I think enforcing test coverage monitoring and metrics like existing code change will make sure those change doesn't get to PR stage. The goal should be constructing a sophisticated signal pipeline which runs on every PR which, and the goal is as long as the signal passes, it is safe to claim that landing the PR will cause no issue and will not structurally damage the system.