Rules Hub
Coding Rules Library
Rule priority, scope & exceptions
Use this to align rules with the senior-level structure (P0/P1/P2, scope, exceptions/tradeoffs).
Never hardcode secrets; validate config at startup
Load secrets from environment/config and validate them on boot; never commit keys in code.
Bad example
| 1 | const STRIPE_SECRET = "sk_live_123"; |
| 2 | const stripe = new Stripe(STRIPE_SECRET); |
| 3 |
|
| 4 | export async function charge() { |
| 5 | return stripe.charges.create({ amount: 1000, currency: "usd" }); |
| 6 | } |
Explanation (EN)
Hardcoded secrets leak in repos, are difficult to rotate, and often end up in logs or client bundles.
Objašnjenje (HR)
Tvrdo kodirane tajne procure u repozitorije, tesko ih je rotirati i cesto zavrse u logovima ili bundleu.
Good example
| 1 | import { z } from "zod"; |
| 2 |
|
| 3 | const EnvSchema = z.object({ |
| 4 | STRIPE_SECRET: z.string().min(1), |
| 5 | }); |
| 6 |
|
| 7 | const env = EnvSchema.parse(process.env); |
| 8 |
|
| 9 | const stripe = new Stripe(env.STRIPE_SECRET); |
| 10 |
|
| 11 | export async function charge() { |
| 12 | return stripe.charges.create({ amount: 1000, currency: "usd" }); |
| 13 | } |
Explanation (EN)
Loading secrets from env and validating at startup prevents accidental exposure and fails fast in misconfigured environments.
Objašnjenje (HR)
Ucitanje tajni iz env varijabli i validacija pri startu sprjecava izlaganje i brzo otkriva losu konfiguraciju.
Exceptions / Tradeoffs (EN)
Public, non-secret values (public keys, URLs) can be hardcoded, but secrets must not.
Iznimke / Tradeoffi (HR)
Javne, netajne vrijednosti (public keys, URL-ovi) mogu biti hardkodirane, ali tajne ne smiju.