Documentation Index
Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
Use this file to discover all available pages before exploring further.
Quality gates can be configured at the repository level using a configuration file. This allows teams to version control their quality standards alongside their code and override organization-level settings when needed.
Setup
1. Create Quality Gates Configuration File
Create a quality_gates_conditions.json file in the .codeant folder in your repository root:
your-repo/
├── .git/
├── .codeant/
│ ├── instructions.json
│ ├── review.json
│ └── quality_gates_conditions.json
├── src/
└── package.json
2. Define Quality Gate Conditions
The quality_gates_conditions.json file allows you to specify quality gate conditions that will be enforced for your repository, taking full precedence over organization or repository database configurations.
{
"quality_gate": {
"enabled": true,
"conditions": [
{
"metric": "metric-name",
"operator": "comparison-operator",
"value": "threshold",
"scope": ["commit", "pull_request"],
"exclude_files": ["pattern1", "pattern2"]
}
]
}
}
Configuration Options
-
enabled (boolean | null, required): Controls whether quality gates are active for this repository
true: Enable quality gates with the defined conditionsfalse: Disable all quality gates for this repositorynull: Inherit quality gate settings from the organization (repository-level only)
-
conditions (array, required when enabled): List of quality gate conditions to enforce
-
metric (string): The code quality metric to monitor
-
operator (string): Comparison operator for the condition. Available operators depend on the metric type (see Operator Constraints below)
"LESS_THAN": Value must be less than threshold"GREATER_THAN": Value must be greater than threshold"EQUALS": Value must equal threshold"LESS_THAN_OR_EQUALS": Value must be less than or equal to threshold"GREATER_THAN_OR_EQUALS": Value must be greater than or equal to threshold
-
value (string): The threshold value for comparison. For most metrics this is a numeric string (e.g., "80"). For security rating metrics, this is a letter grade (e.g., "A", "B", "C")
-
scope (array): Where the condition applies
"commit": Apply to individual commits"pull_request": Apply to pull requests- Can specify both:
["commit", "pull_request"]
-
exclude_files (array, optional): File patterns to exclude from this quality gate check (e.g., ["tests/**", "*.test.js", "docs/**"])
Available Metrics
New Coverage Percentage
{
"quality_gate": {
"enabled": true,
"conditions": [
{
"metric": "new_coverage_percentage",
"operator": "LESS_THAN",
"value": "80",
"scope": ["pull_request"]
}
]
}
}
Total Coverage Percentage
{
"quality_gate": {
"enabled": true,
"conditions": [
{
"metric": "total_coverage_percentage",
"operator": "LESS_THAN",
"value": "70",
"scope": ["pull_request"]
}
]
}
}
New Secrets Pushed
{
"quality_gate": {
"enabled": true,
"conditions": [
{
"metric": "secrets",
"operator": "GREATER_THAN",
"value": "0",
"scope": ["commit", "pull_request"]
}
]
}
}
GREATER_THAN 0 — no custom operator or value is needed.
Duplicated Lines Density
{
"quality_gate": {
"enabled": true,
"conditions": [
{
"metric": "duplicated_lines_density",
"operator": "GREATER_THAN",
"value": "3",
"scope": ["pull_request"]
}
]
}
}
SAST Security Rating
SAST (Static Application Security Testing) ratings use letter grades based on the highest severity issue found:
| Rating | Meaning |
|---|
| S | No security issues found |
| A | At least one low severity issue |
| B | At least one medium severity issue |
| C | At least one high severity issue |
{
"quality_gate": {
"enabled": true,
"conditions": [
{
"metric": "sast_rating",
"operator": "LESS_THAN",
"value": "B",
"scope": ["pull_request"]
}
]
}
}
SCA Security Rating
SCA (Software Composition Analysis) ratings use letter grades based on the highest severity vulnerability found in dependencies:
| Rating | Meaning |
|---|
| S | No security issues found |
| A | At least one low severity issue |
| B | At least one medium severity issue |
| C | At least one high severity issue |
| D | At least one critical severity issue |
{
"quality_gate": {
"enabled": true,
"conditions": [
{
"metric": "sca_rating",
"operator": "LESS_THAN",
"value": "C",
"scope": ["pull_request"]
}
]
}
}
IaC Security Rating
IaC (Infrastructure as Code) ratings use letter grades based on the highest severity issue found in infrastructure configurations:
| Rating | Meaning |
|---|
| S | No security issues found |
| A | At least one low severity issue |
| B | At least one medium severity issue |
| C | At least one high severity issue |
