{
  "rule_id": "no-git-commands-in-tests",
  "category": "testing_policy",
  "text": "Tests MUST NOT execute git commit or any command chain that might invoke it. This environment uses mandatory interactive GPG signing. Any test spawning git commit will hang indefinitely, crash the test runner, and potentially crash WSL2.",
  "scope": {
    "environment": "github-copilot",
    "context_tags": ["testing", "git", "critical"]
  },
  "severity": "must-not",
  "forbidden_patterns": [
    "execSync(\"git commit",
    "execSync('git commit",
    "execSync(`git commit",
    "spawnSync(\"git\", [\"commit\"",
    "spawnSync('git', ['commit'",
    "exec(\"git commit",
    "spawn(\"git\", [\"commit\""
  ],
  "allowed_patterns": [
    "execSync(\"git rev-parse",
    "execSync(\"git branch",
    "execSync(\"git log",
    "execSync(\"git status"
  ],
  "quarantine_location": "test/shared/git/",
  "quarantine_command": "npm run test:git",
  "examples": [
    {
      "violation": "execSync('git init'); execSync('git commit -m \"test\"');",
      "reason": "Spawns git commit which requires interactive GPG signing"
    },
    {
      "violation": "execSync('git config commit.gpgsign false'); execSync('git commit -m \"test\"');",
      "reason": "Even with gpgsign=false, git commands in tests are forbidden by policy"
    },
    {
      "correct": "const branch = process.env.LEX_DEFAULT_BRANCH || 'main';",
      "reason": "Use environment variables instead of git commands"
    }
  ],
  "consequences": [
    "Test runner hangs indefinitely",
    "CI pipeline times out",
    "WSL2 resource exhaustion",
    "Development environment crash"
  ],
  "alpha": 10,
  "beta": 0,
  "reinforcements": 3,
  "counter_examples": 0,
  "confidence": 1.0,
  "first_seen": "2025-11-25T00:00:00Z",
  "last_correction": "2025-11-25T00:00:00Z"
}