Notes on testing the AI way.
How AI exploration, Playwright, and deterministic CI fit together — and the design decisions behind Hover.
- ·securityidoraccess-control
Test for IDOR and broken access control from your dev browser
Broken access control is the #1 web security risk and rarely gets an automated test. Hover's security mode replays your app's own API calls with mutated IDs and tokens, then saves the probe as a Playwright spec.
Read → - ·playwrightpage-object-modelfixtures
Auto-extract Playwright Page Objects from your existing specs
Every spec re-types the login flow. hover extract finds the steps your specs share, lifts them into a Page Object plus a fixture, and rewrites the specs to use it. No agent, no tokens.
Read → - ·playwrightflaky-testspromise-all
Fix flaky Playwright download, popup, and upload tests with Promise.all
Downloads, OAuth popups, and file uploads flake in Playwright when the event listener registers after the click. Pair them with Promise.all, and let Hover write the pairing for you.
Read → - ·playwrightclitutorial
Generate a Playwright test from your terminal with hover run
hover run drives a real Chrome from the command line and crystallizes the session into a plain Playwright spec. No widget, no bundler config, just a prompt and a URL.
Read → - ·playwrightai-testingci
AI-authored Playwright tests, without an AI in your CI
Most AI testing tools keep a model in the loop at runtime, so every CI run pays for LLM calls. The alternative: let AI author the test once, then ship plain Playwright that runs deterministically.
Read → - ·playwrightcodegencomparison
Playwright codegen vs. AI exploration: when each one wins
Playwright's built-in recorder is free, local, and writes clean code, but it only transcribes clicks. Here is where codegen is the right tool and where authoring from intent changes the job.
Read → - ·architecturebyo-clipricing
Bring your own CLI: AI testing with no API key and no token resale
Hover bundles no AI runtime. It spawns the coding-agent CLI already on your PATH (claude, codex, cursor-agent), so you reuse the subscription you already pay for. Why that architecture matters.
Read → - ·playwrightmaintenanceselectors
How to keep AI-authored Playwright tests from breaking when your UI changes
Selector rot breaks end-to-end suites. Here is a model-free way to handle it: semantic locators, deliberate re-recording, and treating real flow breaks as the bugs they catch.
Read → - ·cdpchromearchitecture
Why Hover drives your real Chrome over CDP instead of a fresh headless context
An agent that tests your app should see what you see. Why Hover connects to an already-running debug Chrome over the Chrome DevTools Protocol, and why it never touches your primary browser profile.
Read →