Skip to main content

Coding Standards

Naming

  • Packages MUST be lowercase and concise.
  • Exported identifiers MUST use PascalCase.
  • Unexported identifiers MUST use camelCase.
  • Error variables SHOULD follow Err<Meaning> naming.
  • Handler names SHOULD reflect resource + action (for example: CreateBooking, GetUser).

Error Handling

  • Functions MUST return early on errors.
  • Propagated errors SHOULD include context using %w.
  • Handlers MUST map domain/runtime errors to stable HTTP status codes.
  • Production responses MUST NOT expose sensitive internals.
if err != nil {
    return fmt.Errorf("load policy by id: %w", err)
}

Logging

  • Logs MUST NOT include passwords, OTPs, tokens, or secrets.
  • Logs SHOULD include request-scoped context when available.
  • FATAL SHOULD be reserved for startup-blocking failures.

Context and Timeouts

  • External calls (DB/cache/HTTP/AI) MUST use bounded timeouts.
  • Request-scoped context SHOULD be passed through service/data boundaries.
  • Long request paths MUST avoid unbounded context.Background().

Middleware Order

Use deterministic middleware order in server setup:

  1. security headers
  2. panic recovery
  3. CORS
  4. compression / etag
  5. request logging
  6. rate limiting

Enable logging/limiting through config flags where possible.