AI 资讯
The Playwright Playbook — Part 7: The CI/CD Setup Nobody Shows You
The Playwright Playbook — Part 7: The CI/CD Setup Nobody Shows You "A test suite that only runs on your laptop isn't a test suite. It's a hobby." Six parts in, we have a serious framework. POM-based UI tests. Network interception. Multi-user contexts. A full API testing layer. Visual regression across four viewports. A complete debugging toolkit. Now it needs to run automatically. On every pull request. On every merge. On every deployment. Without you touching it. Most CI/CD tutorials for Playwright show you this: # The "tutorial" version everyone copies - run : npx playwright test That's not a CI setup. That's a shell command in a YAML file. A real production CI/CD pipeline for Playwright has: Sharding — split tests across multiple machines and finish in a fraction of the time Browser matrix — Chromium, Firefox, WebKit in parallel Docker — identical environment on every machine, every time Artifacts — HTML report, traces, screenshots, videos — downloadable from every run Failure notifications — your team knows within seconds, not the next morning Separate VRT workflow — visual regression on its own cadence, not blocking every PR Environment-specific pipelines — staging vs production, different configurations Let's build all of it. 🎯 🏗️ Where We Left Off After Part 6, our full project structure is: playwright-playbook/ ├── tests/ │ ├── auth/login.spec.ts ✅ Part 1 │ ├── tasks/task-management.spec.ts ✅ Part 1 │ ├── network/ ✅ Part 2 │ ├── multi-user/ ✅ Part 3 │ ├── multi-tab/ ✅ Part 3 │ ├── api/ ✅ Part 4 │ ├── visual/ ✅ Part 5 │ └── debug/trace-examples.spec.ts ✅ Part 6 ├── pages/ │ ├── LoginPage.ts ✅ Part 1 │ ├── TaskPage.ts ✅ Part 1 │ └── DashboardPage.ts ✅ Part 3 ├── api/ │ ├── TaskApiClient.ts ✅ Part 4 │ └── AuthApiClient.ts ✅ Part 4 ├── fixtures/ │ ├── auth.fixture.ts ✅ Part 1 │ ├── tasks.json ✅ Part 2 │ ├── empty-tasks.json ✅ Part 2 │ ├── tasks-har.har ✅ Part 2 │ ├── multi-user.fixture.ts ✅ Part 3 │ └── api.fixture.ts ✅ Part 4 ├── scripts/ │ └── record-har.ts ✅
AI 资讯
Chaos Engineering for Node.js Without the Infrastructure
Chaos engineering sounds expensive. Netflix built Chaos Monkey to randomly kill production servers. Google runs DiRT (Disaster Recovery Testing) across their entire infrastructure. Amazon does game days where they intentionally take down services. You're building a Node.js API. You don't have a platform team. You don't have a chaos infrastructure. But you still need to know: what happens when your dependencies get slow? The good news is that 80% of the value of chaos engineering comes from one question, and you can answer it locally in five minutes. The one question that matters What does my application do when a dependency responds slowly or not at all? Not "what if the server catches fire" — that's infrastructure chaos. What about application chaos: the database is slow, the payment API is timing out, Redis is having a bad day. These happen constantly in production and they're almost never tested. The failure modes look like this: Your DB gets slow under load → your API response times climb → your timeout fires → you retry → now you're sending twice the load to an already-slow DB Your Redis cache goes down → every request hits Postgres directly → Postgres gets slow → same cascade Stripe's API takes 3 seconds instead of 200ms → your checkout route times out → users get errors → you're losing revenue Every one of these is a latency failure , not a crash. The service is still up. It's just slow. And slow is the hardest failure mode to test because your local environment is fast. Why local testing misses this When you test locally, your "database" is either: A real local Postgres running on the same machine (sub-millisecond latency, not production-like) A mock that returns instantly ( jest.fn().mockResolvedValue(data) ) A fake with a flat delay ( await sleep(200) ) None of these produce realistic latency. A real production database has: Fast responses most of the time (p50 ~5ms) Occasional slowdowns (p95 ~50ms) Rare but real spikes (p99 ~200ms, p99.9 ~2000ms) The spik
AI 资讯
5 Cookie Tricks for Debugging Auth Issues in Chrome (No More Creating Test Accounts)
