-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathcode-review.mdc
More file actions
39 lines (25 loc) · 2.17 KB
/
code-review.mdc
File metadata and controls
39 lines (25 loc) · 2.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
---
description: "PR review themes — API docs, compatibility, errors, security, tests"
alwaysApply: true
---
# Code review checklist (CMA JavaScript SDK)
Apply when reviewing changes to `@contentstack/management`.
## Public API & documentation
- **JSDoc** updated for new or changed public methods/classes (params, return shape, examples), matching style in `lib/contentstack.js` / `lib/contentstackClient.js`.
- **`types/**`** updated when TypeScript consumers would see different signatures or new exports.
## Backward compatibility
- Avoid breaking changes to exported function signatures, option objects, or default behavior without a major version rationale.
- If behavior changes, ensure **callers inside `lib/`** and tests reflect the new contract.
## Errors & safety
- HTTP failures should flow through **`lib/core/contentstackError.js`** (or equivalent existing error path), preserving **status** and safe **request** metadata.
- Do not log or stringify full **authtoken**, **authorization**, or **management_token** values; follow existing redaction patterns in `contentstackError.js`.
- Respect **null/undefined** edge cases for optional API fields; avoid assuming nested objects always exist.
## Dependencies & supply chain
- New **dependencies** should be justified (size, maintenance, license); prefer existing `lodash` / `axios` patterns.
- Lockfile and **`package.json`** version bumps should be minimal and reviewable.
## Tests
- **Unit tests** for new logic or regressions (`test/unit/`), with HTTP **mocked** (Nock, axios-mock-adapter, Sinon, etc.).
- **Sanity / API tests** (`test/sanity-check/api/`) when change affects live CMA behavior, request shape, or end-to-end flows: add or update the relevant `*-test.js` suite and ensure **`sanity.js`** still wires it; run against **`dist/node/contentstack-management.js`** after **`npm run build`**. Do not commit secrets; env vars belong in `test/sanity-check/utility/testSetup.js` documentation only.
- Document any new env requirements for sanity in **`test/sanity-check/utility/testSetup.js`** header comments.
## Security & privacy
- No hardcoded credentials; no accidental exposure of customer content in logs or error messages.