{"version":1,"updatedAt":"2026-05-06","docs":[{"slug":"overview","title":"Testorax overview","summary":"What Testorax does, who it is for, and the single run-credit pricing model.","path":"/api/docs/overview.json","canonicalUrl":"/","audience":"public","tags":["overview","intro","product"]},{"slug":"pricing","title":"Pricing — single run-credit ledger","summary":"Free 10 runs, Starter Pack $2/10 runs (one-time, stacks), monthly subscriptions Builder $20/Pro $49/Studio $99/Scale $199 with included monthly runs.","path":"/api/docs/pricing.json","canonicalUrl":"/pricing","audience":"public","tags":["pricing","plans","billing"]},{"slug":"runs","title":"Runs — start, status, report","summary":"How to start a run via /api/runs/start, check status via /api/runs/:id, and read the structured report.","path":"/api/docs/runs.json","canonicalUrl":"/api-docs","audience":"agent","tags":["runs","api","lifecycle"]},{"slug":"scenario-runner","title":"Scenario Runner mode","summary":"Use customScenarios + executeOnly to run hard-asserted, agent-authored test steps with proof.","path":"/api/docs/scenario-runner.json","canonicalUrl":"/docs/scenarios","audience":"agent","tags":["scenario_runner","custom_scenarios","workflow"]},{"slug":"mutation-proof","title":"Mutation Proof","summary":"How Testorax verifies that scenarios actually catch the bugs they claim to.","path":"/api/docs/mutation-proof.json","canonicalUrl":"/docs/scenarios","audience":"agent","tags":["mutation_proof","proof","quality"]},{"slug":"visual-quality","title":"Visual Quality findings","summary":"Tap targets, horizontal overflow, console errors, network failures, and other visual-layer findings on desktop and mobile.","path":"/api/docs/visual-quality.json","canonicalUrl":"/docs/scenarios","audience":"agent","tags":["visual_quality","mobile","fast_bug_scan"]},{"slug":"backend-proof","title":"Backend Proof","summary":"Per-step backend assertions: did the click that the user made actually persist a record server-side?","path":"/api/docs/backend-proof.json","canonicalUrl":"/docs/scenarios","audience":"agent","tags":["backend_proof","persistence","readback"]},{"slug":"proof-scores","title":"Proof Scores","summary":"Composite score combining mutation, visual, backend, and click diagnostics into a single 0-100 number.","path":"/api/docs/proof-scores.json","canonicalUrl":"/docs/scenarios","audience":"agent","tags":["proof_score","quality","composite"]},{"slug":"run-diff","title":"Run diff","summary":"Compare two runs to surface regressions and fixes.","path":"/api/docs/run-diff.json","canonicalUrl":"/runs/diff","audience":"agent","tags":["run_diff","regression","compare"]},{"slug":"templates","title":"Scenario Template Gallery","summary":"33 safe-by-default templates (24 app-type + 9 proof-pattern). Customer UI submits via /api/runs/start.","path":"/api/docs/templates.json","canonicalUrl":"/templates","audience":"agent","tags":["templates","gallery","starting_points"]},{"slug":"mcp","title":"MCP integration","summary":"Hosted and stdio MCP servers expose Testorax tools to Claude, Cursor, and other MCP-capable agents.","path":"/api/docs/mcp.json","canonicalUrl":"/api-docs","audience":"agent","tags":["mcp","agent","integration"]},{"slug":"safety","title":"Safety model","summary":"What Testorax refuses to do: SSRF, destructive production action, real payment, raw secrets, video/replay storage.","path":"/api/docs/safety.json","canonicalUrl":"/docs/scenarios","audience":"agent","tags":["safety","guardrails","redaction"]},{"slug":"refund-policy","title":"Refund Policy","summary":"30-day usage-based refund window. One-time packages refundable if unused or minimally used. Subscriptions refundable for the first payment within 30 days subject to usage.","path":"/api/docs/refund-policy.json","canonicalUrl":"/refund-policy","audience":"public","tags":["refund","policy","cancellation"]},{"slug":"agents","title":"Agent guide","summary":"How coding agents (Claude, Cursor, Copilot) use Testorax: start a run, fetch