add llm anti-patterns to context files

name the LLM-default constructs this project forbids in explicit before/after tables. catching the trap by pattern match is more reliable than expecting a general rule to be applied at write time. backend table covers PHP traps (arrow fns, inline FQCNs, default params, stored refs, em dashes, short names); frontend table covers JS/template/ cypress traps.
2026-05-02 22:15:23 +03:00 · 2026-05-02 22:15:23 +03:00 · 5d6c9f7ec9
commit 5d6c9f7ec9
parent b07b1e2666
2 changed files with 34 additions and 0 deletions
--- a/ai/frontend-context.md
+++ b/ai/frontend-context.md
@ -31,3 +31,18 @@ with surrounding files. (TODO: wire up format/lint when added.)
 Frontend changes are often a template plus its page-level JS counterpart -
 commit them together as a single logical unit, per the "one logical change
 per commit" rule in `shared.md`.
+
+## LLM anti-patterns
+
+Constructs LLMs default to that this project forbids on the frontend.
+
+| Anti-pattern | Forbidden | Required |
+|---|---|---|
+| Short variable name | `t`, `n`, `res`, `req`, `e`, `el`, `ev` | `text`, `node`, `response`, `request`, `submitEvent`, `element`, `clickEvent` |
+| Em dash in code/comments | `// loads texts — owner only` | `// loads texts - owner only` |
+| Inline `<script>` in templates | `<script>doStuff()</script>` in a `.php` template | put logic in `public/js/<page>.js`, load via `<script src=...>` |
+| Hardcoded admin URLs in user-facing JS | `fetch('/api/admin/...')` from a non-admin page JS | call user-scoped endpoints from user pages, admin endpoints only from admin pages |
+| Cypress test logging in as the wrong role | `cy.loginAsAdmin()` in a non-admin spec | match the role to the page under test (`loginAsUser` for `/home`, `/texts`; `loginAsAdmin` for `/admin/*`) |
+
+When generating code, scan the diff for these patterns before writing it
+to disk.