From da6324fb8be876f8de3f2db0d352b9ec3886a611 Mon Sep 17 00:00:00 2001
From: Byron Williams <byronawilliams@gmail.com>
Date: Tue, 2 Jun 2026 21:51:03 -0700
Subject: [PATCH] feat(ci): add qlty gate and weekly health scan

Adds qlty-gate job (PR diff gate, fail-level medium) and qlty-health
job (weekly full scan, informational).
Refs: ByronWilliamsCPA/.github#188

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/qlty.yml | 39 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 .github/workflows/qlty.yml

diff --git a/.github/workflows/qlty.yml b/.github/workflows/qlty.yml
new file mode 100644
index 0000000..b5e0bb9
--- /dev/null
+++ b/.github/workflows/qlty.yml
@@ -0,0 +1,39 @@
+name: Qlty
+
+on:
+  pull_request:
+    branches: [main]
+  schedule:
+    # Weekly full-codebase health scan: Monday 07:00 UTC
+    - cron: '0 7 * * 1'
+  workflow_dispatch:
+
+permissions: read-all
+
+concurrency:
+  group: qlty-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  # PR gate: diff mode, block merges that introduce medium+ severity issues.
+  # Check name: "qlty-gate / Qlty Gate" -- required by org docs-tier ruleset.
+  qlty-gate:
+    if: github.event_name == 'pull_request'
+    uses: ByronWilliamsCPA/.github/.github/workflows/python-qlty-gate.yml@040026ab682aa4b9ef491750d62cdd1592cdb659
+    permissions:
+      contents: read
+    with:
+      fail-level: medium
+      upstream: origin/${{ github.base_ref }}
+
+  # Weekly health scan: full codebase, informational only.
+  # Remove no-fail once existing qlty debt is resolved.
+  qlty-health:
+    if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
+    uses: ByronWilliamsCPA/.github/.github/workflows/python-qlty-gate.yml@040026ab682aa4b9ef491750d62cdd1592cdb659
+    permissions:
+      contents: read
+    with:
+      fail-level: high
+      check-all: true
+      no-fail: true