OpenSkillIndex← back to search
claude-code

Codymaster cm-quality-gate

Use before any deployment or completion claim. Enforces test gates, evidence-based verification, and frontend safety checks. No deploy without passing. No claims without evidence.

install
source · Clone the upstream repo
git clone https://github.com/tody-agent/codymaster
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/tody-agent/codymaster "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/cm-quality-gate" ~/.claude/skills/tody-agent-codymaster-cm-quality-gate && rm -rf "$T"
manifest: skills/cm-quality-gate/SKILL.md
source content

Quality Gate — Test + Verify + Ship Safe

Three checkpoints, one skill: Pre-deploy testing, evidence verification, frontend safety.

The Iron Laws

  1. NO DEPLOY without passing 
    test:gate
    .
  2. NO CLAIMS without fresh verification output.
  3. NO FRAGILE FRONTEND — safety tests are mandatory.

Phase 0: Infrastructure Setup

Goal: Identify the framework and install the correct testing dependencies.

  1. Detect Stack: Check 
    package.json
    for framework (React, Vue, Astro, etc.) and 
    wrangler.json(c)
    .
  2. Install Deps: 
    npm install -D vitest jsdom acorn
  3. Configure: Create 
    vitest.config.ts
    or 
    vite.config.ts
    with 
    environment: 'jsdom'
    .
  4. Wire Scripts: 
    {
  "scripts": {
    "test:gate": "vitest run --reporter=verbose"
  }
}

Phase 1: The 4 Core Test Layers

Do not combine these files. They form the "Quality Gate."

Layer 1: Frontend Safety (
test/frontend-safety.test.ts
)

Prevents white screens, template corruption, and syntax errors.

test('app.js does not contain catastrophic corruption', () => {
    const code = fs.readFileSync('public/static/app.js', 'utf-8');
    expect(code).not.toMatch(/=\s*'[^']*\$\{t\(/); // Bug #1
    expect(code).not.toMatch(/<\s+[a-zA-Z]/); // Bug #2
});

Layer 2: API Routes (
test/api-routes.test.ts
)

Ensures backend endpoints respond correctly.

Layer 3: Business Logic (
test/business-logic.test.ts
)

Tests pure functions, validations, and transformations.

Layer 4: i18n Synchronization (
test/i18n-sync.test.ts
)

Guarantees all language files have identical key counts.

Phase 2: Execution (The Gates)

Gate 1: Pre-Deploy Testing

ALWAYS run 

npm run test:gate
before deploying. 0 failures required.

Protocol

  1. Check for skip override (explicit user words only):

    • ✅ "skip tests", "skip testing", "deploy without testing"
    • ❌ "deploy", "quick deploy", "just push it" (= tests required)

  2. Run test gate:

    npm run test:gate

  3. Parse results: total files, total tests, failures, duration

  4. Gate decision:

    • 0 failures → proceed to deploy
    • Any failures → STOP. Fix first. Do NOT deploy.

Anti-Patterns

DON'TDO
Deploy then testTest then deploy
"Tests passed earlier"Run fresh test:gate NOW
Skip for "small changes"Every change gets tested
Run test + deploy parallelSequential: test → gate → deploy

Gate 2: Evidence Before Claims

ALWAYS run the proving command before saying "fixed" or "done."

The Gate Function

1. IDENTIFY → What command proves this claim?
2. RUN → Execute the FULL command (fresh)
3. READ → Full output, check exit code
4. VERIFY → Does output confirm the claim?
5. ONLY THEN → Make the claim

Common Failures

ClaimRequiresNot Sufficient
Tests passTest output: 0 failures"Should pass", previous run
Build succeedsBuild: exit 0Linter passing
Bug fixedTest symptom: passesCode changed, assumed fixed
Requirements metLine-by-line checklistTests passing

Red Flags — STOP

  • Using "should", "probably", "seems to"
  • Expressing satisfaction before verification
  • Trusting agent success reports
  • ANY wording implying success without running verification

Gate 3: Frontend Integrity

Automated via Layer 1 above.

When

Setting up or enhancing test suites for projects with frontend JavaScript/TypeScript.

The 7 Layers

LayerWhat it checksPriority
1. Syntax ValidationJS parses without errors (via acorn)CRITICAL
2. Function IntegrityNamed functions exist and are callableRequired
3. Template SafetyHTML templates have matching tagsRequired
4. Asset ReferencesReferenced files actually existRequired
5. Corruption PatternsKnown bad patterns (empty functions, truncation)Required
6. Import/ExportModule references resolveRecommended
7. CSS ValidationCSS files parse correctlyRecommended

Setup

npm install -D vitest acorn

Layer 1: Syntax Check (Most Critical)

import { parse } from 'acorn';
import { readFileSync } from 'fs';

test('app.js has valid syntax', () => {
  const code = readFileSync('public/static/app.js', 'utf-8');
  expect(() => parse(code, { ecmaVersion: 2022, sourceType: 'script' })).not.toThrow();
});

This single test would have prevented the March 2026 white-screen incident.

Gate 4: Update Working Memory

After ALL gates pass, update 

.cm/CONTINUITY.md
:

  • Current Phase: Set to 
    verified
    or 
    ready-to-deploy
  • Just Completed: Add 
    ✅ Quality gate passed: [test count] tests, 0 failures

After ANY gate fails, FIRST run Memory Integrity Check:

  1. List active learnings/decisions for the failing module
  2. Ask: "Did AI follow a learning/decision that caused this failure?"
  3. If YES → HEAL memory (invalidate/correct/scope-reduce) BEFORE recording new learning
  4. Record meta-learning in 
    .cm/meta-learnings.json
    if memory was the cause

Then update 

.cm/CONTINUITY.md
:

  • Active Blockers: Add the failing gate details
  • Mistakes & Learnings: Record what failed with scope tag:
    • What Failed: [test/gate that failed]
    • How to Prevent: [fix pattern]
    • Scope: 
      module:{failing-module}
      or 
      global
      if systemic
    • Memory-caused: [yes/no — was existing memory the root cause?]

Token savings: Next session instantly knows if last run passed or failed without re-running the test suite just to check status.

Integration

SkillRelationship
cm-safe-deploy
Quality gate is the primary blocker for the deploy pipeline
cm-identity-guard
Verify identity before using quality gate to ship
cm-tdd
TDD creates the logic for Layer 3
cm-safe-i18n
Leverages Layer 4 for parity checks
cm-security-gate
PRE-REQUISITE for production: Security scan (Snyk + Aikido) PASS must be in deployment evidence. No production deploy without security clearance.

Evidence Requirements for Production Deploy

EvidenceCommandRequired
Test suite passes
npm run test:gate
✅ Always
Build succeeds
npm run build
✅ Always
Security scan passes
snyk test && aikido-api-client scan-release ...
✅ For production / public releases
i18n parityIncluded in test:gate✅ If multilingual

The Bottom Line

Test before deploy. Scan before release. Evidence before claims. Safety before shipping. Non-negotiable.