From 32c495b629733fb250046205b5754cf039d642dc Mon Sep 17 00:00:00 2001 From: dbrosio3 Date: Thu, 21 May 2026 20:28:37 -0300 Subject: [PATCH 1/6] feat: update README to reflect v2 product contract and configuration changes --- README.md | 312 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 182 insertions(+), 130 deletions(-) diff --git a/README.md b/README.md index 54ed8bd..56215c7 100644 --- a/README.md +++ b/README.md @@ -1,174 +1,226 @@ -# ai-git-hooks / push-review +# ai-pushgate -A language-agnostic `pre-push` hook that runs your linters and tests against changed files, then asks Claude to review the diff before every push. +`ai-pushgate` is the v2 direction for a local pre-push gate plus CI/PR +enforcement workflow. -## How it works +The product contract in this README defines what v2 will guarantee before the +runtime rewrite starts. The current repository still contains the inherited v1 +`push-review` shell hook and templates; those runtime pieces will be migrated in +later roadmap issues. -``` -git push - │ - ▼ -┌─────────────────────────────────────┐ -│ Changed files vs target branch │ -│ (ignore_paths filtering applied) │ -└──────────────┬──────────────────────┘ - │ - ▼ -┌─────────────────────────────────────┐ -│ Run configured tools │ -│ (linters, type checkers, tests) │ -│ ✗ any failure → push blocked │ -└──────────────┬──────────────────────┘ - │ all pass - ▼ -┌─────────────────────────────────────┐ -│ AI review via Claude Code CLI │ -│ (diff sent, findings returned) │ -│ BLOCK → push blocked │ -│ PASS → push proceeds │ -└─────────────────────────────────────┘ -``` +## v2 Product Contract -## Install - -```bash -# Default (base template — no tools pre-configured, fully documented) -curl -fsSL https://raw.githubusercontent.com/rootstrap/ai-git-hooks/main/install.sh | bash +`ai-pushgate` separates fast local feedback from authoritative enforcement: -# Node.js -curl -fsSL https://raw.githubusercontent.com/rootstrap/ai-git-hooks/main/install.sh | bash -s -- --template node +| Surface | Purpose | Blocking authority | +|---|---|---| +| Local pre-push | Fast deterministic checks before code leaves a developer machine | Convenience only; always bypassable | +| Local AI | Optional review feedback near the developer workflow | Advisory by default | +| CI/PR | Repeatable checks, review summaries, and policy enforcement | Source of truth for teams | -# TypeScript -curl -fsSL https://raw.githubusercontent.com/rootstrap/ai-git-hooks/main/install.sh | bash -s -- --template typescript +Local hooks help developers catch issues early, but they are not a security or +compliance boundary. Anything that must be enforced for a team belongs in CI/PR +checks combined with repository branch protection. -# Next.js -curl -fsSL https://raw.githubusercontent.com/rootstrap/ai-git-hooks/main/install.sh | bash -s -- --template nextjs +## v2 Defaults -# Ruby -curl -fsSL https://raw.githubusercontent.com/rootstrap/ai-git-hooks/main/install.sh | bash -s -- --template ruby +- Config file: `.pushgate.yml`. +- v2 does not read `.push-review.yml`; v1 users must migrate. +- Deterministic local checks are the default local gate. +- Local AI defaults to `advisory` when configured and available. +- Local AI can block only through explicit advanced configuration. +- Provider failures do not block in advisory mode. +- AI payloads default to diff-only context. +- Full-file AI context is opt-in. +- Secret redaction is expected before any source content is sent to an AI + provider. -# Ruby on Rails -curl -fsSL https://raw.githubusercontent.com/rootstrap/ai-git-hooks/main/install.sh | bash -s -- --template rails -``` +## Proposed v2 Config Shape -The installer: +This is the public contract shape for the v2 schema. Exact validation and +runtime parsing are tracked separately in the roadmap. -1. Downloads and validates `hook/pre-push` → `.git/hooks/pre-push` -2. Backs up any existing `pre-push` hook before overwriting -3. Downloads the template config → `.push-review.yml` (only on first install — never overwrites) -4. Checks for Claude Code CLI and warns about missing runtimes +```yaml +version: 2 + +project: + base_ref: main + include_paths: + - "**/*" + exclude_paths: + - "*.lock" + - "dist/**" + - "coverage/**" + +local: + fail_fast: true + budget_seconds: 60 + +checks: + - name: eslint + command: ["npx", "eslint", "{changed_files}"] + mode: blocking + run: changed_files + extensions: [".js", ".jsx", ".ts", ".tsx"] + timeout_seconds: 30 + + - name: tests + command: ["npm", "test"] + mode: warning + run: always + timeout_seconds: 60 + +ai: + mode: advisory # off | advisory | blocking + provider: + name: claude + privacy: + send_diff: true + send_full_files: false + redact_secrets: true + +ci: + mirror_blocking_checks: true +``` -## Requirements +### Config Fields -**Claude Code CLI** (required for AI review): +`project.base_ref` defines the comparison base used to collect changed files. +`project.include_paths` and `project.exclude_paths` define the shared path +policy for deterministic checks and optional AI. -```bash -npm install -g @anthropic-ai/claude-code -claude /login -``` +`checks[]` defines deterministic commands. Commands are argv arrays, not shell +strings, so changed files can be passed safely as discrete arguments. A check can +run on changed files or the whole project, and can be `blocking` or `warning`. -**Runtime dependencies** depend on the tools you configure: +`ai.mode` controls local AI behavior: -| Runtime | Required by | -|---------|-------------| -| Node.js | `node`, `typescript`, `nextjs` templates | -| Ruby | `ruby`, `rails` templates | -| Python | Python tools (manual config) | -| Go | Go tools (manual config) | +| Mode | Behavior | +|---|---| +| `off` | Do not run local AI | +| `advisory` | Run local AI when available, print findings, never block | +| `blocking` | Allow local AI findings to block only when explicitly configured | -The installer checks which runtimes your config requires and warns about any that are missing. If Claude Code CLI is not installed, the hook still runs tool checks — it only skips the AI review step. +`ci` is reserved for generated or documented CI mirror behavior. CI/PR policy is +where teams should enforce required checks. -## Configuration +## Git Workflow Integration -After install, edit `.push-review.yml` in your project root: +The default developer workflow should remain regular Git: -```yaml -agent: - # Claude model used for AI review. Requires Claude Code CLI (claude /login). - model: claude-sonnet-4-20250514 - -review: - target_branch: main # diff base: git diff ...HEAD - context_lines: 10 # surrounding context lines included in the diff - max_lines_for_full_file: 300 # below this threshold, full file contents are sent - # instead of just the diff for richer context - - # Topics the AI reviewer focuses on - focus: - - security - - logic_errors - - test_coverage - - performance - - naming_and_readability - - # Findings in these categories block the push - blocking_categories: - - security - - logic_errors - - # Findings in these categories are printed as warnings but never block - warning_categories: - - test_coverage - - performance - - naming_and_readability - -# Tools to run before AI review — first failure blocks the push immediately -tools: - - name: eslint - command: npx eslint {changed_files} # {changed_files} is replaced at runtime - extensions: [".js", ".jsx", ".ts", ".tsx"] +```bash +git push +``` - - name: brakeman - command: bundle exec brakeman --no-pager --quiet - # no {changed_files} → runs on the whole project +In v2, the installed `.git/hooks/pre-push` hook should be a thin delegator that +invokes the versioned runner: -# Files and patterns excluded from tool checks and AI review -ignore_paths: - - "*.lock" - - "dist/**" - - "coverage/**" +```bash +pushgate pre-push ``` -## Available templates +The hook is responsible for passing along Git hook input and exiting with the +runner's exit code. The runner owns config loading, changed-file detection, +deterministic checks, optional local AI, and user-facing output. -| `--template` | Stack | Tools pre-configured | -|---|---|---| -| `base` | Any | None (fully-documented reference config) | -| `node` | Node.js | ESLint, Prettier, Jest | -| `typescript` | TypeScript | tsc, ESLint, Prettier, Jest | -| `nextjs` | Next.js | tsc, next lint, Prettier, Jest | -| `ruby` | Ruby | RuboCop, Reek, RSpec | -| `rails` | Ruby on Rails | RuboCop, Reek, Brakeman, RSpec | +The `pushgate push` wrapper is an ergonomic layer for flags Git cannot pass to +hooks, not a replacement for the normal Git workflow. It should translate +pushgate-specific flags into temporary Git config and then call `git push`. -## Skip checks +## Skip Controls -To bypass the hook for a single push: +Raw `git push` cannot pass arbitrary `--skip-*` flags to a pre-push hook; Git +rejects unknown `git push` flags before the hook runs. For a one-off skip in the +regular Git workflow, pass temporary pushgate config with Git: ```bash -git push --no-verify +git -c pushgate.skip-ai-check=true push +git -c pushgate.skip-all-checks=true