Deploy verification for AI-coded software.

AI Coder Mode is a terminal output format designed for developers whose primary workflow is Claude Code / Cursor / Aider / Zed — i.e. anyone whose "terminal" is an AI agent's tool-call output, not a literal terminal. Pass --ai to any pqcheck subcommand and the output transforms into a three-layer artifact: a banner, a body, and a structured CIPHERWAKE_AI_GUARD_RESULT block that your AI coworker parses to decide pass / review / block.

What we measure

AI Coder Mode doesn't change what we measure — it changes how the existing measurements surface to AI coders. The underlying scan (DBR scoring, Trust Diff, Preview Trust Diff, deploy check) is unchanged. The output is reshaped into:

1. Top banner — un-missable one-line summary: ◆ cipherwake · KIND · STATUS · domain · DBR X.X · severity · ship_decision=.... Color-coded green / yellow / red.
2. Body — top finding + why it matters + concrete next action. Capped at ~12 lines so it doesn't bury the chat scrollback.
3. Footer block — a machine-readable CIPHERWAKE_AI_GUARD_RESULT … END_CIPHERWAKE_AI_GUARD_RESULT block with stable key=value lines. AI agents grep between the markers and parse deterministically.

How we measure it

The three layers are generated client-side in cli/bin/pqcheck.js. The underlying API responses are unchanged — only the CLI rendering changes. Specifically:

• Banner uses the highest severity finding from the scan, plus the computed ship_decision, to color and label the line.
• Body picks the single most-severe finding and surfaces its rationale + a recommended next action sized to the situation.
• Footer block is the canonical machine-readable artifact. Field set includes: status, domain, kind, dbr, grade, max_severity, ship_decision, top_issue, scanned_at, advisory_only=true, plus kind-specific fields (e.g. delta_count, baseline, score_delta for diff modes).

AI Coder Mode also writes ~/.config/cipherwake/last-scan.json on every invocation. This file feeds the optional cipherwake-statusline script (v0.16.0) for persistent ambient state in your AI coder's status line.

How it scores: the ship_decision field

The ship_decision field is the single primitive your AI coworker routes on. It's not a severity rating; it's an action recommendation:

• pass — no high-or-critical findings, no unexpected diff. Safe to announce the deploy. Exit code 0.
• review — high-severity finding present, OR unexpected diff vs baseline, OR DBR score drop ≥ 1.0. Ask the human before announcing. Exit code 1.
• block — critical-severity finding present (e.g. confirmed subdomain takeover). Revert or hold the deploy. Exit code 2.

Exit codes are ship_decision-aware only when --ai is set. Classic exit codes (threshold breach = 2) are preserved for non-AI mode so existing CI pipelines don't break.

What this tool does NOT claim

The most important section of any Cipherwake methodology page. Things AI Coder Mode is NOT:

• Not an authoritative deploy gatekeeper. ship_decision=block is a recommendation. You can always ignore it and ship. If you do, Cipherwake recorded the decision in ~/.config/cipherwake/last-scan.json but did not prevent the deploy. Customers are responsible for their own deploy decisions.
• Not a substitute for your judgment. The advisory_only=true field is in every footer block precisely because the same finding can be legitimately accepted (you knew about it, you shipped it on purpose) or rejected (it's a regression). Cipherwake can't tell which; only you can.
• Not a replacement for the GitHub Action PR comment. For developer workflows centered on GitHub PRs with human reviewers, the Action's sticky PR comment remains the right surface. AI Coder Mode is for the parallel workflow where the PR comment is a dead surface because no human is opening the PR before the AI deploys.
• Not currently AI-vendor-specific. The structured block is plain key=value text; any agent that reads CLI stdout can parse it. Claude Code, Cursor, Aider, Zed, future AI coding agents — all consume the same artifact. We're not locking you into Anthropic / OpenAI / etc.
• Not the right surface for GitHub Copilot users. Copilot is IDE-autocomplete + Copilot Chat; it doesn't run shell tools the way Claude Code / Cursor / Aider do, so it can't consume --ai output. The right surface for Copilot users is the existing GitHub Action sticky PR comment, which is already wired into the human-PR-review workflow Copilot users live in. AI Coder Mode is specifically for AI coders that run CLI tools, not autocomplete CLI commands.
• Not a guarantee that ship_decision=pass means "nothing can go wrong." DBR scoring measures the public surface only; internal posture (databases, VPN, backups, CI secrets) is outside our scope and a pass verdict says nothing about it.

