Maintainability rules

When introducing or deprecating public APIs, include @since for introductions and @deprecated with migration notes and links for removals.

Use <inheritdoc/> to inherit docs for overrides/implementations, but explicitly add <exception> and behavior differences when applicable.

Detect relative imports (e.g., `from .module import x`). Relative imports can break if the project structure changes. Recommend using absolute imports (`from package.module import x`) for better clarity and maintainability.

When a value comes from a finite set, model it as an enum constant instead of string/int literals.

Replace string literals that represent finite sets with enums (optionally flagged) or constants.

Declare SEO metadata via export const metadata or generateMetadata; avoid manual <Head> in App Router.

Replace numeric/string literals with named constants to document meaning.

When emitting custom events with data using `$emit`, pass an object literal as the payload instead of a raw primitive value, especially if there's a chance more data might be needed later.

Do not hardcode UI strings; use I18n keys with proper scopes.

Check if function signatures include type annotations. Type hints improve readability and help catch type-related errors early. Recommend adding type annotations where missing.

Ensure that functions in public APIs include type annotations. Type annotations improve code clarity and help catch type-related errors early. Recommend adding them where missing.

Utility classes are not meant to be instantiated. Mark them as static or provide a private constructor to prevent unintended instantiation.

Accept only short-lived tokens from the gateway (JWT/JWE or opaque) and validate signature/expiry; do not persist tokens beyond business need. Never attempt to reconstruct PAN from tokens. (PCI DSS data minimization)