# Code Review Rules for acme-api

Generated on 2026-04-13 00:13:17

### `PHP001`

- **Severity:** critical
- **Category:** security
- **Rule:** SQL Injection Prevention
- **Reasoning:** SQL injection is one of the most common and dangerous vulnerabilities that can lead to data breaches.

### `PHP002`

- **Severity:** high
- **Category:** performance
- **Rule:** N+1 Query Prevention
- **Reasoning:** N+1 queries significantly degrade application performance at scale.

### `PHP003`

- **Severity:** high
- **Category:** architectural
- **Rule:** Service Layer Pattern
- **Reasoning:** Separation of concerns improves maintainability and testability.

### `JS001`

- **Severity:** high
- **Category:** security
- **Rule:** XSS Prevention
- **Reasoning:** Cross-site scripting attacks can steal user sessions and sensitive data.

### `JS002`

- **Severity:** medium
- **Category:** best_practice
- **Rule:** Async Error Handling
- **Reasoning:** Unhandled promise rejections can crash the application or cause silent failures.

### `SQL001`

- **Severity:** medium
- **Category:** performance
- **Rule:** Index Required Columns
- **Reasoning:** Missing indexes cause full table scans and severely degrade query performance.

### `GEN001`

- **Severity:** medium
- **Category:** best_practice
- **Rule:** Test Coverage Requirements
- **Reasoning:** Tests prevent regressions and document expected behavior.

### `GEN002`

- **Severity:** high
- **Category:** dependency
- **Rule:** Dependency Version Pinning
- **Reasoning:** Unpinned dependencies can introduce breaking changes unexpectedly.