Breaking Change Risk
Detects [Obsolete] attribute additions and removals on public APIs. Removing a deprecation guard is Block-severity; adding one is a Warn-level review signal.
Why this rule exists
Public APIs are contracts with every caller in every consuming repo. Removing or renaming one without a deprecation cycle breaks downstream builds and forces emergency releases.
Code example
- [Obsolete("Use GetOrderV2")]
public Task<Order> GetOrder(int id) => ... [Obsolete("Use GetOrderV2. Removed in v3.")]
public Task<Order> GetOrder(int id) => GetOrderV2(id);
+ public Task<Order> GetOrderV2(int id) => ...Configuration
Disable or adjust the severity of this rule in .gauntletci.json:
{
"rules": {
"GCI0004": { "enabled": true, "severity": "Warn" }
}
}See Configuration for the full schema.
Related rules
Data and Schema Compatibility
Detects removed serialization attributes and enum member removals that may break wire formats or persisted data.
Naming and Contract Alignment
Detects method renames where the new CRUD verb semantically contradicts the old verb, signaling an intent mismatch.
Dependency Bot API Drift
Fires when a dependency bot PR (Dependabot, Renovate, Snyk) contains both a lockfile change and a public API method signature change in C# files.
Discussed in
Detect Breaking Changes Before Merge
How to catch removed public APIs, signature changes, and serialization breaks at commit time instead of in downstream consumers.
What Is Diff-Based Analysis?
Diff-based analysis evaluates only what changed in a commit. Why that scope is the right unit of risk for pre-commit checks.
How Azure SDK PR #57223 Introduced 6,650+ Unique Risk Signals
Azure SDK PR #57223 generated 6,650+ unique behavioral risk signals across 3 framework versions. See why traditional tools missed them.
Beyond SonarQube: A Behavioral Alternative to Code Smell Detection
Why linter rules and code smells miss behavioral regressions. A case for deterministic behavioral analysis as a gating criterion instead of counting violations.
log4net PR #201: 3,753+ Risk Signals in a Major Enterprise Refactor
Large-scale logging framework refactoring introducing thousands of behavioral changes across multiple code paths.
Google API PR #3150 Analysis
Behavioral risk analysis of a major Google API library pull request.
StackExchange.Redis PR #3028 Analysis
Behavioral change risk in a critical infrastructure library pull request.
gRPC .NET PR #2531 Analysis
Behavioral risk signals in a fundamental RPC framework pull request.
AngleSharp PR #1159 Analysis
HTML parser library pull request introducing behavioral changes.
State of Behavioral Change Risk in .NET
A field report from 610 merged C# PRs across 61 repositories, with raw findings, high-confidence findings, and outlier disclosure.
What Is Pull Request Risk Analysis?
Pull request risk analysis evaluates how a diff changes behavior, contracts, tests, runtime safety, and production blast radius before merge.
CI Quality Gate for Pull Requests
A practical framework for designing CI quality gates that block risky pull requests instead of only enforcing style, coverage, and known vulnerabilities.
Best Code Review Tools for GitHub
A GitHub-focused guide to choosing code review tools across human review, AI assistants, security scanners, static analysis, and PR risk gates.
Real-world evidence
Implemented in src/GauntletCI.Core/Rules/Implementations/GCI0004_*.cs.
Eric Cogen -- Founder, GauntletCI
Twenty years as a senior technical consultant building and modernizing enterprise platforms across .NET, AWS, serverless, microservices, and AI-driven systems.