findings, verify fixes.","path":"/api/docs/agents.json","canonicalUrl":"/docs/agent-setup","audience":"agent","tags":["agents","guide","workflow"]},{"slug":"agent-quickstart","title":"Agent Quickstart","summary":"Cold-start walkthrough for coding agents. Five steps, one decision tree, no prior knowledge of Testorax required. Start here if you have never used Testorax before.","path":"/api/docs/agent-quickstart.json","canonicalUrl":"/docs/agent-quickstart","audience":"agent","tags":["agent_quickstart","cold_start","first_run","compact_proof","decision_tree"]},{"slug":"agent-fix-loop","title":"Agent Fix Loop","summary":"Coding agents read the Proof Packet, apply the AI Fix Prompt, and verify with Fix Check. Only verdict=fixed_verified counts as a real fix.","path":"/api/docs/agent-fix-loop.json","canonicalUrl":"/docs/agent-fix-loop","audience":"agent","tags":["agent_fix_loop","proof_packet","fix_check","ai_fix_prompt"]},{"slug":"login-memory","title":"Login Memory","summary":"Save a login to your app once, then run authenticated Vibe Tests without re-typing your password — and without exposing the session to your coding agent. Customers create saved logins themselves; agents reference them by id.","path":"/api/docs/login-memory.json","canonicalUrl":"/docs/login-memory","audience":"agent","tags":["login_memory","safe_login","auth_session","authenticated_run"]},{"slug":"authenticated-smoke","title":"Authenticated Smoke Test","summary":"Test mode for logged-in dashboards / admin panels / behind-auth surfaces. Loads a saved Login Memory profile, visits each route, captures per-route classification + screenshot + console errors + failed network requests. Read-only. $1.99 / audit. Up to 25 routes.","path":"/api/docs/authenticated-smoke.json","canonicalUrl":"/docs/authenticated-smoke","audience":"agent","tags":["authenticated_smoke","login_memory","admin_panel","dashboard_audit","read_only","behind_auth"]},{"slug":"watch-test-live","title":"Watch Test Live / Run Console","summary":"Live observation of a Testorax run as it executes — current status, current step, recent proof events, latest screenshot. Polled JSON, NOT video replay, NOT session recording, NOT frame stream.","path":"/api/docs/watch-test-live.json","canonicalUrl":"/docs/watch-test-live","audience":"agent","tags":["watch_test_live","run_console","live_observation","proof_events"]},{"slug":"vibe-browser-engine","title":"Vibe Browser Engine","summary":"Deterministic capability matrix for browser engines Testorax can run scenarios on. Default: managed Chromium on Hetzner. Cloud browser providers NOT activated. Video replay, session recording, browser takeover NOT available. iOS Safari and extension testing NOT implemented.","path":"/api/docs/vibe-browser-engine.json","canonicalUrl":"/docs/vibe-browser-engine","audience":"agent","tags":["vibe_browser_engine","browser_capabilities","engine_selection","capability_matrix"]},{"slug":"authenticated-scenarios","title":"Authenticated scenarios (proof-flow hardening)","summary":"How to run authenticated dashboard tests on sandbox/staging hosts safely. setCookie / clearSession / clickByTestId / fillByTestId actions, with all values masked everywhere. Production-looking domains refused before billing — no run created, no credit deducted.","path":"/api/docs/authenticated-scenarios.json","canonicalUrl":"/docs/authenticated-scenarios","audience":"agent","tags":["authenticated_scenarios","session_injection","data_testid","proof_bundle","sandbox"]},{"slug":"run-history-intelligence","title":"Run History Intelligence (Proof Memory) — Stage A","summary":"Deterministic read-only classifier over Testorax run history. Surfaces recurring issues, weak passes, false-pass risks, stale deploys, selector failures, and proof-quality patterns. No LLM calls. No mutation of historical data.","path":"/api/docs/run-history-intelligence.json","canonicalUrl":"/docs/run-history-intelligence","audience":"agent","tags":["proof_memory","run_intelligence","classification","cluster_analysis","history_scan"]},{"slug":"compact-proof","title":"Compact