Limitations + edge cases

• The "top finding" is just the highest-severity one we found. If you have 3 HIGH findings on different components, the banner surfaces one of them. Body keeps it tight (≤12 lines); the underlying --format json output has the complete list if you need it.
• The structured block is intentionally not JSON. JSON is denser but harder to scan in a terminal; key=value lines between markers are deterministically parseable AND human-readable. If you need JSON, run --format json (without --ai) to get the full API response.
• Color codes don't render in some AI agent UIs. The banner uses ANSI color codes. Some Claude Code / Cursor / Aider configurations strip them. If your banner looks like \x1b[33m◆ cipherwake…, configure your agent to render ANSI or use --no-color (TODO — implement in v0.15.1 if customers ask).
• The persistent-state layer lives across the file ~/.config/cipherwake/last-scan.json, which v0.15.0 writes on every scan. Roadmap of surfaces that read it:
  • v0.15.0 (shipped) — cipherwake-statusline. CLI bin for Claude Code's statusLine setting. Renders a one-line color-coded summary in ~30ms. Dependency-free; runs on every Claude Code turn.
  • v0.16.0 — VS Code / Cursor extension (same codebase, since Cursor is a VS Code fork). Uses the VS Code extension API's StatusBarItem to show the same one-line summary in the bottom status bar. Different install path from Claude Code (Marketplace, not a settings.json line) because VS Code doesn't have a config-level shell-command hook — but the surface exists and the install is one-click once we publish.
  • v0.17.0+ — Aider / Zed / MCP server. Aider has no separate status surface beyond stdout (the existing --ai output already covers it). Zed's extension API is maturing; we'll target it once stable. A future MCP server lets Claude Code / Cursor call pqcheck as a native tool without npx overhead.
  The state file is the canonical interface for all of these — once v0.15.0 ships, every downstream surface is just "read the file, render it"; no backend changes required for new surfaces.
• Cipherwake's consent UX (v0.16.0 onward). The only file Cipherwake writes without asking is ~/.config/cipherwake/last-scan.json in our own config directory. For anything that would touch another tool's config (e.g. ~/.claude/settings.json, Cursor's settings.json, etc.), the installer follows this pattern:
  1. One consolidated upfront question that briefly lists every change the installer would make. Example: "I can add a 4-line statusLine block to ~/.claude/settings.json (existing settings preserved). Choose: [a]uto = do it + show diff · [m]anual = print each change to copy-paste · [n]o = skip."
  2. If you choose auto, the installer makes all the changes and shows a diff afterward so you can verify exactly what landed. No silent edits.
  3. If you choose manual, the installer walks through each setting one at a time with the exact copy-paste, asking before each one.
  4. If you choose no, the installer skips everything except writing ~/.config/cipherwake/last-scan.json (our own state). You can re-run the installer later.
  5. No --yes flag bypasses the upfront question. Even CI environments get the question on first run; subsequent runs respect the choice stored in ~/.config/cipherwake/install-prefs.json.
  Rationale: editing another tool's settings file is invasive, and the worst version of that is editing it without explaining what changed. Customers deserve to see the full list of changes before consenting once, not to be interrupted with five separate yes/no prompts mid-deploy.

Try it

npx pqcheck cipherwake.io --ai
npx pqcheck trust-diff cipherwake.io --baseline last-week --ai
npx pqcheck preview-diff \
  --preview https://your-preview.vercel.app \
  --production https://cipherwake.io --ai
npx pqcheck deploy-check cipherwake.io --ai

Pass --ai or --agent — they're synonymous. The footer block can be parsed by your AI coworker with a single grep:

npx pqcheck cipherwake.io --ai \
  | awk '/^CIPHERWAKE_AI_GUARD_RESULT$/,/^END_CIPHERWAKE_AI_GUARD_RESULT$/' \
  | grep '^ship_decision='