Welcome to the GymGenius development team! This document outlines our quality standards, security protocols, and development workflow.
GymGenius operates under a zero-tolerance quality policy. Every line of code must pass through multiple automated gatekeepers before reaching production.
Before you commit, your code automatically goes through:
- ✅ ESLint: Code style and error checking
- ✅ Prettier: Auto-formatting
- ✅ Black (Python): Code formatting
- ✅ Type checking: TypeScript and Python type validation
Setup:
npm install # Installs husky and lint-staged
cd gymgenius/backend && pip install -r requirements.txtCommits that fail these checks will be automatically blocked.
Every push and pull request triggers:
- Linting & Formatting: ESLint, Prettier, Black, Flake8
- Type Checking: TypeScript (tsc) and Python (mypy)
- Security Scanning: CodeQL (SAST), Bandit (Python), npm audit
- Unit Tests: Jest (Frontend), Pytest (Backend)
- Dependency Audit: Dependabot security alerts
PRs cannot merge until all checks pass ✅
- Follow PEP 8 (enforced by Black)
- Line length: 88 characters
- Docstrings: Google style
- Type hints: Required for all functions
- Logging: Use structured logging with trace IDs
Example:
async def create_user(user_id: str, email: str) -> Dict[str, Any]:
\"\"\"
Create a new user account.
Args:
user_id: Unique user identifier
email: User's email address
Returns:
Dict containing user data and creation timestamp
Raises:
ValueError: If email is invalid
\"\"\"
trace_id = str(uuid.uuid4())
logger.info(f"USER_CREATE: Creating user | user_id={user_id} | trace_id={trace_id}")
# ... implementation- Follow Airbnb style guide
- Use functional components with hooks
- PropTypes or TypeScript interfaces required
- File naming:
kebab-case.tsx - Component naming:
PascalCase
Example:
interface UserCardProps {
userId: string;
name: string;
onSelect: (userId: string) => void;
}
export const UserCard: React.FC<UserCardProps> = ({
userId,
name,
onSelect,
}) => {
// ... implementation
};- Follow Flutter style guide
- Line length: 80 characters
- Use
constconstructors where possible - Document public APIs with
///comments
All user input must be sanitized. Use the provided utilities:
- Python:
InputSanitizer.sanitize_text() - Frontend: DOMPurify for HTML
- JWT tokens with 1-hour expiration
- Refresh tokens stored securely (httpOnly cookies)
- Never log tokens or sensitive data
- Never commit API keys
- Store in
.envfiles (gitignored) - Use separate keys for dev/staging/production
- Minimum 80% code coverage
- Test all error paths
- Mock external API calls
- Use async fixtures for async code
Run tests:
cd gymgenius/backend
pytest tests/ --cov=. --cov-report=term-missing- Test user interactions
- Test error states
- Snapshot tests for complex components
Use conventional commits:
<type>(<scope>): <subject>
<body>
<footer>
Types:
feat: New featurefix: Bug fixdocs: Documentation changesstyle: Code style changes (formatting)refactor: Code refactoringtest: Adding testschore: Maintenance tasks
Example:
feat(payment): integrate Razorpay UPI payments
- Add Razorpay order creation endpoint
- Implement payment signature verification
- Add webhook handler for payment events
Closes #42
- Develop: Create feature branch from
develop - Test: Ensure all tests pass locally
- PR: Open PR to
developbranch - Review: Await code review and CI checks
- Merge: Merge to
develop(auto-deploys to staging) - Release: Merge
developtomain(production deploy)
Use the issue template and include:
- Clear description
- Steps to reproduce
- Expected vs actual behavior
- Screenshots/logs
- Environment (OS, browser, app version)
Describe:
- User story: "As a [user], I want [feature] so that [benefit]"
- Acceptance criteria
- UI mockups (if applicable)
Remember: Quality is not negotiable. Every commit is a building block of an unbreakable fortress. Thank you for maintaining these standards! 🛡️