Pre-commit, not post-CI
Coverage feedback in the agent’s edit turn — before the diff lands in CI. The wedge metric is regressions caught pre-commit, not coverage percent.
coverctl
Agent-loop coverage governance — coverage your AI coding agent calls before commit, not a dashboard you read after CI. Domain-aware policy across 15 languages, MCP-native, local-first.
check runs via MCP and returns a verdict — in the example: api 78.2 % — fail. 4. The agent calls suggest, fixes the gap, re-runs check until it passes, then commits. “Our AI agents ship code fast, but they’re blind to coverage policy while editing. We only see breakage in CI, after context is gone, and the same agent then guesses its way to a fix.”
Works best on standard Go/Python/JavaScript/Java/Rust projects with conventional layouts. Mock-heavy code or exotic monorepos may need an explicit domains: block — see trust calibration.
What it looks like
A real agent session
Section titled “A real agent session”After coverctl mcp serve is wired into Claude Code. Rendered for clarity — your client may format tool-calls differently.
You: Add the email-validation feature to the api domain.
Claude: I'll add EmailValidator + tests in internal/api/email.
[edits: internal/api/email.go, internal/api/email_test.go]
Tool call → coverctl check Result → passed: false; failing: api (78.2%, required 80%) uncovered: internal/api/email.go:42-58 (error paths)
Tool call → coverctl suggest api Result → uncovered files: email.go (16 lines), retry.go (4 lines)
Two error branches in EmailValidator.Validate are uncovered. I'll add cases for empty-input and malformed-domain so api meets the 80% threshold before we commit.The regression that used to surface in CI 8 minutes later is fixed in the same agent turn.
Why not your current setup?
Section titled “Why not your current setup?”| Today | Why it fails for agent-edited code |
|---|---|
| Red-CI agent loop (status quo) | Agent edits → tests fail in CI 8 minutes later → context lost. coverctl: feedback in seconds, in the same turn. |
| Codecov / Coveralls dashboards | Post-merge visibility for humans. coverctl: pre-commit signal for agents. |
Native go test -cover / pytest --cov | Per-language only, no domain policy, no agent-callable interface. coverctl: uniform across 15 languages, MCP-native. |
Quick Start
Section titled “Quick Start” Wire coverctl into Claude Code, Cursor, or Cline → Connect through MCP. Agent calls check, suggest, debt directly inside the edit loop, before commit. Most users start here.
Working from a terminal instead? Terminal quickstart →
# Installbrew install klarlabs-studio/tap/coverctl # or: go install go.klarlabs.de/coverctl@latest
# One-time project setupcoverctl init
# Then either run from terminal:coverctl check
# ...or wire into Claude Code / Cursor / Cline (default agent mode)# and let the agent invoke coverctl during editing.Why this is different
Four moves that make this a category, not a feature
Section titled “Four moves that make this a category, not a feature”Agent-callable through MCP
Speaks MCP — the multi-vendor agent-tool standard governed by Anthropic, OpenAI, Google, Microsoft, AWS. Works with every MCP-capable client today; works with whatever ships next.
Polyglot governance, one config
One .coverctl.yaml enforces per-domain thresholds across Go, Python, TypeScript, Rust, Java, C#, C/C++, PHP, Ruby, Swift, Dart, Scala, Elixir, Shell.
Local-first, hardened boundary
No SaaS account, no source upload, no third-party dependency in the agent’s reach. Input + output sanitization defends against prompt-injection through test-runner flags and hostile filenames.
Beyond the wedge
Section titled “Beyond the wedge” MCP threat model Input + output boundary controls, prompt-injection defense, residual risks.
Rejection schema reference Stable error_code + remediation contract for agent recovery.
CI integration Use --mode=ci for the full nine-tool surface in automation runners.
Watch mode Continuous coverage feedback during development.