{"slug": "show-hn-gatetest-110-qa-checks-in-one-scan-auto-fix-pr-for-what-it-finds", "title": "Show HN: GateTest – 110 QA checks in one scan, auto-fix PR for what it finds", "summary": "GateTest launched a new CI tool that runs 110 quality assurance checks in a single scan and automatically generates a pull request with fixes within 60 seconds. The tool uses Claude Sonnet 4 to identify bugs, security issues, and CI failures, then writes, tests, and pair-reviews the fix before opening a PR. GateTest operates on a pay-per-scan model with no subscription or minimum, offering a free preview that shows the top three issues and a health score.", "body_md": "# Your CI just went red.\n\nBy morning, there's a PR with the fix.\n\n110 checks, one gate, auto-fix PRs in 60 seconds.\n\nWe catch the bugs, security issues, and CI rot that crash your deploy. Then we open a pull request with the fix already written, tested, and pair-reviewed by a second AI. Pay per scan — no subscription, no minimum.\n\nBuilt on Claude Sonnet 4 — the model that wins SWE-bench Verified, not the most expensive one in the lineup. We tested. We picked the model that actually fixes bugs.\n\nNet effect: every tier ships ~5x deeper analysis at the same price.\n\nFree preview — top 3 issues plus your Health Score. No signup, no install.\n\n[WordPress site? →](/wp)\n\nWant a repo scan instead? [Pick a tier ↓](#pricing) or [install the GitHub App](/github/setup).\n\n## From red CI to merged fix — while you sleep.\n\nMost tools tell you what's broken. We open the PR that fixes it. This is what a single GateTest run looks like, end-to-end.\n\n### A test breaks on main\n\n```\n× crontech-api.service failed\n  ReferenceError: resolveTenantCapForHotPath\n    is not defined\n  at apps/api/src/cdn/handler.ts:65:22\n  Bun v1.3.14 (Linux x64)\n\n  ::error file=apps/api/src/cdn/handler.ts,\n    line=65::ReferenceError\n```\n\nA real Crontech failure from 2026-05-24. The api crashed at module load. Rollback also failed.\n\n### Auto-fix runs while you sleep\n\n- Re-runs the gate to isolate the failing module\n- Reads the project conventions (README, AGENTS.md)\n- Generates the fix with Claude Sonnet 4\n- Validates the fix re-passes the gate\n- Writes a regression test for the bug\n- Pair-reviews the fix with a second Claude\n\n~38 seconds, ~$0.02 in Anthropic API spend per fix on the $99 tier. Margin: 100x.\n\n### A fix PR lands in your repo\n\n``` js\n+ import { resolveTenantCapForHotPath }\n+   from \"./quotas\";\n\n  const handler = createSomething({\n    tenantCapResolver:\n      resolveTenantCapForHotPath,\n    ...\n  });\n\n✓ Tests added (1)  ✓ Gate green\n```\n\nOne-click “Commit suggestion” in GitHub. CI re-runs green. You wake up to a merged fix instead of a 47-message Slack thread.\n\nNo other tool ships **scan + fix + regression test + pair-review + cross-finding correlation** on pay-per-scan pricing. We do.\n\n## Twelve tools. One config.\n\nOne bill.\n\nHover any tile to see the GateTest module that replaces it. The full table's in [the breakdown below](#kills-table) — 30+ tools across the entire QA stack.\n\n`--module security`\n\n`--module codeQuality`\n\n`--module lint`\n\n`--module e2e`\n\n`--module compatibility`\n\n`--module performance`\n\n`--module accessibility`\n\n`--module dependencies`\n\n`--module dependencies`\n\n`--module dockerfile`\n\n`--module terraform`\n\n`--module ciSecurity`\n\n`unitTests`\n\n`e2e`\n\n`lint`\n\n`security`\n\n`dependencies`\n\n`dockerfile`\n\n`ciSecurity`\n\n`shell`\n\n`sqlMigrations`\n\n`terraform`\n\n`kubernetes`\n\n`promptSafety`\n\n`aiGuardrails`\n\n`deadCode`\n\n`secretRotation`\n\n`webHeaders`\n\n`typescriptStrictness`\n\n`importCycle`\n\n`redos`\n\n`performance`\n\n`accessibility`\n\n`visual`\n\n`codeQuality`\n\n`secrets`\n\n`links`\n\nPlus 12 more modules with no direct competitor: AI code review, fake-fix detector, mutation testing, chaos / fuzz pass, autonomous exploration, live crawling, data integrity, documentation validation, compatibility analysis, integration-test detection, CI generation, SARIF output.