External Service Safety
Detects unsafe HTTP client usage and external service call patterns that lack timeout, cancellation, or retry configuration.
Why this rule exists
Default HttpClient timeouts are 100 seconds. A single slow downstream service can drain your entire thread pool and take the whole app offline before any health check fires.
Code example
+ var http = new HttpClient();
+ var resp = await http.GetAsync(url);+ var resp = await _httpClientFactory.CreateClient("orders")
+ .GetAsync(url, ct); // factory configures timeout, retry, circuit breakerConfiguration
Disable or adjust the severity of this rule in .gauntletci.json:
{
"rules": {
"GCI0039": { "enabled": true, "severity": "Block" }
}
}See Configuration for the full schema.
Related rules
Resource Lifecycle
Detects disposable resources allocated without a using statement or try/finally disposal, leading to connection and handle leaks.
Concurrency and State Risk
Detects async void methods, blocking async calls (.Result, .Wait(), .GetAwaiter().GetResult()), lock(this), and Thread.Sleep in production code. Uses ForPatternScan to ignore matches inside // comments and string literals.
Idempotency and Retry Safety
Detects HTTP POST endpoints without idempotency keys and raw INSERT statements without upsert guards, which are unsafe under retry logic.
Implemented in src/GauntletCI.Core/Rules/Implementations/GCI0039_*.cs.
Eric Cogen -- Founder, GauntletCI
Twenty years as a senior technical consultant building and modernizing enterprise platforms across .NET, AWS, serverless, microservices, and AI-driven systems.