beforemerge-nextjs-review
BeforeMerge: Next.js Review
Comprehensive code review knowledge base for Next.js, React, and TypeScript applications. Contains rules across 4 categories — security, performance, architecture, and quality — prioritized by impact.
When to Apply
Reference these rules when:
- Reviewing pull requests for Next.js/React/TypeScript projects
- Writing new components, API routes, or server actions
- Auditing existing code for security vulnerabilities
- Refactoring code for performance or maintainability
- Running pre-merge quality checks
Rule Categories by Priority
| Priority | Category | Impact | Prefix | Focus |
|---|---|---|---|---|
| 1 | Security | CRITICAL | sec- |
OWASP/CWE mapped anti-patterns |
| 2 | Performance | HIGH | perf- |
Runtime and build-time optimization |
| 3 | Architecture | MEDIUM | arch- |
Design patterns and code organization |
| 4 | Quality | LOW-MEDIUM | qual- |
Maintainability and code health |
How to Use
Read individual rule files in rules/ for detailed explanations and code examples.
Each rule contains:
- Brief explanation of why it matters
- Incorrect code example with explanation
- Correct code example with explanation
- CWE/OWASP mapping where applicable
- References to official documentation
For the complete compiled guide: AGENTS.md
More from beforemerge/beforemerge-skills
beforemerge-react-review
Comprehensive code review rules for React applications (framework-agnostic). Covers security anti-patterns, performance pitfalls, architecture mistakes, and code quality issues. Use this skill when reviewing, writing, or refactoring React code — especially before merging pull requests. Triggers on tasks involving code review, PR review, security audit, performance review, or quality checks for React/TypeScript projects. Does not cover Next.js-specific patterns (see nextjs-review for that).
25beforemerge-supabase-review
Comprehensive code review rules for Supabase applications including RLS security, auth patterns, query performance, migration workflows, and type safety. Use this skill when reviewing, writing, or refactoring Supabase-backed code — especially before merging pull requests. Triggers on tasks involving code review, PR review, security audit, performance review, or quality checks for Supabase/PostgreSQL projects.
24beforemerge-fullstack-architecture-review
Code review rules for DRY/SOLID layered architecture in fullstack TypeScript applications. Covers dependency direction, service/repository patterns, factory injection, domain entities, security hardening, performance optimization, and code quality patterns. Use this skill when reviewing, writing, or refactoring fullstack TypeScript code with layered architecture — especially before merging pull requests. Triggers on tasks involving code review, architecture review, SOLID principles, clean architecture, or quality checks for fullstack TypeScript projects.
20beforemerge-wordpress-review
Comprehensive code review rules for WordPress plugin and theme development. Covers security anti-patterns, performance pitfalls, architecture mistakes, and code quality issues. Use this skill when reviewing, writing, or refactoring WordPress/PHP code — especially before merging pull requests. Triggers on tasks involving code review, PR review, security audit, performance review, or quality checks for WordPress projects.
10beforemerge-nextjs-supabase-standards
Opinionated best practices for full-stack Next.js 14+ App Router applications with Supabase. Covers project structure, data fetching, auth, RLS, server actions, components, TypeScript, performance, error handling, security, and testing. Use this skill when building, reviewing, or auditing Next.js + Supabase applications. Triggers on tasks involving Supabase client usage, RLS policies, server actions, middleware auth, migration patterns, or component architecture decisions.
2