Quality Gates Skill

Objective

Enforce code quality standards by running automated checks that must pass before code can be committed, merged, or deployed. Acts as a guardian ensuring consistent quality across the codebase.

When to Use This Skill

Auto-invoke when:

• User completes feature implementation

• Before creating commits or pull requests

• User asks to "test", "validate", "check quality", or "verify"

• Before deployment or release

• After significant refactoring

Quality Gate Levels

Level 1: Pre-Commit Gates (Fast, < 30 seconds)

Essential checks that run before every commit.

Level 2: Pre-Push Gates (Moderate, < 2 minutes)

Comprehensive checks before pushing to remote.

Level 3: Pre-Deploy Gates (Thorough, < 5 minutes)

Complete validation before production deployment.

Gate Execution Workflow

Gate 1: Linting (JavaScript/TypeScript)

Purpose: Enforce code style and catch common errors

Tools: Bash, Read

Process:

Detect linter by checking for:

• ESLint: .eslintrc* , eslint.config.*

• Biome: biome.json

• None: Skip this gate

Read package.json to find lint script:

"scripts": { "lint": "eslint .", "lint:fix": "eslint . --fix" }

Execute linter:

Try to run lint script

npm run lint

If fails, try direct commands

npx eslint . || npx biome check .

Parse results:

• Exit code 0: ✅ PASS

• Exit code non-zero: ❌ FAIL

• Extract error count and file locations

Auto-fix attempt (if failures found):

npm run lint:fix || npx eslint . --fix

Success Criteria: Zero linting errors (warnings acceptable)

Gate 2: Type Checking (TypeScript)

Purpose: Verify type safety and catch type errors

Tools: Bash, Read, Grep

Process:

Detect TypeScript by checking for:

• tsconfig.json

• TypeScript in dependencies

Read tsconfig.json to check strictness:

• strict: true

• noImplicitAny , strictNullChecks , etc.

Execute type checker:

Try to run typecheck script

npm run typecheck || npm run type-check

If no script, run directly

npx tsc --noEmit

Parse results:

• Exit code 0: ✅ PASS

• Exit code non-zero: ❌ FAIL

• Extract error count and locations

Success Criteria: Zero type errors

Gate 3: Unit & Integration Tests

Purpose: Verify code functionality and prevent regressions

Tools: Bash, Read, Grep

Process:

Detect test framework:

• Vitest: vitest.config.* , vitest in dependencies

• Jest: jest.config.* , jest in dependencies

• Native test: --test flag with Node.js 20+

Count test files:

Use Grep to find test files

find . -name ".test." -o -name ".spec." | wc -l

Execute tests:

Run unit tests (fast)

npm run test || npm run test:unit

Or direct command

npx vitest run || npx jest --ci

Parse results:

• Total tests run

• Passed / Failed / Skipped

• Coverage percentage (if available)

Coverage check (if configured):

npm run test:coverage

Check if meets threshold (e.g., 80%)

Success Criteria:

• All tests pass (100%)

• Coverage ≥ configured threshold (if set)

Gate 4: Build Verification

Purpose: Ensure code compiles and builds without errors

Tools: Bash

Process:

Detect build system:

• Next.js: next build

• Vite: vite build

• Webpack: webpack --mode production

• TypeScript: tsc

Execute build:

npm run build

Check build artifacts:

• Verify output directory exists: dist/ , build/ , .next/

• Check for build errors in logs

Clean up (optional):

Remove build artifacts to save space

rm -rf dist/ build/ .next/

Success Criteria: Build completes with exit code 0

Gate 5: Security Audit

Purpose: Identify known vulnerabilities in dependencies

Tools: Bash, Read

Process:

Run npm/pnpm audit:

npm audit --json || pnpm audit --json

Parse audit results:

• Critical vulnerabilities: 0

• High vulnerabilities: 0

• Moderate vulnerabilities: < threshold

• Low vulnerabilities: informational

Check for specific vulnerabilities:

• Prototype pollution

• Remote code execution (RCE)

• SQL injection

• Cross-site scripting (XSS)

Suggest fixes:

npm audit fix

or

npm audit fix --force # (if safe)

Success Criteria:

• Zero critical/high vulnerabilities

• Moderate vulnerabilities acknowledged or fixed

Gate 6: Code Complexity Analysis (Optional)

Purpose: Flag overly complex code that may need refactoring

Tools: Grep, Bash

Process:

Detect code complexity tools:

• eslint-plugin-complexity

• SonarQube

• CodeClimate

Basic complexity checks:

Find files with excessive lines

find src -name "*.{ts,tsx,js,jsx}" -exec wc -l {} ; | awk '$1 > 500'

Find deeply nested code (>5 levels)

grep -rn "^[[:space:]]{20,}" src/

Count TODO/FIXME

grep -rn "TODO|FIXME|HACK" src/ | wc -l

Success Criteria:

