spectrace
NEWMCP server — plug any AI agent into Spectrace

Product definition & traceability for
[ teams ] and [ agents ]

Spectrace turns messy docs and conversations into structured product specs, then build a continuous trace from spec to merged PR, with proof at every stage.

For product teams defining work for humans and agentsFor engineers who lives in VS Code, Cursor or ClaudeFor AI agents doing the work alongside humans
01 · VerifyPR scorecard
Spectracelive
NS-AUTH-014

Email + password sign-in with rate limiting

Acceptance3 / 5
  • User can sign in with email + password
  • Invalid credentials show accessible error
  • Session persists across reloads · 24h
  • After 5 failed attempts, rate-limit 10 min
  • Failed attempts logged to audit feed
3a4f5e2·feat(auth): wire sign-in handlerjust now
PR · northstar/mobile-app#481just now
72/100Medium risk · merge with changes
  • NS-AUTH-014Sign-in with rate limiting
    3 / 5 ACs
    68
  • NS-AUTH-022Password reset · magic link
    4 / 4 ACs
    95
  • NS-PERF-009Cold-start ≤ 1.8s
    0 / 2 ACs
    0
Verified by Spectrace · 9 ACs across 3 reqs · gpt-4o
Works with
  • GGitHub
  • GlGitLab
  • LLinear
  • JJira
  • SlSlack
  • NNotion
  • VSVS Code
  • CCursor
  • AIClaude
+ REST · MCP
Who it's for

Product and engineering teams shipping software where correctness matters.

Product Managersdefine the work, with structure
Engineering Leadsverify what shipped
Engineerslives with context in their IDE
AI AgentsMCP server, drop-in
Common industries
  • Fintech
  • Healthcare
  • E-commerce
  • Marketplaces
  • B2B SaaS
  • AI platforms
  • Logistics
  • DevTools
  • Critical infra
  • Regulated industries
The trace

From messy docs to merged code, in one thread.

Most teams have requirements scattered across PRDs, transcripts, and Slack threads — and code that never quite traces back. Spectrace pulls the structure out, then keeps the thread intact all the way to ship.

  1. SpecPRD ingested · ambiguity flagged
  2. AcceptanceSpecs enriched with ACs
  3. IDEContext injected to Cursor / Copilot
  4. Pull requestDiff verified against ACs
  5. ShipTraceable · auditable · proven
01Capture

Messy inputs become structured specs

Drop in PRDs, meeting transcripts, Slack threads, or rough notes. Spectrace extracts the intent, structures it into acceptance criteria, and flags ambiguity before a line of code is written.

Slack@dana · #auth · today

we should rate-limit failed sign-ins. like 5 then lock for 10m?

DocPRD-northstar-auth · §3.2

Errors must be accessible; session 24h; brute-force protection mandatory.

TranscriptStandup · 14:02:18

…and Sec said no plaintext logs. bcrypt cost 12. agreed.

Emaillegal@northstar · Mon

Re: auth flow — please add failed-attempt audit feed for compliance.

spectrace · structured
ApprovedNS-AUTH-014

Email + password sign-in with rate limiting

  • Sign in with email + password
  • Accessible error on bad creds
  • Rate-limit after 5 failed attempts
  • Audit log for failed sign-ins

Sec review: bcrypt cost 12, no plaintext logs.

02Implement

Context for humans and agents

The full spec lives in your IDE — and inside any AI agent you use. Cursor, Copilot, Claude Code, or anything over MCP. ACs flip green as commits land.

Spectracelive
NS-AUTH-014

Email + password sign-in with rate limiting

Acceptance3 / 5
  • User can sign in with email + password
  • Invalid credentials show accessible error
  • Session persists across reloads · 24h
  • After 5 failed attempts, rate-limit 10 min
  • Failed attempts logged to audit feed
3a4f5e2·feat(auth): wire sign-in handlerjust now
03Verify

Proof at every merge

Every PR scored against its requirements. Evidence per AC, a confidence score, and a verdict posted back to GitHub — so reviewers see what actually shipped vs. what was asked for.

spectrace-botbot · commented · just now
72/100 medium risk

Two of three requirements satisfied. Rate-limit middleware for NS-AUTH-014 is missing.

PR verification

Every PR, verified against the spec.

A second pair of eyes on every merge, with evidence.

When a PR opens, Spectrace finds the requirements it touches, scores each AC against the diff, and posts a verdict — with cited code snippets — back to GitHub. Catch drift before merge, not in QA.

  • Per-AC verdict with cited evidence
  • Manual override w/ written reason — the model learns
  • Risk-at-merge dollar value, not vibes
  • Posts back to GitHub in your team's style
How verification works
PR · northstar/mobile-app#481just now
72/100Medium risk · merge with changes
  • NS-AUTH-014Sign-in with rate limiting
    3 / 5 ACs
    68
  • NS-AUTH-022Password reset · magic link
    4 / 4 ACs
    95
  • NS-PERF-009Cold-start ≤ 1.8s
    0 / 2 ACs
    0
Verified by Spectrace · 9 ACs across 3 reqs · gpt-4o
Spectracelive
NS-AUTH-014

Email + password sign-in with rate limiting

Acceptance3 / 5
  • User can sign in with email + password
  • Invalid credentials show accessible error
  • Session persists across reloads · 24h
  • After 5 failed attempts, rate-limit 10 min
  • Failed attempts logged to audit feed
3a4f5e2·feat(auth): wire sign-in handlerjust now
In your IDE

Specs where engineers write code.

No more tab-switching to a stale Notion doc or Jira ticket.

Assigned requirements live in your sidebar. Click Start with SpecAI to inject the full spec — story, ACs, linked code, ADRs — into Cursor, Copilot, or Claude Code. ACs flip green as commits land.

$ code --install-extension spectrace.spectrace
Spectrace: Sign in
Get the extensionArchitecture
Integrations

Drops into the stack you already use.

Two-way sync with your trackers, native panels in your editor, and an MCP server so any AI agent can read and write specs in your own voice.

Source
  • GGitHub
  • GlGitLab
Trackers
  • LLinear
  • JJira
Editors
  • VSVS Code
  • CCursor
  • WWindsurf
AI agents
  • ClClaude Code
  • CoCopilot
  • MMCP server
  • {}REST + webhooks
Comms
  • SlSlack
  • NNotion
Full list →