Source code quality evaluation platform powered by AI

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for VictorPurMar from gravatar.com VictorPurMar

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

Quodeq

The quality code compass

Evaluate any repository across six quality dimensions — Security, Reliability, Maintainability, Performance, Flexibility, and Usability — using LLM-driven analysis mapped to ISO 25010 and CWE classifications.

Install

# Recommended
pipx install quodeq

# Or with Homebrew
brew install quodeq/tap/quodeq

# Or with pip
pip install quodeq

From source (development)

git clone https://github.com/quodeq/quodeq.git
cd quodeq
uv sync

Prerequisites

  • Python 3.12+
  • An AI CLI client (e.g. Claude Code)
  • Node.js 18+ (only when installing from source — pre-built UI is bundled in pip/brew installs)

Usage

Launch the dashboard

quodeq dashboard

Opens a web UI at http://localhost:4173 where you can browse evaluations and launch new ones.

Run an evaluation

# Local repository (auto-detects language)
quodeq evaluate /path/to/your/project

# Remote repository
quodeq evaluate git@github.com:org/repo.git

# Specific dimensions only
quodeq evaluate /path/to/project -d security,reliability

# Specific language plugin
quodeq evaluate /path/to/project -p typescript

Configure AI client

quodeq configure

CLI Reference

quodeq evaluate

Flag Default Description
repo (required) Path or URL to the repository
-p, --plugin auto-detect Plugin ID (typescript, python, kotlin, java, bash, mobile_ios)
-o, --output ~/.quodeq/evaluations Reports output directory
-m, --mode numerical Scoring mode: numerical or grades
-d, --dimensions all Comma-separated dimensions to evaluate
--evidence-only off Produce evidence JSON only (skip scoring)
--max-turns 200 Max AI conversation turns per dimension
--max-duration 1800 Max seconds per dimension
--no-prescan off Skip source-file counting

quodeq dashboard

Flag Default Description
--port 4173 Dashboard server port
--evaluations ~/.quodeq/evaluations Evaluations directory
--open true Open browser automatically
--no-build off Skip web UI build
--api-host auto Override Action API host
--api-port auto Override Action API port

Supported Languages

Plugin Languages
typescript TypeScript, JavaScript
python Python
kotlin Kotlin
java Java
bash Bash, Shell
mobile_ios Swift (iOS)

Environment Variables

All environment variables are optional. They override built-in defaults and, where noted, the corresponding CLI flags take precedence over env vars.

API & Dashboard

Variable Default Description
QUODEQ_API_KEY (none) API key for authenticating dashboard API requests. When unset, endpoints are unauthenticated
QUODEQ_ACTION_API_PORT 8001 Port for the Action API server
QUODEQ_ACTION_API_HOST 127.0.0.1 Host/IP the Action API binds to
QUODEQ_DASHBOARD_PORT 4173 Port for the dashboard preview server
QUODEQ_STATIC_DIST (bundled) Path to pre-built web UI assets (overrides the bundled static/ directory)
QUODEQ_EVALUATIONS_DIR ~/.quodeq/evaluations Directory where evaluation results are stored
QUODEQ_RUN_DIR ~/.quodeq/run Directory for runtime files (PID file, etc.)
QUODEQ_ALLOW_PLAINTEXT_HTTP (off) Set to 1 to allow plaintext HTTP to non-localhost API hosts
QUODEQ_MAX_PROJECTS_LISTED 200 Maximum number of projects returned by the browse endpoint
QUODEQ_MAX_ZIP_SIZE_MB 100 Maximum zip export size in megabytes

AI Analysis

Variable Default Description
QUODEQ_AI_CLIENTS (auto-detect) Comma-separated list of allowed AI CLI client IDs (e.g. claude,codex)
QUODEQ_AI_TOOLS Glob,Grep,Read Comma-separated list of tools enabled for the AI subprocess
QUODEQ_AI_BASE_ARGS --print --output-format stream-json --verbose Base CLI arguments passed to the AI subprocess
QUODEQ_AI_CLI_TIMEOUT 300 Timeout in seconds for AI CLI subprocess calls
QUODEQ_SUBAGENT_MODEL (client default) Model override for subagent analysis (omits --model when unset)
QUODEQ_MAX_TURNS 200 Maximum AI conversation turns per dimension (CLI flag --max-turns takes precedence)
QUODEQ_MAX_DURATION 1800 Maximum seconds per dimension (CLI flag --max-duration takes precedence)

Scoring & Evaluation

Variable Default Description
QUODEQ_CRITICAL_PENALTY 2.0 Points deducted per critical violation type
QUODEQ_MAJOR_PENALTY 1.0 Points deducted per major violation type
QUODEQ_MINOR_PENALTY 0.25 Points deducted per minor violation type
QUODEQ_DEFAULT_DIM_WEIGHT 1.0 Default weight for quality dimensions during plugin scaffolding
QUODEQ_SECURITY_DIM_WEIGHT 1.2 Weight for the Security dimension
QUODEQ_PERFORMANCE_DIM_WEIGHT 0.8 Weight for the Performance dimension
QUODEQ_MAX_VIOLATION_FILES 20 Maximum number of violation files included in results
QUODEQ_CWE_URL_TEMPLATE https://cwe.mitre.org/data/definitions/{cwe_id}.html URL template for CWE references ({cwe_id} is replaced)