{
"quality_gate": {
"enabled": true,
"conditions": [
{
"metric": "iac_rating",
"operator": "LESS_THAN",
"value": "B",
"scope": ["commit", "pull_request"]
}
]
}
}
Operator Constraints
Not all operators are available for every metric. The table below shows which operators can be used with each metric type:
| Metric | Allowed Operators |
|---|
new_coverage_percentage | LESS_THAN, LESS_THAN_OR_EQUALS |
total_coverage_percentage | LESS_THAN, LESS_THAN_OR_EQUALS |
secrets | GREATER_THAN (auto-configured) |
duplicated_lines_density | GREATER_THAN, GREATER_THAN_OR_EQUALS |
sast_rating | LESS_THAN, LESS_THAN_OR_EQUALS |
sca_rating | LESS_THAN, LESS_THAN_OR_EQUALS |
iac_rating | LESS_THAN, LESS_THAN_OR_EQUALS |
Sample Configuration
Comprehensive Quality Configuration
{
"quality_gate": {
"enabled": true,
"conditions": [
{
"metric": "secrets",
"operator": "GREATER_THAN",
"value": "0",
"scope": ["commit", "pull_request"]
},
{
"metric": "sast_rating",
"operator": "LESS_THAN",
"value": "B",
"scope": ["pull_request"]
},
{
"metric": "sca_rating",
"operator": "LESS_THAN",
"value": "C",
"scope": ["pull_request"]
},
{
"metric": "iac_rating",
"operator": "LESS_THAN",
"value": "B",
"scope": ["commit", "pull_request"]
},
{
"metric": "new_coverage_percentage",
"operator": "LESS_THAN",
"value": "80",
"scope": ["pull_request"]
},
{
"metric": "total_coverage_percentage",
"operator": "LESS_THAN",
"value": "70",
"scope": ["pull_request"]
},
{
"metric": "duplicated_lines_density",
"operator": "GREATER_THAN",
"value": "3",
"scope": ["pull_request"]
}
]
}
}
Configuration with File Exclusions
{
"quality_gate": {
"enabled": true,
"conditions": [
{
"metric": "sast_rating",
"operator": "LESS_THAN",
"value": "A",
"scope": ["commit", "pull_request"],
"exclude_files": ["tests/**", "*.test.js"]
},
{
"metric": "sca_rating",
"operator": "LESS_THAN",
"value": "B",
"scope": ["pull_request"],
"exclude_files": ["docs/**"]
}
]
}
}
Inherit Organization Settings
{
"quality_gate": {
"enabled": null
}
}
Disabled Quality Gates
{
"quality_gate": {
"enabled": false
}
}
Configuration Precedence
Quality gate settings follow a specific precedence hierarchy:
-
Repository Configuration File (Highest Priority)
- If
.codeant/quality_gates_conditions.json exists in the repository, its settings take full precedence
- A repository file with
"enabled": false disables quality gates for that repository
- All conditions defined in the file override any organization or repository database settings
-
Repository Database Settings (Medium Priority)
- Explicit repository-level settings in the database or S3
- Used when no repository configuration file exists
-
Organization Settings (Lowest Priority)
- Organization-level default settings
- Applied to repositories that have no repository-specific configuration
Example Scenarios:
- Repo file exists with enabled: true → Uses conditions from repo file only
- Repo file exists with enabled: false → Quality gates disabled, ignores all other settings
- Repo file exists with enabled: null → Inherits quality gate settings from the organization
- No repo file, repo DB has settings → Uses repo DB settings
- No repo file, no repo DB settings → Inherits from organization settings
How It Works
-
File Detection: CodeAnt AI automatically detects the
quality_gates_conditions.json file in your .codeant/ directory
-
Configuration Loading: When a commit or pull request is created, CodeAnt loads the quality gates configuration in precedence order
-
Condition Evaluation: Each defined condition is evaluated against the code analysis results
-
Gate Status:
- Pass: All conditions meet their thresholds
- Fail: One or more conditions don’t meet their thresholds
-
Integration: Results are reported to your Git provider as status checks on commits and pull requests
Best Practices
- Version Control: Store the configuration file in your repository so changes are tracked and reviewed
- Team Consensus: Discuss and agree on quality thresholds with your team before implementing
- Start Conservative: Begin with relaxed thresholds and gradually tighten as code quality improves
- Security First: Prioritize security metrics over quality metrics
- Document Exceptions: If disabling quality gates, document the reason in your team’s documentation
- Regular Review: Periodically review and adjust thresholds as your codebase and team standards evolve
- Test Changes: Test configuration changes in a feature branch before applying to main branches
Once configured, quality gates will automatically enforce your standards on every commit and pull request, ensuring consistent code quality across your team.
