HighPR-scope Plug & play

Enforce minimum coverage in CI

CI must fail the build when line coverage drops below the project threshold (e.g., 80%); publish coverage reports as artifacts.

Add to Mesrai Open workspace

Why this matters

Automated gates prevent coverage regressions and make quality visible.

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

steps:
 - name: Run tests
 run: test

Prefer

steps:
 - name: Run tests with coverage
 run: coverage run -m test
 - name: Enforce coverage threshold
 run: coverage report --fail-under=80
 - name: Upload coverage
 uses: actions/upload-artifact@v4
 with: { name: coverage, path: coverage/ }

More snippets

Good

coverage report --fail-under=80

Bad

run: test # no coverage gate

Related rules

From the same buckets as this rule.

Critical
No live network or DB in unit tests—use fakes/mocks
Unit tests must stub or fake external HTTP/DB calls; allow real I/O only in integration/e2e tests tagged accordingly.
testing-qualityperformance-efficiency+1
High
Behavioral changes must add or update tests
If files under src/ change behavior, the PR must include tests/ updates or a PR description line no-tests: <reason> explaining why tests are unaffected.
testing-qualitypr-hygiene
High
Block real PAN/SAD in fixtures and test data
Reject PRs adding real PAN/CVV in fixtures, seeds, or mocks. Only use Luhn-valid test PANs from the gateway or opaque tokens (e.g., tok_) and never include CVV. Add a check to fail if a PAN regex is matched. (PCI DSS data minimization)
compliance-pci-dsstesting-quality+1

Why this matters

Bad vs. good

More snippets

Related rules

No live network or DB in unit tests—use fakes/mocks

Behavioral changes must add or update tests

Block real PAN/SAD in fixtures and test data

Why this matters

Bad vs. good

More snippets

Related rules

No live network or DB in unit tests—use fakes/mocks

Behavioral changes must add or update tests

Block real PAN/SAD in fixtures and test data