CriticalFile-scope Plug & play

No live network or DB in unit tests—use fakes/mocks

Unit tests must stub or fake external HTTP/DB calls; allow real I/O only in integration/e2e tests tagged accordingly.

Why this matters

Live I/O introduces slowness, nondeterminism, and external failures unrelated to the code.

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

test("loads profile", () => {
 const res = http.get("https://api.example.com/profile/42");
 assertEquals(res.status, 200);
});

Prefer

test("loads profile (stubbed)", () => {
 const http = fakeHttp({"/profile/42": {status: 200, body: {id: 42}}});
 const res = http.get("/profile/42");
 assertEquals(res.status, 200);
});

More snippets

Good

unit: uses fakeHttp()/mockClient()

Bad

unit: calls https://...

Related rules

From the same buckets as this rule.

High
Behavioral changes must add or update tests
If files under src/ change behavior, the PR must include tests/ updates or a PR description line no-tests: <reason> explaining why tests are unaffected.
testing-qualitypr-hygiene
High
Block real PAN/SAD in fixtures and test data
Reject PRs adding real PAN/CVV in fixtures, seeds, or mocks. Only use Luhn-valid test PANs from the gateway or opaque tokens (e.g., tok_) and never include CVV. Add a check to fail if a PAN regex is matched. (PCI DSS data minimization)
compliance-pci-dsstesting-quality+1
High
Enforce minimum coverage in CI
CI must fail the build when line coverage drops below the project threshold (e.g., 80%); publish coverage reports as artifacts.
testing-qualityci-cd-build-hygiene

Why this matters

Bad vs. good

More snippets

Related rules

Behavioral changes must add or update tests

Block real PAN/SAD in fixtures and test data

Enforce minimum coverage in CI

Why this matters

Bad vs. good

More snippets

Related rules

Behavioral changes must add or update tests

Block real PAN/SAD in fixtures and test data

Enforce minimum coverage in CI