Debugging authentication in web apps is painful. You need to test the same flow as five different user types — new visitor, returning user, admin, expired session, logged-out — and the easiest way is to constantly create new accounts or clear all your cookies and start over. There's a faster way. These five techniques use direct cookie manipulation to simulate any auth state without touching your database or creating dummy accounts. I use CookieJar for most of this — a free Chrome extension built natively on MV3 that gives you a proper UI for cookie editing. But I'll show you the underlying Chrome DevTools method too, so you understand what's actually happening. 1. Simulate a Logged-Out State Without Clearing Everything The naive approach: clear all cookies and reload. The problem: you just nuked your dev server session token, your local storage flags, your Stripe test mode cookie, and everything else you carefully set up. The targeted approach : identify and delete only the session/auth cookie. Most session cookies are named session , sid , auth_token , _session_id , or something close. In DevTools: Application → Cookies → [your domain] → find the session cookie → right-click → Delete With CookieJar: open the extension, search session , click the trash icon next to just that cookie. Your dev environment stays intact. The user state resets to logged-out. 2. Test the "Returning User" vs "New User" Path Without a Second Account Session cookies tell the server you're authenticated. But many apps use separate cookies to track whether a user has seen the onboarding flow, completed setup, or visited before. Look for cookies like onboarding_complete , setup_done , first_visit , or custom flags in your app code. To test the new user experience: Export your current cookies (CookieJar → Export → JSON format, or copy from DevTools) Delete the specific onboarding/first-visit flag cookie Reload and test the new user path Re-import or re-set the cookie to restore your state This
AI 资讯
Why Every Developer Needs a Strong Test Suite (Even If You Hate Writing Tests)
I used to think tests were a waste of time. "Ship fast, fix later" was my motto. Until I spent three painful weeks debugging a production issue that a simple test would have caught in 30 seconds. That was the day I became a believer. The Harsh Reality Most Solo Developers Ignore If you're a freelancer or indie hacker building real products for clients, here’s what happens without good tests: You make a "small change" and something unrelated breaks Clients find bugs you should have caught Refactoring becomes terrifying You lose sleep before every deployment Your reputation slowly takes hits A solid test suite changes all of that. What a Test Suite Actually Gives You Confidence to Move Fast You can refactor, add features, or upgrade dependencies without fear. Living Documentation Your tests explain how the system should behave — better than comments ever could. Early Bug Detection Catch issues before they reach the client or production. Better Architecture Writing testable code forces you to write cleaner, more modular code. Professional Credibility When clients or senior devs review your code, a good test suite immediately signals seriousness. The Test Suite Pyramid I Actually Use Unit Tests (70%) → Test individual functions and components Integration Tests (20%) → Test how different parts work together (API + DB) End-to-End Tests (10%) → Critical user flows (login → checkout → etc.) I don't aim for 100% coverage. I aim for high-value coverage — especially around business logic and critical paths. Final Thought Writing tests feels slow at first. But it compounds. Every month you have tests, you move faster and sleep better. The developers who ship reliable software consistently aren't necessarily the smartest — they're usually the ones who learned to respect testing. Have you built a strong test suite habit yet? Or are you still in the "I'll test it manually" phase? Drop your experience below. Let's talk.
AI 资讯
The Tester Who Had 10 Certifications But Couldn't Write a Single Test That Caught a Bug
You have ISTQB Foundation. ISTQB Advanced. Certified ScrumMaster. A cloud cert. A security testing cert. Maybe a Python for Testers badge from a platform. And you still cannot write a test that finds a real bug. I interviewed someone like you last quarter. The resume was a wall of acronyms. The conversation was a wall of theory. "I follow the V-model." "I use equivalence partitioning." "I believe in shift-left." Then I asked: "Show me one test you wrote that caught something the developer missed." Silence. Not because they were nervous. Because they had never written a test that found a bug. They had written tests that passed. They had written tests that covered requirements. They had never written a test that broke something. That is the difference between a certification holder and a tester. Certifications test your memory. Bugs test your thinking. Let me show you what I mean. The Certification Trap Certifications are not useless. They give you vocabulary. They give you structure. They give you something to put on LinkedIn so recruiters stop asking if you know what a test case is. But they do not teach you how to find bugs. Here is why. Every certification exam tests known knowledge. You study a syllabus. You memorize definitions. You answer multiple-choice questions about boundary value analysis. You pass. Then you sit in front of an application. The application does not have a syllabus. It does not have a boundary value analysis section in the documentation. It has a login form that sometimes lets you in with a password that is clearly wrong, but only on Tuesdays, and only if the server clock is behind by exactly four minutes. No certification prepares you for that. The tester with 10 certifications treats testing like a checklist. They write test cases from requirements. They execute them. They mark pass or fail. They report coverage metrics. The tester who finds bugs treats testing like an investigation. They start with a hypothesis. They try to prove the appl
