Gate Rules
Gate rules define conditions that must pass before a stage proceeds. They're evaluated by the gate engine after a stage completes and produce a verdict that routes the pipeline.
Rule structure
Each rule has five fields:
| Field | Type | Purpose |
|---|---|---|
field | string | What to check (see fields table below) |
operator | string | How to compare (see operators table below) |
value | any | The threshold to compare against |
severity | string | How bad a failure is (warn, required, block) |
onFail | string | What to do when the rule fails |
label | string | Human-readable description shown in the UI |
Available fields
Gate rules evaluate against a context object. The available fields differ depending on whether the stage is part of a UI-configured pipeline or a YAML playbook.
UI pipeline stages
| Field | Type | Description |
|---|---|---|
exit_code | integer | Process exit code (0 = success) |
cost_usd | number | Total cost in USD (currently reported as 0 — result doc parsing not yet wired in UI path) |
tokens_in | integer | Input token count (currently 0 — same limitation) |
tokens_out | integer | Output token count (currently 0 — same limitation) |
provider | string | Provider name reported by the driver |
model | string | Model identifier reported by the driver |
driver | string | Driver name |
YAML playbook stages
Playbook stages evaluate rules against the result document directly using dot-path notation:
| Field | Type | Description |
|---|---|---|
verdict | string | Result document verdict: pass, fail, blocked |
timing.duration_sec | number | Stage duration in seconds |
run.attempt | integer | Attempt number (1 = first try, 2 = first retry, etc.) |
meta.input_tokens | integer | Input token count |
meta.output_tokens | integer | Output token count |
meta.cost_usd | number | Cost in USD |
Operators
| Operator | Meaning |
|---|---|
equals | Exact match |
not_equals | Not equal |
less_than | Strictly less than |
greater_than | Strictly greater than |
contains | String or array contains value |
matches | Regex match |
in | Value is in a list |
exists | Field is present and non-null |
Severity levels
| Severity | Meaning |
|---|---|
warn | Rule failure is logged and shown in the UI but does not affect routing |
required | Rule failure triggers onFail action |
block | Same as required but displayed prominently as a blocker |
onFail actions
| Action | Effect |
|---|---|
proceed | Ignore the failure; continue |
hold | Pause the run for manual decision |
rework | Route to onFail stage |
abort | Stop the pipeline; mark the run failed |
notify | Log the failure (no routing change) |
escalate | Escalate for attention (no routing change) |
Verdict resolution
When multiple rules fail, the gate engine takes the worst onFail action across all failed rules (severity order: abort > rework > hold > proceed). That worst action becomes the gate verdict.
Example
Hold if the implementation stage takes longer than 2 hours, and warn if it uses more than 100k input tokens:
rules:
- field: timing.duration_sec
operator: less_than
value: 7200
severity: block
onFail: hold
label: "2 hour cap"
- field: tokens.input
operator: less_than
value: 100000
severity: warn
onFail: proceed
label: "Token budget warning"