\n\n## Four layers. Compounding.\n\nEvery competitor either ships pattern matchers (cheap, brittle) or ships LLM-only fixes (slow, expensive, hallucinates). We stack four deterministic layers in front of Claude. Most fixes never reach the LLM. Margin works. Quality compounds.\n\n### AST fix\n\nDeterministic transforms on the parse tree.\n\nrejectUnauthorized: false → true. httpOnly: false → true. The compiler proves correctness; no LLM needed.\n\n### Rule fix\n\nCodemod recipes per finding class.\n\nWildcard CORS origin + credentials. Missing CSP. Cookie hardening. One regex-bounded rewrite per pattern.\n\n### Recipe lookup\n\nCached fixes from every prior scan, compounding.\n\nWhen a scan resolves a novel finding, the diff is stored. Next time that finding shape arrives — local or someone else's repo — we apply the cached patch.\n\n### Claude\n\nOnly the genuinely novel cases reach the LLM.\n\nIterative loop with N retries, syntax gate, scanner re-validation, pair-review on $199+, attack-chain correlation on $399.\n\n### Self-healing CI\n\nWhen CI breaks, the agent reads the failing log, walks back to the failing line, applies the right layer (AST → rule → recipe → Claude), runs the gate again, opens a PR. You review the diff and merge. The build was red for fifteen minutes; you didn't have to look at it. The recipe layer remembers, so the next time the same failure happens — your repo or someone else's — it's fixed before you see it.\n\n[How it actually works](/how-it-works)\n\nLayer percentages are derived from our own self-scan + the four real-repo proofs in `docs/proofs/`\n\n. Your mileage will vary by tier and codebase shape.\n\n## Trust the green.\n\nGateTest runs against itself on every push to main. If our own gate were red we'd have no business asking you to use it. Below is the live status panel — same shape you'll see on your repo.\n\n[View CI runs](https://github.com/crclabs-hq/GateTest/actions)\n\nThe self-scan workflow lives in `.github/workflows/ci.yml`\n\n. Bible Forbidden #24 means `continue-on-error: true`\n\nis banned on the gate step — so a red gate would block the commit, not just warn.\n\n## Zero config. Zero ceremony.\n\nOne npx command for local. One YAML file for CI. The whole thing runs on Node 20+. No build step, no Docker image, no daemon.\n\n``` bash\n$ npx gatetest --suite quick\nbash\n# scan a single repo locally\n$ npx gatetest --suite quick\n\n# all 110 modules, blocking gate\n$ npx gatetest --suite full\n\n# scan a public website\n$ npx gatetest --url https://yoursite.com\n\n# watch mode — re-run on every file change\n$ npx gatetest --watch\n# .github/workflows/gatetest.yml\nname: GateTest\non: [push, pull_request]\n\njobs:\n  gate:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-node@v4\n        with:\n          node-version: 20\n      - run: npx gatetest --suite full --reporter sarif\n        # NOTE: do NOT add continue-on-error: true here\n        # The whole point of a gate is that it gates.\n```\n\nZero dependencies. Zero telemetry by default. Source is [on GitHub](https://github.com/crclabs-hq/GateTest) — MIT-licensed. The CLI itself is free; the auto-fix tiers are paid.\n\n## Pay when it's done. Not before.\n\nOne-time payment per scan via Stripe. We run the scan and deliver the report. On Scan + Fix and Forensic Scan tiers Claude also opens the fix PR. No subscription, no auto-renew.