| name | quality-gates |
| description | Systematic quality verification procedures for code review and delivery. Use when validating completed work, conducting code reviews, or ensuring production readiness. |
This skill provides structured quality gate procedures for verifying code quality, security, performance, and production readiness before delivery.
When to Invoke This Skill
Automatically activate for:
- Code review and validation
- Pre-merge quality checks
- Pre-deployment verification
- Release readiness assessment
- Post-implementation quality audit
Quality Gate Levels
Standard (Default)
For routine changes, bug fixes, small features:
┌─────────────────────────────────────────────────────────┐
│ STANDARD GATES │
├─────────────────────────────────────────────────────────┤
│ ✓ All tests pass │
│ ✓ Linting clean (no errors) │
│ ✓ TypeScript compiles (no type errors) │
│ ✓ Code follows project patterns │
│ ✓ No obvious security issues │
│ ✓ Changes match requirements │
└─────────────────────────────────────────────────────────┘
Strict
For significant features, refactors, public APIs:
┌─────────────────────────────────────────────────────────┐
│ STRICT GATES │
├─────────────────────────────────────────────────────────┤
│ All Standard gates PLUS: │
│ ✓ Test coverage ≥ 90% for new code │
│ ✓ Security scan passes (no high/critical) │
│ ✓ Performance benchmarks met │
│ ✓ API documentation updated │
│ ✓ Breaking changes documented │
│ ✓ Peer review completed │
└─────────────────────────────────────────────────────────┘
Critical
For security-sensitive, production-critical, high-risk changes:
┌─────────────────────────────────────────────────────────┐
│ CRITICAL GATES │
├─────────────────────────────────────────────────────────┤
│ All Strict gates PLUS: │
│ ✓ Security audit by security-focused review │
│ ✓ Load testing completed │
│ ✓ Rollback procedure documented and tested │
│ ✓ Monitoring and alerting configured │
│ ✓ Stakeholder sign-off obtained │
│ ✓ Incident response plan updated │
└─────────────────────────────────────────────────────────┘
Quality Gate Procedures
1. Code Quality Gate
npm run lint
npm run type-check
npm run test
npm run build
Verification checklist:
2. Test Coverage Gate
npm run test:coverage
Coverage requirements by level:
| Level | Line Coverage | Branch Coverage | Function Coverage |
|---|
| Standard | ≥ 70% | ≥ 60% | ≥ 70% |
| Strict | ≥ 90% | ≥ 80% | ≥ 90% |
| Critical | ≥ 95% | ≥ 90% | ≥ 95% |
What to test:
3. Security Gate
Automated checks:
npm audit
npm run lint:security
Manual review checklist:
For Strict/Critical:
4. Performance Gate
Metrics to verify:
| Metric | Standard | Strict | Critical |
|---|
| Page Load | < 3s | < 2s | < 1s |
| API Response | < 500ms | < 200ms | < 100ms |
| Bundle Size | < 500KB | < 300KB | < 200KB |
| Memory Leak | None | None | None |
Verification steps:
5. Documentation Gate
Required documentation:
| Level | README | API Docs | Changelog | Architecture |
|---|
| Standard | ✓ | - | ✓ | - |
| Strict | ✓ | ✓ | ✓ | - |
| Critical | ✓ | ✓ | ✓ | ✓ |
Checklist:
6. Integration Gate
Verification steps:
For Strict/Critical:
Quality Gate Report Template
## Quality Gate Report
**Feature**: [Feature Name]
**Level**: [Standard | Strict | Critical]
**Date**: [YYYY-MM-DD]
**Reviewer**: [Name]
### Summary
| Gate | Status | Notes |
|------|--------|-------|
| Code Quality | ✅ PASS | All checks clean |
| Test Coverage | ✅ PASS | 92% coverage |
| Security | ✅ PASS | No vulnerabilities |
| Performance | ⚠️ WARN | API slightly slow |
| Documentation | ✅ PASS | Updated |
| Integration | ✅ PASS | E2E passing |
### Detailed Results
#### Code Quality
- Lint: 0 errors, 0 warnings
- TypeScript: 0 errors
- Tests: 47 passed, 0 failed
- Build: Success
#### Test Coverage
- Lines: 92% (target: 90%)
- Branches: 85% (target: 80%)
- Functions: 94% (target: 90%)
#### Security
- npm audit: 0 vulnerabilities
- Manual review: Completed, no issues
- [x] Input validation verified
- [x] Auth checks verified
#### Performance
- Page load: 1.8s (target: < 2s)
- API response: 180ms (target: < 200ms)
- Bundle size: 287KB (target: < 300KB)
#### Issues Found
1. [WARN] API endpoint `/api/users` responds in 450ms under load
- Recommendation: Add caching layer
- Severity: Low
- Blocking: No
### Verdict
**✅ APPROVED FOR MERGE**
All critical gates pass. Performance warning noted for future optimization.
Gate Failure Handling
When a gate fails:
1. Identify Severity
| Severity | Description | Action |
|---|
| Blocker | Prevents deployment | Must fix before merge |
| Critical | Security/data risk | Must fix before merge |
| Major | Significant issue | Should fix, can defer with approval |
| Minor | Quality concern | Can defer to follow-up |
2. Document the Issue
### Gate Failure: [Gate Name]
**Severity**: [Blocker | Critical | Major | Minor]
**Description**: [What failed and why]
**Impact**: [What happens if not fixed]
**Remediation**: [How to fix]
**Timeline**: [When it will be fixed]
**Approved By**: [If deferring, who approved]
3. Resolution Path
Blocker/Critical → Fix immediately → Re-run gates
Major → Fix or get approval → Document decision
Minor → Create follow-up ticket → Proceed with caution
Quick Reference Commands
npm run lint && npm run type-check && npm run test && npm run build
npm run test:coverage
npm audit
npm run lint && npm run type-check && npm run test:coverage && npm run build && npm audit
Checklist Summary
Pre-Review (Author)
Code Review (Reviewer)
Pre-Merge
Pre-Deploy (Critical)