AI 资讯
Unit Test AI Guide — Zero Hallucination, Cross-Stack Standard
Focus: Unit Tests ONLY — no integration, no E2E Stacks: Node.js (NestJS/Express) · React.js · Python · Angular · Laravel Goal: AI generates unit tests consistently, deterministically, without hallucination IDE: Cursor (Primary) + Claude (Secondary) Part 1 — Best Single Library Per Stack (Final Decision) Do not mix libraries. Pick one per stack, configure it fully, never deviate. | Stack | Library | Why This One | |---|---|---| | Node.js / NestJS / Express | Jest | Native DI mocking, @nestjs/testing built around it, widest ecosystem | | React.js | Vitest + @testing-library/react | Native Vite/ESM support, Jest-compatible API, 3–10x faster | | Python | pytest | De facto standard, fixture system eliminates boilerplate, best plugin ecosystem | | Angular | Jest (replace Karma) | Karma is deprecated in Angular 17+; Jest is the official migration target | | Laravel | Pest | Modern syntax, built on PHPUnit, higher signal-to-noise ratio | Rule: If someone suggests a second library for the same stack, reject it. One library per stack, configured once, followed always. Part 2 — IDE: Cursor (Only Choice for This Goal) Why Cursor and Not VS Code / WebStorm | Capability | Cursor | VS Code + Copilot | WebStorm | |---|---|---|---| | Project-level AI rules | ✅ .cursor/rules/ | ❌ | ❌ | | Codebase-aware context | ✅ @codebase | Partial | Partial | | Run terminal + read output | ✅ Composer | ❌ | ❌ | | Multi-file generation | ✅ Agent mode | Limited | ❌ | | Custom instructions per filetype | ✅ | ❌ | ❌ | | MCP server integration | ✅ | ❌ | ❌ | Cursor's .cursor/rules/ system is the only IDE-native mechanism that injects persistent, project-scoped instructions into every AI interaction — this is what prevents hallucination at the source. Cursor Setup for This Project project-root/ ├── .cursor/ │ └── rules/ │ ├── unit-test-global.mdc ← applies to all files │ ├── unit-test-nestjs.mdc ← applies to *.service.ts, *.guard.ts │ ├── unit-test-react.mdc ← applies to *.tsx, *.component.tsx │ ├── unit-t
AI 资讯
Why setTimeout is Lying to Your Retry Logic
You've written retry logic. It probably looks something like this: async function withRetry ( fn , retries = 3 ) { for ( let i = 0 ; i < retries ; i ++ ) { try { return await fn (); } catch ( err ) { if ( i === retries - 1 ) throw err ; await new Promise ( r => setTimeout ( r , 200 * ( i + 1 ))); } } } You test it locally. You simulate a slow dependency like this: const fakeDB = async () => { await new Promise ( r => setTimeout ( r , 200 )); // simulate DB return { id : 1 , name : ' test ' }; }; Your retry logic works. Tests pass. You ship it. Then in production, your app starts dropping requests under load. The problem isn't your retry logic. It's your fake. Real dependencies don't have flat latency Here's what your Postgres instance actually looks like in production: p50: 5ms — half of all queries finish in under 5ms p95: 50ms — 95% finish under 50ms p99: 200ms — 99% finish under 200ms p99.9: 2000ms — that one unlucky query during a GC pause Your setTimeout(fn, 200) simulates the worst case, every single time. That's not how production works. And because it's not how production works, your retry logic has never actually been tested against reality. The bugs hide in the variance — not in the slow case, but in the unpredictability. What the real distribution looks like Latency in distributed systems follows a lognormal distribution . It's right-skewed: most requests are fast, a meaningful minority are slow, and a small tail is very slow. This shape comes from how real systems work: GC pauses — Java, Go, and even Node's garbage collector occasionally stops the world Cold caches — first query after a cache miss is always slower Network jitter — packet routing isn't deterministic Noisy neighbors — other workloads on the same hardware compete for resources Connection pool exhaustion — when all connections are busy, new queries wait None of these are constant. They're random, rare, and multiplicative — which is exactly what produces a lognormal shape. Why this matters fo
AI 资讯
What on Earth is "Agentic Browsing"?
