Behavioral Change Detection
Detects removed logic (Warn), incompatible method signature changes (Block), backward-compatible extensions (Info), and cryptographic boundary changes (Block).
Why this rule exists
A line removed from production code is a behavior change. If no test changed in the same diff, either the removed line was untested (silent regression risk) or the test it broke was deleted to make CI green.
Code example
// Removes a guard clause without touching tests
- if (user is null) throw new ArgumentNullException(nameof(user));
return user.Email;// Removes the guard AND adds a test asserting the new contract
- if (user is null) throw new ArgumentNullException(nameof(user));
return user.Email;
+ // tests/UserTests.cs
+ [Fact] public void GetEmail_NullUser_Throws_NullReference() { ... }Configuration
Disable or adjust the severity of this rule in .gauntletci.json:
{
"rules": {
"GCI0003": { "enabled": true, "severity": "Block" }
}
}See Configuration for the full schema.
Related rules
Breaking Change Risk
Detects [Obsolete] attribute additions and removals on public APIs. Removing a deprecation guard is Block-severity; adding one is a Warn-level review signal.
Edge Case Handling
Detects potential null dereferences and missing validation in added code.
Pure Context Mutation
Detects assignment operators inside property getter blocks or methods decorated with [Pure], indicating unexpected side effects.
Discussed in
The Asymmetry of Change: Why Your Tests Are Looking the Wrong Way
Why passing tests don't guarantee correct behavior. How diff-scanning can close the gap between code changes and test validation.
Why Tests Miss Bugs
Tests pass but bugs still reach production. The categories of risk that escape test suites and why a green build is not the same as safe code.
Why Code Review Misses Bugs
Code review catches style and obvious logic errors. It routinely misses behavioral drift, contract changes, and implicit assumptions.
A Formal Framework for Behavioral Change Risk
A structured taxonomy for behavioral, contract, concurrency, and side-effect risk in code diffs.
What Is Diff-Based Analysis?
Diff-based analysis evaluates only what changed in a commit. Why that scope is the right unit of risk for pre-commit checks.
How Azure SDK PR #57223 Introduced 6,650+ Unique Risk Signals
Azure SDK PR #57223 generated 6,650+ unique behavioral risk signals across 3 framework versions. See why traditional tools missed them.
Beyond SonarQube: A Behavioral Alternative to Code Smell Detection
Why linter rules and code smells miss behavioral regressions. A case for deterministic behavioral analysis as a gating criterion instead of counting violations.
log4net PR #201: 3,753+ Risk Signals in a Major Enterprise Refactor
Large-scale logging framework refactoring introducing thousands of behavioral changes across multiple code paths.
Google API PR #3150 Analysis
Behavioral risk analysis of a major Google API library pull request.
StackExchange.Redis PR #3028 Analysis
Behavioral change risk in a critical infrastructure library pull request.
gRPC .NET PR #2531 Analysis
Behavioral risk signals in a fundamental RPC framework pull request.
AngleSharp PR #1159 Analysis
HTML parser library pull request introducing behavioral changes.
State of Behavioral Change Risk in .NET
A field report from 610 merged C# PRs across 61 repositories, with raw findings, high-confidence findings, and outlier disclosure.
Best AI Code Review Tools for Pull Requests
How to evaluate AI code review tools by evidence quality, repeatability, CI fit, noise control, and merge-gate safety.
What Is Pull Request Risk Analysis?
Pull request risk analysis evaluates how a diff changes behavior, contracts, tests, runtime safety, and production blast radius before merge.
CI Quality Gate for Pull Requests
A practical framework for designing CI quality gates that block risky pull requests instead of only enforcing style, coverage, and known vulnerabilities.
Automated Code Review Tools for GitHub Pull Requests
How GitHub teams should choose automated code review tools for PR comments, required checks, Actions workflows, and deterministic merge protection.
Best Code Review Tools for GitHub
A GitHub-focused guide to choosing code review tools across human review, AI assistants, security scanners, static analysis, and PR risk gates.
CodeRabbit Alternative: Deterministic Pull Request Risk Analysis
A buyer-focused comparison for teams evaluating AI pull request reviewers and deterministic PR risk analysis before merge.
Real-world evidence
Nullable Migration in Newtonsoft.Json
A 169-file nullable reference type migration changed public annotations and fixed null-parent behavior.
Cosmos Serialization Modernization in EF Core
A Cosmos serialization rewrite added public deprecation, internal signature churn, and data-preservation review questions.
Timeout Inheritance Change in NUnit
A release-branch merge changed timeout attribute inheritance without matching the old Thread.Sleep claim.
Signature Validation Telemetry in IdentityModel
Signature validation telemetry added issuer allowlisting and validation call-path changes.
Implemented in src/GauntletCI.Core/Rules/Implementations/GCI0003_*.cs.
Eric Cogen -- Founder, GauntletCI
Twenty years as a senior technical consultant building and modernizing enterprise platforms across .NET, AWS, serverless, microservices, and AI-driven systems.