Quick Start

Quick Start

1. Install and Scan (One Command)

cd your-project
npx @penumbraforge/gate

Gate will:

• Install a pre-commit hook (blocks commits containing secrets)
• Scan your entire repository
• Report any findings with remediation guidance

2. Scan on Demand

gate scan --all          # Full repo scan
gate scan src/           # Scan specific directory
gate scan config.js      # Scan specific file
gate scan --staged       # Scan only staged files

3. Auto-Fix Findings

gate fix                 # Fix all findings (extract to .env)
gate fix --dry-run       # Preview what would change
gate fix --interactive   # Fix one at a time with keyboard controls

Gate extracts secrets to a .env file and rewrites your source to use environment variable references. Supports JS/TS, Python, Go, Ruby, Java, YAML, Terraform, Dockerfile, and JSON.

4. Verify Secrets Are Live

gate scan --verify       # Check if detected secrets are active

Gate makes safe API calls to verify if credentials are live (AWS STS, GitHub API, Stripe, etc.). Inactive keys are flagged so you can prioritize.

5. Generate Reports

gate report              # Markdown compliance report
gate report --format html    # HTML report
gate scan --format sarif     # SARIF for GitHub Code Scanning

What the Pre-Commit Hook Does

Every git commit triggers a scan of staged files. If secrets are found:

• The commit is blocked
• Findings are displayed with remediation guidance
• You can fix, ignore, or bypass (GATE_SKIP=1 git commit)

The hook also supports pre-push scanning for an additional safety layer.