Proof Summary (Agent Compact Mode) — Stage A","summary":"Small (~1–3 KB), agent-first JSON summary of a run. Lets coding agents read verdict, failure type, failed step, trust warning, and next safe action BEFORE downloading a full report. Read-only; no LLM call.","path":"/api/docs/compact-proof.json","canonicalUrl":"/docs/compact-proof","audience":"agent","tags":["compact_proof","agent_compact_mode","agent_summary","progressive_evidence"]},{"slug":"agent-visual-proof-loop","title":"Agent Visual Proof Loop (Screenshot-on-Demand) — Stage A","summary":"Lightweight, deterministic recommendation contract that tells coding agents WHEN a screenshot is worth fetching, WHICH screenshot (latest vs marked), and CAPS the loop so screenshot fetches never spam. No video replay. No session recording. No browser takeover.","path":"/api/docs/agent-visual-proof-loop.json","canonicalUrl":"/docs/agent-visual-proof-loop","audience":"agent","tags":["screenshot_on_demand","agent_visual_proof","progressive_evidence","screenshot_budget"]},{"slug":"preflight-build-freshness","title":"Preflight / Build Freshness Guard — Stage A","summary":"Scenario-level preflight contract that catches stale-deploy / wrong-route / unauthenticated / missing-testid problems BEFORE deep scenario steps run. Lint validator runs BEFORE billing — invalid configs are refused with HTTP 400 and 0 run credit deducted.","path":"/api/docs/preflight-build-freshness.json","canonicalUrl":"/docs/preflight-build-freshness","audience":"agent","tags":["preflight","build_freshness","stale_deploy","fail_fast","agent_safety"]},{"slug":"scenario-template-library","title":"Scenario Template Library — Stage A","summary":"41 ready-made, agent-first scenario templates covering common (login / CRUD / search / pagination / form validation) and unusual (multi-tenant switch / feature-flag / realtime / locale / CSV import / PDF export / accessibility / offline) test patterns. Each generated scenario carries preflight, real assertions, screenshot policy, Fix Check metadata, and doNotClaim warnings.","path":"/api/docs/scenario-template-library.json","canonicalUrl":"/docs/scenario-template-library","audience":"agent","tags":["scenario_templates","agent_first","preflight","fix_check","crud","auth","commerce","accessibility","realtime"]},{"slug":"campaign-preview","title":"Autonomous QA Campaign Orchestrator — Stage A","summary":"Read-only campaign preview. Stage A-D: route discovery, real-browser inspection (Hetzner Playwright), authenticated preview via Login Memory (raw secrets rejected as forbidden_auth_field). Stage E: live progress telemetry. Stage F: Chrome parity + runner-mismatch classification — preview jobs now carry jobParity + routeParities[] when complete; closed-set parityStatus (5: not_checked / internal_compared / chrome_checked / mismatch_detected / insufficient_evidence) and mismatchClassification (12) including `static_vs_browser_mismatch` for JS-rendered SPAs. `chrome_checked` is NEVER emitted in Stage F (Chrome Live not wired). chromeParityAvailable hard-false. A mismatch is NOT automatically an app bug. NEVER mutates target. NEVER creates customer runs. NEVER deducts credits. confirmationRequiredBeforeRun is always true.","path":"/api/docs/campaign-preview.json","canonicalUrl":"/docs/campaign-preview","audience":"agent","tags":["campaign","autonomous_qa","route_discovery","control_inventory","cost_preview","agent_safety","preview_only"]},{"slug":"assertion-dsl","title":"Scenario Authoring Expansion — Assertion DSL","summary":"Closed-set 19 assertion-helper kinds. Pure deterministic compiler that emits TestStep[] using existing engine actions only. Public POST /api/scenario-templates/validate-assertion validates helper shape + returns the compiled step list. Companion 12 new scenario templates spanning 6 new categories (dashboard / admin / proof / fix_check / booking / console_clean). Ship with