I Built a Vanilla JS Web App that Scored 100/100 Under Lighthouse’s New "Agentic Browsing" Audit. Here’s What It Means. If you have run a performance audit on PageSpeed Insights or Lighthouse recently, you might have noticed a fascinating new line item quietly slipping into the metadata report: Agentic Browsing . When I audited my free tool suite, Paktheta , I managed to hit the ultimate developer milestone— a perfect 100/100 across Performance, Accessibility, Best Practices, and SEO. But seeing that perfect score alongside the label "Agentic Browsing" got me thinking. What exactly is an AI-driven agent experiencing when it hits our sites, and why is this the new gold standard for web performance? Let's dive into what Agentic Browsing actually means for the future of optimization. What on Earth is "Agentic Browsing"? Historically, speed tests like Lighthouse were passive. A headless browser opened your URL, waited for the page to load, recorded metrics like First Contentful Paint (FCP) and Largest Contentful Paint (LCP), and closed the tab. It was a linear, predictable, and frankly synthetic snapshot. Agentic Browsing changes the paradigm entirely. Instead of a basic static script, modern auditing platforms use autonomous, intelligent browser agents. Guided by modern AI-driven browser control (using updated instances like HeadlessChromium), these agents don't just stare at your page—they explore it like a real human would. An agentic audit runner will: Identify interactive buttons and click them to test responsiveness. Scan form elements to see if they accept paste commands cleanly. Intelligently look for broken layout shifts (CLS) by dynamically scrolling and triggering micro-animations. Interact with JavaScript components to see if they block the main execution thread. In short: It simulates real, unpredictable human behavior at lightning speed. If your site relies on bloated frameworks that look fast initially but lock up the second a user tries to interact, an a
AI 资讯
Stop Treating Automated Tests Like Manual Jira Test Cases
There is a quiet tax many engineering teams pay after their automated test suite starts to matter. The tests live in code. They run in CI. They already know the branch, commit, environment, failure message, stack trace, screenshot, trace file, retry status, and build URL. Then someone asks: Can we put these tests in Jira too? That request usually comes from a good place. Jira is where work is planned. Product, QA, engineering, and release stakeholders already use it. If quality signal is invisible there, people end up asking for screenshots from CI, links to failed builds, or spreadsheet summaries before every release. The mistake is assuming the answer is to recreate every automated test as a manual Jira test case. For many teams, that creates a second source of truth that starts decaying immediately. Automated tests are not manual test cases Manual test cases and automated tests have different jobs. A manual test case is a human-readable procedure. It often describes a workflow, expected result, and maybe some preconditions. It is useful when a person needs to execute or review a scenario. An automated test is executable behavior. It is versioned with the code, refactored with the product, reviewed in pull requests, and run repeatedly by machines. When teams try to manage automated tests by copying them into a test-case inventory, they usually create a translation problem: The test name changes in code, but the Jira case does not. The test is deleted or split, but the manual record still exists. The CI failure has rich evidence, but the test case only says "failed." The test belongs to a branch or commit, but the copied case does not. The release team sees a static inventory instead of the latest run signal. The test case becomes a label for a thing that actually lives somewhere else. The better question Instead of asking, "How do we turn all automated tests into Jira test cases?", ask: What does Jira need to know from each automated run? That changes the shape of
AI 资讯
The Playwright Playbook — Part 3: Multi-User, Multi-Tab & Browser Context Testing
The Playwright Playbook — Part 3: Multi-User, Multi-Tab & Browser Context Testing "Most frameworks test one user at a time. Real apps don't work that way." In Part 1, we built the full foundation — POM, storageState , fixtures, and a clean project structure. In Part 2, we took control of the network layer — mocking APIs, simulating failures, and asserting on real network calls. Now we tackle the scenario that breaks most automation frameworks. Multiple users. Simultaneously. In one test. Think about your app for a moment. How many features actually involve just one user? Admin assigns a task → regular user sees it appear in real time User A edits a record → User B gets a notification Admin revokes access → User's session should invalidate Two users try to edit the same record → conflict resolution kicks in These are real features. They need to be tested. And page.goto('/login') in a beforeEach won't get you there. Playwright's browser context architecture was built exactly for this. Let's use it properly. 🎯 🏗️ Where We Left Off After Part 2, our project looks like this: playwright-playbook/ ├── tests/ │ ├── auth/ │ │ └── login.spec.ts ✅ Part 1 │ ├── tasks/ │ │ └── task-management.spec.ts ✅ Part 1 │ └── network/ ✅ Part 2 │ ├── api-mocking.spec.ts │ ├── error-simulation.spec.ts │ └── network-assertions.spec.ts ├── pages/ │ ├── LoginPage.ts ✅ Part 1 │ └── TaskPage.ts ✅ Part 1 ├── fixtures/ │ ├── auth.fixture.ts ✅ Part 1 │ ├── tasks.json ✅ Part 2 │ ├── empty-tasks.json ✅ Part 2 │ └── tasks-har.har ✅ Part 2 ├── scripts/ │ └── record-har.ts ✅ Part 2 ├── .auth/ │ ├── admin.json │ └── user.json ├── global-setup.ts ✅ Part 1 ├── playwright.config.ts ✅ Part 1 └── .env By the end of Part 3, we add: playwright-playbook/ ├── tests/ │ ├── multi-user/ ← NEW │ │ ├── role-permissions.spec.ts │ │ └── realtime-collaboration.spec.ts │ └── multi-tab/ ← NEW │ └── multi-tab-flows.spec.ts ├── pages/ │ └── DashboardPage.ts ← NEW ├── fixtures/ │ └── multi-user.fixture.ts ← NEW Every one of th
AI 资讯
AI Made Development Faster. Testing Needs to Stop Living in Spreadsheets.
