LastGate
AI agent commit guardian — automated pre-flight checks for AI-generated code with secret scanning, lint verification, build checks, agent behavior analysis, and a real-time dashboard.
Overview
LastGate is a safety layer for AI coding agents. It installs as a GitHub App and runs a pipeline of eight automated checks against every push and pull request — catching hardcoded secrets, broken builds, type errors, and common agent anti-patterns before they reach your main branch. A companion CLI lets developers run the same checks locally, and a Next.js dashboard provides real-time visibility into check history, repo health, and agent behavior trends.
Key Features
- Secret scanning with 20+ regex patterns and Shannon entropy detection
- Duplicate code detection using token-based sliding window analysis
- Lint and type-check verification with auto-detected toolchain (ESLint, Biome, Ruff)
- Build verification with configurable commands and timeout support
- Dependency auditing for known CVEs and license compliance
- File pattern guards to block .env files, credentials, and protected paths
- Conventional commit message validation
- Agent behavior analysis: thrashing detection, scope creep, config churn, test skipping
- Structured agent feedback via PR comments for automated remediation loops
- Full-featured CLI with check, init, login, and history commands
- Real-time dashboard with repo health grid, check timeline, and activity feed
Architecture
Built as a Bun monorepo with Turborepo orchestration. The engine package contains all check logic and is shared between the CLI and web app. The Next.js 14 web app handles GitHub webhooks, OAuth, and the dashboard UI with Supabase for persistence and auth. The CLI uses Commander.js and runs checks locally via the same engine, with results formatted for terminal output using Chalk.