proof.","path":"/api/docs/assertion-dsl.json","canonicalUrl":"/docs/scenario-templates","audience":"agent","tags":["assertion","dsl","flow_test","agent_authoring","scenario_templates","fix_check"]},{"slug":"fix-check-same-test-lock","title":"Fix Check Same-Test Lock — Stage A","summary":"Makes \"fixed_verified\" impossible to fake. Compares the same-test fingerprint of the ORIGINAL failing run vs the VERIFICATION run; refuses fixed_verified if the verification changed template, route, assertions, preflight, testIds, or removed proof. Pure deterministic comparator. Read-only. NO LLM call.","path":"/api/docs/fix-check-same-test-lock.json","canonicalUrl":"/docs/fix-check-same-test-lock","audience":"agent","tags":["fix_check","same_test_lock","assertions_hash","agent_safety","fix_loop"]},{"slug":"code-aware-fix-hints","title":"Code-Aware Fix Hints / Likely Fix Location — Stage A","summary":"Strictly advisory. When Testorax proves a failure, this surface generates safe read-only hints showing likely source files / symbols / routes / API handlers to inspect. NO LLM. NO auto-patch. NO raw code in output. NO secrets surfaced.","path":"/api/docs/code-aware-fix-hints.json","canonicalUrl":"/docs/code-aware-fix-hints","audience":"agent","tags":["code_hints","likely_fix_location","agent_safety","fix_loop","static_analysis"]},{"slug":"action-fidelity","title":"Action Fidelity Contract — synthetic-click / weak-fidelity detection","summary":"Closed-shape `actionFidelity` block on every report.json that classifies each click / fill / type / evaluate / select action into real_pointer | native_fill | keyboard_type | programmatic_click | evaluate_fallback | synthetic_event | ambiguous | not_applicable, with pointer / keyboard / focus proof booleans. Stops agents from claiming \"user can save\" when the engine actually used `element.click()` inside a `page.evaluate`.","path":"/api/docs/action-fidelity.json","canonicalUrl":"/docs/action-fidelity","audience":"agent","tags":["action_fidelity","synthetic_click","native_input","weak_fidelity","pointer_proof"]},{"slug":"coverage-grounding","title":"Fast Bug Scan Reality Grounding — Coverage Grounding Contract","summary":"Closed-shape `coverageGrounding` block on every Fast Bug Scan report. Observed-control registry, grounded-action accounting, shell-vs-module-body split, and a closed-set coverageStatus enum. Stops agents from claiming a dashboard \"works\" because only sidebar / header controls were clicked.","path":"/api/docs/coverage-grounding.json","canonicalUrl":"/docs/coverage-grounding","audience":"agent","tags":["fast_bug_scan","reality_grounding","coverage_grounding","no_hallucinated_controls"]},{"slug":"report-evidence-contract","title":"Report Evidence Contract — Passing Run Evidence + Console/Network Evidence","summary":"Closed wire shape for report.json evidence: passingRunEvidence, stepEvidence[], runtimeEvidence{console,network}. PASS reports must carry an explicit proofStrength so agents can tell strong vs weak passes apart. Booleans + counts + body-shape only — never raw cookies, passwords, headers, or request/response body values.","path":"/api/docs/report-evidence-contract.json","canonicalUrl":"/docs/report-evidence-contract","audience":"agent","tags":["report_evidence_contract","passing_run_evidence","runtime_evidence","proof_strength"]},{"slug":"run-submission-schema","title":"Run Submission Schema Contract — Fast Bug Scan + scenario_runner","summary":"Closed-set wire shape for /api/runs/start and /api/runs/bypass. Documents the auth strategies (storage_state, cookies, login_form, session_injection, login_memory, steps), scopedPaths shape, executeOnly + skipCrawl rules, preflight shape, and template-generated runs. Invalid payloads return a structured 400 BEFORE billing — no run created, 0 credits deducted.","path":"/api/docs/run-submission-schema.json","canonicalUrl":"/docs/run-submission-schema","audience":"agent","tags":["run_submission_schema","fast_bug_scan_auth","auth_evidence","auth_reliability"]}]}