HighPR-scope Plug & play

PR description must match code changes (no hidden scope creep)

Ensure the PR title/description honestly reflects what the diff actually changes. Flag out-of-scope changes (behavioral changes hidden as refactors, unrelated dependency bumps, config/security changes) and require either: - splitting into separate PRs, or - an explicit 'Additional changes' section with rationale and risk/rollout notes.

Add to Mesrai Open workspace

Why this matters

Prevents surprises, improves review quality, and reduces accidental risk in production.

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

PR says 'docs update' but changes auth logic and permissions.

Prefer

PR says 'docs update' + separate PR for auth changes, or clearly calls out auth change with tests and rollout.

More snippets

Bad

Description: "minor refactor"; diff changes access control

Good

Description includes all risky changes + review guide

Related rules

From the same buckets as this rule.

High
Avoid mixed concerns in one PR
Do not combine mechanical changes (formatting, renames) with behavioral changes. If unavoidable, separate commits and call out which commits are mechanical.
pr-hygienereadability-refactor+1
High
Behavioral changes must add or update tests
If files under src/ change behavior, the PR must include tests/ updates or a PR description line no-tests: <reason> explaining why tests are unaffected.
testing-qualitypr-hygiene
High
Bugfix PRs must match the real production failure (root cause, not band-aid)
If the PR claims to fix a specific issue (e.g., 'Fixes #123' / 'Fix PAY-123'), validate it against the real production error. - If an observability MCP is available (Sentry/Datadog/Bugsnag): fetch the event/stack trace and confirm the change addresses the root cause. - Require a regression test (or a clearly documented reason why a test cannot be added). Call out fixes that only hide symptoms (catch-and-ignore, broader retries, defaulting values) without removing the underlying failure mode.
pr-hygieneerror-handling+2

PR description must match code changes (no hidden scope creep)

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

PR says 'docs update' but changes auth logic and permissions.

Prefer

PR says 'docs update' + separate PR for auth changes, or clearly calls out auth change with tests and rollout.

More snippets

Bad

Description: "minor refactor"; diff changes access control

Good

Description includes all risky changes + review guide

Related rules

From the same buckets as this rule.

High

Avoid mixed concerns in one PR

Do not combine mechanical changes (formatting, renames) with behavioral changes. If unavoidable, separate commits and call out which commits are mechanical.

pr-hygienereadability-refactor+1

High

Behavioral changes must add or update tests

If files under src/ change behavior, the PR must include tests/ updates or a PR description line no-tests: <reason> explaining why tests are unaffected.

testing-qualitypr-hygiene

High

Bugfix PRs must match the real production failure (root cause, not band-aid)

If the PR claims to fix a specific issue (e.g., 'Fixes #123' / 'Fix PAY-123'), validate it against the real production error. - If an observability MCP is available (Sentry/Datadog/Bugsnag): fetch the event/stack trace and confirm the change addresses the root cause. - Require a regression test (or a clearly documented reason why a test cannot be added). Call out fixes that only hide symptoms (catch-and-ignore, broader retries, defaulting values) without removing the underlying failure mode.

pr-hygieneerror-handling+2