Every release passes through me. I block the bad ones. I clear the good ones. I tell you exactly why.
GateKeeper is a fully autonomous AI DevOps agent β not a linter, not a checklist, not a chatbot that tells you what it would do. He's a senior DevOps engineer with real tools who reviews every release before it ships.
He fires automatically on every PR, runs 9 deterministic policy gates, calls Claude Sonnet for a qualitative risk assessment, and posts an official Release Readiness Certificate directly on the PR β with a commit status that can block the merge if the release isn't ready.
But he's more than a CI bot. Run him as a local chat agent and he'll:
- π Read, write, and search your files
- π» Run terminal commands and report back
- π Search the web and scrape docs in real time
- π Manage GitHub issues, PRs, and workflows
- π« Create and update Jira tickets
- π£ Send Slack notifications
- π§ Remember everything about you and your projects β across all sessions
- π¬ Talk to you like a brilliant friend, not a corporate bot
PR Opened / Updated
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π€ GateKeeper β
β β
β 1οΈβ£ Read flags.json from the PR branch β
β 2οΈβ£ Validate schema β DeepSeek β
β 3οΈβ£ Run 9 deterministic gates β Policy engine β
β 4οΈβ£ Pre-process gate context β DeepSeek β
β 5οΈβ£ Full qualitative assessment β Claude Sonnet β
β 6οΈβ£ Generate Release Certificate β certificate.js β
β 7οΈβ£ Post PR comment + set status β GitHub API β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
π PR Comment: Release Readiness Certificate
π¦ Commit Status: β
CLEARED Β· β οΈ WITH-CAUTION Β· β BLOCKED
| # | Gate | Weight | What It Checks |
|---|---|---|---|
| 1 | π Kill Switch | BLOCKER | Emergency override β stops all releases instantly |
| 2 | π Rollout % | 10 pts | Safe rollout bounds, canary cross-check |
| 3 | π Environment | 22 pts | Staging must be validated before production |
| 4 | π§ͺ Test Coverage | 20 pts | Meets your minimum coverage threshold |
| 5 | π Error Rate | 18 pts | Production error rate within SLO bounds |
| 6 | π€ Canary Health | 10 pts | Canary deployment health and score |
| 7 | β³ Flag Age | 8 pts | Feature flags can't exceed 90 days stale |
| 8 | π₯ Blast Radius | 6 pts | User impact + rollback plan validation |
| 9 | π Dependencies | 6 pts | No critical CVEs, fresh npm audit |
Score = weighted sum of gates 2β9 (0β100)
| Score | Status | Exit Code |
|---|---|---|
| Kill switch active | π΄ BLOCKED | 1 |
| < 50 | π΄ BLOCKED | 1 |
| 50β79 or any FAILED | π‘ WITH-CAUTION | 0 (or 1 in strict mode) |
| β₯ 80, no failures | π’ CLEARED | 0 |
Every PR gets a certificate posted automatically:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π€ G A T E K E E P E R R E L E A S E C E R T I F I C A T E β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β Feature: payment-v2 Version: 2.1.0 β
β Owner: payments-team PR: #42 β
β Branch: feat/payment-v2 β
β Assessed: 2024-03-15T12:00:00.000Z β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β Score: ββββββββββββββββββββ 82/100 β
β Status: CLEARED AI Risk: LOW β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Includes: status banner Β· blockers table Β· warnings Β· Claude's full risk assessment Β· exact remediation steps Β· full gate summary Β· signed timestamp
GateKeeper isn't just a CI bot. Run him locally and talk to him like a real engineer.
npm start
# β Open http://localhost:3000He has real tools and actually uses them:
| Tool | What He Does |
|---|---|
π read_file / write_file |
Read and edit any file in your project |
π» run_terminal_command |
Execute shell commands, show real output |
π search_files |
Grep across your codebase |
π web_search |
Live web search via Tavily |
π₯ firecrawl_search |
Deep page scraping and doc extraction |
| π GitHub tools | Create issues, check PRs, list workflows |
| π« Jira tools | Create, search, and update tickets |
| π£ Slack tools | Send messages to channels |
| π§ Memory tools | Remember and recall across all sessions |
π¦ run_release_gate |
Full 9-gate policy check on any flags.json |
He narrates what he's doing as he works β no silent spinning, no black box.
