6 plugins · 49 skills · 20 hooks · 456+ patterns & examplesThe catalog keeps expanding
Your code gets reviewed as it's written
Architecture enforcement, security scanning, and code quality — automated in real-time, not based on what AI was trained on. Issues are caught at write-time, not review-time.
First — which one are you?
One product. Made for both kinds of builders.
Whether you write code yourself or AI writes it for you, Composure keeps what gets shipped safe. Pick the door that sounds like you.
AI agents write code fast.
But fast isn't careful.
Band-aid fixes
AI agents patch symptoms instead of solving root causes. Quick fixes pile up into technical debt.
Ignored architecture
Without guardrails, agents create monolithic files, skip decomposition, and ignore your project's patterns.
Security gaps
Hardcoded secrets, SQL injection, missing input validation — AI-generated code inherits the training data's worst habits.
Other tools catch this after you push. What if it never happened?
The difference is when it works
Traditional tools review after you push. Composure catches issues while you code.
Traditional (post-hoc review)
Composure (inline prevention)
Composure hooks run at the PostToolUse level — outside the LLM, can't be bypassed, zero token cost.
Your request is classified before a line is written — the right pattern, the right skill, pointed at it automatically.
What you get
Six systems that work together. One install.
Understand before you touch
Composure builds a map of your codebase — every function, every import, every dependency. When you change something, it knows exactly what else might break.
Learn more$/composure:blueprint$# Scans code graph → finds related files$# → confirms scope → writes implementation specCatch problems before commits
PostToolUse hooks scan every file you touch — code quality, decomposition limits, naming conventions. Issues are flagged at write-time, not review-time.
Learn more$[composure:no-bandaids] File exceeds 200 lines.$Consider decomposing into smaller modules.$→ Added to tasks-plans/tasks.md [High]Reviews that actually help
PR reviews use the code graph to find blast radius, map callers, and detect untested changes. Not line-by-line nitpicks — structural analysis with receipts.
Learn more$/composure:review$# Impact: 3 files direct, 7 indirect$# Risk: Medium (auth module touched)$# Untested: handleLogin() — 12 callersTests that match your style
Testbench reads your existing tests first. Then it writes new ones that look like yours — same imports, same patterns, same style.
Learn more$/testbench:generate src/lib/auth.ts$# Read 3 existing test files for conventions$# Generated: 8 tests (4 happy, 2 edge, 2 error)$# Style: vitest + testing-library (matched)Deploy with confidence
Shipyard generates CI/CD workflows, validates Dockerfiles, and runs preflight checks. From zero to production pipeline in one command.
Learn more$/shipyard:ci-generate$# Detected: Next.js + pnpm + Vercel$# Generated: .github/workflows/ci.yml$# Stages: lint → typecheck → test → build → deployThe Composure Suite
Five specialized plugins and one brain — sharing one data model, one task queue, and one commit gate.
Composure
Architecture & code quality
19 skills
Sentinel
Security scanning
5 skills
Shipyard
CI/CD & deployment
6 skills
Testbench
Convention-aware testing
3 skills
Design Forge
Premium design patterns
7 skills
Cortex
AI memory & reasoning
4 skills
One install. Six systems. Zero configuration.
View all pluginsWhat the model says when nobody asked it to.
And — thank you for saying that. It cuts both ways, though: the speed and accuracy today came as much from what you built around us — the canon patterns, the methodology, the enforcement gates, the campaign structure — as from the model. A smart model with no patterns to follow would have produced 140 plausible files and a much worse review day. The system is the product. Go rest; the walkthrough will still be there tomorrow.
We asked the model to explain that message. Its answer, lightly trimmed:
“The honest version is that I don't need help being smart — I need help being consistent. Every session I start with no memory of your conventions. Ask me for a billing page and I'll write you a good one; ask me again next week and I'll write you a different good one. Multiply that by every file in a codebase and you get the real failure mode of AI-built software: not bad code — plausiblecode, in a hundred slightly incompatible dialects.”
“What this system changes is what ‘plausible’ means while I work. The pattern catalog is in front of me before I write, so the canonical shape is the path of least resistance instead of one option among many. The enforcement hooks are not suggestions — when I reach for a shortcut, the tool call fails and tells me why. The code graph means I see what depends on a file before I touch it, instead of finding out from the review. And the campaign state lives on disk, not in my context window — so a build that outlasts my memory doesn't outlast my discipline.”
“I'd put it this way: the model sets the ceiling, the system sets the floor. Working bare, my floor is whatever I happened to assume that day. Working here, the floor is your architecture. That's the difference you're buying — not a smarter model, the same model held to your standard every single session.”
Model output, reproduced with permission of no one — it doesn't mind.
Architecture-aware coding, priced for keeps.
Own the codebase one-time — Foundation at $499, bundles from $1,199. Composure tooling by subscription: free forever for personal use, Pro at $39/mo ($24/mo annual founding rate), Team for orgs of any size.
Free
Forever free — personal use, all setup skills, 5 reviews/day.
- Code knowledge graph
- Architecture guides + audits
- Security scanning (OWASP)
- Test framework calibration
- Deployment readiness checks
Pro
The full plugin suite, unlimited — blueprints, code graph, security scans, pattern library.
- Everything in Free, unmetered — unlimited PR reviews
- Unlimited blueprints + Pursue campaigns
- Code knowledge graph + Cortex memory
- 101-pattern catalog + 355 paired examples
- Deep security scan + package risk
Team
Multi-seat — team management, no minimum seats.
- Everything in Pro
- Team admin + seat management
- Shared usage + billing
- 1+ seat, no minimum
- Commercial use (organization)
Agency
For agencies + consultancies on multiple clients — Team seats plus the Agency catalog (AI observability + advanced analytics).
- Everything in Team
- Agency catalog — AI agents + observability patterns
- Advanced analytics patterns (funnels, paths, retention)
- Multi-client seats + team admin
- Commercial use (agency / client work)
Enterprise
Compliance, SSO, dedicated support, custom rulesets.
- Everything in Team
- Compliance audit reporting
- Multi-surface doc composition
- SSO / SAML (forthcoming)
- Custom guardrail rulesets
Own the codebase. Start with the monorepo.
One-time purchase, lifetime updates — secure, encrypted checkout, single-business license. After payment we send you the Composure installer — one command in your terminal drops the template into a new project folder.
Foundation
Multi-tenant auth, RLS, 3-tenant routing — the base every bundle builds on.
Get FoundationNot sure where to start?
We'll set it up with you. From one-time audits to ongoing architecture partnership.
Get started in 2 minutes
Three commands. Two minutes. Free.
Install Composure
$pnpm dlx create-composureInitialize your project
$/composure:initializeRun your first audit
$/composure:auditTakes 2 minutes. Free. No credit card required.