Skip to content

RNA4219/code-to-gate

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

223 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

code-to-gate

Local-first quality gate for release readiness.

code-to-gate scans a repository locally and turns code signals into reviewable artifacts: findings, risks, test seeds, SARIF, and release-readiness evidence. It is not a replacement for a linter or SAST engine; it is the evidence and gate layer around repository structure and imported/static signals.

Findings are review-required candidates, not confirmed vulnerabilities or automatic release decisions. critical and high are gate severity labels used to prioritize human review; the final release decision remains with the human or downstream approval gate.

Package GitHub release npm License: MIT Node

Language: English | 日本語

Current Distribution Status

Channel Status
package.json 1.5.0
GitHub Release v1.5.0 latest published release
npm registry Not published yet

See Distribution Status for the release/publication matrix. 1.5.0 is available as a GitHub Release. The npm package remains unpublished, so install from GitHub/source until npm publication is completed.

Install

# Recommended until npm publication is complete
npm install -g github:RNA4219/code-to-gate

# From source
npm install
npm run build
npm link

The npm package name is reserved in docs as @quality-harness/code-to-gate, but registry publication has not been completed yet.

Quick Start

code-to-gate scan ./my-repo --out .qh
code-to-gate analyze ./my-repo --emit all --out .qh
code-to-gate ownership --from .qh --out .qh
code-to-gate readiness ./my-repo --policy policy.yaml --from .qh --out .qh
code-to-gate spec-drift ./my-repo --out .qh
code-to-gate test-plan --from .qh --out .qh
code-to-gate pr-review --from .qh --out .qh
code-to-gate export sarif --from .qh --out results.sarif
code-to-gate export evidence-dag --from .qh --out .qh/evidence-dag.json
code-to-gate viewer --from .qh --out public/index.html --hosted

For database migration analysis (preview surface):

code-to-gate analyze ./my-repo --database-analysis --emit all --out .qh
code-to-gate diff ./my-repo --base origin/main --head HEAD --database-analysis --out .qh

Database artifacts are useful for review, but database analysis is still a preview/experimental surface and should not be treated as part of the stable ctg/v1 public contract until explicitly promoted.

Outputs

Artifact Purpose
repo-graph.json Repository files, symbols, dependencies, and entrypoints
database-assets.json Optional DB assets and DDL operations from --database-analysis
findings.json Evidence-backed findings
risk-register.yaml Risks that need review
test-seeds.json Suggested test ideas
release-readiness.json Policy gate result
evidence-dag.json Cross-artifact evidence graph
spec-drift.json Docs, schema, CLI, and test drift checks
hosted-static-report.json Static hosting manifest for a single-file HTML report
schema-migration.json Schema migration report and validation result
ownership-risk.json CODEOWNERS reviewer candidates and module ownership risk
plugin-marketplace.json Validated plugin registry for marketplace/distribution review
pr-review.json PR review sections for block reasons, accepted risk, tests, spec drift, and evidence links
pr-review.md Markdown PR comment body generated from pr-review.json
analysis-report.md Human-readable summary
results.sarif GitHub Code Scanning format

Capabilities

Area Status
TypeScript / JavaScript Primary AST support
Python / Ruby / Go / Rust Tree-sitter with --tree-sitter, regex fallback otherwise
Java / PHP / C# / C++ Baseline heuristic support
Core rules 17 core rules
Database analysis Optional SQL / migration checks via --database-analysis
Schema version ctg/v1; ctg/v1alpha1 is accepted for backward compatibility

Policy Example

version: ctg/v1
blocking:
  severity:
    critical: true
    high: true
  category:
    auth: true
    payment: true
    data: true
  rules:
    DB_DROP_TABLE: true
readiness:
  criticalFindingStatus: blocked_input

Documentation

Document Purpose
Quickstart First run and CI setup
Distribution Status Package, GitHub release, and npm publication state
CLI Reference Commands, flags, output formats
Policy Guide Gate policy configuration
Integrations GitHub Actions and downstream exports
Plugin Development Custom rule SDK
Changelog Release history

Development

npm install
npm run build
npm run test:smoke
npm test

License

MIT. See LICENSE.

About

A generic, local-first code analysis harness that turns repository signals into evidence-backed quality risks, test seeds, and release-readiness gate inputs. / コードベース、変更差分、静的解析、テスト証跡を解析し、スメル検知・品質リスク・テスト設計 seed・リリース判断材料へ変換する汎用ハーネス。

Topics

Resources

License

Contributing

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors