Complete reference for the .ai-code-gate.yml configuration file.
Controls how AI-generated pull requests are identified.
| Field | Type | Default | Description |
|---|---|---|---|
labels |
string[] |
["ai-generated", "copilot", "claude"] |
PR labels that indicate AI-generated code |
co_authors |
string[] |
["*[bot]@*"] |
Glob patterns for Co-Authored-By email addresses |
Defines what files AI agents are allowed to modify and scope constraints.
| Field | Type | Default | Description |
|---|---|---|---|
allowed_patterns |
string[] |
["**"] |
Glob patterns for files AI agents may modify |
blocked_patterns |
string[] |
[] |
Glob patterns for files AI agents must not modify |
scope_limits.max_files |
integer |
20 |
Maximum files changed per PR |
scope_limits.max_lines_added |
integer |
500 |
Maximum lines added per PR |
Patterns use minimatch glob syntax:
src/**/*.ts— any TypeScript file undersrc/*.env*— any file containing.envin the name**/auth/**— any file in anauth/directory at any depth
A file must match at least one allowed_patterns entry and must not match any blocked_patterns entry.
Configures risk-tiered review requirements.
Each tier (low, medium, high) accepts:
| Field | Type | Default | Description |
|---|---|---|---|
threshold |
integer |
varies | Maximum risk score for this tier (0-100) |
approvals |
integer |
0 |
Required number of PR approvals |
auto_merge |
boolean |
false |
Whether PRs can be auto-merged |
require_security_team |
boolean |
false |
Whether security team review is required |
Default tier boundaries: LOW (0-30), MEDIUM (31-70), HIGH (71-100).
Controls structured audit event logging.
| Field | Type | Default | Description |
|---|---|---|---|
enabled |
boolean |
true |
Enable audit event logging |
output_format |
"json" | "text" |
"json" |
Audit event output format |
retention_days |
integer |
90 |
Artifact retention period in days |