> ## Documentation Index
> Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Quality Gates

> How CodeAnt uses CodeAnt AI Quality Gates to block PRs that regress security, duplication, or SAST posture

### Overview

At CodeAnt, every pull request has to clear a set of CodeAnt AI Quality Gates before it can merge. A single comment on the PR tells us whether Secrets, Duplicate Code, and SAST checks all passed — and links back to the full results in the dashboard. If any gate fails, the PR is blocked until the regression is fixed.

### Why This Matters

Review comments catch issues that a human reviewer will notice. Quality gates catch the ones nobody notices until production: a secret that slipped into a config file, a paragraph of copy-pasted logic that doubles the maintenance burden, a new SQL injection vector. Wiring these as hard gates — not advisory warnings — means regressions never land on `main` by default.

### How We Use It

1. **Configure gates once per repo.** In `Settings -> Quality Gates`, we set thresholds for Secrets, Duplicate Code, and SAST. Our defaults: zero new secrets, zero new high/critical SAST findings, and a ceiling on newly-introduced duplication.
2. **CodeAnt AI runs automatically on every PR.** When a PR is opened or updated, CodeAnt AI scans the diff and posts a single **Quality Gate Results** comment with the pass/fail state of each gate.
3. **PASSED → proceed to review.** If every gate is green, reviewers focus on logic, architecture, and naming — not hunting for leaked tokens.
4. **FAILED → fix before merge.** A failing gate surfaces the exact file and line. The author pushes a fix, the gates re-run on the new commit, and we move on.
5. **Click through for detail.** The "View Full Results" link in the comment opens the full scan in the dashboard, with the list of findings, severities, and affected files.

### What It Looks Like

Here's a real Quality Gate comment from a recent backend PR — commit `d337593e`, all three gates passing:

<img src="https://mintcdn.com/codeantai/syoYjA-ZomRlq6nA/images/how_codeant_uses_codeant/quality_gates/pr_quality_gate.png?fit=max&auto=format&n=syoYjA-ZomRlq6nA&q=85&s=ada3d233d4ce43c815011ec1160f23a0" alt="Quality Gate comment on a CodeAnt PR" width="2000" height="1400" data-path="images/how_codeant_uses_codeant/quality_gates/pr_quality_gate.png" />

### What We Pay Attention To

* **Secrets must be zero.** A single leaked token can compromise an entire environment. A Secrets failure is never waived — the offending commit is rewritten and the credential is rotated.
* **New SAST findings block merge.** Existing findings are tracked separately as debt; new ones introduced by a PR are blocking.
* **Duplicate Code is a trend signal.** One-off duplication is rarely blocking on its own, but a repeated rise in the duplication number tells us an abstraction is missing.

### Get Started

See the [Quality Gates setup](/pull_request/quality_gates/setup) page to configure gates for your own repositories.