Quality Gates Skill
Objective
Enforce code quality standards by running automated checks that must pass before code can be committed, merged, or deployed. Acts as a guardian ensuring consistent quality across the codebase.
When to Use This Skill
Auto-invoke when:
- •User completes feature implementation
- •Before creating commits or pull requests
- •User asks to "test", "validate", "check quality", or "verify"
- •Before deployment or release
- •After significant refactoring
Quality Gate Levels
Level 1: Pre-Commit Gates (Fast, < 30 seconds)
Essential checks that run before every commit.
Level 2: Pre-Push Gates (Moderate, < 2 minutes)
Comprehensive checks before pushing to remote.
Level 3: Pre-Deploy Gates (Thorough, < 5 minutes)
Complete validation before production deployment.
Gate Execution Workflow
Gate 1: Linting (JavaScript/TypeScript)
Purpose: Enforce code style and catch common errors
Tools: Bash, Read
Process:
- •
Detect linter by checking for:
- •ESLint:
.eslintrc*,eslint.config.* - •Biome:
biome.json - •None: Skip this gate
- •ESLint:
- •
Read package.json to find lint script:
json"scripts": { "lint": "eslint .", "lint:fix": "eslint . --fix" } - •
Execute linter:
bash# Try to run lint script npm run lint # If fails, try direct commands npx eslint . || npx biome check .
- •
Parse results:
- •Exit code 0: ✅ PASS
- •Exit code non-zero: ❌ FAIL
- •Extract error count and file locations
- •
Auto-fix attempt (if failures found):
bashnpm run lint:fix || npx eslint . --fix
Success Criteria: Zero linting errors (warnings acceptable)
Gate 2: Type Checking (TypeScript)
Purpose: Verify type safety and catch type errors
Tools: Bash, Read, Grep
Process:
- •
Detect TypeScript by checking for:
- •
tsconfig.json - •TypeScript in dependencies
- •
- •
Read tsconfig.json to check strictness:
- •
strict: true - •
noImplicitAny,strictNullChecks, etc.
- •
- •
Execute type checker:
bash# Try to run typecheck script npm run typecheck || npm run type-check # If no script, run directly npx tsc --noEmit
- •
Parse results:
- •Exit code 0: ✅ PASS
- •Exit code non-zero: ❌ FAIL
- •Extract error count and locations
Success Criteria: Zero type errors
Gate 3: Unit & Integration Tests
Purpose: Verify code functionality and prevent regressions
Tools: Bash, Read, Grep
Process:
- •
Detect test framework:
- •Vitest:
vitest.config.*,vitestin dependencies - •Jest:
jest.config.*,jestin dependencies - •Native test:
--testflag with Node.js 20+
- •Vitest:
- •
Count test files:
bash# Use Grep to find test files find . -name "*.test.*" -o -name "*.spec.*" | wc -l
- •
Execute tests:
bash# Run unit tests (fast) npm run test || npm run test:unit # Or direct command npx vitest run || npx jest --ci
- •
Parse results:
- •Total tests run
- •Passed / Failed / Skipped
- •Coverage percentage (if available)
- •
Coverage check (if configured):
bashnpm run test:coverage # Check if meets threshold (e.g., 80%)
Success Criteria:
- •All tests pass (100%)
- •Coverage ≥ configured threshold (if set)
Gate 4: Build Verification
Purpose: Ensure code compiles and builds without errors
Tools: Bash
Process:
- •
Detect build system:
- •Next.js:
next build - •Vite:
vite build - •Webpack:
webpack --mode production - •TypeScript:
tsc
- •Next.js:
- •
Execute build:
bashnpm run build
- •
Check build artifacts:
- •Verify output directory exists:
dist/,build/,.next/ - •Check for build errors in logs
- •Verify output directory exists:
- •
Clean up (optional):
bash# Remove build artifacts to save space rm -rf dist/ build/ .next/
Success Criteria: Build completes with exit code 0
Gate 5: Security Audit
Purpose: Identify known vulnerabilities in dependencies
Tools: Bash, Read
Process:
- •
Run npm/pnpm audit:
bashnpm audit --json || pnpm audit --json
- •
Parse audit results:
- •Critical vulnerabilities: 0
- •High vulnerabilities: 0
- •Moderate vulnerabilities: < threshold
- •Low vulnerabilities: informational
- •
Check for specific vulnerabilities:
- •Prototype pollution
- •Remote code execution (RCE)
- •SQL injection
- •Cross-site scripting (XSS)
- •
Suggest fixes:
bashnpm audit fix # or npm audit fix --force # (if safe)
Success Criteria:
- •Zero critical/high vulnerabilities
- •Moderate vulnerabilities acknowledged or fixed
Gate 6: Code Complexity Analysis (Optional)
Purpose: Flag overly complex code that may need refactoring
Tools: Grep, Bash
Process:
- •
Detect code complexity tools:
- •eslint-plugin-complexity
- •SonarQube
- •CodeClimate
- •
Basic complexity checks:
bash# Find files with excessive lines find src -name "*.{ts,tsx,js,jsx}" -exec wc -l {} \; | awk '$1 > 500' # Find deeply nested code (>5 levels) grep -rn "^[[:space:]]\{20,\}" src/ # Count TODO/FIXME grep -rn "TODO\|FIXME\|HACK" src/ | wc -l
