Rules Hub

Coding Rules Library

← Back to all rules

Rule priority, scope & exceptions

Use this to align rules with the senior-level structure (P0/P1/P2, scope, exceptions/tradeoffs).

PriorityP0 — correctness, security, data loss, prod-impactingScopeUniversal — language-agnostic, broadly applicable

Exceptions / tradeoffs (EN)Iznimke / tradeoffi (HR)

backend ruleP0universalStack: express

securityhttpsecretsdebuggingdead-code

Don't ship debug-only endpoints that expose secrets

Remove or environment-gate debug-only routes — especially ones returning auth tokens or secrets — before merging into a deployable service.

PR: startsiden/hegnar-articletag-service#13Created: Jun 17, 2026

Bad example

Old codets

1	`// Route exists purely for manual debugging and returns a live auth token.`
2	`const getToken = async (req: Request, res: Response) => {`
3	`const drLibService = getDrLibService();`
4	`const token = await drLibService.authenticate();`
5	`res.json({ token });`
6	`};`
7
8	`app.get("/token", getToken); // registered unconditionally, in every environment`

Explanation (EN)

A publicly reachable endpoint that returns an auth token leaks credentials and widens the attack surface. 'Only for debugging' routes that are registered unconditionally end up live in production where anyone can call them.

Objašnjenje (HR)

Javno dostupna ruta koja vraca auth token curi vjerodajnice i siri povrsinu napada. Rute 'samo za debugiranje' koje se registriraju bezuvjetno zavrse aktivne u produkciji gdje ih svatko moze pozvati.

Good example

New codets

1	`// Either remove the debug route entirely, or gate it behind a non-prod flag`
2	`// and never expose a raw token.`
3	`if (process.env.NODE_ENV !== "production") {`
4	`app.get("/_debug/health", debugHealthHandler);`
5	`}`

Explanation (EN)

If a helper is genuinely needed for debugging, gate it behind an environment check so it never registers in production, and avoid returning secrets. If it isn't needed, delete it before merging.

Objašnjenje (HR)

Ako je pomoCna ruta stvarno potrebna za debugiranje, zastiti je provjerom okruzenja kako se nikad ne registrira u produkciji i izbjegavaj vracanje tajni. Ako nije potrebna, obrisi je prije spajanja.

Exceptions / Tradeoffs (EN)

Internal-only services behind strict network isolation may keep diagnostic endpoints, but they should still avoid returning raw tokens and be clearly namespaced (e.g. /_debug).

Iznimke / Tradeoffi (HR)

Interni servisi iza stroge mrezne izolacije mogu zadrzati dijagnosticke rute, ali bi i dalje trebale izbjegavati vracanje sirovih tokena i biti jasno imenovane (npr. /_debug).

Login required