Rules Hub

Coding Rules Library

← Back to all rules

Rule priority, scope & exceptions

Use this to align rules with the senior-level structure (P0/P1/P2, scope, exceptions/tradeoffs).

PriorityP0 — correctness, security, data loss, prod-impactingScopeUniversal — language-agnostic, broadly applicable

Exceptions / tradeoffs (EN)Iznimke / tradeoffi (HR)

fullstack ruleP0universalStack: typescript

authsecurityerror-handlingdefaults

Default to the least-privileged user state, not the most permissive, and handle failures

When deriving auth/user status, default to the safest state (e.g. anonymous) and distinguish genuine failures from a known unauthenticated response instead of treating any error as logged-out.

PR: hegnar-forum-web · org-mining-hist-2026-06Created: Jun 20, 2026

Bad example

Old codetypescript

1	`const status = res.ok ? 'active' : 'anonymous'; // a 500 wrongly shows anonymous UI as if logged out`

Explanation (EN)

Objašnjenje (HR)

Good example

New codetypescript

1	`if (res.status === 401) return 'anonymous'; // known unauthenticated`
2	`if (!res.ok) return null; // unexpected failure -> show error state`
3	`return deriveAuthedStatus(res);`

Explanation (EN)

Objašnjenje (HR)

Login required