Will gates slow us down?

In week one, yes—expect a small bump in PR lead time (~5–10%). By week two, review time drops because nits vanish and tests stabilize. Teams we’ve worked with see net neutral or improved lead time within two sprints and fewer post-merge fixes.

What if our repo already has thousands of lint errors?

Don’t boil the ocean. Start with CI reporting, then flip to `--max-warnings=0` after you fix the top offenders. Or scope the linter to changed files (`lint-staged`) during rollout. Ratcheting keeps velocity while you pay the debt down.

Do we need SonarQube?

Not to start. Semgrep + coverage + strict lint/type checks catch the majority of issues with less noise. Add Sonar when you have a dedicated owner and the false negatives you’re seeing justify the spend and maintenance.

How do we handle AI-generated code safely?

Tighten the gates where AI contributes: forbid `@ts-ignore`, require higher patch coverage (90–95%) in those directories, and enable Semgrep rules targeting insecure patterns common in AI-generated code (e.g., unsafe HTTP clients, weak crypto).

What metrics prove ROI?

Track PR lead time, rework rate (PRs with follow-up fixes within 48 hours), escaped defects per release, build-green rate, and incident count linked to bad merges. If those don’t improve within two sprints, adjust the gates.

Platform-productivity · Dec 3, 2025 · 9 minute read

Quality Gates That Don’t Suck: Paved-Road Automation That Stops Technical Debt at the Pull Request

Stop arguing in PRs and start enforcing the basics automatically. The paved-road approach to linting, typing, tests, and security that prevents debt without grinding delivery to a halt.

Back to all posts

Quality Gates That Don’t Suck: Paved-Road Automation That Stops Technical Debt at the Pull Request

Key takeaways

Implementation checklist