Quick Start¶
Get started with SuperQode in 5 minutes.
Safety note (OSS): Run the open-source SuperQode/SuperQE in a safe, controlled environment (sandbox, VM, or low-risk machine). This reduces the blast radius for testing workflows and agent-driven actions.
Install SuperQode¶
Overview¶
This guide covers:
- Project Setup - Initialize and configure your project
- Choose Workflow - TUI for exploration or CLI for automation
- Connect to Agent - Set up your preferred connection mode
- Run First QE Session - Start quality engineering
Step 1: Initialize Your Project¶
Navigate to your project and initialize SuperQode:
This will: - Create superqode.yaml in the current directory from the comprehensive role catalog - Enable core, implemented roles so you can run immediately - Leave the rest disabled so you can prune what you donโt need
Edit Configuration¶
After initialization, edit superqode.yaml to set your preferred model:
Choose your connection mode:
# Option 1: ACP (recommended for full features)
default:
mode: acp
coding_agent: opencode
# Option 2: BYOK (use your own API keys)
default:
mode: byok
provider: google
model: gemini-3-pro
# Option 3: Local (privacy-first)
default:
mode: local
provider: ollama
model: qwen3:8b
Step 2: Choose Your Workflow¶
SuperQode offers two workflows:
TUI (Terminal UI) - For Exploratory Testing¶
Best for: Interactive exploration, ad-hoc testing, learning
Then use TUI commands: - :connect acp opencode - Connect to agent - :qe security_tester - Switch to security role - Chat with agent: "Check for SQL injection vulnerabilities"
CLI (Command Line) - For Automation¶
Best for: CI/CD, batch processing, automation
# Run QE session directly
superqe run . --mode quick
# With specific roles
superqe run . -r security_tester -r api_tester
Step 3: Run Your First QE Session¶
Quick Scan (60 seconds)¶
For fast feedback during development:
Note: QE sessions are run via CLI commands, not TUI commands. In the TUI, you interact directly with agents by typing natural language requests after switching to a QE role with :qe <role>.
Deep QE (Full Analysis)¶
For comprehensive quality analysis:
Step 4: View Results¶
After a QE session completes, you'll see:
Console Output¶
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ QE Session Complete โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Duration: 45.2s โ
โ Roles Run: 3 (security_tester, api_tester, fullstack)โ
โ Findings: 5 (1 critical, 2 high, 2 medium) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Artifacts Generated: โ
โ โข QR: .superqode/qe-artifacts/qr/qr-2024-01-18-1a2b3c4d.json โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
Artifacts Location¶
All artifacts are saved to .superqode/qe-artifacts/:
.superqode/qe-artifacts/
โโโ manifest.json
โโโ qr/
โ โโโ qr-<date>-<session>.json # Quality Report (JSON)
โ โโโ qr-<date>-<session>.md # Quality Report (Markdown)
โโโ patches/
โ โโโ ... # Suggested patch files (when available)
โโโ generated-tests/
โโโ ... # Generated tests (when available)
Step 5: Essential Commands¶
TUI Commands (prefix with :)¶
| Command | Description |
|---|---|
:connect or :c | Interactive connection picker (recommended) |
:connect acp <agent> | Connect directly to ACP agent |
:connect byok <provider> <model> | Connect directly to BYOK provider |
:connect local <provider> <model> | Connect directly to local model |
:qe <role> | Switch to QE role mode (e.g., :qe security_tester) |
:disconnect | Disconnect current session |
:status | Show session status |
:help | Show help |
:quit | Exit SuperQode |
CLI Commands¶
| Command | Description |
|---|---|
superqode | Launch TUI |
superqe run . | Run QE on current directory |
superqode providers list | List available providers |
superqode agents list | List available agents |
superqe init | Initialize configuration |
Step 6: Quick Examples¶
Example 1: Security Scan¶
Example 2: API Testing¶
Example 3: Full QE with Suggestions (Enterprise)¶
# Deep QE with fix suggestions (sandbox mode)
superqe run . --mode deep --allow-suggestions --generate
Example 4: CI-Friendly Output (Enterprise)¶
# JSONL output for CI/CD
superqe run . --mode quick --jsonl
# JUnit XML for test reporting
superqe run . --mode quick --junit results.xml
Step 7: Understanding the Output¶
Finding Severity Levels¶
| Severity | Description | Action |
|---|---|---|
| Critical | Security vulnerability, data loss risk | Fix immediately |
| High | Significant bug or security issue | Fix before release |
| Medium | Bug or code smell | Fix soon |
| Low | Minor issue or suggestion | Fix when convenient |
Confidence Scores¶
Each finding includes a confidence score (0.0 - 1.0):
- 0.9 - 1.0: Very high confidence, verified finding
- 0.7 - 0.9: High confidence, likely valid
- 0.5 - 0.7: Medium confidence, review recommended
- < 0.5: Low confidence, may be false positive
Step 8: Keyboard Shortcuts (TUI)¶
| Shortcut | Action |
|---|---|
Ctrl+C | Cancel current operation |
Ctrl+D | Exit SuperQode |
Ctrl+K | Open command palette |
Ctrl+L | Clear screen |
Ctrl+R | Refresh |
Tab | Auto-complete |
โ/โ | Navigate history |
Esc | Cancel/close dialog |
Next Steps¶
Now that you've completed the quick start:
- Your First QE Session - Detailed walkthrough
- Configuration Guide - Customize SuperQode
- Understanding Modes - Learn about BYOK, ACP, Local
- QE Roles - Understand testing roles
- CI/CD Integration - Add to your pipeline
Tips for Success¶
Start with Quick Scan
Use --mode quick during development for fast feedback. Save --mode deep for pre-release validation.
Focus on Critical Findings
Address critical and high severity findings first. Configure noise filters to reduce false positives.
Review Suggested Fixes
When using --allow-suggestions, always review the generated patches before applying.
Use CI Integration
Add SuperQode to your CI/CD pipeline with --jsonl output for automated quality gates.