v0.3.3-beta · MIT licensed · Go 1.24+
/qode

One workflow for AI-assisted coding across every stack.

qode is a CLI that standardises how developers use AI coding assistants — refining tickets, generating specs, running implementation prompts, and gating reviews — across Next.js+React, .NET+React, Angular+Java, and whatever's next.

$ Install qode View on GitHub →
Cursor Claude Code Codex MCP-native No API keys
~/projects/dashboard — zsh
$qode context init feat-user-dashboard --auto-switch ✓ context created · auto-switched   # in your IDE — Cursor / Claude Code: /qode-ticket-fetch https://linear.app/acme/UD-241 ✓ ticket fetched via MCP → context/ticket.md   /qode-plan-refine worker → analysis · judge → 25/25 · ready /qode-plan-spec spec → context/spec.md /qode-start implementation prompt loaded   $qode workflow status refine spec start check review pr $
// why qode

Built for engineers who refuse to copy-paste prompts.

qode replaces ad-hoc prompting with twelve standardised steps. Every project gets the same vocabulary, the same gates, and the same hardened review pass — no matter the stack.

/

Slash-command native

Cursor and Claude Code call workflows as /qode-*. Codex picks them up as $qode-* skills. One CLI generates assets for all three.

Two-pass scoring

Worker AI produces the analysis. A separate Judge AI scores against a 25-point rubric. No self-scoring, no flattery — just a gate before code gets generated.

Hardened reviews

Review prompts demand ≥3 documented findings per file. Score caps for criticals. ≥8.0 must cite verified properties. 10.0 in security review is invalid by design.

MCP-native ticketing

No API keys in qode. Jira, Linear, GitHub, Azure DevOps, Notion — fetched through your IDE's MCP server. Linked Figma, Docs, Confluence too.

Named work contexts

Every feature gets a context directory with ticket, notes, refined-analysis, spec, and lessons. Switch between three concurrent features without losing state.

Single binary

Static Go binary. Brew, curl, or PowerShell. Cosign-signed checksums for supply-chain verification. No runtime, no daemon, no telemetry.

// the workflow

Twelve steps. One ticket to one merged PR.

Numbered commands ensure nothing is skipped. Run qode workflow status at any point to see exactly where you are.

01
qode context init
Create a named work context.
02
/qode-ticket-fetch
Fetch ticket via MCP into context.
+
/qode-note-add
Optional. Append free-form notes — scope, constraints, course corrections.
03
/qode-plan-refine
Refine requirements: worker pass + judge scoring.
04
/qode-plan-spec
Generate the tech spec. Gated on 25/25.
05
/qode-start
Run the implementation prompt.
06
test locally
Verify the change behaves as expected.
07
/qode-check
Quality gates — tests + lint.
08
/qode-review-code
Code review with post-mortem mindset.
09
/qode-review-security
Security review — adversary simulation required.
10
/qode-pr-create
Create the pull request via MCP.
11
/qode-pr-resolve
Resolve PR review comments via MCP.
+
/qode-knowledge-add-context
Optional. Capture lessons for the knowledge base.
12
qode context remove
Cleanup. Onto the next ticket.
Parallel-worktree safe
Run multiple workflows in parallel. Each git worktree gets its own .qode/contexts/current — qode resolves paths from the working directory, writes atomically inside the target folder, and holds no shared on-disk state. Spin up a worktree per ticket and run qode in each without conflict.
// install

One line. Any platform.

Static binary. Pick your shell.

$brew install nqode-io/tap/qode

Then run qode init in your project root. Cosign supply-chain verification →

// quality gates

Scoring and reviews that don't flatter you.

qode's prompts are designed to surface real problems. Self-scoring is eliminated. Findings drive the score, not the other way around.

Refinement rubric

Two-pass scoring

Worker AI produces the analysis. Judge AI scores it independently. Target 25/25 before plan-spec.
Problem Understanding5 pts
Technical Analysis5 pts
Risk & Edge Cases5 pts
Completeness5 pts
Actionability5 pts
Required to proceed25 / 25
Hardened reviews

Code & Security

Both reviews enforce structural constraints — not vibes.
Reviewer reads the diff as if writing a post-mortem.
Each file requires ≥3 documented items: defects, concerns, or properties verified safe.
Critical finding → total ≤ 5.0. High finding → total ≤ 7.5.
Scores ≥8.0 must cite specific properties verified — not the absence of bugs.
Security: Adversary Simulation required. Three named exploit attempts, technique, target, outcome.
Security: Score 10.0 is not valid — complete security is not provable.
Tunable per project
Every gate above is yours to shape. Adjust thresholds in qode.yaml (review.min_code_score, review.min_security_score, scoring.target_score) and rewrite rubric dimensions, weights, and criteria in .qode/scoring.yaml — survives qode init, version-controlled with the repo. Rubric reference →
// IDE support

Three IDEs. One vocabulary.

Cursor and Claude Code receive slash commands. Codex receives skills that surface the same workflow names. Toggle in qode.yaml; re-run qode init.

Cursor Claude Code Codex
Generated assets .cursor/commands/*.mdc .claude/commands/*.md .agents/skills/*/SKILL.md
Enable ide.cursor.enabled: true ide.claude_code.enabled: true ide.codex.enabled: true
Invoke /qode-* /qode-* $qode-*
// further reading

Docs and references.

Tutorial

End-to-end walkthrough — one ticket, one branch, two subtasks, every workflow step.

qode.yaml reference

Full configuration reference — IDE toggles, prompt overrides, context defaults.

Ticket fetch via MCP

Per-service setup: Jira, Linear, GitHub, Azure DevOps, Notion. Token scopes and limits.