push ``` -## Updating +`pushgate.skip-ai-check` skips only local AI while preserving deterministic +checks. `pushgate.skip-all-checks` skips all local pushgate behavior for that +push. -Re-run the installer to update the hook script. Your `.push-review.yml` is **never overwritten** — it stays exactly as you've configured it. +The `pushgate push` wrapper provides shorter equivalents: ```bash -curl -fsSL https://raw.githubusercontent.com/rootstrap/ai-git-hooks/main/install.sh | bash +pushgate push --skip-ai-check +pushgate push --skip-all-checks ``` -To also reset your config to a template, delete it first: +The wrapper should apply the matching temporary Git config before it calls +`git push`. + +Git also keeps its native escape hatch: ```bash -rm .push-review.yml -curl -fsSL https://raw.githubusercontent.com/rootstrap/ai-git-hooks/main/install.sh | bash -s -- --template +git push --no-verify ``` +`--no-verify` skips Git hooks entirely, including pushgate. + +## Privacy Contract + +The default AI payload is changed-file metadata and diff context only. Full-file +context must be enabled explicitly because it can increase latency, cost, and +privacy exposure. + +Before any AI call, pushgate should apply the configured path policy and secret +redaction. If redaction cannot run, local AI should fail closed for privacy by +skipping AI feedback instead of sending unredacted content. + +## v1 Migration + +v2 is a hard break from the inherited v1 `push-review` contract. + +| v1 | v2 | +|---|---| +| `.push-review.yml` | `.pushgate.yml` | +| `review.target_branch` | `project.base_ref` | +| `ignore_paths` | `project.exclude_paths` | +| shell-string tool commands | argv-array `checks[].command` | +| AI review can block local pushes by default | local AI defaults to advisory | +| Claude-specific local review path | provider abstraction tracked for v2 AI work | + +The migration layer should produce clear errors when only `.push-review.yml` is +present, point users to `.pushgate.yml`, and avoid silently interpreting a v1 +file as v2 config. + +## Roadmap Boundaries + +This README documents the v2 contract for +[issue #1](https://github.com/rootstrap/ai-pushgate/issues/1). Implementation is +split across later issues: + +- Schema validation and config loading: issue #2. +- Hook and runner test harness: issue #3. +- Thin Git hook plus `pushgate` runner: issue #4. +- Changed-file policy, deterministic commands, and built-in checks: issues #5-#7. +- CI mirror generation and parity reporting: issues #8-#9. +- AI providers, local AI guardrails, structured output, and PR surfaces: issues + #10-#14. + +## Current Runtime Status + +The checked-in runtime is still the v1 `push-review` shell implementation. It +uses `.push-review.yml`, includes Claude-specific behavior, and predates the v2 +contract above. That code remains in place until the roadmap issues replace it. + +When contributing to issue #1, avoid changing runtime files such as +`hook/pre-push`, `install.sh`, or `templates/*.yml`; this issue is intentionally +limited to the public contract. + ## Contributing -To add a new template: +All changes should go through a pull request. Release files are managed by +release-please and should not be edited manually. -1. Add `templates/.yml` following the structure of an existing template (e.g. `ruby.yml`) -2. Add a row to the **Available templates** table in this README -3. Open a pull request +For this documentation milestone, verify that runtime scripts still parse and +that template YAML remains valid: -Templates should include sensible `ignore_paths` defaults and pre-configured `tools` for the common tools in that stack. The `base.yml` template is the reference for all available config options. +```bash +bash -n hook/pre-push +bash -n install.sh +for f in templates/*.yml; do python3 -c "import yaml; yaml.safe_load(open('$f'))"; done +``` From e8990eb3d59a186db6e3bd6f1de069656d808bf7 Mon Sep 17 00:00:00 2001 From: dbrosio3 Date: Thu, 21 May 2026 20:33:37 -0300 Subject: [PATCH 2/6] restore flow diagram --- README.