Odel
GateTest

GateTest

@crclabs-hqDeveloper ToolsJavaScriptMITUpdated Today

120-module QA gate. Give Claude eyes (screenshots), ears (Sentry errors), and hands (verify fixes).

GateTest

One gate. 120 modules. Self-healing CI.

AI-powered code quality. Pay per scan via Stripe.

GateTest

CI License: MIT Modules Tests Node


The 30-second pitch

GateTest is a single CLI plus a composite GitHub Action that runs 110 static-analysis modules against any codebase, then uses Claude to repair the findings it can. It replaces SonarQube, Snyk, ESLint, Cypress, Lighthouse, axe, pa11y, and twenty-plus other tools with one config, one gate decision, and one report.

It is different because the cost trends to zero. Deterministic AST and rule-based layers run first — these are free and ship the fix in milliseconds. Claude only runs on patterns nothing else has seen. Every Claude win is distilled into a reusable recipe, so the next time the same pattern appears anywhere in the network it is handled for free. The longer you run GateTest, the less of it is paid work.

What you get depends on the tier. A pull request with the fixes, regression tests pinned to each fix, an architecture-shape critique, a cross-finding attack-chain analysis, and a CTO-readable executive summary — in whichever combination the tier you bought includes. One-time payment per scan via Stripe at checkout. No subscription, no auto-renew.


Install & Usage — 30 seconds

GitHub Action — recommended for most users

Drop this in .github/workflows/gatetest.yml:

name: GateTest Quality Gate
on: [push, pull_request]
jobs:
  gate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: crclabs-hq/GateTest@v1.1.1
        with:
          suite: full
          auto-fix: ${{ github.event_name == 'pull_request' }}
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

The action is a composite — no Docker pull, no container build. It installs GateTest, runs the gate, and if auto-fix: true and ANTHROPIC_API_KEY is set, runs the AI repair loop on a blocking gate. See action.yml for every input.

CLI — local development

# Run against the current directory, no install:
npx github:crclabs-hq/GateTest --suite quick

# Or clone and run from source:
git clone https://github.com/crclabs-hq/GateTest
cd gatetest && npm install
node bin/gatetest.js --suite quick

Install: npm install -g @gatetest/cli

Pre-push sweep

Run the full pre-merge sweep locally in one command:

npm run sweep          # ~30-60s — tests + build + gate + secrets + self-scan

This runs the same seven checks that block a merge in CI. Verdict is green or red. Exit code is 0 or 1, matching CI exactly.

Fast path during iteration:

npm run sweep -- --fast    # skip tests + build, gate-only, ~3-5s

See gatetest sweep --help for every flag.

Claude Code / MCP — give Claude eyes, ears & hands

Connect GateTest directly to Claude Code (or any MCP-compatible AI) in one command:

claude mcp add gatetest -- npx -y @gatetest/mcp-server

18 tools across four families:

FamilyToolsWhat it gives Claude
Enginescan_local, run_module, fix_issue, verify_fix, …Scan + fix local code
👁 Eyescapture_screenshot, get_visual_diffSee the rendered page as a real image
👂 Earsget_production_errors, run_live_checksHear Sentry/Datadog/Rollbar errors + localhost runtime failures
🤝 Handsverify_fixHard ✅/❌ — prove the fix actually worked

Works with Claude Code, Cursor, Windsurf, Continue, and Cline. See packages/mcp-server/ for the full tool reference and example prompts.

Website — no install at all

Visit gatetest.ai/web and paste any URL. You get a free preview and a paid full report. For WordPress sites use gatetest.ai/wp.

Replay a failing CI run locally

Reproduce any failing GitHub Actions run on your laptop in seconds:

gatetest replay https://github.com/owner/repo/actions/runs/12345

This fetches the run, identifies which steps failed, and runs them locally against your current working tree. Output tells you whether the failure reproduces, doesn't reproduce (flaky CI), or hits a different error.

Authentication is optional — if you have a GITHUB_TOKEN set or gh CLI installed, replay can read private repo runs. Otherwise it uses the unauthenticated rate limit (60 req/hour, fine for a few replays).


The flywheel — why GateTest gets cheaper over time

                ┌──────────────────────────┐
   CI BREAKS    │  Failed workflow run     │
       ──>      └────────────┬─────────────┘
                             │
                ┌────────────▼─────────────┐
                │  AI CI-fixer reads logs  │
                │  + failing files         │
                └────────────┬─────────────┘
                             │
              ┌──────────────┼──────────────┐
              │              │              │
              ▼              ▼              ▼
         ┌────────┐    ┌────────┐    ┌────────┐
         │  AST   │ →  │  Rule  │ →  │ Recipe │   ─── ALL FREE ───
         └────┬───┘    └────┬───┘    └────┬───┘
              │             │             │   (none matched?)
              └─────────────┴─────────────┘
                             │
                             ▼
                ┌──────────────────────────┐
                │ Claude — paid, one shot  │
                │ Result distilled into a  │
                │ recipe for next time     │
                └────────────┬─────────────┘
                             │
                             ▼
                ┌──────────────────────────┐
                │  PR opens with the fix   │
                │  + regression test       │
                └──────────────────────────┘

First time we see a pattern: Claude. Every time after: free. The longer you run GateTest, the cheaper it gets.


What it replaces

One config, one bill, one gate decision. Twelve-plus tools dissolve into single CLI flags.

