11 gates between
AI and your production.
Auto-generated fixes on a misdiagnosed alert? That's what these gates prevent. 9 gates run on every fix out of the box. 2 more activate when you connect Substrate and Cortex infrastructure.
Gate 01
CONFIDENCE GATE
If the AI isn't sure, it stops.
Every diagnosis comes with a confidence score derived from the actual logs, stack traces, and build output. The threshold adapts to trust level: Apprentice requires 90%, Trusted 80%, Expert 70%. Below threshold, the fix becomes a draft PR for human review. Rookies never auto-merge.
70–90%
threshold by trust level
CONFIDENCE GATE
Gate 02
SECURITY SCAN
36 checks before the fix leaves your server.
Every AI-generated fix is scanned by 3 layers: 17 ESLint rules (3 built-in + 14 from eslint-plugin-security), 19 Semgrep-inspired pattern detectors (SSRF, SQL injection, XSS, prototype pollution, hardcoded secrets, open redirect), and an AI security review. Any HIGH finding blocks auto-merge.
36
security checks
SECURITY SCAN
Gate 03
SELF-REVIEW
The AI reviews its own fix — and can reject it.
A second AI pass acts as a code reviewer. It checks for regressions, type errors, missing imports, and unnecessary changes. Score below 70 or explicit 'reject' recommendation? The fix is blocked before it ever touches a branch.
< 70
score or 'reject' = blocked
SELF-REVIEW
Gate 04
FILE BLOCKLIST
Some files are untouchable. Period.
.env, lock files, CI configs, migrations, Dockerfiles, Terraform, secrets, certificates — 14 hardcoded patterns. No override, no flag to bypass. The AI physically cannot generate changes to these paths.
14
blocked patterns
FILE BLOCKLIST
Gate 05
CI MUST PASS
Your existing tests are the final judge.
The fix runs through your full CI pipeline. If it fails, the AI analyzes the CI error and tries a completely different approach — up to 3 times. Three failures? Escalates to your on-call. No PR is created.
3×
retry with different approach
CI MUST PASS
Gate 06
PREDICTION ENGINE
Pre-deployment error detection.
Before merge, the prediction engine runs 3 layers: pattern matching against historical alerts, AI prediction on the diff, and shadow replay of production I/O recordings against the fix code. Risk score above 40? Blocked.
3
prediction layers
PREDICTION ENGINE
Gate 07
SUBSTRATE REPLAY
Replay production I/O against the fix.
If Substrate recordings exist, InariWatch replays real HTTP calls, DB queries, and file operations from before the crash against the fixed code. Two modes: fast AI analysis or real GitHub Action replay. Activates automatically when Substrate recordings are available for the project.
≤ 40
risk score to pass
SUBSTRATE REPLAY
Gate 08
EAP VERIFICATION
Cryptographic proof the fix was verified.
The Execution Attestation Protocol creates a Merkle tree of every step in the remediation pipeline, signed with Ed25519. Each fix gets a cryptographic receipt chain proving it passed every gate. Activates when a Cortex server is connected — the infrastructure is built and ready, deployed on demand.
✓
chain verified
EAP VERIFICATION
Gate 09
TRUST LEVELS
Zero autonomy by default. Earned, not given.
Every project starts at Rookie — draft PRs only, human must approve every merge. The system earns trust through successful fixes with passing CI and no regressions. Computed from actual remediation history, not configured.
ROOKIE
Draft PR only
Human approves every merge
Starting state
APPRENTICE
Auto-merge enabled
Confidence ≥ 90% · Review ≥ 70 · ≤ 50 lines
≥ 3 fixes, ≥ 50% success, ≥ 7 days old
TRUSTED
Expanded autonomy
Confidence ≥ 80% · Review ≥ 70 · ≤ 100 lines
≥ 5 fixes, ≥ 70% success, ≥ 14 days old
EXPERT
Full auto-merge
Confidence ≥ 70% · Review ≥ 70 · ≤ 200 lines
≥ 10 fixes, ≥ 85% success, ≥ 30 days old
Gate 10
POST-MERGE MONITOR
Merged doesn't mean done.
After merge, InariWatch monitors for 10 minutes. New errors detected? Automatic revert. The branch is rolled back, the incident is re-opened, and your on-call is notified. No human intervention needed.
10 min
active monitoring
POST-MERGE MONITOR
Gate 11
ESCALATION ENGINE
When AI can't fix it, humans are notified instantly.
Low confidence, fix failed, max retries exhausted, self-review rejected, or regression detected — any of these triggers smart escalation to your on-call team via Slack, Telegram, email, or push notification.
5
escalation triggers
ESCALATION ENGINE
STRESS TESTED
14 scenarios. 14 passed.
Every layer of the infrastructure is validated with a k6 suite (10 load + 4 chaos) against the production stack. Webhook storms, DB saturation, concurrent SSE, brute force protection, full incident lifecycle, and fault-injection chaos — all passing.
THE ANSWER
“How much human review
is expected?”
By default: 100%.
Every project starts at Trust Level 0 (Rookie). The AI creates draft PRs only. A human reviews and merges every single fix.
Autonomy is earned, not configured.
The system builds a track record from actual remediation history. Fixes that pass CI, survive post-merge monitoring, and cause zero regressions count toward the next trust level. Regressions reset progress.
Even at maximum trust, all 11 gates must pass.
If a single gate fails — low confidence, failed security scan, CI error, prediction risk too high, or too many lines changed — it falls back to a draft PR. Human decides.
Worst case: auto-revert in 10 minutes.
If a fix somehow passes all gates and causes a new error in production, the post-merge monitor auto-reverts the change and escalates to your on-call team.
PERSPECTIVE
Dev hotfix at 3 AM
- No second reviewer
- “Skip CI, it’s urgent”
- No security scan
- No post-merge monitoring
- Revert is manual if it breaks
- Cognitive load at lowest point
InariWatch auto-fix
- 36-check security scan on every fix
- AI self-review (score + recommendation)
- Full CI must pass (3 retries)
- Pre-deploy prediction engine
- 10-min post-merge monitor + auto-revert
- Consistent process, always — earned trust levels