AI agents are making software development faster. That is great. But there is a problem I do not think we are talking about enough: testing is not speeding up in the same way. In many teams, testing is still held together by spreadsheets, meeting notes, screenshots, chat messages, and the memory of a few experienced QA engineers. That worked when delivery was slower. It becomes fragile when one developer can use multiple agents to change code across several modules in a single afternoon. The bottleneck is no longer "can we write more test cases?" The bottleneck is: Can the team prove what was tested, why it was tested, what failed, what was fixed, and whether the release is safe? That is the problem I built testboat for. The Most Dangerous Sentence Before A Release The sentence I worry about most is not: We did not test this. At least that is honest. The dangerous sentence is: I think we tested this. That sentence usually means the team has test artifacts, but they are disconnected: requirements live in a doc test cases live in a spreadsheet automation scripts live somewhere in the repo execution results live in CI logs or chat bugs live in an issue tracker release reports are written manually before sign-off Each piece may be useful on its own. But when a Tech Lead asks, "Which requirements are not covered?" or a founder asks, "Can we release today?", the team has to reconstruct the answer manually. That is not a testing process. That is institutional memory under pressure. AI Makes This Gap Worse AI agents are very good at increasing throughput. They can: implement a feature faster refactor code faster generate UI faster write automation faster fix bugs faster But faster change creates more testing uncertainty. If an agent changes the authentication module, what should be rerun? If a test fails, is it a product bug, a flaky automation script, or an environment issue? If a developer says "fixed", has the failed test actually been rerun? If a release report says "ma
AI 资讯
AI for API Design & Testing in 2026: Speakeasy vs Swagger AI vs Postman AI — I Built 3 APIs with Each
AI for API Design & Testing in 2026: Speakeasy vs Swagger AI vs Postman AI — I Built 3 APIs with Each API design is one of the most tedious parts of backend development. Writing OpenAPI specs, generating SDKs, testing endpoints, maintaining documentation — it's all hours of work that could be automated. In 2026, three tools are fighting for your API workflow: Speakeasy , Swagger AI , and Postman AI . I spent 4 weeks building the same REST API with each one, tracking time savings, code quality, and actual developer experience. Here's what actually happened. The Test Setup: Building a Real API I built a simple but realistic ecommerce API (GET/POST products, orders, user management) three separate times, measuring: Time to spec — writing the OpenAPI definition Time to SDK generation — generating client libraries Time to testing — setting up test cases and running them Documentation quality — readability, examples, completeness Iteration speed — how fast you can modify the API and regenerate everything All three tools were given the same requirements. Same laptop, same environment, same skill level (senior backend engineer). Speakeasy: The SDK Generation King Setup time: 8 minutes (CLI install, auth, first config) Learning curve: Low — clear docs, straightforward CLI Speakeasy is laser-focused on one problem: turning your API spec into production-ready SDKs. It generates TypeScript, Python, Go, Java, and more from a single OpenAPI definition. The Good SDK quality is exceptional. The generated TypeScript SDK was production-grade immediately — proper error handling, retry logic, request/response typing, retries built in. No cleanup work needed. Multi-language generation is instant. After writing the OpenAPI spec once, I had Python, Go, and TypeScript SDKs in < 2 minutes total. Each one was framework-idiomatic (using popular libraries in each language). Versioning is smart. Speakeasy automatically versioned SDKs and generated changelogs. When I modified the spec, it detect
AI 资讯
Agentic QA Pipelines in 2026: Why Test Scripts Are Already Dead (And What Replaces Them)
Agentic QA Pipelines: Why Your Test Scripts Are Already Obsolete You wrote the test. You maintained the test. The app changed. You rewrote the test. If that loop sounds familiar, you're not alone — and in 2026, you're also not competitive. Agentic QA pipelines are replacing script-based test automation not because AI is smarter than your QA engineers, but because describing goals is faster than maintaining instructions. Here's what's actually changing, why it matters, and how forward-thinking teams are shipping without the script debt. The Script Maintenance Tax Is Killing Velocity Traditional test automation follows a simple premise: write explicit instructions, run them, check results. It worked when applications changed slowly and test environments were stable. In 2026, neither is true. AI-generated code ships faster. Features change in days. UI components regenerate. And every change breaks a percentage of your carefully maintained test scripts — creating a maintenance tax that grows proportionally with your automation coverage. Quash's 2026 State of QA Automation Report found that teams spending more than 30% of QA bandwidth on script maintenance are shipping 2.4x slower than teams that have automated that maintenance layer away. The irony: the more test coverage you write, the more you're paying the tax. What Agentic QA Actually Means (Without the Buzzwords) An agentic QA system doesn't follow a script. It follows a goal. Instead of: Click the login button Enter " testuser@example.com " in the email field Enter "password123" in the password field Assert redirect to /dashboard An agentic QA agent receives: Goal: Verify that a registered user can successfully authenticate and access their dashboard. Context: Auth flow supports email/password and OAuth. Dashboard loads user-specific data. The agent then: Explores the auth flow autonomously Generates test scenarios, including edge cases it infers from the UI Executes tests, reads failures, and adapts to UI changes
AI 资讯
OTP Verification in Playwright Without Regex
Every developer who has written a Playwright test for OTP verification has written this line: const otp = email . body . match ( / \b\d{6}\b / )?.[ 0 ]; It works. Until it doesn't. The email body changes format. The OTP appears inside an HTML table. The sending service wraps it in a <span> . Your regex matches a phone number instead of the code. The test fails intermittently and you spend an hour debugging something that has nothing to do with the feature you're testing. The regex problem OTP extraction via regex is brittle by nature. You're pattern-matching against a string that your email sending service controls — not you. Any time the template changes, your tests break. Here's what a typical OTP test looks like today: import { test , expect } from ' @playwright/test ' ; import { ZeroDrop } from ' zerodrop-client ' ; const mail = new ZeroDrop (); test ( ' user can verify OTP ' , async ({ page }) => { const inbox = mail . generateInbox (); // 1. Trigger OTP send await page . goto ( ' /login ' ); await page . fill ( ' [data-testid="email"] ' , inbox ); await page . click ( ' [data-testid="submit"] ' ); // 2. Wait for email const email = await mail . waitForLatest ( inbox , { timeout : 15000 }); // 3. Extract OTP — the fragile part const otp = email . body . match ( / \b\d{6}\b / )?.[ 0 ]; if ( ! otp ) throw new Error ( ' OTP not found in email body ' ); // 4. Enter OTP await page . fill ( ' [data-testid="otp"] ' , otp ); await page . click ( ' [data-testid="verify"] ' ); await expect ( page ). toHaveURL ( ' /dashboard ' ); }); The test works — but line 14 is carrying all the risk. Change the email template and the test breaks. Add a phone number to the footer and the regex matches the wrong number. Send a 4-digit OTP instead of 6 and you need to update the pattern. OTP extraction at the edge ZeroDrop extracts OTPs before they reach your test. The Cloudflare Worker that catches incoming emails runs a pattern match on the plain-text body and stores the result alongsi
AI 资讯
Bruno CLI vs Apidog CLI : Exécution de tests API en CI
Vos tests API passent en local. Le vrai enjeu est de les exécuter automatiquement à chaque pull request, fusion et build nocturne, sans clic manuel. Pour cela, vous avez besoin d’un exécuteur CLI : il lance vos tests en mode headless, retourne un code de sortie exploitable par la CI et génère un rapport lisible par votre pipeline. Essayez Apidog aujourd'hui Deux outils reviennent souvent pour ce cas d’usage : le CLI Bruno et le CLI Apidog . Les deux exécutent des tests API depuis GitHub Actions, GitLab CI, Jenkins ou tout environnement Node.js. Les deux font échouer la build lorsqu’un test échoue. La différence principale se situe avant l’exécution : où vivent les tests, comment ils sont créés et comment la CI y accède. Cet article compare les deux outils au niveau commande, avec des exemples directement intégrables dans un pipeline. En bref CLI Bruno ( @usebruno/cli , binaire bru ) exécute des fichiers .bru présents dans votre dépôt Git. Il est open source, fonctionne hors ligne et ne nécessite ni compte ni jeton. CLI Apidog ( apidog-cli , binaire apidog ) exécute des scénarios de test créés visuellement dans Apidog, récupérés par ID avec un jeton d’accès. Les deux génèrent des rapports JUnit, JSON et HTML. Les deux retournent un code non nul en cas d’échec, ce qui permet à la CI de bloquer une fusion ou un déploiement. Choisissez Bruno si vous voulez des tests versionnés comme du code, dans le dépôt. Choisissez Apidog si vous voulez créer, chaîner et exécuter des scénarios visuels sans maintenir manuellement des fichiers de test. Le problème : des tests qui existent mais ne tournent pas Un test API lancé manuellement finit souvent par devenir obsolète. Il a été écrit, validé une fois, puis oublié pendant que l’API évoluait. La solution n’est pas seulement d’ajouter plus de tests. Il faut les exécuter automatiquement à chaque changement avec un signal clair : succès ou échec ; rapport exploitable ; code de sortie lisible par la CI. Un exécuteur CLI doit donc rempli
AI 资讯