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/README.md b/README.md index 56215c7..1ea41ce 100644 --- a/README.md +++ b/README.md @@ -123,6 +123,44 @@ The hook is responsible for passing along Git hook input and exiting with the runner's exit code. The runner owns config loading, changed-file detection, deterministic checks, optional local AI, and user-facing output. +```text +git push + | + v ++-------------------------------------+ +| Installed pre-push hook | +| delegates to pushgate pre-push | ++------------------+------------------+ + | + v ++-------------------------------------+ +| Changed files vs project.base_ref | +| include/exclude path policy | ++------------------+------------------+ + | + v ++-------------------------------------+ +| Run deterministic checks | +| linters, type checkers, tests | +| blocking failures stop local push | ++------------------+------------------+ + | + | checks pass + v ++-------------------------------------+ +| Optional local AI review | +| diff-only context by default | +| advisory unless explicitly blocking| ++------------------+------------------+ + | + | push proceeds + v ++-------------------------------------+ +| CI/PR checks and policy | +| authoritative team enforcement | ++-------------------------------------+ +``` + The `pushgate push` wrapper is an ergonomic layer for flags Git cannot pass to hooks, not a replacement for the normal Git workflow. It should translate pushgate-specific flags into temporary Git config and then call `git push`. From 0f599c616561c6757650aba7b63bfb5ee0eb9de9 Mon Sep 17 00:00:00 2001 From: dbrosio3 Date: Thu, 21 May 2026 20:34:53 -0300 Subject: [PATCH 3/6] improve language --- README.md | 67 ++++++++----------------------------------------------- 1 file changed, 9 insertions(+), 58 deletions(-) diff --git a/README.md b/README.md index 1ea41ce..90a0af8 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,8 @@ # ai-pushgate -`ai-pushgate` is the v2 direction for a local pre-push gate plus CI/PR -enforcement workflow. +`ai-pushgate` is a local pre-push gate plus CI/PR enforcement workflow. -The product contract in this README defines what v2 will guarantee before the -runtime rewrite starts. The current repository still contains the inherited v1 -`push-review` shell hook and templates; those runtime pieces will be migrated in -later roadmap issues. - -## v2 Product Contract +## Product Contract `ai-pushgate` separates fast local feedback from authoritative enforcement: @@ -22,10 +16,9 @@ Local hooks help developers catch issues early, but they are not a security or compliance boundary. Anything that must be enforced for a team belongs in CI/PR checks combined with repository branch protection. -## v2 Defaults +## Defaults - Config file: `.pushgate.yml`. -- v2 does not read `.push-review.yml`; v1 users must migrate. - Deterministic local checks are the default local gate. - Local AI defaults to `advisory` when configured and available. - Local AI can block only through explicit advanced configuration. @@ -35,10 +28,9 @@ checks combined with repository branch protection. - Secret redaction is expected before any source content is sent to an AI provider. -## Proposed v2 Config Shape +## Configuration -This is the public contract shape for the v2 schema. Exact validation and -runtime parsing are tracked separately in the roadmap. +The config contract is: ```yaml version: 2 @@ -112,8 +104,8 @@ The default developer workflow should remain regular Git: git push ``` -In v2, the installed `.git/hooks/pre-push` hook should be a thin delegator that -invokes the versioned runner: +The installed `.git/hooks/pre-push` hook is a thin delegator that invokes the +versioned runner: ```bash pushgate pre-push @@ -208,54 +200,13 @@ Before any AI call, pushgate should apply the configured path policy and secret redaction. If redaction cannot run, local AI should fail closed for privacy by skipping AI feedback instead of sending unredacted content. -## v1 Migration - -v2 is a hard break from the inherited v1 `push-review` contract. - -| v1 | v2 | -|---|---| -| `.push-review.yml` | `.pushgate.yml` | -| `review.target_branch` | `project.base_ref` | -| `ignore_paths` | `project.exclude_paths` | -| shell-string tool commands | argv-array `checks[].command` | -| AI review can block local pushes by default | local AI defaults to advisory | -| Claude-specific local review path | provider abstraction tracked for v2 AI work | - -The migration layer should produce clear errors when only `.push-review.yml` is -present, point users to `.pushgate.yml`, and avoid silently interpreting a v1 -file as v2 config. - -## Roadmap Boundaries - -This README documents the v2 contract for -[issue #1](https://github.com/rootstrap/ai-pushgate/issues/1). Implementation is -split across later issues: - -- Schema validation and config loading: issue #2. -- Hook and runner test harness: issue #3. -- Thin Git hook plus `pushgate` runner: issue #4. -- Changed-file policy, deterministic commands, and built-in checks: issues #5-#7. -- CI mirror