npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@bilkobibitkov/agent-gate

v0.2.10

Published

Pre-deploy CI gate for AI agents: regression tests, compliance scan, cost check — unified pass/fail verdict

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

bilkobibitkovbilkobibitkov

Keywords

aiagentcicomplianceeu-ai-acttesting

Readme

agent-gate

Part of Preflight Tests License

One command. Three checks. CI-friendly pass/fail.

Pre-deploy readiness gate for AI agents. Runs regression tests (Stepproof), compliance scan (agent-comply), and cost estimation in parallel — then exits 0 or 1.

npm install -g agent-gate stepproof agent-comply
agent-gate run

The problem

Shipping an AI agent to production requires three separate checks: did the behavior regress, does it pass compliance policy, and will it blow the budget? These live in separate tools with separate reports and separate CI steps. There's no unified verdict.

agent-gate is the glue. One config file, one command, one exit code.

30-second quickstart

npm install -g agent-gate stepproof agent-comply

# Scaffold config
agent-gate init

# Run all gates
agent-gate run

# Output:
# ╔══════════════════════════════════════╗
# ║  agent-gate v0.2.0  — 3 gates        ║
# ╚══════════════════════════════════════╝
#
# ✓  stepproof    12/12 scenarios passed    (4.2s)
# ✓  comply       No violations found        (1.8s)
# ⚠  cost         $0.31 / $0.50 budget       (0.1s)
#
# ══════════════════════════════════════
# Verdict: PASS  (6.1s)
# ══════════════════════════════════════
#
# Exit code: 0

Three gates

1. Stepproof — regression testing

Shells out to stepproof run against your scenario YAML files. Each scenario defines inputs, expected outputs, and pass criteria. Gate fails if any scenario fails (or if pass rate drops below your threshold).

Requires: stepproof installed

2. agent-comply — EU AI Act compliance

Shells out to agent-comply scan against your source directory. Gate fails if any classified model usage violates your policy file.

Requires: agent-comply installed

3. Cost estimation

Reads your model config and estimates cost per run against model pricing. Warns (or fails) if you exceed the configured budget.

Requires: nothing — runs offline from your .agent-gate.yaml

Config

agent-gate init

Scaffolds .agent-gate.yaml in the current directory:

stepproof:
  scenarios: ./scenarios/
  threshold: all              # 'all' or a number (e.g. 0.9 for 90%)

comply:
  policy: .agent-comply/policy.yaml

cost:
  budget_per_run: "$0.50"
  model_allowlist:
    - claude-sonnet-4-6
    - claude-haiku-4-5-20251001

Disable a gate by setting it to false:

stepproof: false   # skip regression tests
comply:
  policy: .agent-comply/policy.yaml
cost:
  budget_per_run: "$1.00"

CLI commands

agent-gate run

Run all enabled gates and produce a unified verdict.

agent-gate run                          # uses .agent-gate.yaml
agent-gate run --config ./ci/gate.yaml  # custom config path
agent-gate run --json                   # JSON output (for CI artifacts)
agent-gate run --no-fail                # always exit 0 (report-only)
agent-gate run --format sarif           # SARIF 2.1.0 output
agent-gate run --format junit           # JUnit XML output

Exit codes:

  • 0 — all gates passed
  • 1 — one or more gates failed

agent-gate init

Scaffold a .agent-gate.yaml config.

agent-gate init                         # writes .agent-gate.yaml
agent-gate init --output ./ci/gate.yaml # custom output path

agent-gate report

Run all gates and generate a detailed report (always exits 0).

agent-gate report                       # human-readable terminal output
agent-gate report --json                # JSON format
agent-gate report --format junit        # JUnit XML format
agent-gate report --format sarif        # SARIF 2.1.0 format

Use --format to control output format. The report command always exits 0 regardless of gate results — it is for inspection, not enforcement.

CI integration

GitHub Actions

name: Agent Gate

on: [push, pull_request]

jobs:
  gate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4
        with:
          node-version: 20

      - name: Install gates
        run: |
          npm install -g stepproof agent-comply agent-gate

      - name: Run agent-gate
        run: agent-gate run --json > gate-report.json

      - name: Upload gate report
        uses: actions/upload-artifact@v4
        if: always()
        with:
          name: gate-report
          path: gate-report.json

GitLab CI

agent-gate:
  image: node:20
  script:
    - npm install -g stepproof agent-comply agent-gate
    - agent-gate run
  artifacts:
    when: always
    paths:
      - gate-report.json

Structured reports

agent-gate outputs machine-readable SARIF 2.1.0 and JUnit XML for CI pipeline integration.

# Run all gates and output SARIF
agent-gate run --format sarif
agent-gate run --format sarif > gate-results.sarif

# Generate report in JUnit XML
agent-gate report --format junit

Integrate with GitHub Advanced Security:

# .github/workflows/agent-gate.yml
- name: Run agent gate
  run: agent-gate run --format sarif > gate-results.sarif

- name: Upload to GitHub Security tab
  uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: gate-results.sarif
  if: always()

Gate failures (regression tests, compliance violations, cost overruns) appear as code scanning alerts. Default output (no --format flag) is unchanged — human-readable terminal output.

Troubleshooting

Config not found. Run: agent-gate init

You haven't created .agent-gate.yaml yet. Run:

agent-gate init

Then edit .agent-gate.yaml to match your project structure.

stepproof: command not found or agent-comply: command not found

agent-gate shells out to these tools — they must be installed globally:

npm install -g stepproof agent-comply

All gates pass but I know something is broken

Check that your stepproof.scenarios path in .agent-gate.yaml points to the right directory. Gate uses the path as-is — a wrong directory will produce 0 scenarios and auto-pass.

Error: --format must be "sarif" or "junit"

Only sarif and junit are valid. For terminal output, omit --format:

agent-gate run                        # terminal output (default)
agent-gate run --format sarif         # SARIF for GitHub Security tab

Gate exits 1 in CI but I want a report without blocking

Use --no-fail to always exit 0:

agent-gate run --no-fail --json > gate-report.json

Or use agent-gate report (which never exits 1).

SARIF / JUnit output requires a license

export PREFLIGHT_LICENSE_KEY=preflight_...
agent-gate run --format sarif --output gate-results.sarif

Get a license at the Preflight pricing page.

Roadmap

v0.2.0 (current): Parallel gate execution, unified pass/fail, JSON output, SARIF/JUnit structured reports, GitHub Actions integration

v0.3.0 (next): Custom gate plugins, per-gate timeouts, Slack/webhook notifications, dashboard report

v0.4.0: Historical trend tracking, cost forecasting, gate skip rules per branch

License

MIT

Part of the Preflight suite

agent-gate is one tool in a suite of AI agent pre-deploy checks. It orchestrates stepproof and agent-comply — use them directly during development, use agent-gate in CI as the final deploy gate.

| Tool | Purpose | Install | |------|---------|---------| | stepproof | Behavioral regression testing | npm install -g stepproof | | agent-comply | EU AI Act compliance scanning | npm install -g agent-comply | | agent-gate | Unified pre-deploy CI gate | npm install -g agent-gate | | agent-shift | Config versioning + environment promotion | npm install -g agent-shift | | agent-trace | Local observability — OTel traces in SQLite | npm install -g agent-trace |

Install the full suite:

npm install -g agent-gate stepproof agent-comply agent-shift agent-trace

Legal