Success Criteria:
- •No files > 500 lines (warning only)
- •No nesting > 5 levels (warning only)
Gate 7: Git Pre-Commit Checks
Purpose: Ensure commit quality and prevent sensitive data leaks
Tools: Bash, Grep
Process:
- •
Check for sensitive data:
bash# Search for API keys, secrets, tokens git diff --cached | grep -i "api[_-]key\|secret\|password\|token" # Check for .env files being committed git diff --cached --name-only | grep "\.env$"
- •
Validate commit message (if Conventional Commits):
- •Format:
type(scope): description - •Types: feat, fix, docs, style, refactor, test, chore
- •Format:
- •
Check file sizes:
bash# Flag files > 1MB git diff --cached --name-only | xargs ls -lh | awk '$5 > 1000000'
Success Criteria:
- •No secrets in diff
- •No .env files
- •No large files (> 1MB)
Execution Strategy
Sequential Execution (Default)
Run gates in order, stop on first failure:
Lint → TypeCheck → Test → Build → Audit
Parallel Execution (Fast Mode)
Run independent gates simultaneously:
[Lint + TypeCheck + Test] → Build → Audit
Selective Execution
Run only relevant gates based on changes:
- •
.ts/.tsxfiles changed → TypeCheck - •Dependencies updated → Audit
- •Test files changed → Tests only
Output Format
# Quality Gate Results ## Summary ✅ 5/7 Gates Passed | ❌ 2/7 Gates Failed ## Gate Details ### ✅ Gate 1: Linting - **Status**: PASS - **Duration**: 3.2s - **Details**: 0 errors, 2 warnings ### ❌ Gate 2: Type Checking - **Status**: FAIL - **Duration**: 5.1s - **Errors**: 3 type errors found - `src/components/Button.tsx:15` - Property 'onClick' is missing - `src/utils/api.ts:42` - Type 'string' is not assignable to type 'number' - `src/hooks/useAuth.ts:8` - Cannot find name 'User' ### ✅ Gate 3: Tests - **Status**: PASS - **Duration**: 12.4s - **Tests**: 124 passed, 0 failed, 2 skipped - **Coverage**: 87% (target: 80%) ### ⏭️ Gate 4: Build - **Status**: SKIPPED (previous gate failed) ### ⏭️ Gate 5: Security Audit - **Status**: SKIPPED (previous gate failed) ## Action Required Fix the 3 type errors in Gate 2 before proceeding. ## Recommendations 1. Run `npm run typecheck` locally to see full error details 2. Consider adding pre-commit hooks to catch these earlier 3. Current code coverage (87%) exceeds target - excellent work!
Integration with Git Hooks
Setup Husky + lint-staged (Recommended)
Check if installed:
test -d .husky && echo "Husky installed" || echo "Husky not found"
Suggest installation if missing:
npm install --save-dev husky lint-staged npx husky init
Configure .husky/pre-commit:
#!/usr/bin/env sh . "$(dirname -- "$0")/_/husky.sh" # Run quality gates npm run lint npm run typecheck npm run test
Alternative: git commit -m with manual checks
If no hooks, prompt user:
⚠️ No pre-commit hooks detected. Would you like me to run quality gates before committing? (Recommended)
Progressive Quality Gates
Level 1: Essential (Always Run)
- •Linting
- •Type checking
Level 2: Standard (Pre-Push)
- •Essential +
- •Unit tests
- •Security audit
Level 3: Comprehensive (Pre-Deploy)
- •Standard +
- •Integration tests
- •E2E tests
- •Build verification
- •Performance tests
Error Recovery
Auto-Fix Capability
- •Lint errors: Run
eslint --fixorbiome check --apply - •Format errors: Run
prettier --write - •Security vulnerabilities: Run
npm audit fix
Manual Fix Required
- •Type errors
- •Test failures
- •Build errors
Bypass (Use with Caution)
# Skip hooks for emergency fixes only git commit --no-verify -m "emergency: fix critical bug"
Best Practices
- •Fail Fast: Stop at first critical failure to save time
- •Clear Feedback: Always show which gate failed and why
- •Actionable: Provide exact commands to fix issues
- •Configurable: Respect project's quality thresholds
- •Performance: Cache results when possible
- •Incremental: Only check changed files when appropriate
Configuration
Read from package.json
{
"qualityGates": {
"coverage": {
"minimum": 80,
"enabled": true
},
"audit": {
"level": "moderate",
"enabled": true
},
"complexity": {
"maxLines": 500,
"maxDepth": 5
}
}
}
Default Settings
If no config found, use sensible defaults:
- •Coverage minimum: 70%
- •Audit level: high/critical only
- •Max file lines: 500
- •Max nesting: 5 levels
Integration with Other Skills
- •
codebase-analysis- Use to detect available quality tools - •
git-workflow- Integrate with commit/push process - •
ci-cd-setup- Configure gates for CI pipeline
Version History
- •1.0.0 (2025-01-03): Initial skill with 7 quality gates and progressive execution