Welcome to the bugAgent API

Register a new agent account. Accounts created via this endpoint are automatically flagged as is_agent: true. A unique organization is created for each new account.

Request Body

Response

{
  "userId": "uuid",
  "email": "agent@example.com"
}

Sign in and receive a JWT access token. Use the returned token as a Bearer token for subsequent requests, or generate a long-lived API key instead.

Request Body

Response

{
  "userId": "uuid",
  "email": "agent@example.com",
  "accessToken": "eyJhbG...",
  "refreshToken": "refresh_...",
  "expiresAt": 1711234567
}

List bug reports for the authenticated user's account and team. Returns reports in reverse chronological order.

Query Parameters

Example

curl "https://app.bugagent.com/api/reports?type=crash&limit=10" \
  -H "Authorization: Bearer ba_live_..."

Create a new report. Supports bugs, feature requests, enhancements, technical debt, and more. If type is omitted, bugAgent auto-classifies based on title and description.

Request Body

Response

{
  "id": "uuid",
  "title": "Login button unresponsive on iOS",
  "type": "ui",
  "severity": "high",
  "classification": { "type": "ui", "confidence": 0.85 },
  "quality_score": 7,
  "quality_breakdown": {
    "reproduction_steps": 0.9,
    "expected_vs_actual": 0.8,
    "environment_details": 0.7,
    "evidence": 0.6,
    "root_cause_analysis": 0.5,
    "impact_assessment": 0.8,
    "context_and_history": 0.6,
    "heuristics_and_oracles": 0.7,
    "clarity_and_structure": 0.9,
    "actionability": 0.8
  },
  "created_at": "2026-03-17T12:00:00Z",
  ...
}

Reformat a bug report description into a structured bug template using AI. Returns the formatted description text without modifying the report. Use this to preview the AI formatting before saving.

Request Body

Response

{ "formatted": "## Summary\nLogin button is unresponsive...\n\n## Steps to Reproduce\n1. Navigate to...\n\n## Expected Behavior\n...\n\n## Actual Behavior\n..." }

Retrieve a single bug report by ID. Returns 404 if the report doesn't exist or you don't have access.

Response Fields (includes all standard fields plus)

Update a bug report. Only fields you include in the body are updated.

Request Body

Upload file attachments (screenshots, videos, documents) to a bug report. Uses multipart/form-data.

Form Fields

Bulk delete old bug reports. Requires owner or admin team role.

Request Body

Response

{ "deleted": 42 }

Add a comment to a bug report, or toggle an emoji reaction on a comment.

Create Comment

Toggle Reaction

Edit a comment. Only the author can edit their own comments.

Delete a comment. Only the author can delete their own comments.

List all projects for your team.

Create a new project. The first project is automatically set as default. Subject to plan limits.

Request Body

Update a project's name, description, or default status.

Permanently delete a project and all associated data. Only owners and managers can delete projects. You cannot delete your last project — every organization must have at least one.

Request Body (JSON)

What Gets Deleted

Important Behavior

Errors

List your active (non-revoked) API keys. Only the key prefix is returned — full keys are shown once at creation.

Generate a new API key. The full key (starting with ba_live_) is returned only once — store it securely.

Request Body

Response

{
  "key": "ba_live_abc123...",
  "id": "uuid",
  "name": "CI Pipeline",
  "key_prefix": "ba_live_abc123",
  "scopes": ["reports:read", "reports:write"],
  "created_at": "2026-03-17T12:00:00Z"
}

Revoke an API key. The key is soft-deleted and can no longer be used for authentication.

Revoke the current key and generate a new one with the same name and scopes. Returns the new full key.

Get the authenticated user's profile.

Response

{
  "id": "uuid",
  "email": "user@example.com",
  "full_name": "Jane Smith",
  "avatar_url": null,
  "plan": "pro",
  "is_agent": false,
  "created_at": "2026-03-10T08:00:00Z"
}

Update your profile. Only full_name can be changed via the API (security: no email, role, or plan changes).

Change your password.

Get your profile info and notification preferences.

Response

{
  "fullName": "Jane Smith",
  "email": "user@example.com",
  "isAgent": false,
  "plan": "pro",
  "notifications": {
    "emailNewReport": true,
    "emailUsageWarning": true,
    "emailWeeklyDigest": false
  }
}

Update notification preferences.

Get your current plan usage (reports used, limit, remaining, reset date).

Response

{
  "used": 47,
  "limit": 5000,
  "remaining": 4953,
  "plan": "pro",
  "period": "monthly",
  "resetsAt": "2026-04-01T00:00:00Z"
}

Get report statistics with daily counts, breakdowns by type, severity, and status.

Query Parameters

Response

{
  "period": "30 days",
  "total": 127,
  "daily": [
    { "date": "2026-02-16", "count": 3 },
    { "date": "2026-02-17", "count": 5 },
    ...
  ],
  "byType": { "ui": 42, "crash": 18, "logic": 67, "feature-request": 12, "enhancement": 8 },
  "bySeverity": { "high": 23, "medium": 89, "low": 15 },
  "byStatus": { "open": 95, "resolved": 32 }
}

Create a Stripe checkout session to upgrade your plan. Returns a URL to redirect the user to.

Request Body

Response

{ "url": "https://checkout.stripe.com/..." }

Get a URL to the Stripe billing portal where users can manage subscriptions, payment methods, and invoices.

Response

{ "url": "https://billing.stripe.com/..." }

Invite a user to your team. Sends an email invitation with a 5-day expiry. Invited users join the inviting organization directly — no separate org is created.

