Qualifier

Know your code. A deterministic system for recording quality attestations and blockers against software artifacts. Quality scores that propagate through your dependency graph — no server, no database, just files.

$ cargo install qualifier

The problem

Someone dropped 30,000 lines of slopcode in your lap and now you need to figure out if it does what it says on the tin. The test suite passes (mostly), the docs are "coming soon," and the last meaningful code review was three sprints ago. Where do you even start?

Qualifier gives you a structured, VCS-friendly way to record what you know about code quality — and a scoring model that propagates those signals through your dependency graph so you always know where the bodies are buried.

Three core concepts

Attestation

A single quality signal about an artifact. A blocker, a concern, a praise, a pass. Immutable once written, superseded by newer signals.

Score

Sum of attestations, clamped to [-100, 100]. Raw score is local. Effective score propagates through the dependency graph — your worst dependency is your ceiling.

Graph

A DAG of artifact dependencies. Quality flows downhill. A pristine binary that links a cursed library inherits the curse.

How scores propagate

lib/crypto raw -20 · eff -20 -50 blocker +30 pass lib/http raw +50 · eff +50 +30 praise · +20 pass lib/log +10 pass src/auth.rs raw +10 · eff -20 +20 pass -10 concern src/api.rs raw +30 · eff +10 +30 praise bin/server raw +50 · eff -20 +20 pass · +30 praise limited by lib/crypto via src/auth.rs

bin/server's own attestations give it a raw score of +50 — healthy. But it depends on src/auth.rs (eff: -20, limited by lib/crypto's blocker), so its effective score drops to -20. Your effective score can never exceed your worst dependency.

What Qualifier adds

What Without Qualifier With Qualifier
Quality tracking Spreadsheets, tickets, memory Structured .qual files in your repo
Score propagation Manual dependency analysis Automatic through the dependency graph
CI gating Custom scripts qualifier check --min-score 0
Agent integration None JSON output, batch attestation, suggested fixes
Merge conflicts Guaranteed with shared files Structurally impossible (append-only JSONL)
History Lost in ticket graveyards VCS-native — blame, diff, bisect all work

Minimal example

A .qual file is just JSONL — one attestation per line:

{"metabox":"1","type":"attestation","subject":"src/parser.rs","issuer":"mailto:alice@example.com","created_at":"2026-02-24T10:00:00Z","id":"a1b2c3d4...","body":{"kind":"concern","score":-30,"summary":"Panics on malformed UTF-8 input"}}
{"metabox":"1","type":"attestation","subject":"src/parser.rs","issuer":"mailto:bob@example.com","created_at":"2026-02-24T11:00:00Z","id":"e5f6a7b8...","body":{"kind":"praise","score":40,"summary":"Excellent property-based test coverage"}}

No parents, no headers, no schema declarations. Each line is self-contained.

Quick start

# Install
cargo install qualifier

# Initialize qualifier in your repo
qualifier init

# Attest a concern
qualifier attest src/parser.rs --kind concern --score -30 \
  --summary "Panics on malformed input"

# See scores for everything
qualifier score

# CI gate — fail if anything is below zero
qualifier check --min-score 0

# Show details for one artifact
qualifier show src/parser.rs

# List the worst offenders
qualifier ls --below 0

How it works

Qualifier is a Rust crate with a library and a CLI:

Component What it does
.qual files VCS-friendly JSONL attestations — the primary interface
qualifier CLI Human-friendly commands for attesting, scoring, gating
qualifier crate Library API for tools, agents, and editor plugins
Dependency graph qualifier.graph.jsonl — feeds the propagation engine

See Format for the file spec or CLI for command reference.