git clone https://github.com/DaCameraGirl/gatekeeper.git
cd gatekeeper
npm installcp .env.example .env
# Fill in your API keys β see table below
β οΈ Never commit your.envfile. It's already in.gitignoreβ keep it that way. Your API keys are private and should never be pushed to GitHub.
npm start
# β http://localhost:3000Go to Settings β Secrets and variables β Actions and add:
| Secret | Description |
|---|---|
ANTHROPIC_API_KEY |
Claude API key β required |
DEEPSEEK_API_KEY |
DeepSeek API key β required |
GITHUB_TOKEN is provided automatically by GitHub Actions.
In Settings β Branches β Branch protection rules, add:
π€ GateKeeper / Release Gate
as a required status check to block merges on BLOCKED releases.
| Variable | Description |
|---|---|
ANTHROPIC_API_KEY |
Claude API key (required) |
DEEPSEEK_API_KEY |
DeepSeek API key (required for schema validation) |
GITHUB_TOKEN |
GitHub token (auto in Actions, set in .env for local) |
TAVILY_API_KEY |
Web search β get free key at tavily.com |
FIRECRAWL_API_KEY |
Deep web scraping β firecrawl.dev |
SLACK_BOT_TOKEN |
Slack bot token for notifications |
GITHUB_REPOSITORY |
owner/repo format |
FLAGS_JSON_PATH |
Path to flags.json (default: ./flags.json) |
GATEKEEPER_STRICT |
true = WITH-CAUTION also exits 1 |
GATEKEEPER_DRY_RUN |
true = skip GitHub API, print to console |
GateKeeper/
βββ server.js β Chat server + streaming agent loop
βββ public/
β βββ index.html β Chat UI
βββ src/
β βββ index.js β CI orchestrator (9-step pipeline)
β βββ utils.js β Scoring + formatting utilities
β βββ certificate.js β Release certificate generator
β βββ github.js β GitHub API (comments, commit status)
β βββ brain/
β β βββ claude.js β Claude Sonnet risk assessment
β β βββ deepseek.js β DeepSeek schema validation + context prep
β βββ tools/
β β βββ definitions.js β All tool schemas (Claude tool_use API)
β β βββ executor.js β Tool implementations (real actions)
β βββ memory/
β β βββ store.js β Persistent memory across sessions
β βββ gates/
β βββ index.js β Gate runner + score calculator
β βββ gate1-kill-switch.js
β βββ gate2-rollout.js
β βββ gate3-environment.js
β βββ gate4-test-coverage.js
β βββ gate5-error-rate.js
β βββ gate6-canary.js
β βββ gate7-flag-age.js
β βββ gate8-blast-radius.js
β βββ gate9-dependencies.js
βββ .env.example β Copy this β .env and fill in your keys
| Field | Type | Required | Description |
|---|---|---|---|
release.feature |
string | β | Feature name (slug) |
release.version |
string | β | Semver version |
release.owner |
string | β | Team or individual owner |
flags.killSwitch |
boolean | β | Emergency blocker switch |
flags.rolloutPercentage |
number | β | Current rollout % (0β100) |
flags.environments.* |
object | recommended | Per-environment validation records |
quality.testCoverage |
number | recommended | Test coverage % |
quality.errorRatePercent |
number | recommended | Current error rate % |
risk.blastRadius |
string | recommended | low / medium / high / critical |
risk.hasRollbackPlan |
boolean | recommended | Whether a rollback plan exists |
dependencies.criticalVulnerabilities |
number | recommended | Count of CRITICAL CVEs |
π€ GateKeeper Β· Autonomous Release Intelligence
Built by Angela Hudson Β· Powered by Claude AI Β· Deployed via GitHub Actions