ABE — Autonomous Bug Explorer
"Playwright discovers what you test. ABE discovers what you miss."
An enterprise-grade, self-hosted platform for autonomous bug discovery in web applications. ABE explores your app like a real user, injects invalid inputs (fuzzing), detects anomalies, and generates reproducible bug reports — all without writing a single test.
Features
- Autonomous exploration — navigates your app using a seeded, deterministic algorithm
- Smart fuzzing — injects empty values, oversized strings, special chars, type mismatches and boundary values into every input
- Anomaly detection — catches HTTP errors, JS exceptions, console errors, and accessibility violations
- Reproducible reports — every finding includes an exact action trace + generated Playwright test
- Real-time dashboard — watch explorations live with severity heatmaps and trend charts
- CI/CD integration — JUnit XML output, GitHub Action, exit codes for threshold-based gating
- Auth support — cookies, headers, or login flow for authenticated app exploration
- Enterprise licensing — RSA-signed license keys, RBAC, API keys, Slack/GitHub/Jira integrations
Quick Start
# Install dependencies
npm install
# Install Playwright browser
npx playwright install chromium
# Explore your app (inline mode — no server needed)
npm run abe -- explore --url http://localhost:3000
# Start the full dashboard (API server + React frontend)
npm run dev:all
# Then open http://localhost:5173
CLI Reference
abe explore — Run an exploration
npm run abe -- explore [options]
| Option | Default | Description |
|---|---|---|
--url <url> |
(required) | Target URL to explore |
--config <file> |
— | JSON config file (merged with flags) |
--seed <n> |
42 |
Deterministic seed |
--max-states <n> |
50 |
Max states to visit |
--max-depth <n> |
5 |
Max click depth |
--allowed-domains <d> |
(from URL) | Comma-separated allowed domains |
--excluded-paths <p> |
— | Comma-separated paths to skip |
--auth-type <type> |
— | cookies | headers | login_flow |
--output <format> |
human |
human | json | junit | markdown |
--reports-dir <dir> |
./reports |
Output directory |
--fail-on-severity <s> |
— | Exit 1 if finding at low/medium/high/critical or above |
--fail-on-anomaly |
— | Exit 1 if any finding found |
--server <url> |
— | Remote ABE server URL (skips inline engine) |
--api-key <key> |
— | API key for remote server |
Exit codes: 0 = clean, 1 = findings over threshold, 2 = error
Examples
# Basic exploration
npm run abe -- explore --url https://staging.myapp.com
# CI mode — fail on high/critical findings, output JUnit
npm run abe -- explore \
--url https://staging.myapp.com \
--max-states 100 \
--output junit \
--fail-on-severity high
# Authenticated exploration (login flow)
npm run abe -- explore \
--url https://staging.myapp.com \
--auth-type login_flow \
--login-url https://staging.myapp.com/login \
--username ci@example.com \
--password secret
# Load config from JSON file
npm run abe -- explore --url https://staging.myapp.com --config abe.config.json
# Remote server mode (delegates to ABE server)
npm run abe -- explore \
--url https://staging.myapp.com \
--server https://abe.internal.company.com \
--api-key $ABE_API_KEY
Config File Format (abe.config.json)
{
"maxStates": 100,
"maxDepth": 8,
"seed": 1337,
"allowedDomains": ["staging.myapp.com"],
"excludedPaths": ["/logout", "/admin"]
}
abe report — Generate a report
npm run abe -- report --session <id> [options]
| Option | Default | Description |
|---|---|---|
--session <id> |
(required) | Session ID to report on |
--server <url> |
http://localhost:3001 |
ABE server URL |
--api-key <key> |
— | API key |
--format <fmt> |
pdf |
pdf | html | json |
--output <file> |
./abe-report-<id>.<fmt> |
Output file path |
npm run abe -- report \
--session abc123 \
--server https://abe.internal.company.com \
--api-key $ABE_API_KEY \
--format pdf \
--output ./security-report.pdf
abe status — Check server health
npm run abe -- status [options]
| Option | Default | Description |
|---|---|---|
--server <url> |
http://localhost:3001 |
ABE server URL |
--api-key <key> |
— | API key |
--json |
— | JSON output |
npm run abe -- status --server https://abe.internal.company.com
# ✓ ABE server is ready at https://abe.internal.company.com
# 2 active session(s):
# [abc123] https://staging.myapp.com — 42 states explored
CI/CD Integration
GitHub Actions — Composite Action
steps:
- uses: actions/checkout@v4
- name: Run ABE
uses: ./.github/actions/abe-explore
with:
url: https://staging.myapp.com
max-states: '50'
fail-on-severity: high
output: junit
- name: Publish results
if: always()
uses: EnricoMi/publish-unit-test-result-action@v2
with:
files: abe-results.xml
GitHub Actions — Inline
- name: Run ABE
run: |
npm run abe -- explore \
--url https://staging.myapp.com \
--max-states 50 \
--output junit \
--fail-on-severity high
Docker CI Image
# Build the CI image (includes Playwright/Chromium)
docker build -f Dockerfile.ci -t abe-ci .
# Run exploration in Docker
docker run --rm \
-v $(pwd)/abe-reports:/reports \
abe-ci explore \
--url http://host.docker.internal:3000 \
--output junit \
--fail-on-severity high
JUnit XML Output
With --output junit, ABE writes abe-results.xml:
- Each state visited = a passing test case
- Each finding = a failing test case with severity and description
Integrates with GitHub Actions, Jenkins, GitLab CI, CircleCI, and any JUnit-compatible reporter.
Web Dashboard
# Start both backend (port 3001) and frontend (port 5173)
npm run dev:all
Open http://localhost:5173. First run prompts you to create an admin account and organization.
Docker
docker compose up --build
| Service | Port | Description |
|---|---|---|
| Backend | 3001 | Express API + socket.io |
| Frontend | 5173 | React dashboard (nginx) |
Architecture
Domain (pure TypeScript — no infrastructure dependencies)
↑
Application (use cases, commands, queries, event handlers)
↑
Infrastructure (Kysely/SQLite, Playwright, Express controllers)
Modules: crawling · findings · fuzzing · auth · reporting · integrations · licensing
Cross-module communication via EventBus only — bounded contexts never import each other directly.
Development
npm run build # Compile TypeScript
npm run test # Run tests (Vitest)
npm run lint # ESLint
npm run db:migrate # Apply database migrations
cd frontend && npm run build # Build frontend
docker compose up -d --build # Full stack with Docker
License
Core: MIT · Enterprise features require a valid license key.