• No files > 500 lines (warning only)

• No nesting > 5 levels (warning only)

Gate 7: Git Pre-Commit Checks

Purpose: Ensure commit quality and prevent sensitive data leaks

Tools: Bash, Grep

Process:

Check for sensitive data:

Search for API keys, secrets, tokens

git diff --cached | grep -i "api[_-]key|secret|password|token"

Check for .env files being committed

git diff --cached --name-only | grep ".env$"

Validate commit message (if Conventional Commits):

• Format: type(scope): description

• Types: feat, fix, docs, style, refactor, test, chore

Check file sizes:

Flag files > 1MB

git diff --cached --name-only | xargs ls -lh | awk '$5 > 1000000'

Success Criteria:

• No secrets in diff

• No .env files

• No large files (> 1MB)

Execution Strategy

Sequential Execution (Default)

Run gates in order, stop on first failure:

Lint → TypeCheck → Test → Build → Audit

Parallel Execution (Fast Mode)

Run independent gates simultaneously:

[Lint + TypeCheck + Test] → Build → Audit

Selective Execution

Run only relevant gates based on changes:

• .ts/.tsx files changed → TypeCheck

• Dependencies updated → Audit

• Test files changed → Tests only

Output Format

Quality Gate Results

Summary

✅ 5/7 Gates Passed | ❌ 2/7 Gates Failed

Gate Details

✅ Gate 1: Linting

• Status: PASS
• Duration: 3.2s
• Details: 0 errors, 2 warnings

❌ Gate 2: Type Checking

• Status: FAIL
• Duration: 5.1s
• Errors: 3 type errors found
  • src/components/Button.tsx:15 - Property 'onClick' is missing
  • src/utils/api.ts:42 - Type 'string' is not assignable to type 'number'
  • src/hooks/useAuth.ts:8 - Cannot find name 'User'

✅ Gate 3: Tests

• Status: PASS
• Duration: 12.4s
• Tests: 124 passed, 0 failed, 2 skipped
• Coverage: 87% (target: 80%)

⏭️ Gate 4: Build

• Status: SKIPPED (previous gate failed)

⏭️ Gate 5: Security Audit

• Status: SKIPPED (previous gate failed)

Action Required

Fix the 3 type errors in Gate 2 before proceeding.

Recommendations

1. Run npm run typecheck locally to see full error details
2. Consider adding pre-commit hooks to catch these earlier
3. Current code coverage (87%) exceeds target - excellent work!

Integration with Git Hooks

Setup Husky + lint-staged (Recommended)

Check if installed:

test -d .husky && echo "Husky installed" || echo "Husky not found"

Suggest installation if missing:

npm install --save-dev husky lint-staged npx husky init

Configure .husky/pre-commit:

#!/usr/bin/env sh . "$(dirname -- "$0")/_/husky.sh"

Run quality gates

npm run lint npm run typecheck npm run test

Alternative: git commit -m with manual checks

If no hooks, prompt user:

⚠️ No pre-commit hooks detected. Would you like me to run quality gates before committing? (Recommended)

Progressive Quality Gates

Level 1: Essential (Always Run)

• Linting

• Type checking

Level 2: Standard (Pre-Push)

• Essential +

• Unit tests

• Security audit

Level 3: Comprehensive (Pre-Deploy)

• Standard +

• Integration tests

• E2E tests

• Build verification

• Performance tests

Error Recovery

Auto-Fix Capability

• Lint errors: Run eslint --fix or biome check --apply

• Format errors: Run prettier --write

• Security vulnerabilities: Run npm audit fix

Manual Fix Required

• Type errors

• Test failures

• Build errors

Bypass (Use with Caution)

Skip hooks for emergency fixes only

git commit --no-verify -m "emergency: fix critical bug"

Best Practices

• Fail Fast: Stop at first critical failure to save time

• Clear Feedback: Always show which gate failed and why

• Actionable: Provide exact commands to fix issues

• Configurable: Respect project's quality thresholds

• Performance: Cache results when possible

• Incremental: Only check changed files when appropriate

Configuration

Read from package.json

{ "qualityGates": { "coverage": { "minimum": 80, "enabled": true }, "audit": { "level": "moderate", "enabled": true }, "complexity": { "maxLines": 500, "maxDepth": 5 } } }

Default Settings

If no config found, use sensible defaults:

• Coverage minimum: 70%

• Audit level: high/critical only

• Max file lines: 500

• Max nesting: 5 levels

Integration with Other Skills

• codebase-analysis

• Use to detect available quality tools

• git-workflow

• Integrate with commit/push process

• ci-cd-setup

• Configure gates for CI pipeline

Version History

• 1.0.0 (2025-01-03): Initial skill with 7 quality gates and progressive execution