-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy patherror-handling.yaml
More file actions
204 lines (174 loc) · 7.98 KB
/
error-handling.yaml
File metadata and controls
204 lines (174 loc) · 7.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
# Error Handling Code Review Guidelines
# Comprehensive rules for exception handling, error propagation, logging, user-facing errors, and graceful degradation
description: "Code review guidelines for error handling covering exceptions, error propagation, logging, and graceful degradation"
globs:
- "**/*.ts"
- "**/*.js"
- "**/*.py"
- "**/*.java"
- "**/*.go"
- "**/*.rb"
- "**/*.cs"
- "**/*.rs"
- "**/*.swift"
- "**/*.kt"
rules:
# ============================================================================
# EXCEPTION HANDLING RULES
# ============================================================================
- name: use-specific-exceptions
description: >
Catch specific exception types, not generic Exception/Error. Specific
catches allow appropriate handling per error type. Generic catches
hide bugs and prevent proper recovery. Only catch what you can handle.
severity: high
- name: design-exception-hierarchy
description: >
Create meaningful exception hierarchies for your domain. Base exceptions
for categories, specific exceptions for cases. Hierarchy enables catching
at appropriate abstraction level. Document exception semantics.
severity: medium
- name: preserve-exception-context
description: >
When rethrowing or wrapping exceptions, preserve the original cause/stack
trace. Lost context makes debugging impossible. Use language-specific
chaining (cause in Java, __cause__ in Python, %w in Go).
severity: high
- name: avoid-empty-catch-blocks
description: >
Never have empty catch blocks. At minimum, log the error. Empty catches
silently swallow errors, making debugging extremely difficult. If truly
ignorable, document why explicitly.
severity: critical
- name: use-finally-for-cleanup
description: >
Use finally blocks or language equivalents (defer, using, with) to ensure
resource cleanup regardless of exceptions. Uncleaned resources cause leaks
and unpredictable behavior.
severity: high
# ============================================================================
# ERROR PROPAGATION RULES
# ============================================================================
- name: define-error-boundaries
description: >
Define clear error boundaries in your architecture. Errors should be
caught and handled at appropriate levels (controller, service, repository).
Don't let low-level errors leak to users.
severity: high
- name: implement-fallback-strategies
description: >
Define fallback behavior when operations fail. Use default values, cached
data, or degraded functionality. Fallbacks should be documented and tested.
Some operations may have no fallback; that's also a decision.
severity: medium
- name: implement-retry-logic
description: >
Implement retry with exponential backoff for transient errors. Set max
retry count and timeout. Only retry idempotent operations. Add jitter
to prevent thundering herd. Log retry attempts.
severity: medium
- name: fail-fast-on-fatal-errors
description: >
Fail fast for unrecoverable errors (configuration errors, missing
dependencies). Don't attempt recovery that will fail. Fast failure
provides clearer diagnostics than limping along.
severity: high
- name: propagate-errors-consistently
description: >
Use consistent error propagation patterns throughout codebase. Return
errors vs throwing exceptions should be consistent. Document error
contracts for functions. Don't mix patterns arbitrarily.
severity: medium
# ============================================================================
# LOGGING RULES
# ============================================================================
- name: include-error-context
description: >
Log errors with full context: operation being performed, relevant IDs,
input values (sanitized), and state. Context enables debugging without
reproduction. Don't log just "error occurred".
severity: high
- name: preserve-stack-traces
description: >
Log complete stack traces for exceptions. Stack traces show error origin
and call path. Truncated or missing traces make debugging impossible.
Configure logging frameworks to include traces.
severity: high
- name: use-correlation-ids
description: >
Include correlation/request IDs in error logs. Correlation IDs tie
related logs across services and time. Essential for distributed system
debugging. Propagate IDs through entire request lifecycle.
severity: high
- name: use-appropriate-log-levels
description: >
Use correct log levels: ERROR for failures requiring attention, WARN for
potential issues, INFO for significant events, DEBUG for diagnostics.
Don't log expected conditions as errors.
severity: medium
- name: avoid-logging-sensitive-data
description: >
Never log passwords, tokens, PII, or sensitive data in error logs.
Sanitize error messages before logging. Audit logs for sensitive data
leaks. Compliance requires data protection.
severity: critical
# ============================================================================
# USER-FACING ERRORS RULES
# ============================================================================
- name: provide-user-friendly-messages
description: >
Error messages for users should be clear, actionable, and non-technical.
Tell users what went wrong and what they can do. Never show stack traces
or internal error codes to end users.
severity: high
- name: support-error-localization
description: >
Error messages should support localization. Use message keys and
translation files, not hardcoded strings. Consider cultural differences
in error communication.
severity: medium
- name: use-error-codes
description: >
Use structured error codes for programmatic handling. Codes like
"USER_NOT_FOUND" or "INVALID_EMAIL_FORMAT" enable client-side handling.
Document all error codes. Codes are more stable than messages.
severity: medium
- name: dont-expose-internal-details
description: >
Never expose internal implementation details in user-facing errors.
Database errors, file paths, and server names are security risks.
Log internally, show generic message externally.
severity: critical
# ============================================================================
# GRACEFUL DEGRADATION RULES
# ============================================================================
- name: implement-circuit-breakers
description: >
Use circuit breakers to prevent cascading failures. Open circuit when
failures exceed threshold, allow system to recover. Test circuit breaker
behavior. Essential for resilient distributed systems.
severity: high
- name: set-appropriate-timeouts
description: >
Set timeouts for all external calls. No timeout means infinite wait.
Timeouts should be appropriate for operation type. Use deadline
propagation in distributed systems.
severity: high
- name: implement-graceful-fallbacks
description: >
When services fail, provide graceful fallbacks: cached data, default
values, or reduced functionality. Fallbacks maintain partial service
rather than complete failure. Test fallback behavior.
severity: medium
- name: design-for-partial-failure
description: >
Design systems to handle partial failures. If one service fails, others
should continue. Use bulkheads to isolate failures. Test partial failure
scenarios explicitly.
severity: high
- name: communicate-degraded-state
description: >
Communicate degraded state to users and monitoring. Show notifications
when running on fallback. Alert operations team. Transparency about
degradation enables appropriate response.
severity: medium