Development Standards
Coding standards, review processes, and development best practices.
Code Style Guidelines
General Principles
- Consistency: Follow established patterns within the codebase
- Readability: Write code that tells a story
- Simplicity: Prefer simple solutions over complex ones
- Documentation: Document complex logic and public APIs
Language-Specific Standards
JavaScript/TypeScript
- Use Prettier for formatting with team configuration
- Follow ESLint rules defined in team eslintrc
- Use meaningful variable and function names
- Prefer
constoverlet, avoidvar - Use TypeScript for new projects
// Good
const calculateTotalPrice = (items) => {
return items.reduce((total, item) => total + item.price, 0);
};
// Avoid
function calc(x) {
var sum = 0;
for (var i = 0; i < x.length; i++) {
sum = sum + x[i].price;
}
return sum;
}
Java
- Follow Oracle Java Code Conventions
- Use Maven for dependency management
- Include unit tests for all public methods
- Use meaningful package names following reverse domain convention
Python
- Follow PEP 8 style guide
- Use type hints for function parameters and return values
- Include docstrings for all public functions and classes
- Use virtual environments for project isolation
Code Review Process
Before Submitting a Pull Request
- Self-review: Review your own changes first
- Testing: Ensure all tests pass locally
- Documentation: Update relevant documentation
- Commit messages: Use clear, descriptive commit messages
Pull Request Requirements
- Title: Clear, descriptive title
- Description: Explain what changes were made and why
- Testing: Include test plan or testing notes
- Breaking changes: Clearly mark any breaking changes
- Screenshots: Include for UI changes
Review Checklist
Reviewers should check for:
- Code follows style guidelines
- Logic is sound and handles edge cases
- Tests are adequate and pass
- Documentation is updated
- No sensitive information is committed
- Performance implications are considered
Review Process
- Author creates pull request
- Automated checks run (tests, linting, security scans)
- Peer review by at least one team member
- Address feedback through discussion or code changes
- Approval from reviewer(s)
- Merge when all checks pass and approved
Testing Standards
Unit Testing
- Minimum 80% code coverage for new code
- Test both happy path and error conditions
- Use descriptive test names that explain the scenario
- Mock external dependencies
Integration Testing
- Test critical user journeys end-to-end
- Include database and external service interactions
- Run in CI/CD pipeline before deployment
Testing Frameworks
- JavaScript: Jest, Mocha, or Vitest
- Java: JUnit 5 with Mockito
- Python: pytest with appropriate fixtures
Security Standards
Code Security
- Never commit secrets, API keys, or passwords
- Use environment variables for configuration
- Validate all user inputs
- Follow OWASP security guidelines
- Regular dependency updates and security scanning
Secrets Management
- Use Azure Key Vault or equivalent for production secrets
- Local development uses
.envfiles (never committed) - Rotate secrets regularly
- Limit access to secrets on need-to-know basis
Documentation Requirements
Code Documentation
- Public APIs must have comprehensive documentation
- Complex algorithms need explanatory comments
- README files for all repositories
- API documentation for services
Inline Comments
- Explain why, not what
- Document non-obvious business logic
- Include links to relevant specs or tickets
- Keep comments up-to-date with code changes
Continuous Integration
Required CI Checks
- All tests must pass
- Code coverage thresholds met
- Linting and formatting checks pass
- Security vulnerability scans pass
- No merge conflicts
Deployment Pipeline
- Automated deployment to staging environment
- Manual approval required for production
- Rollback capability for all deployments
- Monitoring and alerting post-deployment
Performance Standards
Response Time Targets
- API endpoints: < 200ms for 95th percentile
- Database queries: < 100ms for simple queries
- Page load times: < 3 seconds initial load
Resource Usage
- Memory usage monitoring and limits
- CPU usage optimization
- Database connection pooling
- Caching strategies for expensive operations