Validation Gates

Gate 1: Secret Scanning

Inherits: never-expose-secrets

Scan every diff before any other gate.

Example tool: gitleaks detect --source . --verbosity warn (or CI equivalent) — fail on findings matching secrets rules.

Gate 2: Deterministic Checks

Run for every affected project (resolve exact commands via the codebase-tool skill): lint (with auto-fix), test, build. All must pass with zero errors.

Example (project with npm scripts):

npm run lint && npm test --silent && npm run build

Gate 3: Blast Radius Check

• Normal — proceed
• Warning — log; investigate partition drift
• Escalate — STOP; verify partition; split or revert; no auto-PASS

Sensitive files (always Warning): **/auth/**, DB migrations, next.config.*, .env*, .github/workflows/**, lockfiles — also triggers Gate 4.

Gate 4: Dependency Audit

Runs only when package.json, yarn.lock, package-lock.json, pnpm-lock.yaml, or similar lockfiles are modified.

See REFERENCE.md for the full dependency-audit checklist (license, duplicates, maintenance, and additional checks).

Gate 5: Fast Review

Spawn reviewer sub-agent (load fast-review skill). PASS → proceed; FAIL → re-delegate (max 2); 3× FAIL → Gate 9. Auto-PASS rules: see fast-review skill.

Gate 6: Cache Clearing

rm -rf node_modules/.cache .next/cache .astro/ dist/

Gate 7: Browser Testing

UI changes require Chrome screenshots. Start dev server → verify ACs → responsive breakpoints → capture screenshots. Load browser-testing skill.

{ "tool": "browser-testing/capture_screenshot", "url": "http://localhost:3000", "viewports": ["mobile", "desktop"] }

Additional options: see REFERENCE.md.

Gate 8: Regression Testing

1. npm test -- --runInBand for all affected projects
2. Browser-test adjacent pages (navigation, routing, back-button). Identify adjacent pages by searching for route imports or links to the changed path (e.g., rg "href=\"/changed-path|import .*from '@/components/changed'").
3. Check consuming apps / packages that import the changed files: search the repo for the component or package name (e.g., rg "from '@/components/PriceRange'|@my-org/ui-package") and run their tests or quick smoke builds.

Gate 9: Panel Review

Load panel-majority-vote skill — spawns 3 isolated reviewers, majority (2/3) wins. Use for: security-sensitive changes, DB migrations, architecture decisions.

runSubagent({ agentName: 'Reviewer', prompt: `Panel review 1/3: ${criteria}` });

Gate 10: Final Smoke Test

Runs once after ALL tasks are Done.

npm run build && npm test && npx playwright test

Full build + test from clean state → E2E browser walkthrough → cross-task integration check → responsive sweep (if UI). On failure: re-delegate the specific failing integration only.