Show HN: GateTest – 110 QA checks in one scan, auto-fix PR for what it finds

GateTest launched a new CI tool that runs 110 quality assurance checks in a single scan and automatically generates a pull request with fixes within 60 seconds. The tool uses Claude Sonnet 4 to identify bugs, security issues, and CI failures, then writes, tests, and pair-reviews the fix before opening a PR. GateTest operates on a pay-per-scan model with no subscription or minimum, offering a free preview that shows the top three issues and a health score.

Your CI just went red. By morning, there's a PR with the fix. 110 checks, one gate, auto-fix PRs in 60 seconds. We catch the bugs, security issues, and CI rot that crash your deploy. Then we open a pull request with the fix already written, tested, and pair-reviewed by a second AI. Pay per scan — no subscription, no minimum. Built on Claude Sonnet 4 — the model that wins SWE-bench Verified, not the most expensive one in the lineup. We tested. We picked the model that actually fixes bugs. Net effect: every tier ships ~5x deeper analysis at the same price. Free preview — top 3 issues plus your Health Score. No signup, no install. WordPress site? → /wp Want a repo scan instead? Pick a tier ↓ pricing or install the GitHub App /github/setup . From red CI to merged fix — while you sleep. Most tools tell you what's broken. We open the PR that fixes it. This is what a single GateTest run looks like, end-to-end. A test breaks on main × crontech-api.service failed ReferenceError: resolveTenantCapForHotPath is not defined at apps/api/src/cdn/handler.ts:65:22 Bun v1.3.14 Linux x64 ::error file=apps/api/src/cdn/handler.ts, line=65::ReferenceError A real Crontech failure from 2026-05-24. The api crashed at module load. Rollback also failed. Auto-fix runs while you sleep - Re-runs the gate to isolate the failing module - Reads the project conventions README, AGENTS.md - Generates the fix with Claude Sonnet 4 - Validates the fix re-passes the gate - Writes a regression test for the bug - Pair-reviews the fix with a second Claude ~38 seconds, ~$0.02 in Anthropic API spend per fix on the $99 tier. Margin: 100x. A fix PR lands in your repo js + import { resolveTenantCapForHotPath } + from "./quotas"; const handler = createSomething { tenantCapResolver: resolveTenantCapForHotPath, ... } ; ✓ Tests added 1 ✓ Gate green One-click “Commit suggestion” in GitHub. CI re-runs green. You wake up to a merged fix instead of a 47-message Slack thread. No other tool ships scan + fix + regression test + pair-review + cross-finding correlation on pay-per-scan pricing. We do. Twelve tools. One config. One bill. Hover any tile to see the GateTest module that replaces it. The full table's in the breakdown below kills-table — 30+ tools across the entire QA stack. --module security --module codeQuality --module lint --module e2e --module compatibility --module performance --module accessibility --module dependencies --module dependencies --module dockerfile --module terraform --module ciSecurity unitTests e2e lint security dependencies dockerfile ciSecurity shell sqlMigrations terraform kubernetes promptSafety aiGuardrails deadCode secretRotation webHeaders typescriptStrictness importCycle redos performance accessibility visual codeQuality secrets links Plus 12 more modules with no direct competitor: AI code review, fake-fix detector, mutation testing, chaos / fuzz pass, autonomous exploration, live crawling, data integrity, documentation validation, compatibility analysis, integration-test detection, CI generation, SARIF output. Four layers. Compounding. Every competitor either ships pattern matchers cheap, brittle or ships LLM-only fixes slow, expensive, hallucinates . We stack four deterministic layers in front of Claude. Most fixes never reach the LLM. Margin works. Quality compounds. AST fix Deterministic transforms on the parse tree. rejectUnauthorized: false → true. httpOnly: false → true. The compiler proves correctness; no LLM needed. Rule fix Codemod recipes per finding class. Wildcard CORS origin + credentials. Missing CSP. Cookie hardening. One regex-bounded rewrite per pattern. Recipe lookup Cached fixes from every prior scan, compounding. When a scan resolves a novel finding, the diff is