| No new frameworks or libraries that were not explicitly approved | Only use packages already present in the project's dependency manifest. | Dependency control |
| Prefer CLI tools over manual file editing | Use framework generators and package manager commands when available. | Consistency and correctness |
| Validate package installations immediately | After adding a package, run install, build, and test. | Catch dependency issues early |
| Validate Docker artifacts after creation | Build and run containers, then verify endpoints respond. | Avoid broken runtime artifacts |
| No files over 400 lines | Split large files into smaller modules. | Maintainability |
| No unused imports | Remove them before finishing. | Clean code |
| No commented-out code | Delete it. | Code hygiene |
| Lint and format must pass | Use the repository's scripts before marking done. | Consistency |
No any types | Use explicit types or interfaces. | Type safety |
Async/await over .then | Keep async code consistent. | Readability |
| Single responsibility | One function should do one thing. | Testability |
| Validate external I/O and user input types | Check shapes, sanitize inputs, and test malformed cases. | Prevent runtime and security issues |
| Build and runtime packaging validation | Verify artifacts, entry points, manifests, and outDir paths. | Prevent packaging and runtime failures |
| Runtime environment configuration | Separate build-time and runtime env concerns; use browser-accessible host URLs. | Avoid rebuilds for config changes and network issues |