\n\n2. Choose a scan tier below\n\n### Quick Scan\n\nEssential checks. Syntax, linting, secrets, and code quality. Scan-only — no auto-fix.\n\nBy continuing you agree to our [Terms](/legal/terms), [Privacy Policy](/legal/privacy), and [Refund Policy](/legal/refunds).\n\n- ✓Syntax & compilation validation\n- ✓Linting checks\n- ✓Secret & credential detection\n- ✓Code quality analysis\n- ✓Detailed report with file & line numbers\n- ✓Scan-only — auto-fix is a Scan + Fix tier feature\n- ✓Per-scan payment — no subscription\n\n```\nMost PopularFull Scan$99per scanAll 110 modulesEvery module. Security, accessibility, SEO, AI code review, and more. Scan-only — no auto-fix.Run Full ScanBy continuing you agree to our Terms, Privacy Policy, and Refund Policy.✓Everything in Quick Scan✓Security (OWASP, XSS, SQLi, SSRF, ReDoS, TLS, cookies)✓Accessibility (WCAG 2.2 automated audit — AA + AAA-aligned)✓Supply chain — typosquats + license compliance✓IaC security — Dockerfile, K8s, Terraform✓CI/CD hardening — unpinned actions, permissions✓Auth flaws — JWT, bcrypt, cookies✓Migration safety — dangerous SQL patterns✓Flaky test detector✓AI code review by Claude✓Scan-only — auto-fix is a Scan + Fix tier feature\n```\n\n### Scan + Fix\n\nFull Scan plus a second-Claude pair-review on every fix and a codebase-shape architecture report.\n\nBy continuing you agree to our [Terms](/legal/terms), [Privacy Policy](/legal/privacy), and [Refund Policy](/legal/refunds).\n\n- ✓Everything in Full Scan\n- ✓Pair-review critique on every fix — second Claude scores correctness, completeness, readability, test coverage\n- ✓Architecture annotator — design observations on codebase shape (layering, duplication, god objects)\n- ✓Both reports posted as separate PR comments\n- ✓Iterative fix loop with N retries — Claude learns from its own failed attempts\n- ✓Cross-file syntax + scanner gates — broken fixes never ship\n- ✓Regression test for every fix — your suite gets stronger when you merge\n\n### Forensic Scan\n\nThe deepest scan we offer. Real Claude diagnosis, attack-chain correlation, board-ready CISO report, executive summary.\n\nBy continuing you agree to our [Terms](/legal/terms), [Privacy Policy](/legal/privacy), and [Refund Policy](/legal/refunds).\n\n- ✓Everything in Scan + Fix\n- ✓Real Claude diagnosis on every finding — no templated snippets, every fix reasoned from your specific evidence\n- ✓Cross-finding attack-chain correlation — textbook session-forgery / supply-chain / rotation-impossible vectors that per-finding scanners can never see\n- ✓CTO-readable executive summary — single document, plain language, real recommendations\n- ✓Board-ready CISO report (OWASP Top 10, SOC2, CIS v8, 30/60/90-day roadmap) — attached to every PR\n- ✓Best margin if you're shipping money or PII — the $399 hits all the high-stakes bug classes\n- ✓Also available via the GitHub Action: mutation testing (mutates your source against your tests) and chaos / fuzz pass (adversarial inputs against HTTP routes, CLI args, file parsers) — runs wherever your CI runs, set mutation: true / chaos: true on the action\n\n### Self-hosted scanner · private infra · SLA\n\nEverything in Forensic Scan, run inside your network or VPC. Dedicated account manager, signed SLA, custom modules, custom suppression policies, audit log export. For regulated industries (fintech, healthcare, defence) and orgs with strict data-residency rules.