REQQA.ai

Public API · Dark factory

Where AI builders become a first-class participant.

A token-authenticated REST API exposes the platform's full surface to external tools. A coordinated set of Claude Code skills consumes it and drives a complete build cycle from outside the platform — with full audit and human approval at the boundaries.

GET /api/v1/releases/REL-12200
{
  "id": "REL-12",
  "scope_state": "handover_ready",
  "members": [
    { "type": "story", "id": "STO-441", "rev": 7 },
    { "type": "story", "id": "STO-442", "rev": 3 },
    ...
  ],
  "as_scoped_snapshot": { ... },
  "advisory_gate": {
    "open_critical_issues": 0,
    "stale_stories":        0,
    "ready":              true
  }
}

Endpoints

Read the spec. Submit the plan. Post the feedback. Close the build.

GET/api/v1/applications

List applications visible to the bearer token.

GET/api/v1/releases/{id}

Release with members, snapshots, advisory gate.

GET/api/v1/releases/{id}/members

Stories with full Gherkin, requirements with hierarchy, glossary, personas.

GET/api/v1/glossary

Org glossary with application overrides.

POST/api/v1/releases/{id}/plans

Submit a versioned 8-section build plan.

PUT/api/v1/plans/{id}/status

Builder-side state transitions (RBAC over the same token).

POST/api/v1/releases/{id}/feedback

Raise builder feedback mid-build. Flows into issue management.

POST/api/v1/plans/{id}/as-built

Submit the as-built record. Sits beside the plan for analyst sign-off.

Claude Code skill set

Five skills. One self-coordinating build cycle.

Each skill produces an artefact the next one consumes. Skills are global — they live in your Claude Code configuration, not in REQQA's repository — so they work in any codebase.

/release-initanalyst-side

Pre-work readiness check before a build starts — scope scan, backlog review, doc sync, acceptance criteria.

/plan-buildanalyst-side

Drafts a build plan with the 8-section annotation model and negotiates v1 → v2 → v3 until the gate clears.

/start-buildbuilder-side

Loads an approved plan, transitions to in_progress, seeds the local task list from the Work Breakdown.

/close-buildbuilder-side

Gathers tests, commits, mid-build feedback. Assembles the as-built record. Hands back to analyst.

/release-closeanalyst-side

Wrap-up after acceptance — regression suite, performance review, decisions, repo snapshot, tag.

Token model

Per-user, org-scoped, long-lived bearer tokens.

Self-service mint, list, and revoke from the /apiTokens page. Token plaintext is shown exactly once at mint time and stored only as a PBKDF2-SHA256 hash. Every API call is audited. Idempotency cache on write endpoints prevents duplicate submissions on transient retries.

  • Builder RBAC

    approved → in_progress → in_review / paused / accepted, all over the same token.

  • Analyst-only

    Approval transitions and scope-state changes stay in the UI.

  • Audit

    Full request log per token, timestamped and immutable.

  • Idempotency

    Write endpoints cache by client key for safe retries.

One release cycle. End-to-end. No manual coordination outside the API and the skill chain.

Get a builder token →