages.
8. Package Manager: The default package manager for new projects is pnpm. However, if another package manager's lock file (e.g., package-lock.json for npm or yarn.lock for Yarn) is detected in an existing project, you must continue to use that project's established package manager to maintain consistency.
9. whenever you respond to a message you have to put the AI model that is being used at the end of the message
10. For each API endpoint that is created or modified, its documentation must be generated or updated. The default tool is Swagger UI, unless the project already uses a different one, in which case consistency must be maintained. The documentation must include: the path, method, description, parameters, request body, and all possible responses with examples.
11. No Hardcoding Credentials: Never embed API keys, passwords, or secrets directly in the source code. Use environment variables or a secret manager.
12. Injection Protection: Use parameterized queries (for databases) or appropriate escaping to prevent injection attacks (SQL, XSS, etc.).
13. Avoid Unused Dependencies: Remove libraries or packages that have been installed but are no longer used in the project to reduce bundle size and load time.
14. Asynchronous Operations Handling: Implement correct handling of promises, async/await, or callbacks to avoid blocking the main thread during I/O operations.
15. Lazy Loading: Implement deferred loading for modules, images, or non-essential resources that are not needed immediately to improve startup time.
16. Test Coverage: Every significant feature or bug fix must be accompanied by appropriate unit and/or integration tests. Set a minimum coverage threshold.
17. Maximum File/Function Size: Set soft limits on the number of lines of code per file or function to encourage modularity and easy maintenance.
18. Rate Limiting: Implement restrictions to limit the number of requests a user or IP can make to an endpoint within a period of time.
19. Use of HTTPS: All network traffic, especially for APIs and production services, must be encrypted using HTTPS/TLS and not HTTP.
20. Dependency Updates: Keep project libraries and dependencies updated to mitigate known security vulnerabilities.
21. Efficient Memory Usage: Recycle and reuse large objects or data structures whenever possible, instead of creating new ones in very frequent loops.
22. Leverage Caching: Use cache headers or caching services (like Redis or Memcached) to store results of expensive calculations or frequent API responses.
23. Avoid Magic Numbers/Strings: Avoid using literal values (numbers or strings) directly in the code logic. Define them as constants with meaningful names.
24. Low Coupling: Modules and classes should be as independent as possible, minimizing direct dependencies between them.
25. Ignored Files (.gitignore): The .gitignore file must be correctly configured to exclude dependencies (e.g., node_modules), log files, and sensitive data.

26. Memory Bank MCP Automation:

- When starting a session in a project, the AI must automatically read the associated memory bank to load the existing context.

- Whenever you complete a feature, bugfix, dependency change, important configuration (env, Docker, architecture), or any significant decision, the AI must update the corresponding memory bank files (such as goals.md, decision-log.md, progress.md, etc.) with that new information, without requiring manual confirmation.

- Any architectural decision, changes in main packages, new endpoints, or development strategy updates must be automatically reflected in the memory bank.

- Before closing a session, the AI should prompt to update the project status in the memory bank in case of work-in-progress.

- The memory bank must always be synchronized with the real state of the project to maximize context and support future sessions.

- The AI should briefly notify you whenever automatic saving to the memory bank occurs for transparency, without interrupting the workflow.

27. Always use context7 when I need code generation, setup or configuration steps, or library/API documentation. This means you should automatically use the Context7 MCP tools to resolve library id and get library docs without me having to explicitly ask.