Each category is scored out of 10. Total: 60 points.
| Requirement | Notes |
|---|
| README with working setup instructions | Must get someone from clone to running in under 5 minutes |
| Architecture overview | Components, data flow, and rationale for key choices |
| API documentation | Endpoints, request/response format |
| Decision log | What was descoped, trade-offs made, key technical choices and why |
| Known issues | Honest account of what’s broken and what you’d do with more time |
Scored from the automated scan output compiled at code freeze. Scan results are shared with judges before demos begin.
Critical issues are weighted heavily:
- Security vulnerabilities (hardcoded secrets, injection, missing validation)
- Transaction integrity failures (race conditions, data consistency issues)
Also scanned:
- Code quality (linting, dead code, complexity)
- Architecture (file structure, separation of concerns, circular dependencies)
- Test coverage (presence, quality, critical path coverage)
- Documentation completeness
- Dependency health (outdated packages, known vulnerabilities)
See the AI Agent Scan page for the full list of what gets checked.
| Requirement | Notes |
|---|
| Clean, consistent, readable code | Consistent style, sensible naming, no dead code |
| Sensible project structure | Separation of concerns, logical file organisation |
| Core business logic isolation | Logic is well-isolated and independently testable |
| Database schema design | Well-normalised, appropriate indexes, sensible relationships |
| Error handling and logging | Errors are caught, logged, and surfaced gracefully |
| Requirement | Notes |
|---|
| Meaningful commit history | Commits throughout the day, not one push at 16:55 |
| Docker Compose works first try | docker compose up brings the whole stack up |
| CI/CD pipeline | Even a basic GitHub Actions workflow counts |
| Environment config | .env.example present, no hardcoded secrets |
| App is live and accessible | Live URL in README, accessible during demo |
| Requirement | Notes |
|---|
| Core business logic test coverage | Critical paths, transaction integrity, edge cases |
| Edge cases handled | Invalid states, concurrent operations, error conditions |
| App stability | Doesn’t crash under normal usage |
| Input validation | Throughout the app, including core business logic |
| Graceful error responses | API returns sensible error messages and status codes |
| Requirement | Notes |
|---|
| End-to-end functionality | The app actually works — full user journey from start to finish |
| Usable UX | Someone unfamiliar can navigate and use it |
| Clear and engaging demo | 5 minutes, shows the full flow |
| Explains decisions confidently | Team can articulate architectural choices and trade-offs |
| Bonus: live audience interaction | Let audience members interact with your app during the demo |
| Category | Points |
|---|
| Documentation | /10 |
| AI Agent Scan Results | /10 |
| Code Quality & Architecture | /10 |
| DevOps & Deployment | /10 |
| Testing & Reliability | /10 |
| Product & Demo | /10 |
| Total | /60 |