One file that tells every AI your stack, your patterns, your rules—before it writes a single line. Switch tools anytime. Your spec follows.
Claude Code · Cursor · Windsurf · Continue.dev · any MCP-compatible tool
spec:
name: my-saas
version: "1.0.0"
stack:
languages: [TypeScript]
frameworks: [Next.js 16, React 19]
databases: [PostgreSQL 18]
patterns:
- name: Server-side auth
applies_to: "**/*.ts"
rule: Always validate auth server-side
constraints:
- name: No any types
severity: error
rule: Never use TypeScript 'any'The real cost
Every new session is amnesia. Your AI builds a React form with client-side auth—when you decided on server-side three weeks ago. The code works. It just doesn't match anything else in your project.
You paste the same context, same rules, same "don't use any types" message. Every. Single. Time.
Your landing page says one thing. Your dashboard says another. AI doesn't know your voice, colors, or tone.
Vibe coders ship fast. Auth on the client. Secrets in the repo. No RLS. The AI didn't know any better.
Pasting your system prompt eats tokens. That's your money and your context window — gone before you start.
Current workarounds — all broken
The gap: LLMs are brilliant at writing code. They're terrible at knowing your standards. CodeSpec is the spec layer that travels with you—regardless of which AI you use tomorrow.
The format
Check .codespec.yaml into your repo. Your stack, rules, brand, and architecture decisions auto-load into every AI tool that supports MCP. No pasting. No forgetting.
No more “we use Next.js, not Remix” corrections.
stack:
languages: [TypeScript]
frameworks: [Next.js 16, React 19]
databases: [PostgreSQL 18 + RLS]
tools: [Tailwind, shadcn/ui]Your architecture rules, enforced before a line is written.
patterns:
- name: Server-side auth
applies_to: "**/*.ts"
rule: >
Always validate auth server-side.
Never check auth client-side.Guardrails the AI cannot cross. Period.
constraints:
- name: No any types
severity: error
rule: No TypeScript 'any'
- name: Auth required
severity: error
rule: All API routes check authWhy you chose Supabase. Why server components. It's all here.
decisions:
- date: "2026-01-15"
decision: Use Supabase RLS
reason: Prevents client bypass
- date: "2026-02-01"
decision: Server Components
reason: Better SEO, less JSConsistent voice, consistent colors. Every page, every component, every AI session.
brand:
voice: Professional, direct, no jargon
colors:
primary: "#1A56DB"
secondary: "#0E7C3A"
inject:
- files: "src/app/**/page.tsx"
context: >
Use Server Components by default.
Fetch data server-side, pass as props.How it works
60 seconds to configure. Every AI session after that starts with full project context—automatically.
Run the wizard. Pick a starter spec or write your own in 5 minutes.
$ npx codespec init
? Preset: Next.js + Supabase
? Add brand section: Yes
✓ Created .codespec.yamlAdd one line to your AI tool's config. That's it. MCP handles the rest.
// claude_desktop_config
{
"mcpServers": {
"codespec": {
"command": "codespec-mcp"
}
}
}Ask for anything. The AI already knows your rules. No boilerplate. No re-explaining.
> Add a payments page
Using Stripe (per your spec).
Server-side auth via middleware.
shadcn/ui components. Your brand.
✓ Matches your project specWhy CodeSpec
Use Claude today, Cursor tomorrow, something new next month. Your project spec doesn't care. It works everywhere.
Your AI reads the spec before you type a word. Stack, patterns, constraints, brand—all there, automatically.
Init wizard, validation, and export. Pick a starter spec or build your own from the terminal.
Not a Cursor plugin. Not a Claude extension. An open standard that works with any MCP-compatible AI.
Start with a community spec. Layer your overrides on top. Security baseline + SaaS starter + your brand = done.
Works entirely offline. A YAML file in your repo—that's the whole thing. Cloud sync is optional for teams.
MIT-licensed server and CLI. The spec format is CC BY 4.0. No vendor lock-in, no surprises.
Spec marketplace
Battle-tested specs built by developers who've shipped. Install one, customize it, and your AI writes production-grade code from session one. Free community specs for everyone—premium specs included with Pro.
by CodeSpec
App Router, server auth, Stripe integration, Supabase RLS. Skip weeks of boilerplate decisions.
by CodeSpec
SQLAlchemy, Alembic migrations, JWT auth, structured logging. Production-grade from line one.
by CodeSpec
Server-side auth, input sanitization, OWASP rules, webhook verification. The spec your vibe-coded app needs.
by Community
Typed navigation, offline-first sync, platform-specific patterns. Stop the AI from writing web code for mobile.
by SecureKit
Audit logging, encryption standards, access control rules. Pass your audit without hiring a consultant.
by Community
Hydrogen + Oxygen patterns, Shopify API standards, checkout flow constraints. E-commerce without the guesswork.
More specs added every week. Request one in our community.
Pricing
The spec format, MCP server, and CLI are open source and free forever. Pro adds smart alerts—like knowing when Next.js ships a new version while your spec still references the old one—plus cloud sync and unlimited projects.
Everything you need to start. No card required.
Unlimited projects, smart alerts, and cloud sync.
Enforce standards across your entire team.
SSO, compliance, and dedicated support.
Early access is opening soon. Be the first to stop re-explaining your codebase.
No spam. Just launch updates and early access.