stored. Next time that finding shape arrives — local or someone else's repo — we apply the cached patch. Claude Only the genuinely novel cases reach the LLM. Iterative loop with N retries, syntax gate, scanner re-validation, pair-review on $199+, attack-chain correlation on $399. Self-healing CI When CI breaks, the agent reads the failing log, walks back to the failing line, applies the right layer AST → rule → recipe → Claude , runs the gate again, opens a PR. You review the diff and merge. The build was red for fifteen minutes; you didn't have to look at it. The recipe layer remembers, so the next time the same failure happens — your repo or someone else's — it's fixed before you see it. How it actually works /how-it-works Layer percentages are derived from our own self-scan + the four real-repo proofs in docs/proofs/ . Your mileage will vary by tier and codebase shape. Trust the green. GateTest runs against itself on every push to main. If our own gate were red we'd have no business asking you to use it. Below is the live status panel — same shape you'll see on your repo. View CI runs https://github.com/crclabs-hq/GateTest/actions The self-scan workflow lives in .github/workflows/ci.yml . Bible Forbidden 24 means continue-on-error: true is banned on the gate step — so a red gate would block the commit, not just warn. Zero config. Zero ceremony. One npx command for local. One YAML file for CI. The whole thing runs on Node 20+. No build step, no Docker image, no daemon. bash $ npx gatetest --suite quick bash scan a single repo locally $ npx gatetest --suite quick all 110 modules, blocking gate $ npx gatetest --suite full scan a public website $ npx gatetest --url https://yoursite.com watch mode — re-run on every file change $ npx gatetest --watch .github/workflows/gatetest.yml name: GateTest on: push, pull request jobs: gate: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 20 - run: npx gatetest --suite full --reporter sarif NOTE: do NOT add continue-on-error: true here The whole point of a gate is that it gates. Zero dependencies. Zero telemetry by default. Source is on GitHub https://github.com/crclabs-hq/GateTest — MIT-licensed. The CLI itself is free; the auto-fix tiers are paid. Pay when it's done. Not before. One-time payment per scan via Stripe. We run the scan and deliver the report. On Scan + Fix and Forensic Scan tiers Claude also opens the fix PR. No subscription, no auto-renew. 2. Choose a scan tier below Quick Scan Essential checks. Syntax, linting, secrets, and code quality. Scan-only — no auto-fix. By continuing you agree to our Terms /legal/terms , Privacy Policy /legal/privacy , and Refund Policy /legal/refunds . - ✓Syntax & compilation validation - ✓Linting checks - ✓Secret & credential detection - ✓Code quality analysis - ✓Detailed report with file & line numbers - ✓Scan-only — auto-fix is a Scan + Fix tier feature - ✓Per-scan payment — no subscription Most PopularFull Scan$99per scanAll 110 modulesEvery module. Security, accessibility, SEO, AI code review, and more. Scan-only — no auto-fix.Run Full ScanBy continuing you agree to our Terms, Privacy Policy, and Refund Policy.✓Everything in Quick Scan✓Security OWASP, XSS, SQLi, SSRF, ReDoS, TLS, cookies ✓Accessibility WCAG 2.2 automated audit — AA + AAA-aligned ✓Supply chain — typosquats + license compliance✓IaC security — Dockerfile, K8s, Terraform✓CI/CD hardening — unpinned actions, permissions✓Auth flaws — JWT, bcrypt, cookies✓Migration safety — dangerous SQL patterns✓Flaky test detector✓AI code review by Claude✓Scan-only — auto-fix is a Scan + Fix tier feature Scan + Fix Full Scan plus a second-Claude pair-review on every fix and a codebase-shape architecture report. By continuing you agree to our Terms /legal/terms , Privacy Policy /legal/privacy , and Refund Policy /legal/refunds . - ✓Everything in Full Scan - ✓Pair-review critique on every fix — second Claude scores correctness, completeness, readability, test coverage - ✓Architecture annotator — design observations on codebase shape layering, duplication, god objects - ✓Both reports posted as separate PR comments - ✓Iterative fix loop with N retries — Claude learns from its own failed attempts - ✓Cross-file syntax + scanner gates — broken fixes never ship - ✓Regression test for every fix — your suite gets stronger when you merge Forensic Scan The deepest scan we offer. Real Claude diagnosis, attack-chain correlation, board-ready CISO report, executive summary. By continuing you agree to our Terms /legal/terms , Privacy Policy /legal/privacy , and Refund Policy /legal/refunds . - ✓Everything in Scan + Fix - ✓Real Claude diagnosis on every finding — no templated snippets, every fix reasoned from your specific evidence - ✓Cross-finding attack-chain correlation — textbook session-forgery / supply-chain / rotation-impossible vectors that per-finding scanners can never see - ✓CTO-readable executive summary — single document, plain language, real recommendations - ✓Board-ready CISO report OWASP Top 10, SOC2, CIS v8, 30/60/90-day roadmap — attached to every PR - ✓Best margin if you're shipping money or PII — the $399 hits all the high-stakes bug classes - ✓Also available via the GitHub Action: mutation testing mutates your source against your tests and chaos / fuzz pass adversarial inputs against HTTP routes, CLI args, file parsers — runs wherever your CI runs, set mutation: true / chaos: true on the action Self-hosted scanner · private infra · SLA Everything in Forensic Scan, run inside your network or VPC. Dedicated account manager, signed SLA, custom modules, custom suppression policies, audit log export. For regulated industries fintech, healthcare, defence and orgs with strict data-residency rules. - ✓On-prem or private-VPC deployment - ✓Dedicated infra, no shared compute - ✓Signed SLA, support response targets - ✓Custom modules + suppression policies Talk to sales → mailto:enterprise@gatetest.ai?subject=Enterprise%20enquiry Pen Test · live exploit probes · $999 Everything in Forensic Scan, PLUS live active probing of your URL with industry-standard payload classes — SQL injection error/boolean/timing , reflected XSS, path traversal, IDOR, auth-bypass headers, open redirect, CSRF. Signed Rules of Engagement, DNS-TXT ownership verification, full audit trail. Most of the value of a $5,000 human pen test for $999. - · Live payload probes non-destructive - · DNS-TXT domain-ownership verification - · Signed Rules of Engagement - · Per-host rate limiting don't take down your prod - · Cryptographic audit log of every probe Continuous Scan every push. Weekly scheduled deep scan. Email on score regression. - ✓Scan on every push GitHub App or Gluecron-host - ✓Weekly full-suite scheduled scan - ✓Email + Slack on score regression - ✓Trend dashboard — see your gate getting greener week-over-week Notify me when live→ mailto:hello@gatetest.ai?subject=Notify%20me%20when%20Continuous%20%2449%2Fmo%20is%20live All scans include a detailed report. The AI fix PR is included on the Scan + Fix $199 and Forensic Scan $399 tiers. Per-scan payment via Stripe. Once a scan delivers, the service is rendered — refunds at our discretion for non-delivery only. Common skeptical questions. Answers calibrated for the engineer who showed up from a Hacker News thread. We are too. Is this just another AI tool? flywheel architecture flywheel is the moat. Is my code stored anywhere? Privacy policy. /legal/privacy Why not just ESLint + Snyk + the other 10 tools? the full replacement table kills-table or compare us tool-by-tool comparison . Per-scan pricing — what's the catch? hello@gatetest.ai mailto:hello@gatetest.ai — we re-run it or issue a credit at our discretion. Scan-finish rate is well above 99% on real repos, so this rarely happens. Is the gate actually strict? continue-on-error: true on the gate step. We dog-food this: our own self-scan self-scan is a hard gate on every push to main. If a competitor lets you silently skip a failing check, that's how 80% of the wins in QA-platform marketing slip into prod anyway. Can I trust an AI to repair my CI? docs/proofs/ .Still have questions? hello@gatetest.ai mailto:hello@gatetest.ai · file an issue https://github.com/crclabs-hq/GateTest/issues Scans every major framework, runtime, and infra primitive Eaten our own dog food GateTest currently protects Crontech.ai https://crontech.ai and Gluecron.com https://gluecron.com as a CI gate. Same engine, same rules, same gate. The integration script is published — feel free to clone the workflow.