\n\n- ✓On-prem or private-VPC deployment\n- ✓Dedicated infra, no shared compute\n- ✓Signed SLA, support response targets\n- ✓Custom modules + suppression policies\n\n[Talk to sales →](mailto:enterprise@gatetest.ai?subject=Enterprise%20enquiry)\n\n### Pen Test · live exploit probes · $999\n\nEverything in Forensic Scan, PLUS live active probing of your URL with industry-standard payload classes — SQL injection (error/boolean/timing), reflected XSS, path traversal, IDOR, auth-bypass headers, open redirect, CSRF. Signed Rules of Engagement, DNS-TXT ownership verification, full audit trail. Most of the value of a $5,000 human pen test for $999.\n\n- · Live payload probes (non-destructive)\n- · DNS-TXT domain-ownership verification\n- · Signed Rules of Engagement\n- · Per-host rate limiting (don't take down your prod)\n- · Cryptographic audit log of every probe\n\n### Continuous\n\nScan every push. Weekly scheduled deep scan. Email on score regression.\n\n- ✓Scan on every push (GitHub App or Gluecron-host)\n- ✓Weekly full-suite scheduled scan\n- ✓Email + Slack on score regression\n- ✓Trend dashboard — see your gate getting greener week-over-week\n\n[Notify me when live→](mailto:hello@gatetest.ai?subject=Notify%20me%20when%20Continuous%20%2449%2Fmo%20is%20live)\n\nAll scans include a detailed report. The AI fix PR is included on the Scan + Fix ($199) and Forensic Scan ($399) tiers. Per-scan payment via Stripe. Once a scan delivers, the service is rendered — refunds at our discretion for non-delivery only.\n\n## Common skeptical questions.\n\nAnswers calibrated for the engineer who showed up from a Hacker News thread. We are too.\n\n## Is this just another AI tool?\n\n[flywheel architecture](#flywheel)is the moat.\n\n## Is my code stored anywhere?\n\n[Privacy policy.](/legal/privacy)\n\n## Why not just ESLint + Snyk + the other 10 tools?\n\n[the full replacement table](#kills-table)or compare us\n\n[tool-by-tool](#comparison).\n\n## Per-scan pricing — what's the catch?\n\n[hello@gatetest.ai](mailto:hello@gatetest.ai)— we re-run it or issue a credit at our discretion. Scan-finish rate is well above 99% on real repos, so this rarely happens.\n\n## Is the gate actually strict?\n\n`continue-on-error: true`\n\non the gate step. We dog-food this: our own [self-scan](#self-scan)is a hard gate on every push to main. If a competitor lets you silently skip a failing check, that's how 80% of the wins in QA-platform marketing slip into prod anyway.\n\n## Can I trust an AI to repair my CI?\n\n`docs/proofs/`\n\n.Still have questions? [hello@gatetest.ai](mailto:hello@gatetest.ai) · [file an issue](https://github.com/crclabs-hq/GateTest/issues)\n\nScans every major framework, runtime, and infra primitive\n\nEaten our own dog food\n\nGateTest currently protects [Crontech.ai](https://crontech.ai) and [Gluecron.com](https://gluecron.com) as a CI gate.\n\nSame engine, same rules, same gate. The integration script is published — feel free to clone the workflow.", "url": "https://wpnews.pro/news/show-hn-gatetest-110-qa-checks-in-one-scan-auto-fix-pr-for-what-it-finds", "canonical_source": "https://www.gatetest.ai/", "published_at": "2026-06-04 12:41:25+00:00", "updated_at": "2026-06-04 12:49:13.565073+00:00", "lang": "en", "topics": ["ai-products", "ai-tools", "ai-agents", "ai-startups", "large-language-models"], "entities": ["GateTest", "Claude Sonnet 4", "Crontech", "SWE-bench", "GitHub"], "alternates": {"html": "https://wpnews.pro/news/show-hn-gatetest-110-qa-checks-in-one-scan-auto-fix-pr-for-what-it-finds", "markdown": "https://wpnews.pro/news/show-hn-gatetest-110-qa-checks-in-one-scan-auto-fix-pr-for-what-it-finds.md", "text": "https://wpnews.pro/news/show-hn-gatetest-110-qa-checks-in-one-scan-auto-fix-pr-for-what-it-finds.txt", "jsonld": "https://wpnews.pro/news/show-hn-gatetest-110-qa-checks-in-one-scan-auto-fix-pr-for-what-it-finds.jsonld"}}