Quality gates for AI-assisted code. Prevent AI limbo engineering by scanning every PR for governance violations, quality regressions, and anti-patterns.
The only GitHub Action that measures whether AI is helping or hurting your codebase.
- uses: Forge-Space/forge-ai-action@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tenant: ${{ vars.FORGE_TENANT_ID }}
tenant_profile_ref: ${{ vars.FORGE_TENANT_PROFILE_REF }}That's it. Every PR gets a quality report with score, delta, findings, and a pass/fail gate.
tenant_profile_ref must point to a profile file present in the runner workspace
(for example, checked out from Forge-Space/forge-tenant-profiles).
The action fails fast when tenant is missing, tenant_profile_ref is missing/not
found, or tenant does not match tenant_id in the profile.
Fails the check if the quality score drops below the threshold:
name: Quality Gate
on: [pull_request]
jobs:
forge:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: Forge-Space/forge-ai-action@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tenant: ${{ vars.FORGE_TENANT_ID }}
tenant_profile_ref: ${{ vars.FORGE_TENANT_PROFILE_REF }}
threshold: 75Report quality without blocking:
- uses: Forge-Space/forge-ai-action@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tenant: ${{ vars.FORGE_TENANT_ID }}
tenant_profile_ref: ${{ vars.FORGE_TENANT_PROFILE_REF }}
command: scanShow what changed compared to the base branch:
- uses: Forge-Space/forge-ai-action@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tenant: ${{ vars.FORGE_TENANT_ID }}
tenant_profile_ref: ${{ vars.FORGE_TENANT_PROFILE_REF }}
command: diffRun a full project health assessment (5 categories):
- uses: Forge-Space/forge-ai-action@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tenant: ${{ vars.FORGE_TENANT_ID }}
tenant_profile_ref: ${{ vars.FORGE_TENANT_PROFILE_REF }}
command: assessFull migration toolkit — health assessment, strangler boundaries, TypeScript migration plan, dependency risks, and a phased roadmap with quality gates:
- uses: Forge-Space/forge-ai-action@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tenant: ${{ vars.FORGE_TENANT_ID }}
tenant_profile_ref: ${{ vars.FORGE_TENANT_PROFILE_REF }}
command: migrate
threshold: 40Validate whether changed production files have required generated tests.
- uses: Forge-Space/forge-ai-action@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tenant: ${{ vars.FORGE_TENANT_ID }}
tenant_profile_ref: ${{ vars.FORGE_TENANT_PROFILE_REF }}
command: test-autogen-check
test_autogen_phase: phase1The command uses argument-based process execution and branch-safe diff-base detection for CI runners.
Sonar analysis is configured via sonar-project.properties to ignore generated dist/** artifacts.
Tenant profile parsing uses deterministic string-based YAML line parsing to avoid regex backtracking
hotspots while preserving inline comment support.
- uses: Forge-Space/forge-ai-action@v1
id: forge
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tenant: ${{ vars.FORGE_TENANT_ID }}
tenant_profile_ref: ${{ vars.FORGE_TENANT_PROFILE_REF }}
command: migrate
- run: |
echo "Score: ${{ steps.forge.outputs.score }}"
echo "Readiness: ${{ steps.forge.outputs.readiness }}"
echo "Strategy: ${{ steps.forge.outputs.strategy }}"
echo "Passed: ${{ steps.forge.outputs.passed }}"| Input | Default | Description |
|---|---|---|
tenant |
- | Tenant identifier (must match tenant_id in profile) |
tenant_profile_ref |
- | Path to tenant profile file (yaml/json) available in workspace |
command |
gate |
Command: gate, scan, diff, assess, migrate, or test-autogen-check |
threshold |
60 |
Minimum score (0-100) for gate command |
config |
'' |
Reserved no-op placeholder (currently ignored at runtime) |
comment |
true |
Post PR comment with results |
annotations |
true |
Add inline file annotations |
test_autogen_phase |
warn |
Enforcement phase for test-autogen-check: warn, phase1, phase2 |
| Output | Description |
|---|---|
score |
Quality score (0-100) |
delta |
Score change vs base branch |
passed |
Whether the gate passed (true/false) |
findings-count |
Number of new findings |
readiness |
Migration readiness: ready, needs-work, high-risk (assess/migrate) |
strategy |
Recommended migration strategy (assess/migrate) |
109 rules across 10 categories:
- Security — hardcoded secrets, SQL injection, XSS, eval usage
- Architecture — god files, circular deps, barrel file abuse
- Error Handling — empty catch, swallowed errors, missing error boundaries
- AI Governance — AI anti-patterns, vibe-coded shortcuts, limbo indicators
- Code Quality — any types, console.log, TODO/FIXME, magic numbers
- Performance — N+1 queries, missing indexes, sync I/O
- Accessibility — missing alt text, unlabeled form controls
- Testing — skipped tests, weak assertions
- Migration — legacy patterns, deprecated APIs
- Scalability — unbounded queries, missing pagination
Supports: TypeScript, JavaScript, Python, Go, Rust, Java, Kotlin, Vue, Svelte
The config input is currently a compatibility placeholder and is ignored at runtime.
You can still pass config in workflows to preserve forward compatibility, but it does
not change rule selection, thresholds, or scanner behavior in the current action.
- Scans your codebase with forge-ai-init's 109-rule scanner
- Compares against the base branch to compute quality delta
- Posts a PR comment with score, grade, findings, and category breakdown
- Adds inline annotations on files with issues
- Sets a pass/fail status check based on your threshold
For migrate command, it additionally:
6. Assesses project health across 5 categories (deps, architecture, security, quality, migration-readiness)
7. Generates a phased migration roadmap with quality gates per phase
8. Identifies strangler boundaries, dependency risks, and TypeScript migration candidates
MIT