qracle.ai

QA diagnostics that scan everything, then think.

qracle scans your web app across 9 specialist dimensions in parallel, then an LLM Oracle adjudicates findings into one canonical report. Real defects with confidence scores, blast radius, and paste-ready prompts for your IDE-AI.

Request beta access View a sample report

What qracle scans

Nine specialist scanners, each wrapping a mature OSS tool, run in parallel against your target. No single tool is the source of truth — the Oracle stage cross-validates and adjudicates.

Functional

User journeys

Playwright runs deterministic journeys; Stagehand handles agentic flows on staging.

Accessibility

WCAG conformance

axe-core via Playwright walks every reachable view; LLM assist for narrow ambiguous cases.

Performance

Field + lab metrics

Lighthouse CI + Unlighthouse for the page tree, k6 for synthetic load smoke tests.

Visual

Pixel regression

Argos snapshots with pixelmatch diffing; Lost Pixel fallback when self-hosting is off.

Security

Dynamic + static

Authenticated OWASP ZAP DAST with the scan token gating destructive ops. Read-mode by default; active-scan opt-in per surface.

Supply chain

Deps + secrets

Trivy on filesystem + image, gitleaks across the git history. CVEs and leaked tokens before they ship.

API contract

Discover + fuzz

Schemathesis in 3 stages — discover endpoints from HAR, observe shapes, fuzz against schema.

Architecture

Drift detection

Static checks for layering violations, dead code, and coupling that crosses module boundaries.

AI-slop syntactic

Hallucinated code

Detects undeclared imports, phantom APIs, and other syntactic tells of LLM-generated code that wasn't reviewed.

How it works

A single Temporal Cloud workflow fans out the 9 specialists in parallel. Each emits raw findings; the Oracle stage adjudicates. The output is one report, not nine.

  1. Scan

    Point qracle at a URL (and optionally a repo). The Temporal workflow dispatches all 9 specialists in parallel — each one wraps a mature OSS tool. Functional emits a HAR that feeds the API contract specialist; everything else runs independently.

  2. Adjudicate

    The Oracle stage applies deterministic rules first (calibration windows, differential heuristics), then escalates ambiguous cases to bounded LLM adjudication. Every verdict carries a confidence score and a budget audit trail — no silent dropouts.

  3. Report

    One canonical qa_report.v1.json plus SARIF (for code scanning UIs) and Markdown (for PR comments). Every finding includes a Five-Whys hypothesis ladder, blast radius matrix, and a paste-ready prompt for your IDE-AI to draft the fix.

What the output looks like

Findings adhere to the canonical qa_report.v1 schema. Below is a real excerpt from a juice-shop scan. Three findings, three Oracle verdicts.

perf.runner.lighthouse_failed high confidence 100
url https://juice-shop.herokuapp.com
observed Runner lighthouse failed: LHCI failed: (exit signal)
user_impact Slower perf affects perceived page responsiveness on desktop profile.
verdict: suspect · resolved_by: budget-exhausted · oracle/2026.05-rules-v1
perf.runner.unlighthouse_failed high confidence 100
url https://juice-shop.herokuapp.com
observed Runner unlighthouse failed: Unlighthouse failed: (exit signal)
required_artifacts tool_stdout, trace
verdict: suspect · resolved_by: budget-exhausted · oracle/2026.05-rules-v1
perf.runner.k6_smoke_failed high confidence 100
url https://juice-shop.herokuapp.com
observed Runner k6_smoke failed: k6 failed: (exit signal)
hypothesis Performance regression — page or asset latency exceeds the configured threshold.
verdict: suspect · resolved_by: budget-exhausted · oracle/2026.05-rules-v1

Each finding in the real JSON also carries a fingerprint (stable across runs), a fiveWhysPacket with hypothesis ladder + required artifacts, and a paste_ready_prompt formatted for direct paste into Claude / Copilot / your IDE-AI of choice. See the full sample ›

Private beta opens May 21, 2026

Concierge onboarding for the first cohort: tell us your target URL and team size, we'll send back a CLI command and a link to your first report. Tiered access (BYOK or platform-managed) once self-serve lands in v1.1.

Request beta access