what your repo has already broken.

a typed scenario graph, scored by P × C × R, weighted by what's already broken here.

ZSH · qaless ~/projects/auth-svc

a number you can defend in review.

P · PROBABILITY
1–3

how likely it occurs in production.

C · CRITICALITY
1–3

does it touch money, auth, or data.

R · RECOVERY
1–3

how hard to recover from when it lands.

--input"users can reset password"
--filefeature.md
--openapiapi/openapi.yaml
--diff[--diff-ref main]
markdownpriority-bucketed checklist
playwrighttypescript describe / it
postmancollection v2.1 json
htmltable + clickable graph

from the diff to the instance that broke last time.

s12 · scenario drill-in auth-svc / password reset

pick the shape your team already reviews.

describe('password reset', () => {
  it('blocks token reuse after password is set', async ({ page }) => {
    // precondition: a valid reset token exists.
    // expected: 401 on the second use.
  });
  it('rejects expired tokens with a clear error', async ({ page }) => {
    // expected: human-readable error, prompt to request a new link.
  });
});
{
  "name": "token reuse after password reset",
  "request": {
    "method": "POST",
    "url": "/auth/reset-password",
    "body": { "token": "{{used_token}}" }
  },
  "tests": "pm.expect(pm.response.code).to.equal(401);",
  "priority": { "P": 3, "C": 3, "R": 2, "score": 18 }
}
## password reset

### CRITICAL
- [ ] token reused after password is set   P:3 C:3 R:2 = 18
- [ ] token expired before use             P:3 C:3 R:3 = 27

### IMPORTANT
- [ ] concurrent reset requests            P:1 C:3 R:3 = 9
- [ ] new password matches a previous one  P:2 C:3 R:2 = 12

### LOW
- [ ] user not found for the email         P:2 C:2 R:1 = 4
<!-- qaless export --format html --output report.html -->
<script>
  const graph = {
    nodes: [
      { id: "n1", type: "happy_path",  score: 9 },
      { id: "n2", type: "edge_case",   score: 27 },
      { id: "n3", type: "concurrency", score: 18 }
    ],
    edges: [{ from: "n1", to: "n2", label: "token expires" }]
  };
</script>

five things a prompt can't do.

of this project.

past breakage weights future scores. dismissals are remembered. keyed to the repo.

not description.

runs scenarios against staging. failures land back in the graph as confirmed.

on every pr.

ci/cd action fires on each pr and deploy. dashboard fires on incident.

to the whole repo.

git history, sentry errors, last ten deploys. linked to similar shapes that haven't broken yet.

a signed report.

what fired, what was dismissed, by whom. auditable across releases.

your disk.

json-schema ScenarioGraph, byo key, ~/.qaless/history.db never leaves.

two plans. one binary.

SOLO
$19/ mo
1 seat

one developer — the full pipeline, every export, ci/cd on each pr.

get solo ↗
TEAM
$39/ mo
up to 10 seats

shared memory across the team — one incident log, one project context, every analysis pooled.

get team ↗
feature solo team
all commands · analyze verify report export mcp ✓ full ✓ full
ci/cd · github action
seats 1 up to 10
shared incident log
shared project context
team dashboard · all analyses, incidents, verify runs roadmap

binary v0.12.7 · single file. no runtime deps.

read the docs ↗

get pinged when linux + intel mac ship.