generation and parity reporting: issues #8-#9. -- AI providers, local AI guardrails, structured output, and PR surfaces: issues - #10-#14. - -## Current Runtime Status - -The checked-in runtime is still the v1 `push-review` shell implementation. It -uses `.push-review.yml`, includes Claude-specific behavior, and predates the v2 -contract above. That code remains in place until the roadmap issues replace it. - -When contributing to issue #1, avoid changing runtime files such as -`hook/pre-push`, `install.sh`, or `templates/*.yml`; this issue is intentionally -limited to the public contract. - ## Contributing All changes should go through a pull request. Release files are managed by release-please and should not be edited manually. -For this documentation milestone, verify that runtime scripts still parse and -that template YAML remains valid: +Before opening a pull request, verify that shell scripts still parse and that +template YAML remains valid: ```bash bash -n hook/pre-push From c4cd8105ee3ba5853460ab85f2f8bab6ccd586d8 Mon Sep 17 00:00:00 2001 From: dbrosio3 Date: Thu, 21 May 2026 20:36:21 -0300 Subject: [PATCH 4/6] move diagram --- README.md | 76 +++++++++++++++++++++++++++---------------------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index 90a0af8..bdd2d6a 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,44 @@ ## Product Contract +```text +git push + | + v ++-------------------------------------+ +| Installed pre-push hook | +| delegates to pushgate pre-push | ++------------------+------------------+ + | + v ++-------------------------------------+ +| Changed files vs project.base_ref | +| include/exclude path policy | ++------------------+------------------+ + | + v ++-------------------------------------+ +| Run deterministic checks | +| linters, type checkers, tests | +| blocking failures stop local push | ++------------------+------------------+ + | + | checks pass + v ++-------------------------------------+ +| Optional local AI review | +| diff-only context by default | +| advisory unless explicitly blocking| ++------------------+------------------+ + | + | push proceeds + v ++-------------------------------------+ +| CI/PR checks and policy | +| authoritative team enforcement | ++-------------------------------------+ +``` + `ai-pushgate` separates fast local feedback from authoritative enforcement: | Surface | Purpose | Blocking authority | @@ -115,44 +153,6 @@ The hook is responsible for passing along Git hook input and exiting with the runner's exit code. The runner owns config loading, changed-file detection, deterministic checks, optional local AI, and user-facing output. -```text -git push - | - v -+-------------------------------------+ -| Installed pre-push hook | -| delegates to pushgate pre-push | -+------------------+------------------+ - | - v -+-------------------------------------+ -| Changed files vs project.base_ref | -| include/exclude path policy | -+------------------+------------------+ - | - v -+-------------------------------------+ -| Run deterministic checks | -| linters, type checkers, tests | -| blocking failures stop local push | -+------------------+------------------+ - | - | checks pass - v -+-------------------------------------+ -| Optional local AI review | -| diff-only context by default | -| advisory unless explicitly blocking| -+------------------+------------------+ - | - | push proceeds - v -+-------------------------------------+ -| CI/PR checks and policy | -| authoritative team enforcement | -+-------------------------------------+ -``` - The `pushgate push` wrapper is an ergonomic layer for flags Git cannot pass to hooks, not a replacement for the normal Git workflow. It should translate pushgate-specific flags into temporary Git config and then call `git push`. From 8bece08031e80e9b1113a4f701be1d5029d0cc18 Mon Sep 17 00:00:00 2001 From: dbrosio3 Date: Fri, 22 May 2026 09:11:54 -0300 Subject: [PATCH 5/6] restore ai blocker --- README.md | 66 ++++++++++++++++++++++--------------------------------- 1 file changed, 26 insertions(+), 40 deletions(-) diff --git a/README.md b/README.md index bdd2d6a..646116a 100644 --- a/README.md +++ b/README.md @@ -6,40 +6,27 @@ ```text git push - | - v -+-------------------------------------+ -| Installed pre-push hook | -| delegates to pushgate pre-push | -+------------------+------------------+ - | - v -+-------------------------------------+ -| Changed files vs project.base_ref | -| include/exclude path policy | -+------------------+------------------+ - | - v -+-------------------------------------+ -| Run deterministic checks | -| linters, type checkers, tests | -| blocking failures stop local push | -+------------------+------------------+ - | - | checks pass - v -+-------------------------------------+ -| Optional local AI review | -| diff-only context by default | -| advisory unless explicitly blocking| -+------------------+------------------+ - | - | push proceeds - v -+-------------------------------------+ -| CI/PR checks and policy | -| authoritative team enforcement | -+-------------------------------------+ + │ + ▼ +┌─────────────────────────────────────┐ +│ Changed files vs project.base_ref │ +│ (include/exclude policy applied) │ +└──────────────┬──────────────────────┘ + │ + ▼ +┌─────────────────────────────────────┐ +│ Run deterministic checks │ +│ (linters, type checkers, tests) │ +│ ✗ blocking failure → push blocked │ +└──────────────┬──────────────────────┘ + │ checks pass + ▼ +┌─────────────────────────────────────┐ +│ AI review via configured provider │ +│ (diff sent, findings returned) │ +│ BLOCK → push blocked │ +│ PASS → push proceeds │ +└─────────────────────────────────────┘ ``` `ai-pushgate` separates fast local feedback from authoritative enforcement: @@ -47,7 +34,7 @@ git push | Surface | Purpose | Blocking authority | |---|---|---| | Local pre-push | Fast deterministic checks before code leaves a developer machine | Convenience only; always bypassable | -| Local AI | Optional review feedback near the developer workflow | Advisory by default | +| Local AI | Review changed files near the developer workflow | Blocks by default; always bypassable | | CI/PR | Repeatable checks, review summaries, and policy enforcement | Source of truth for teams | Local hooks help developers catch issues early, but they are not a security or @@ -58,9 +45,8 @@ checks combined with repository branch protection. - Config file: `.pushgate.yml`. - Deterministic local checks are the default local gate. -- Local AI defaults to `advisory` when configured and available. -- Local AI can block only through explicit advanced configuration. -- Provider failures do not block in advisory mode. +- Local AI defaults to `blocking` when configured and available. +- Blocking AI findings stop the local push until they are fixed or skipped. - AI payloads default to diff-only context. - Full-file AI context is opt-in. - Secret redaction is expected before any source content is sent to an AI @@ -101,7 +87,7 @@ checks: timeout_seconds: 60 ai: - mode: advisory # off | advisory | blocking + mode: blocking # off | advisory | blocking provider: name: claude privacy: @@ -129,7 +115,7 @@ run on changed files or the whole project, and can be `blocking` or `warning`. |---|---| | `off` | Do not run local AI | | `advisory` | Run local AI when available, print findings, never block | -| `blocking` | Allow local AI findings to block only when explicitly configured | +| `blocking` | Run local AI and block `BLOCK` findings until fixed or skipped | `ci` is reserved for generated or documented CI mirror behavior. CI/PR policy is where teams should enforce required checks. From d0f79e07d88a58538481531c1cf6790f4327ac88 Mon Sep 17 00:00:00 2001 From: dbrosio3 Date: Fri, 22 May 2026 09:36:37 -0300 Subject: [PATCH 6/6] add Install section --- README.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/README.md b/README.md index 646116a..9f8b3ce 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,37 @@ checks combined with repository branch protection. - Secret redaction is expected before any source content is sent to an AI provider. +## Install + +Run the installer from the Git repository where pushgate should guard pushes: + +```bash +# Default base template +curl -fsSL https://raw.githubusercontent.com/rootstrap/ai-pushgate/main/install.sh | bash + +# Stack-specific template +curl -fsSL https://raw.githubusercontent.com/rootstrap/ai-pushgate/main/install.sh \ + | bash -s -- --template +``` + +Available templates are `base`, `node`, `typescript`, `nextjs`, `ruby`, and +`rails`. + +The installer: + +1. Installs or verifies the `pushgate` runner. +2. Installs `.git/hooks/pre-push` as a thin delegator to `pushgate pre-push`. +3. Backs up an existing `pre-push` hook before replacing it. +4. Writes the selected template to `.pushgate.yml` when that config does not + already exist. +5. Checks configured tool and AI provider dependencies. + +If `pushgate` is already installed, the CLI can set up a repository directly: + +```bash +pushgate install --template +``` + ## Configuration The config contract is: