AI 资讯
We audited 49 Show HN launches. 38 had a critical bug on day one.
Originally published on the Prufa blog . In June 2026 we pointed Prufa's free audit at 50 products that had just launched on Show HN — every launch from the previous 30 days that earned at least 10 points. These are products at their moment of maximum attention: front page, real traffic, founders watching the comments. The headline numbers, from the 49 audits that completed (one site couldn't be reached by our runner): 100% of the 49 launches had at least one machine-verified finding. 78% — 38 of 49 — had at least one critical finding. 40 critical and 61 warning findings in total, every one verified by deterministic checks against captured browser evidence. No site is named in this post. The point isn't to embarrass anyone — it's that these failures are systematic, and if these teams have them on launch day, you probably do too. Methodology, briefly Each site got the same audit a free Prufa run does: a real browser loads the public pages, captures network traffic, console output, cookies, and response codes, and a fixed suite of deterministic checks grades the evidence. Same input, same verdict. Every number below is from a code-verified check — no LLM opinions are counted anywhere in this data. One honest caveat: our export keeps only the top findings per site, so the per-issue counts below are floors , not totals. The real numbers are equal or worse. What actually breaks at website launch: the numbers Sites affected (of 49) Finding Severity 38 No analytics events detected critical 24 No canonical link on entry page info 22 Cookies set without the Secure attribute warning 14 Broken links warning 12 No <h1> heading on entry page info 11 No robots.txt info 10 JavaScript console errors during page load warning 10 Missing meta description warning 8 Images missing alt text info 7 Missing Open Graph tags info 3 Tag container loads, but no analytics events fire warning 2 Canonical URL pointing to a different host critical The most common launch bug: analytics that record
AI 资讯
One Nullable Timestamp, Four Account States: Deriving User Status in Laravel
Most of today went into a user-management overhaul in kickoff — my Laravel starter kit. Flyout CRUD panels, bulk actions, permission assignment, and the piece I want to talk about: account status . Active, suspended, unverified, deleted. The interesting part isn't the feature. It's the modelling decision underneath it. Where do those four states actually live ? The trap: a status column The obvious move is a status enum column on users . Set it to suspended when you suspend someone, active when you reinstate, unverified until they verify their email, deleted when they're soft-deleted. It works. Until it doesn't. Now you've got a status column and an email_verified_at column and a deleted_at from soft deletes — and all three encode overlapping truths. Soft-delete a user and forget to flip status ? Now your database says the account is both active and trashed. Verify an email but the status update fails mid-request? Drift. Every place that mutates a user becomes a place that has to remember to keep status in sync. That's not a feature, that's a maintenance tax. The signals already exist. email_verified_at tells you verified-or-not. deleted_at (soft deletes) tells you removed-or-not. The only genuinely new state is suspended — an admin deliberately blocking sign-in. So that's the only thing worth storing. What we actually store: one nullable timestamp Schema :: table ( 'users' , function ( Blueprint $table ) { $table -> timestamp ( 'suspended_at' ) -> nullable () -> after ( 'email_verified_at' ); }); That's the whole migration. Not a boolean is_suspended — a nullable timestamp. Null means not suspended; a value means suspended and tells you when. A boolean throws that second fact away for free; the timestamp keeps it at no extra cost. Same instinct as email_verified_at and deleted_at — Laravel models "did this happen, and when" as a nullable timestamp everywhere, so we follow the grain of the framework. The behaviour on the model stays tiny: public function isSuspended
AI 资讯
KI-Agent Tool-Aufrufe mit Apidog testen: Vor Produktionsausfällen
Ein KI-Agent ist nur so zuverlässig wie die APIs, die er aufruft. Das Modell wählt ein Tool aus, füllt Argumente ein und sendet eine Anfrage. Wenn diese Anfrage fehlschlägt, die falsche Form zurückgibt oder hängen bleibt, trifft Ihr Agent eine selbstbewusste Entscheidung auf Basis schlechter Daten. Produktions-Agenten stehen und fallen deshalb mit einer getesteten Tool- und API-Schicht. Apidog noch heute ausprobieren Diese Anleitung zeigt, wie Sie einen Agenten erstellen, der reale Tools aufruft, und wie Sie Apidog als API-Schicht und Testumgebung verwenden. Sie definieren Tool-Endpunkte, mocken sie für die Offline-Entwicklung und schreiben Assertions, die fehlerhafte Tool-Aufrufe abfangen, bevor sie Benutzer erreichen. Was ein Agent auf der API-Ebene tatsächlich tut Reduziert auf die technische Schleife passiert Folgendes: Das Modell erhält ein Benutzerziel und eine Liste verfügbarer Tools. Es gibt einen Tool-Aufruf zurück: Tool-Name plus JSON-Argumente. Ihr Code führt den Aufruf aus, meist als HTTP-Request. Das API-Ergebnis geht zurück an das Modell. Das Modell ruft ein weiteres Tool auf oder antwortet dem Benutzer. Die kritischen Fehler entstehen fast immer in Schritt 3 und 4: Das Modell halluziniert ein Argument. Die API gibt 400 , 422 , 429 oder 500 zurück. Das Antwortschema hat sich geändert. Der Request läuft in ein Timeout. Eine Ratenbegrenzung greift mitten in der Agenten-Schleife. Wenn Sie KI-Agenten als neue API-Konsumenten betrachten, wird klar: Ihr Agent ist ein API-Client. Er braucht dieselbe Teststrenge wie jeder andere produktive Client. Die Arbeit besteht aus zwei Teilen: Tools als reale, testbare API-Operationen definieren. Prüfen, ob der Agent diese Tools unter guten und schlechten Bedingungen korrekt aufruft. Schritt 1: Tools als reale API-Operationen entwerfen Definieren Sie jedes Tool zuerst als API-Endpunkt in Apidog. Behandeln Sie Tool-Schema und API-Schema als denselben Vertrag. Beispiel: Tool: get_weather API-Operation: GET /weather Paramet
AI 资讯
A test that catches the bug your feature tests can't see
There's a class of bug that's maddening: it passes every test you have, then crashes in the user's face. I hit one in the admin UI of laravel-config-sso today, and the real fix wasn't changing an icon name — it was writing a test that could see the bug in the first place. The bug: wrong icon name, crashes only at runtime The admin UI uses Flux . Flux resolves icons through <flux:delegate-component> , and it throws for a name that doesn't exist: Flux component [icon.ellipsis] does not exist. It's an easy mistake. Flux ships Heroicons , not Lucide. So your Lucide reflexes lie to you: You type (Lucide) Flux wants (Heroicon) ellipsis ellipsis-horizontal trash-2 trash eye-off eye-slash Why feature tests don't catch it Here's the interesting part. I had a feature test that hits the admin route and asserts 200. Green. But the real UI crashes. How? Because in the headless test harness, Flux renders icons as no-ops. No real <flux:delegate-component> boots, so the icon name never gets resolved. The crash only surfaces under a full boot ( testbench serve ) — exactly where your automated tests don't go. Analogy: it's like a spell-checker that only runs when you print the document, not while you type. Your tests type away happily. The crash waits at the printer. The fix: a static test that reads the Blade and validates every icon Instead of relying on runtime, I wrote a Pest test that reads the Blade view, extracts every icon name (static and inside dynamic expressions), and asserts Flux actually ships a stub for each one: $fluxIconStubs = base_path ( 'vendor/livewire/flux/stubs/resources/views/flux/icon' ); it ( 'only references Flux icons that exist' , function () use ( $fluxIconStubs ) { expect ( is_dir ( $fluxIconStubs )) -> toBeTrue ( "Flux icon stubs not found" ); $view = file_get_contents ( __DIR__ . '/../../resources/views/livewire/sso-providers.blade.php' ); // Static `icon="name"` plus quoted tokens inside dynamic // `icon="{{ $cond ? 'eye-slash' : 'eye' }}"` expressio
AI 资讯
Making encrypted Laravel config backups portable across APP_KEYs
Here's a fun one. You build a package that backs up an app's config — the .env plus the settings stored encrypted in the database — into a single password-protected ZIP. The whole selling point is portability : take a backup on server A, restore it on server B, even when the two servers have different APP_KEY s. Then you write a test that actually changes the key during a restore, and it fails. The DB settings come back garbled. Turns out the bug wasn't in the encryption at all. It was in a cache I forgot was there. Today I shipped 1.1.0 of laravel-config-backup and this portability fix was the headline. Let me walk through it, because the lesson generalizes way beyond this package. Why APP_KEY portability is even a thing Laravel encrypts things with APP_KEY . Encrypted Eloquent casts, signed cookies, sessions — all of it keys off that value. So if you naively mysqldump a table with encrypted columns and load it onto another server, every encrypted column is now ciphertext that the new key can't decrypt. Dead data. The trick this package uses is to store the archive contents decrypted . When I export the database, rows go out through their casts , so an encrypted column becomes a plain value inside the ZIP (the ZIP itself is AES-256 password-encrypted, so it's not sitting around in plaintext). On import, each row is written back through the model , which means the cast re-encrypts it with whatever APP_KEY is active on the destination. Server A (key A) Archive (decrypted) Server B (key B) ──────────────── ─────────────────── ──────────────── settings.payload ──decrypt──▶ "Portable" ──import──▶ settings.payload (ciphertext A) (cast) (cast) (ciphertext B) Think of it like shipping furniture: you don't ship the assembled wardrobe through a doorway it doesn't fit, you flat-pack it and reassemble at the destination with the screws you have there. The restore sequence A restore that also brings a new .env has to be careful about ordering . Here's the real flow: public func
AI 资讯
How to Automate A/B Testing Without a Data Scientist: 5 AI Tools for Lean SaaS Teams in 2026
SaaS teams using AI-driven experimentation platforms (also called A/B testing automation or CRO...
AI 资讯
Ephemeral Inboxes: Spin Up a Mailbox Per Test Run
Two CI workers kick off at the same moment. Both sign up a test user, both poll the shared QA Gmail account for "the" verification email, and worker #7 grabs the message that belonged to worker #12. The test passes. The wrong test. You spend an afternoon staring at a green build that should've been red. Shared inboxes are the single biggest source of flakiness in email-dependent E2E tests, and every workaround — catch-all forwarding rules, label rules scoped per PR, OAuth tokens living on the runner — adds another moving part that breaks on its own schedule. The fix is structural: every test gets its own address, on infrastructure your suite provisions and destroys. One wildcard, infinite addresses The E2E email testing recipe sets this up with one CLI command: nylas inbound create e2e You get back an inbox ID and a wildcard pattern shaped like e2e-*@yourapp.nylas.email . From there, each test mints a unique address under the wildcard — e2e-<uuid>@yourapp.nylas.email — and there's nothing to provision per address. You don't pay or configure per address either; the wildcard is just a convention, so burn UUIDs freely. Mail flows through MX records hosted on the Nylas side, which means zero DNS work in your own zone (the tradeoff: addresses live under *.nylas.email ). The Playwright fixture is two pieces — an address minter and a poller: export const test = base . extend < Fixtures > ({ testEmail : async ({}, use ) => { await use ( `e2e- ${ randomUUID ()} @yourapp.nylas.email` ); }, pollInbox : async ({ testEmail }, use ) => { const poll = async ( timeoutMs = 30 _000 ) => { const deadline = Date . now () + timeoutMs ; while ( Date . now () < deadline ) { const out = execSync ( `nylas inbound messages ${ process . env . INBOX_ID } --json --limit 50` , ). toString (); const match = JSON . parse ( out ). find (( m ) => m . to . some (( t ) => t . email === testEmail ), ); if ( match ) return match ; await new Promise (( r ) => setTimeout ( r , 1500 )); } throw new Error (
AI 资讯
Automated Testing for SCORM E-Learning Packages Using Playwright — A Step-by-Step Guide
Most testing tutorials ignore e-learning completely. Here's how to build a Playwright test suite that validates your SCORM packages actually work across LMS platforms. Why E-Learning Testing Is Different If you've ever published a SCORM package to an LMS and watched it silently fail — no completion recorded, quiz scores vanishing, navigation broken — you know the pain. E-learning content doesn't behave like a typical web app. It runs inside an LMS-provided iframe, communicates through a JavaScript API (the SCORM Runtime), and its behavior changes depending on which LMS hosts it. Manual QA across even 3-4 LMS platforms is slow and error-prone. In this tutorial, I'll walk you through setting up Playwright to automate SCORM package testing — from basic content loading to verifying API calls and completion status. Prerequisites Before we start, make sure you have: Node.js 18+ installed Playwright ( npm init playwright@latest ) A SCORM 1.2 or 2004 package (a .zip file containing your e-learning content) A local LMS for testing — we'll use SCORM Cloud (free tier) or a simple SCORM API shim Step 1: Set Up a Local SCORM Runtime Shim Testing SCORM content requires an API that mimics what an LMS provides. Rather than spinning up a full Moodle instance, we'll create a lightweight shim. Create a file called scorm-api-shim.js : // scorm-api-shim.js // Mimics the SCORM 1.2 Runtime API that an LMS would expose window . API = { _data : {}, _initialized : false , _calls : [], LMSInitialize : function ( param ) { this . _initialized = true ; this . _calls . push ({ method : ' LMSInitialize ' , param , timestamp : Date . now () }); console . log ( ' [SCORM] LMSInitialize called ' ); return " true " ; }, LMSGetValue : function ( key ) { this . _calls . push ({ method : ' LMSGetValue ' , key , timestamp : Date . now () }); return this . _data [ key ] || "" ; }, LMSSetValue : function ( key , value ) { this . _data [ key ] = value ; this . _calls . push ({ method : ' LMSSetValue ' , key
AI 资讯
What Does Google Actually Look For During the 14-Day Closed Test?
You’ve spent weeks, maybe months, tracking down bugs, optimizing your user interface, and wrestling with backend security rules. You compile your native release build or run your final production compilations, thinking the hardest part of the journey is officially behind you. Then you open the Google Play Console, and you’re hit with the ultimate indie developer roadblock: the mandatory 12-tester and 14-day closed testing requirement . Many independent creators view this process as a simple download checklist. You might think, "I'll just find 12 people to download the app, leave it on their phones for two weeks, and wait it out." However, treating the testing phase as a static metric is the fastest way to get rejected during the final production access review. So, what is Google actually tracking in the background during these two weeks? Let’s take a deep dive into the core algorithmic requirement that determines your success: Continuous Engagement . 🔄 Decoding "Continuous Engagement" Google Play policies are not designed as a simple box-checking exercise. The underlying goal of the algorithm is to verify if your application is genuinely functional, stable, and being tested by an organic user base before it reaches millions of production users. To enforce this, Google's advanced systems actively monitor the devices connected to your closed test track over the 14-day timeline: Background Device Pings: Google Play Services regularly collects background automated signals (ping logs) from the devices where your test build is active. Real User Interaction: Leaving an app to rot in an application drawer without ever opening it is instantly flagged by the algorithm. Google measures whether the app is actively opened daily and tracks active interaction metrics within the build. Feedback Loops: The system monitors whether your test community is utilizing the internal testing channel on the Play Store to send private developer feedback and crash reports. 📉 The Illusion of "Ju
AI 资讯
How to Compare Testing Tools Without Getting Fooled by Feature Checklists
The biggest mistake teams make when comparing testing tools is treating the feature list like the decision. A tool can support API tests, visual checks, CI, reporting, and integrations, and still be the wrong choice if nobody adopts it, the runs are flaky, or the billing model turns into a budget surprise. Start with the workflow, not the brochure The first question is not “What does this tool support?” It is “Where will this tool sit in our actual delivery flow?” A tool that looks great in a demo can still fail if it does not fit how your team writes tests, reviews failures, shares results, and ships code. If your team lives in GitHub PRs, Slack, and CI pipelines, then the evaluation should center on how quickly a test result shows up where developers already work. If your team has QA specialists, product owners, and client stakeholders, then reporting and handoff matter as much as assertion syntax. This is why feature checklists can mislead. Two tools may both claim browser automation, API coverage, and dashboards, but one might require a heavy framework rewrite while the other can be adopted incrementally. The latter is usually the better tool, even if it looks less impressive on paper. Checklist item one, can people actually use it next week? Adoption beats capability. If a tool needs a long onboarding program, a specialist only one person on the team understands, or a custom setup that no one wants to own, the tool becomes shelfware fast. Look at who will author tests, who will maintain them, and who will interpret failures. A tool that lets QA write quickly but gives developers a painful review experience can still become a bottleneck. A good evaluation asks for the smallest realistic test case. Take one happy-path flow, one negative case, and one flaky UI interaction, then see how far each tool gets you without custom glue. That is usually more useful than a vendor demo with polished sample scripts. Checklist item two, what happens when the tests get messy? E
AI 资讯
A practical playbook for choosing browser automation and cross-browser testing tools
If your goal is faster releases with fewer flaky failures, the tool choice matters less than the testing strategy behind it. Teams usually start by asking, “Should we use Playwright, Selenium, Cypress, or a cloud platform?” A better question is, “What do we need to prove, in which browsers, at what cost to maintainability and reliability?” That shift changes the conversation. Browser automation is not only about writing scripts that click through a happy path. It is about building a test system that survives UI changes, covers the browsers your users actually have, and fails for the right reasons. This playbook walks through a practical sequence you can use to compare tools and make those tradeoffs explicit. Start with the outcomes, not the framework Before comparing tools, define the job your browser tests need to do. Most teams have a mix of goals, even if they do not write them down: Catch broken critical flows before merge Verify rendering in real browsers, not just headless simulations Keep test code readable enough that the team can maintain it Reduce flaky failures that waste review time and erode trust Avoid spending more time on infrastructure than on product quality Once you name those goals, tool comparison becomes simpler. A fast local developer feedback loop may point you toward one choice, while broad cross-browser coverage and managed execution may point you toward another. If a tool is fast but makes maintenance painful, that is not a win. If it supports many browsers but creates unstable runs, that is also not a win. Map your browser reality first The second step is to compare your user base with your test environment. Teams often say they support “all major browsers,” but the actual risk is usually narrower. Check which browser and device combinations matter for your product, then decide what needs automated coverage versus manual spot checks. This is where real browser execution becomes important. A headless run can be useful, but it does not repl
AI 资讯
Part 3: Ignoring Think Time Between Requests
Hey, welcome back. Last time we talked about missing parameterization in test scenarios. Today's mistake is similar in spirit. The test runs. The numbers look great. But what you've built isn't a load test. It's a hammer. ⚠️ The script works. The test is inhuman. Real users don't fire requests like a machine gun. They log in. They pause. They read. They click. They pause again. A typical user journey that takes 60 seconds in real life? Without think time, your script does it in just a few seconds. What this breaks Your throughput numbers are fiction. If users complete journeys 30x faster than reality, your RPS is inflated by 30x. You're not measuring capacity — you're measuring endurance under abuse. You stress the wrong things. Realistic concurrency surfaces real bottlenecks. A firehose of instant requests just overloads your connection pool and calls it a day. Production behaves nothing like your test. Because real users think. Your script didn't. 🛠 The fix Add randomized pauses between steps. Every major tool supports it: JMeter: Gaussian Random Timer, Uniform Random Timer etc. k6: sleep(Math.random() * 5 + 3) Gatling: pause(3.seconds, 8.seconds) Locust: time.sleep(random.uniform(3, 8)) 3–8 seconds between actions is a reasonable starting point. Check your analytics for what real sessions actually look like. Before your next run: Pauses between every major action? Randomized, not fixed? Does the timing feel human? If not — you're not testing load. You're testing collapse. Think time is one piece of the puzzle. But realistic load modeling goes deeper — it's about understanding how real users behave, how to translate that into a load profile, and how to design a test that actually reflects production. That's not something you patch with a timer. It's something you build from the ground up. If you want to understand the full system — from load model design to test execution to results that mean something — that's exactly what Performance Testing Fundamentals course
开发者
Postman Variable ไม่คงอยู่ใน Runner: สาเหตุและวิธีแก้ไข
สรุปสาระสำคัญ (TL;DR) ตัวแปรที่ตั้งค่าระหว่างการรันคำขอแบบแมนนวลใน Postman อาจ “หายไป” เมื่อรันผ่าน Collection Runner เพราะขอบเขตตัวแปรและพฤติกรรมการคงค่าระหว่างการรันไม่เหมือนกัน จุดที่ต้องตรวจสอบคือ pm.environment.set , การเลือก Environment, ค่า Initial/Current Value, ตัวเลือก “Keep variable values” และการเลือกใช้ Collection Variables ให้เหมาะกับสถานะภายในรันเดียวกัน ลองใช้ Apidog วันนี้ บทนำ คุณอาจเคยเจอสถานการณ์นี้: รันคำขอ Login ใน Postman แบบแมนนวล Post-response script ดึง access_token ตั้งค่า token ด้วย pm.environment.set คำขอถัดไปใช้ {{token}} ได้ตามปกติ แต่เมื่อกด Run Collection คำขอ Login ผ่าน แต่คำขอถัดไปได้ 401 Unauthorized ตัวอย่างสคริปต์ที่มักเป็นต้นเหตุ: pm . environment . set ( ' token ' , pm . response . json (). access_token ); สคริปต์นี้ไม่ได้ผิดเสมอไป แต่จะมีปัญหาเมื่อ: ไม่ได้เลือก Environment ใน Runner Runner รีเซ็ตค่าหลังรันเสร็จ ใช้ Environment Variables ทั้งที่ต้องการแค่ state ภายใน Collection Run ตั้งค่าเฉพาะ Current Value แต่ไม่ได้ตั้ง Initial Value บทความนี้สรุปวิธีดีบักและแก้ไขแบบลงมือทำได้ทันที ลำดับชั้นขอบเขตตัวแปรของ Postman Postman แก้ค่า {{variable}} ตามลำดับความสำคัญดังนี้: Local variables — ใช้เฉพาะในสคริปต์ที่กำลังรัน Data variables — มาจากไฟล์ CSV/JSON สำหรับ data-driven test Collection variables — ใช้ภายในคอลเล็กชัน Environment variables — ใช้ใน Environment ที่เลือก Global variables — ใช้ได้ข้ามคอลเล็กชันและ Environment ถ้ามีตัวแปรชื่อเดียวกันหลายขอบเขต เช่น token Postman จะใช้ค่าจากขอบเขตที่มี priority สูงกว่าก่อน ตัวอย่าง: pm . collectionVariables . set ( ' token ' , ' collection-token ' ); pm . environment . set ( ' token ' , ' environment-token ' ); console . log ( pm . variables . get ( ' token ' )); pm.variables.get('token') จะคืนค่าตามลำดับ priority ไม่ได้หมายความว่าจะอ่านจาก Environment เสมอไป ทำไมตัวแปรจึงหายไปใน Collection Runner 1. Current Value และ Initial Value ไม่เหมือนกัน ตัวแปรใน Postman มี 2 ค่า: Initial value : ค่าที่ซิงค์และแชร์กับทีม Current value : ค่า local ในเครื่องของคุณ เมื่อใช้: pm . environment . set (
AI 资讯
Variável Postman Não Persiste no Runner: Causa e Solução
Em resumo Variáveis definidas em scripts do Postman podem “sumir” quando você troca a execução manual pelo Collection Runner. Na prática, quase sempre é um problema de escopo: pm.environment.set escreve no ambiente ativo, variáveis de coleção têm outro ciclo de vida, e o runner pode descartar alterações ao final da execução. Experimente o Apidog hoje Neste guia, você vai ver como diagnosticar o problema, escolher o escopo correto e corrigir os casos mais comuns. Também verá como o Apidog lida com variáveis de forma mais explícita na interface. Introdução Você testa uma API manualmente no Postman: Executa a requisição de login. Um script salva o token. As próximas requisições usam {{token}} . Tudo funciona. Depois você clica em Run Collection . O login retorna sucesso, mas a próxima requisição falha com 401 Unauthorized . O token não foi encontrado. Esse comportamento é comum porque o modo manual e o Collection Runner não lidam com o estado das variáveis exatamente da mesma forma. A correção começa entendendo a hierarquia de escopos do Postman. Hierarquia de escopo de variáveis do Postman O Postman resolve variáveis seguindo uma ordem de prioridade. Da maior para a menor: Variáveis locais : existem apenas durante a execução do script atual. Variáveis de dados : vêm de arquivos CSV ou JSON usados em execuções orientadas por dados. Variáveis de coleção : pertencem à coleção e podem ser usadas por requisições dentro dela. Variáveis de ambiente : pertencem ao ambiente selecionado. Variáveis globais : ficam disponíveis para qualquer coleção e ambiente. Quando você usa: {{token}} o Postman procura token nessa ordem e usa o primeiro valor encontrado. Isso significa que o problema nem sempre é “a variável não existe”. Às vezes ela existe, mas em outro escopo, ou um escopo de maior prioridade está sobrescrevendo o valor esperado. Por que as variáveis desaparecem no Collection Runner 1. Valor inicial vs. valor atual Cada variável no Postman pode ter dois valores: Valor inicial
AI 资讯
Diário de dev #3: o bug que só aparece quando alguém usa
No trabalho, nenhum código mudou. O que mudou foi a forma como os clientes inserem os dados. E isso quebrou coisas que nenhum teste existente pegou. O bug que só aparece quando alguém usa A motivação pra montar E2E do zero veio de um problema específico. Você precisava acessar a aplicação pra quebrar. Não era um erro de lógica isolado que um teste unitário pegaria. Era uma combinação de dados reais num fluxo real produzindo um resultado errado que só aparecia na tela. Os clientes chegavam lá antes da gente. É uma categoria de problema que teste de código não resolve, porque o problema não está no código. Está na interação entre o código, os dados e o ambiente. A forma mais rápida de pegar antes é rodar o fluxo completo do jeito que o usuário roda. Ficou com smoke tests cobrindo os principais fluxos do produto, configuração pra rodar contra múltiplos ambientes, e notificação no Slack quando o nightly quebra. A parte mais útil não são os testes em si. É saber antes do cliente reportar. Autocrop: quando nenhuma ferramenta resolve tudo Num projeto paralelo que mantenho, passei o fim de semana montando autocrop automático pra imagens. A ideia inicial era usar o imgproxy Pro, que tem detecção de objeto embutida. Não ficou preciso o suficiente pra variedade de imagens que eu tinha. Fui pro Rekognition, que retorna bounding boxes. Mais controle, mas bounding box tem um limite: é um retângulo. Objetos não são retângulos. Aí descobri o rembg, que faz algo diferente. Em vez de delimitar uma área, ele cria uma máscara pixel por pixel usando uma rede chamada U2Net, treinada pra segmentação de primeiro plano. O resultado foi bem superior — ele recorta o objeto, não uma caixa em torno dele. Colocar isso em Lambda foi onde a semana ficou mais lenta. O modelo precisava estar acessível pro processo do Lambda, coloquei em /root , Lambda não lê de lá. Movi pro /opt , chmod 755. O NUMBA tentou escrever cache em diretório read-only, defini NUMBA_CACHE_DIR=/tmp . Depois OOM em imagens mai
AI 资讯
Locators & Web-First Assertions (Playwright + TypeScript, Ch.3)
In Chapter 2 we wrote our first tests and hit two bugs. Before we add more, we need the one skill everything else rests on: finding elements reliably . Get this right and your tests survive redesigns; get it wrong and they break every sprint. Code for this chapter is tagged ch-03 in the repo: https://github.com/aktibaba/playwright-qa-course — see src/tests/ui/locators.spec.ts . Locate the way a user perceives The brittle instinct is to grab elements by their structure — CSS classes, nth-child , XPath. All of that changes the moment a developer touches the markup. Playwright's recommended locators instead target what a user (and a screen reader) perceives: the role, the label, the visible text. Use them in this order of preference: getByRole — the role + accessible name (covers the vast majority of cases) getByLabel — form fields by their <label> getByPlaceholder — inputs without a label getByText — non-interactive content getByTestId — a deliberate data-testid , only when nothing semantic fits Here's the top of the priority list, live against Inkwell's home page: import { test , expect } from " @playwright/test " ; test ( " prefer role-based locators over CSS " , async ({ page }) => { await page . goto ( " / " ); await expect ( page . getByRole ( " button " , { name : " Global Feed " })). toBeVisible (); await expect ( page . getByRole ( " link " , { name : " Sign up " })). toBeVisible (); await expect ( page . getByRole ( " heading " , { name : " inkwell " })). toBeVisible (); }); getByRole("button", { name: "Global Feed" }) asserts two things at once — that an element with the button role exists and that its accessible name is "Global Feed". If a dev swaps the <div class="feed-btn"> for a real <button> , this locator keeps working; a CSS selector wouldn't. Strict mode is your friend Playwright locators are strict : if a locator matches more than one element, the action throws instead of silently picking the first. That catches ambiguous tests before they pick the
AI 资讯
Setup & Your First UI + API Tests (Playwright + TypeScript, Ch.2)
In Chapter 1 we argued that automation fails from a lack of structure , not a lack of tooling — and we met Inkwell , the dockerized app we test against. Now we install Playwright + TypeScript and write our first UI and API tests, deliberately simple. We'll also hit two real bugs along the way. I'm leaving them in on purpose — they're the exact problems the framework we build later is designed to prevent. Code for this chapter is tagged ch-02 in the repo: https://github.com/aktibaba/playwright-qa-course Before you start Make sure Inkwell is running (from Chapter 1): cd sut docker compose up -d --build --wait # web :3000, api :3001/api Install Playwright + TypeScript From the repo root: npm install -D @playwright/test typescript @types/node npx playwright install chromium That's it — Playwright bundles its own test runner, assertion library, and TypeScript support. No extra config to make .ts test files work. A minimal config — not a framework yet Two small files keep us honest from day one. First, never hard-code URLs in tests — put them in one place: // src/utils/env.ts export const env = { /** Inkwell SPA (nginx) — the UI base URL. */ webURL : process . env . WEB_URL ?? " http://localhost:3000 " , /** Inkwell API base, including the /api prefix. */ apiURL : process . env . API_URL ?? " http://localhost:3001/api " , } as const ; Then the Playwright config. We split tests into two projects — a fast api project and a Chromium ui project — because API tests need no browser and should run in milliseconds: // playwright.config.ts import { defineConfig , devices } from " @playwright/test " ; import { env } from " ./src/utils/env " ; export default defineConfig ({ testDir : " ./src/tests " , fullyParallel : true , reporter : " list " , use : { trace : " on-first-retry " , screenshot : " only-on-failure " }, projects : [ { name : " api " , testDir : " ./src/tests/api " , use : { baseURL : env . apiURL } }, { name : " ui " , testDir : " ./src/tests/ui " , use : { baseURL : e
AI 资讯
Why a Test Automation Framework? (Playwright + TypeScript, Ch.1)
Welcome to the first chapter of a hands-on course where we build a production-grade Playwright + TypeScript automation framework — covering both API and UI testing — against a real, dockerized web app you run on your own machine. This isn't a "here are 5 Playwright tips" post. By the end of the series you'll have a framework with the same shape a real QA team ships: layered, parallel-safe, authenticating once and reusing the session, seeding data through the API and verifying it in the UI, and running sharded in CI. We build it one chapter at a time, and every line of code is in a public repo you can clone and run. Who this is for You can read basic JavaScript (variables, functions, async/await ). That's it. No Playwright or TypeScript experience required — we introduce both from zero. You've maybe written a few UI tests before and felt them turn into a tangle. This course is about the structure that prevents that. How the course works Each chapter is one post in this series, in order. Read them top to bottom. There's a companion GitHub repo — the single source of truth for all code: 👉 https://github.com/aktibaba/playwright-qa-course The repo carries one git tag per chapter ( ch-01 , ch-02 , …) so you can check out the exact state of the code at any point and compare it to what you have. Every chapter ends with what changed, so you can either build along or just read the diff. Get the code and run the app We don't test toy pages. The course runs against Inkwell — a small but real React + Express + PostgreSQL blogging app (articles, comments, tags, follow/favorite, JWT auth). It lives in the same repo under sut/ ("system under test") and ships as a one-command Docker stack with deterministic reset / seed endpoints, so your tests never race startup or fight flaky data. You'll need Node.js 18+ and Docker . # 1. Clone the course repo git clone https://github.com/aktibaba/playwright-qa-course.git cd playwright-qa-course # 2. Start the app (db + API + web), wait until eve
AI 资讯
Cypress Testing: Complete Beginner's Guide
Section 1: Getting Started with Cypress 1. Installing and Setting Up Cypress Prerequisites Before installing Cypress, ensure you have Node.js installed on your machine. Cypress requires Node.js 18.x or 20.x and above. You should also have an existing React project or create a new one. Check your Node.js version by running this command in your terminal: node --version # Should output v18.x.x or higher Creating a React Project (Optional) If you don't have an existing React project, create one using Vite which is the recommended approach for new React projects: npm create vite@latest my-react-app -- --template react cd my-react-app npm install Installing Cypress Navigate to your React project directory and install Cypress as a development dependency. Cypress is a fairly large package, so the installation might take a minute or two: npm install cypress --save-dev # Or using yarn yarn add cypress --dev Opening Cypress for the First Time After installation, open Cypress for the first time. This will create the initial folder structure and configuration files: npx cypress open When Cypress opens for the first time, you'll see a welcome screen where you can choose between E2E Testing and Component Testing. Select E2E Testing to get started with end-to-end tests. Cypress will then prompt you to choose a browser. You can select Chrome, Firefox, Edge, or Electron. Choose your preferred browser and click Start E2E Testing in [Browser] . Adding NPM Scripts Add convenient scripts to your package.json for running Cypress tests: { "scripts" : { "dev" : "vite" , "build" : "vite build" , "cy:open" : "cypress open" , "cy:run" : "cypress run" , "test:e2e" : "start-server-and-test dev http://localhost:5173 cy:run" } } Tip: Use npm run cy:open for interactive development with the Cypress Test Runner. Use npm run cy:run for headless execution in CI/CD pipelines. 2. Understanding Cypress Project Structure Project Directory Overview After initializing Cypress, you'll notice several new fold
AI 资讯
Building MIL-STD-Compliant ATE with LabVIEW: Architecture and Best Practices
If you're building or integrating Automated Test Equipment for aerospace or defence electronics, the technical requirements go well beyond "does the test pass." You need documentation that satisfies MIL-STD, AS9100, and DO-178C auditors — and an architecture that scales from prototype to production. Here's how modern Universal ATE systems are structured for defence-grade compliance. The Core Architecture A defence-grade ATE system has four functional layers: ┌─────────────────────────────────────────┐ │ Test Executive (LabVIEW) │ ← Orchestrates all test sequences ├────────────────┬────────────────────────┤ │ Instrument │ DUT Interface │ ← Hardware layer │ Control │ (ICT/JTAG/Func) │ ├────────────────┴────────────────────────┤ │ Data Management Layer │ ← Logging, traceability, reports ├─────────────────────────────────────────┤ │ Calibration & Verification │ ← Ensures measurement accuracy └─────────────────────────────────────────┘ Test Executive Design in LabVIEW The test executive controls the sequence, manages results, and handles failures. Key design principles: Test Sequence: 1. DUT identification (serial number scan or manual entry) 2. Pre-test self-check (verify instrument calibration status) 3. ICT phase — passive component verification 4. JTAG boundary scan — IEEE 1149.1 interconnect verification 5. Power-on functional test — operational verification 6. RF/signal analysis — if applicable to DUT type 7. Report generation — automatic, timestamped 8. Pass/fail disposition record JTAG Integration via IEEE 1149.1 For high-density boards where bed-of-nails is not viable, JTAG boundary scan is implemented via a JTAG controller (e.g., XJTAG, Corelis, or ASSET InterTech) integrated into the LabVIEW environment: LabVIEW → JTAG Controller API → Scan Chain → DUT ICs The boundary scan description files (BSDL) for each IC define the test vectors. Your test executive loads BSDL files, generates scan chain topology, and runs interconnect tests automatically. Data Traceabili