Add an AI Quality Gate to Your CI Pipeline in 15 Minutes

Author:

The LayerLens Team

Last updated:

Published:

LayerLens is a continuous evaluation infrastructure company building Stratix, the platform that helps engineering teams measure and improve AI output quality. This article walks through adding an automated AI quality gate to your CI/CD pipeline using the open-source Stratix Python SDK.

TL;DR

  • Your CI pipeline catches type errors and linting violations but does not catch AI regressions: hallucinations, PII leaks, safety violations, quality drift.

  • The Stratix Python SDK ships a drop-in quality gate: one Python file (239 lines) and a 20-line GitHub Actions YAML.

  • The gate fetches your recent traces, runs every configured judge, computes a pass rate, and exits with code 1 (blocking the PR) if the rate drops below your threshold.

  • Setup takes under 5 minutes: install the SDK, add one GitHub Actions secret, copy one YAML file.

  • The default threshold is 85%. Adjust it as your judges mature and your pass rates stabilize.

  • All source code is open source at github.com/LayerLens/stratix-python.

Introduction

Your CI pipeline catches type errors. It catches linting violations. It catches failing unit tests.

It does not catch AI regressions.

Infosecurity Magazine reported 35 new CVEs in March 2026 traced directly to AI-generated code. That was up from 6 in January and 15 in February. The acceleration tracks adoption: more teams shipping AI-generated code through the same CI pipelines that were built for deterministic software.

The gap is obvious. Unit tests verify that a function returns the expected output for a given input. They do not verify that an LLM produces safe, accurate, compliant output across the range of inputs it will see in production. A prompt change that passes every unit test can still introduce a hallucination, a PII leak, or a safety violation.

The Stratix Python SDK ships a drop-in quality gate designed for this. The entire thing is one Python file (quality_gate.py, 239 lines) and a 20-line GitHub Actions YAML.

How It Works

Step 1: Initialize the Stratix client. The client reads LAYERLENS_STRATIX_API_KEY from the environment automatically. No config files, no setup beyond the one secret.

Step 2: Fetch recent traces. The gate pulls your most recent traces. These are the actual inputs and outputs your AI system produced.

Step 3: Fetch all configured judges. Returns every judge you have set up in Stratix. A judge is an evaluation criterion defined in plain language.

Step 4: Create evaluations. The gate creates a trace evaluation for each (trace, judge) pair. If you have 50 traces and 4 judges, that is 200 evaluations.

Step 5: Poll for results. Each evaluation returns a score and a pass/fail verdict. The gate collects all results and computes an overall pass rate.

Step 6: Print a report. The gate outputs a formatted summary: how many traces were evaluated, how many judges were used, the pass rate, and a per-evaluation breakdown.

Step 7: Exit code. If the pass rate is at or above the threshold, exit 0. If below, exit 1. The PR gets blocked. No human in the loop needed.

[INSERT IMAGE: Stratix dashboard showing trace evaluation results with scores and pass/fail verdicts]

The GitHub Actions Workflow

The YAML is 20 lines. Copy it to .github/workflows/ai-quality-gate.yml. The workflow triggers on pull requests to main, scoped to src/**, prompts/**, and agents/** paths.

[INSERT IMAGE: GitHub PR check showing the AI Quality Gate pass/fail status]

Setup (3 Steps, Under 5 Minutes)

1. Install the SDK. Run pip install layerlens in your terminal.

2. Store your API key as a GitHub Actions secret. Go to your repo settings, then Secrets and variables, then Actions. Add LAYERLENS_STRATIX_API_KEY with your Stratix API key.

3. Copy the YAML. Save the workflow to .github/workflows/ai-quality-gate.yml and push.

Configuring the Threshold

The default threshold is 0.85 (85% pass rate). For teams just starting with AI evaluation, 0.80 is a reasonable initial threshold. Tighten it as your judges mature.

What This Replaces

Before the quality gate, the typical AI safety net looks like this: a Slack thread where someone asks "did we check the prompts?" A post-deploy monitoring dashboard that catches problems after users see them.

That assumption is exactly what compound failure exploits. A 10-step AI agent where each step has 95% reliability has a 60% chance of getting the full sequence right. Unit tests check individual steps. The quality gate checks the entire trace.

DigitalOcean's 2026 survey found 41% of tech leaders cite reliability as the number one barrier to scaling AI agents.

Beyond the Default

The sample ships with sensible defaults, but the real power is in what you evaluate. The gate runs every judge you have configured: PII detection, safety compliance, factual accuracy, tone and brand voice, regulatory compliance.

Each judge is defined in plain language via create_judge(). The PII Leakage Detector sample shows how to build one in about 30 lines.

Key Takeaways

  • AI regressions are invisible to traditional CI. Unit tests check deterministic functions; they do not check LLM output quality, safety, or compliance.

  • The Stratix quality gate is one Python file and one YAML. No new infrastructure, no separate evaluation service.

  • Judges are defined in plain language. A PII detection judge, a factual accuracy judge, and a safety judge can all run against the same traces in the same CI run.

  • The gate runs on every PR. If AI output quality drops below threshold, the PR is blocked before it reaches production.

  • Start with 80% threshold, tighten as judges mature.

Frequently Asked Questions

How long does the quality gate add to CI runtime?

Typically 2 to 8 minutes depending on the number of traces and judges.

Can I use this with GitLab CI, Jenkins, or CircleCI?

Yes. The quality gate is a Python script that exits with code 0 (pass) or 1 (fail). Any CI system that respects exit codes can run it.

How do I create judges for my specific use case?

Judges are created with create_judge() and a plain-language evaluation_goal string.

What happens if the gate fails?

Exit code 1 blocks the PR merge, the same way a failing unit test would. The report shows which evaluations failed and why.

Can I run different judges for different parts of the codebase?

Yes. Create multiple workflow files with different path triggers and different judge configurations.

Methodology

This tutorial is based on the quality_gate.py and github_actions_gate.yml files in the Stratix Python SDK open-source repository. The SDK is available via pip install layerlens and the full source is at github.com/LayerLens/stratix-python.

Explore continuous AI evaluation for your team on Stratix.