Bruno CLI vs Apidog CLI: Rodando Testes de API na CI
Seus testes de API passam no seu laptop. O que importa é se eles rodam em cada pull request, merge e build noturno sem intervenção humana. Para isso, você precisa de um executor de linha de comando: ele roda os testes em modo headless dentro do pipeline, retorna código de saída correto e gera relatórios que o CI consegue ler. Experimente o Apidog hoje Dois CLIs aparecem com frequência nessa configuração: Bruno CLI e Apidog CLI. Ambos executam testes de API em CI/CD, mas partem de modelos diferentes: Bruno é git-native , offline-first e open source. O CLI executa arquivos .bru versionados no repositório. Apidog é uma plataforma de API completa. O CLI executa cenários visuais criados no aplicativo, buscados por ID. Ambos funcionam em GitHub Actions, GitLab CI, Jenkins e qualquer runner com Node.js. Ambos falham a build quando um teste falha. A diferença principal está em como você cria os testes, onde eles ficam e como o CI os acessa. Em resumo Bruno CLI ( @usebruno/cli , binário bru ) executa arquivos .bru diretamente de uma pasta no seu repositório Git. Apidog CLI ( apidog-cli , binário apidog ) executa cenários de teste visuais do seu projeto Apidog usando um access token . Ambos geram relatórios JUnit, JSON e HTML. Ambos retornam código de saída diferente de zero quando há falha. Use Bruno quando quiser testes em texto simples, versionados no repositório, sem conta e sem dependência de rede. Use Apidog quando quiser criar cenários visualmente, encadear requisições, reutilizar ambientes e rodar testes data-driven sem manter código de teste manualmente. O problema: testes que existem, mas não rodam Um teste executado só manualmente tende a ficar desatualizado. A API muda, o teste continua parado e ninguém percebe até quebrar algo em produção. O objetivo do CLI é transformar esses testes em um gate automatizado: Rodar sem interface gráfica. Retornar erro quando uma asserção falhar. Gerar relatório para o CI. Permitir execução por ambiente, pasta, cenário ou tag. Func
AI 资讯
WCAG Compliance: A Complete Guide to Web Accessibility Standards
Accessibility affects how millions of people interact with websites, applications, and digital services every day. Yet many digital experiences still create barriers for users with visual, auditory, cognitive, or motor impairments. To address this, organizations rely on the Web Content Accessibility Guidelines (WCAG) , the most widely recognized standard for building accessible digital products. WCAG provides a framework for designing, developing, and testing experiences that are usable by a broader range of people, regardless of ability. In this guide, we'll explore what WCAG compliance means, how the guidelines are structured, the different conformance levels, and the steps organizations can take to build more accessible digital experiences. What Is WCAG Compliance? WCAG compliance means a website, application, or digital product satisfies the accessibility requirements defined by the Web Content Accessibility Guidelines (WCAG) . These requirements are organized into testable success criteria that help organizations evaluate whether their digital experiences can be accessed and used by people with a wide range of abilities and assistive technologies. Compliance is typically measured against one of three conformance levels: A, AA, or AAA , with Level AA being the most commonly adopted standard. Who Created and Maintains WCAG? WCAG is developed and maintained by the World Wide Web Consortium (W3C) through its Web Accessibility Initiative (WAI) . The W3C is the international standards organization responsible for many of the technologies and best practices that power the web. Through the WAI, it publishes and updates accessibility standards that help organizations create more inclusive digital experiences. WCAG vs. WCAG Conformance: What's the Difference? These two terms are often used interchangeably, but they refer to different concepts. > WCAG refers to the accessibility guidelines themselves. > WCAG conformance refers to the degree to which a website, application
AI 资讯
How a Five Line Architecture Test Caught a Data Leak a Code Review Missed
TL;DR: Pest PHP can test the structure of your code, not just its behavior. Write your team rules as architecture tests and CI enforces them on every commit. One such test caught a multi-tenant data leak that a human review had missed. We had a rule. Every model holding tenant-specific data must use our BelongsToTenant trait. That trait adds the global scope that keeps one clinic from seeing another clinic's data. The rule was in onboarding. It was in the code review checklist. Everyone knew it. A developer joined the team. Three weeks in they added a new model and forgot the trait. The reviewer was focused on the business logic, which was genuinely well written, and did not notice the missing trait. The model shipped. For two days one clinic could see fragments of another clinic's data in one specific report. A support ticket caught it. Our tests did not. That was the day architecture tests went into the project. What an Architecture Test Is Most