Caching

Variable Default Description
QUODEQ_RUN_DIM_CACHE_MAX 256 Maximum entries in the run-dimension cache
QUODEQ_ACC_CACHE_MAX 256 Maximum entries in the accumulated-view cache

Knowledge Refresh & HTTP

Variable Default Description
QUODEQ_FETCH_TIMEOUT 15 Timeout in seconds for knowledge-refresh HTTP fetches
QUODEQ_CONTENT_SAMPLE_LIMIT 4000 Character limit for content samples during knowledge refresh
QUODEQ_MAX_FETCH_WORKERS 8 Maximum concurrent worker threads for knowledge refresh
QUODEQ_HTTP_TIMEOUT 10 Default HTTP client timeout in seconds
QUODEQ_HTTP_MAX_RETRIES 3 Maximum HTTP retry attempts
QUODEQ_HTTP_RETRY_DELAY 0.5 Base delay in seconds between HTTP retries (exponential backoff)
QUODEQ_HTTP_RETRY_JITTER 0.3 Random jitter in seconds added to retry delays
QUODEQ_CB_THRESHOLD 5 Circuit breaker failure threshold (opens after N consecutive failures)
QUODEQ_CB_RESET 60 Circuit breaker reset time in seconds
QUODEQ_ALLOW_PRIVATE_URLS (off) Set to 1 to allow HTTP requests to private/internal addresses
QUODEQ_GIT_CLONE_TIMEOUT 300 Timeout in seconds for git clone operations

OWASP ASVS

Variable Default Description
QUODEQ_ASVS_URL (GitHub raw URL) URL to the OWASP ASVS JSON file
QUODEQ_ASVS_VERSION 4.0.3 ASVS version string used for fetching standards
QUODEQ_ASVS_SHA256 (none) Expected SHA-256 hash for ASVS integrity verification
QUODEQ_GITHUB_SEARCH_URL https://api.github.com/search/repositories GitHub API search endpoint
QUODEQ_GITHUB_RAW_BASE_URL https://raw.githubusercontent.com GitHub raw content base URL

How it works

  1. Plugin detection — identifies the language and loads the matching evaluator
  2. Prompt building — assembles standards, knowledge bases, and dimension-specific prompts
  3. AI analysis — spawns the AI CLI with read-only tools for code exploration
  4. Evidence collection — findings stream as JSONL via MCP tool calls
  5. Scoring — maps findings to ISO 25010 principles with CWE classifications
  6. Reporting — produces per-dimension reports with grades, violations, and compliance

Evaluations are stored in ~/.quodeq/evaluations/ and persist across sessions.

Development

# Run tests
uv run pytest

# Start Action API (for UI dev)
uv run python -m quodeq.action_api

# Start dashboard in dev mode
cd ui/web && npm install && npm run dev

License

See LICENSE.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for VictorPurMar from gravatar.com VictorPurMar

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

1.0.10

1.0.9

1.0.8

1.0.7

1.0.6

1.0.5

1.0.3

1.0.2

1.0.1

1.0.0

0.10.0

0.9.0

0.8.1

0.8.0

0.7.0

0.6.2

0.6.1

0.6.0

This version

0.5.0

0.4.1

0.4.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

quodeq-0.5.0.tar.gz (445.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

quodeq-0.5.0-py3-none-any.whl (549.9 kB view details)

Uploaded Python 3

File details

Details for the file quodeq-0.5.0.tar.gz.

File metadata

  • Download URL: quodeq-0.5.0.tar.gz
  • Upload date:
  • Size: 445.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.10 {"installer":{"name":"uv","version":"0.10.10","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for quodeq-0.5.0.tar.gz
Algorithm Hash digest
SHA256 6e8a00c775b6d76a52197afdc3917c90230a4f2c6a5ab8f254fad17fdc363049
MD5 6ec9e2043842d230a1dbe87e2693b94b
BLAKE2b-256 2e6f2991e8d5bbc640996c378fb588b3b6ec704ba54c4d2e9f86c5942c23812b

See more details on using hashes here.

File details

Details for the file quodeq-0.5.0-py3-none-any.whl.

File metadata

  • Download URL: quodeq-0.5.0-py3-none-any.whl
  • Upload date:
  • Size: 549.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.10 {"installer":{"name":"uv","version":"0.10.10","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for quodeq-0.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ba166f7a120870cf67d84ebac8b8d970d99d0bf4ea4bfcee647acd0222c43dc2
MD5 8e283ec54ed2bd9a981ab9d146cfa57e
BLAKE2b-256 70abcd066d50f5d3c9d6919525a51d3f98e76ab526232ed5766c0faec93a3db1

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page