Skip to content
Matter Design
BrandFoundationsTypeSurfacesComponentsPatternsUsage
TestingQuarantines

Quarantines

When to use a quarantine instead of an allowlist

Allowlists are for known, reasoned exceptions: "this finding is correct but we've decided not to fix it yet, and here's why."

Quarantines are for temporal problems with the gate itself: "this gate fails intermittently and we don't yet know why; mute it while we investigate."

The difference matters because:

  • Allowlist entries are about the code (the finding is real, the suppression is intentional).
  • Quarantine entries are about the gate (the finding may be noise; we're investigating).

Mixing them muddies post-mortems and audit trails. Pick the right tool.

File shape

// <gate-base>.quarantine.json
{
  "entries": [
    {
      "gate": "my-gate",
      "fingerprint": "<finding-fingerprint>",
      "flake_rate": 0.12,
      "tracking_issue": "MAT-9876",
      "expires_at": "2026-06-15",
      "added_at": "2026-05-15"
    }
  ]
}

Two suppression scopes:

  • Whole-gate quarantine — omit fingerprint. The gate runs but never blocks the build. Use sparingly — usually a sign the gate needs a rewrite.
  • Specific-finding quarantine — include fingerprint. Only that finding is suppressed.

How quarantine differs from allowlist at runtime

A quarantined whole-gate emits its findings as normal in telemetry, but the runner reports quarantined: true and the gate's exit code is forced to 0. The scorecard tracks quarantine_size per gate so chronic flakiness shows up as a trend.

A quarantined finding still appears in the report (at info severity) so reviewers can see what's being muted. The exit-code-contribution is dropped.

Hard expiration

Same rule as allowlists: every quarantine entry has an expires_at (ISO date), and past-expiry entries become hard failures. Quarantine is temporary by design.

If you find yourself renewing the same quarantine entry a third time, the right move is usually one of:

  1. Rewrite the gate to remove the flakiness.
  2. Delete the gate (if it's structurally unsalvageable).
  3. Convert the quarantine to an allowlist entry with a real tracking issue (if the finding turns out to be a reasoned exception, not flake).

Future: auto-quarantine

The current implementation supports manual quarantine entries. A future slice adds automatic flake detection — the runner records N-of-M failure rates and auto-adds a quarantine entry above a threshold, with a default 14-day horizon. Until then, quarantine is opt-in.

Edit on GitHub

Allowlists

How the bounded-allowlist machinery works. Every entry has a tracking issue and a hard expiration date — allowlists shrink monotonically.

Budgets

Measurable-ceiling gates — perf, a11y, bundle-size, cost, latency. The Vercel-flavoured layer of the framework.

On this page

When to use a quarantine instead of an allowlistFile shapeHow quarantine differs from allowlist at runtimeHard expirationFuture: auto-quarantine