tests check behavior. Given this input the function returns that output. An architecture test checks structure instead. It asserts things about how the code is organized rather than what it computes. Pest has an arch function for exactly this. // tests/Architecture/ArchTest.php arch ( 'tenant models must use the BelongsToTenant trait' ) -> expect ( 'App\Models' ) -> toUseTrait ( 'App\Traits\BelongsToTenant' ) -> ignoring ( 'App\Models\SystemSetting' ); arch ( 'controllers may not touch the DB facade directly' ) -> expect ( 'App\Http\Controllers' ) -> not -> toUse ( 'Illuminate\Support\Facades\DB' ); arch ( 'services may not depend on the HTTP request' ) -> expect ( 'App\Services' ) -> not -> toUse ( 'Illuminate\Http\Request' ); arch ( 'no env calls outside config files' ) -> expect ( 'App' ) -> not -> toUse ( 'env' ); These run in CI on every commit. Break a rule and the build fails with a message naming the rule and the file that broke it. The Tests That Earned Their Keep The tenant trait test caught four more models over
AI 资讯
How API Testing Levelled Up My QA Career (And Why Most Engineers Skip It)
The Moment I Realised UI Testing Wasn't Enough Three years into my QA career, I thought I was doing well. I had a solid Selenium suite running. Regression coverage was green. Stakeholders were happy. Then a production incident happened. A payment API was returning incorrect amounts under a specific condition. The UI looked perfect — amounts displayed correctly after rounding. But the raw API response? Off by a significant margin. My entire test suite missed it. Every single test. Because I was only testing what users saw . Not what the system was actually doing . That incident changed how I approached QA forever. 👇 Why API Testing Is the Most Underrated Skill in QA Let me be direct about something. Most QA engineers treat API testing as a secondary skill. Something you do with Postman when a developer asks you to verify an endpoint. A quick sanity check before moving on. That's the wrong mental model entirely. Here's the truth after 7.5 years: The API layer is where your product actually lives. The UI is a presentation layer. It shows users a version of the truth. But the API? That's the truth itself. Data contracts, business logic, validation rules, error handling — all of it lives at the API layer. If you're only testing the UI, you're testing the packaging. Not the product. My API Testing Journey — Tool by Tool Let me walk you through exactly how my API testing practice evolved, and what each tool actually taught me. Stage 1 — Postman: Learning to Think in Requests Postman was my entry point. And it's still the tool I reach for first when exploring a new API. But most people use Postman wrong. They treat it like a manual testing tool — fire a request, check the response, move on. That's wasting 80% of what Postman can do. Here's how I actually use it: Collections + Environments = your real power combo // Environment variables — not hardcoded values {{ base_url }} /api/ v1 / users / {{ user_id }} // Switch between dev/staging/prod by changing one environment // No
AI 资讯
2- AWS Serverless: Testing (typescript)
Shifting from traditional application testing to serverless TypeScript engineering is all about shifting your perspective: you stop testing a running server, and you start testing how your function responds to events and SDK states. Here is a simple, practical example for each testing, using modern AWS SDK v3 syntax. 1. Unit Testing: Jest + Mock Payloads & SDK Client Mocking In unit tests, you don't call real AWS services. You pass a simulated API Gateway event to your handler, and you mock the AWS SDK so it returns predictable data instead of hitting live infrastructure. The Code Under Test ( src/handler.ts ) import { APIGatewayProxyEvent , APIGatewayProxyResult } from ' aws-lambda ' ; import { DynamoDBClient } from ' @aws-sdk/client-dynamodb ' ; import { DynamoDBDocumentClient , GetCommand } from ' @aws-sdk/lib-dynamodb ' ; const ddbClient = new DynamoDBClient ({}); const docClient = DynamoDBDocumentClient . from ( ddbClient ); export const handler = async ( event : APIGatewayProxyEvent ): Promise < APIGatewayProxyResult > => { const userId = event . pathParameters ?. id ; if ( ! userId ) { return { statusCode : 400 , body : JSON . stringify ({ message : ' Missing ID ' }) }; } // Fetch from DynamoDB const result = await docClient . send ( new GetCommand ({ TableName : process . env . USERS_TABLE , Key : { id : userId } })); if ( ! result . Item ) { return { statusCode : 404 , body : JSON . stringify ({ message : ' User not found ' }) }; } return { statusCode : 200 , body : JSON . stringify ( result . Item ), }; }; The Jest Unit Test ( tests/unit.test.ts ) Instead of the legacy aws-sdk-mock , the modern standard for AWS SDK v3 is aws-sdk-client-mock . import { handler } from ' ../src/handler ' ; import { APIGatewayProxyEvent } from ' aws-lambda ' ; import { mockClient } from ' aws-sdk-client-mock ' ; import { DynamoDBDocumentClient , GetCommand } from ' @aws-sdk/lib-dynamodb ' ; const ddbMock = mockClient ( DynamoDBDocumentClient ); describe ( ' Lambda Handler Unit