Their toolGateTest module
Snyk Code, Dependabot, npm auditsecurity, dependencies
SonarQubecodeQuality + every other module
ESLint, Stylelintlint
Cypress, BrowserStack, Sauce Labse2e
Lighthouseperformance
axe, pa11yaccessibility
Percy, Chromaticvisual
git-secrets, TruffleHogsecrets, secretRotation
hadolint, dockledockerfile
actionlint, zizmor, StepSecurityciSecurity
tfsec, Checkov, Terrascanterraform
kube-score, kubeaudit, Polariskubernetes
Stryker, Pitestmutation
broken-link-checkerlinks
(none — fragmented across ESLint rules)errorSwallow, nPlusOne, flakyTests
(none — no static tool exists)redos, moneyFloat, logPii, tlsSecurity
(none — runtime profilers only)resourceLeak, raceCondition, retryHygiene

Twelve-plus tools. One config. One bill. Full module catalogue: run node bin/gatetest.js --list or read it on gatetest.ai.


Tiers and pricing

One-time payment per scan via Stripe at checkout. No subscription, no auto-renew. Refunds only at our discretion for scans that failed to start or crashed mid-way without producing a report (contact hello@gatetest.ai).

TierPriceWhat you get
Quick Scan$294 modules — syntax, linting, secrets, code quality. Fastest path to a first signal. Scan-only — no auto-fix.
Full Scan$99All 110 modules. SARIF + JUnit reports. Scan-only — auto-fix ships at the Scan + Fix tier.
Scan + Fix$199Everything in Full, plus a second-Claude pair-review critique on every fix and an architecture-shape design-observations report.
Forensic Scan$399Everything in Scan + Fix, plus real Claude diagnosis on every finding, cross-finding attack-chain correlation, board-ready CISO report (OWASP / SOC2 / CIS v8 / 30-60-90), and a CTO-readable executive summary. Mutation testing and chaos / fuzz pass are also available via the GitHub Action (mutation: true / chaos: true) — they need a CI runner to execute your test suite and a headless browser, so they ship with the Action rather than the website-only scan.

Live prices and Stripe checkout at gatetest.ai.


Honest limits

GateTest is not magic. The things it does not yet do, said out loud:

  • Headless-browser modules (liveCrawler, runtimeErrors, explorer, chaos) degrade gracefully on Vercel serverless. Chromium cannot launch inside the function. The modules emit an info-level skip and the rest of the scan continues — full power requires the CLI, a worker, or local dev.
  • installation_id is not persisted across GitHub App installs. Multi-org customers cannot yet be correlated to a single billing account; this is tracked as Known Issue #22 in CLAUDE.md.
  • PR comments are not idempotent. A busy PR with many pushes will collect duplicate scan comments. Tracked as Known Issue #23.

The full Known Issues table (with severity and status) lives in CLAUDE.md — that file is the project's source of truth.


Architecture

Static engine. 110 modules, every one extending BaseModule. Each module is a self-contained scanner that emits checks at three severity levels (error blocks the gate, warning reports, info is informational). The runner is EventEmitter-based, supports parallel execution, diff-mode (--diff scans only git-changed files), watch mode, and five output formats (Console, JSON, HTML, SARIF for the GitHub Security tab, JUnit XML for any CI). The gate has zero runtime dependencies aside from one MCP SDK pin — node bin/gatetest.js --list runs anywhere Node 20+ runs.

Website and payments. gatetest.ai is Next.js 16 with the App Router, Tailwind 4, and Stripe in per-scan upfront-charge mode. One-time payment per scan at checkout — no subscription, no auto-renew, no hold-then-capture flow. All scan state is persisted in Stripe metadata so the serverless functions stay stateless across requests — there is no shared in-memory state and no webhook is required for the critical user flow. The scan executes inside the function response and reports back directly.

AI layer. Claude (Anthropic). On the GitHub Action the customer brings their own ANTHROPIC_API_KEY and pays Anthropic directly. On the website the key is managed and the cost is folded into the tier price. Every Claude success is distilled into a recipe by the flywheel orchestrator (see lib/ and the AI CI-fixer at scripts/ai-ci-fixer.js) so subsequent runs on the same pattern are deterministic and free.

The codebase ships under MIT, the gate runs locally with no external calls, and every architectural decision is documented inline in CLAUDE.md.


Real-repo proofs

GateTest is dogfooded against itself on every push, and the team runs the full Forensic pipeline against external production codebases before shipping changes that touch the deeper tiers. The reports below are reproducible artifacts in this repo:


Develop and contribute

git clone https://github.com/crclabs-hq/GateTest
cd gatetest
npm install
(cd website && npm install)
node --test tests/*.test.js
node bin/gatetest.js --list

The Bible — CLAUDE.md — is required reading for contributors. It defines the architecture, the quality bar, the forbidden list, the protected platforms, and the authorization rules that apply to anything touching money, user data, or public-facing communication.

Bug reports and feature requests are welcome via GitHub Issues. Small PRs that fix one thing and add a test are merged fastest. The pre-commit and pre-push hooks under src/hooks/ run the gate locally — running them before pushing keeps CI green.


License

MIT — see LICENSE.


GateTest is built and maintained at gatetest.ai. Talk to the team via the chat on the site. File bugs at GitHub Issues.