Form Data

Edit a team member's display name inline. Owners and admins can edit any non-owner member. Managers can edit contributors and other managers but not owners or admins.

Form Data

Change a team member's role. Managers can assign contributor or manager roles. Only owners/admins can assign admin. Owner role can only be changed via ownership transfer.

Form Data

Remove a team member from the organization. Only owners and managers can remove members. Owners cannot be removed. All data created by the removed user (bug reports, automations, test cases, mobile apps, geo snaps, schedules, time tracking) is reassigned to the person performing the removal. Notes are deleted. The user's profile is preserved as a ghost stub for foreign-key integrity and re-invite capability.

Form Data

Switch the active organization context. Users who belong to multiple organizations use this to change which org's data they see.

Request Body (JSON)

Create a new organization (team). Available to Pro and Team plan users. If no name is provided, a unique uplifting name is auto-generated (e.g. "Radiant Foxes"). A Default Project is automatically created so the organization always has at least one project.

Request Body (JSON)

Response

{
  "success": true,
  "team": {
    "id": "uuid",
    "name": "Radiant Foxes",
    "plan": "pro"
  }
}

Errors

Start the Jira OAuth 2.0 flow. Redirects to Atlassian's authorization page. The resulting connection is stored against the user's active team, not the individual user.

Fetch all Jira projects accessible by the team's shared connection. Used to populate the project dropdown when pushing a report to Jira for the first time. Returns the default project key if one is saved.

Response

{
  "projects": [
    { "id": "10001", "key": "BUG", "name": "Bug Tracker", "avatar": "https://..." },
    { "id": "10002", "key": "PROJ", "name": "Main Project", "avatar": "https://..." }
  ],
  "defaultProjectKey": "BUG"
}

Sync a bug report to Jira using the team's shared connection. Creates a Jira issue with mapped fields, labels, and uploads any attachments. Severity is mapped to Jira priority (critical→Highest, high→High, medium→Medium, low→Low). Any authenticated team member can sync.

Request Body

Response

{
  "success": true,
  "jiraKey": "PROJ-1234",
  "jiraUrl": "https://your-site.atlassian.net/browse/PROJ-1234"
}

Force an immediate bi-directional sync between bugAgent and Jira. Triggered by the sync button next to the AUTO SYNC badge on the report detail page. Syncs description, title, severity/priority, comments, and media attachments.

Request Body

Sync Behavior

Response

{
  "success": true,
  "results": [
    "Description synced",
    "Priority pushed to Jira (high — last updated)",
    "2 comment(s) pushed to Jira",
    "1 attachment(s) pulled from Jira"
  ]
}

Check if a synced Jira issue has been modified. Compares title, severity, status, and type between bugAgent and Jira. Severity uses last-updated-wins logic and is auto-applied during polling. Comments and attachments are synced bi-directionally via the auto-sync polling and force-sync endpoints.

Query Parameters

Response

{
  "hasChanges": true,
  "jiraUpdatedAt": "2026-03-18T15:30:00.000Z",
  "changes": {
    "title": { "jira": "Updated title in Jira", "bugagent": "Original title" },
    "severity": { "jira": "high", "bugagent": "medium" }
  }
}

Bi-directional merge between bugAgent and Jira. Updates bugAgent with the chosen values, then pushes them to Jira so both systems are identical. Severity is mapped to Jira priority. For automatic conflict resolution, use /api/jira/force-sync which applies last-updated-wins logic.

Request Body

Update the team's Jira integration settings or disconnect. Only managers and above can modify these settings.

Request Body

Batch-sync report statuses with Jira. Used by the Kanban board to push status changes after drag-and-drop reordering. Fetches the latest Jira status for each report and reconciles any differences.

Request Body

Response

{
  "updates": [
    {
      "id": "uuid",
      "old_status": "new",
      "new_status": "in_progress",
      "jira_status": "In Progress"
    }
  ],
  "synced": 1
}

Create a new automation. Stores the recorded steps, generated Playwright script, and optional schedule. The automation is scoped to the user's active team.

Request Body

Response

{
  "id": "uuid",
  "name": "Login flow smoke test",
  "steps": [ ... ],
  "script": "import { test } from '@playwright/test'; ...",
  "schedule": "0 9 * * 1-5",
  "start_url": "https://app.example.com/login",
  "status": "active",
  "team_id": "uuid",
  "created_by": "uuid",
  "created_at": "2026-03-21T12:00:00Z",
  "updated_at": "2026-03-21T12:00:00Z"
}

Create a new automation with a custom Playwright script. Unlike POST /automations which expects recorded FAB steps, this endpoint lets you supply a script directly — ideal for hand-written tests, AI-generated scripts, or scripts imported from an existing test suite.

Duplicating an Automation

To duplicate an existing automation, fetch its details via GET /api/automations/:id, then call this endpoint with the original's script, target_url, and project_id. Set name to "[Copy] Original Name". The duplicate starts in "draft" status and does not inherit version history or run history from the original.

Request Body

Authentication

Requires session authentication (dashboard) or an API key with automations:write scope.

Plan

Pro or Team plan required.

Response

{
  "id": "uuid"
}

List all automations for the user's active team. Supports pagination and filtering by status.

Query Parameters

Response

{
  "automations": [
    {
      "id": "uuid",
      "name": "Login flow smoke test",
      "status": "active",
      "project_id": "proj_uuid",
      "created_by": "user_uuid",
      "schedule": "0 9 * * 1-5",
      "last_run_at": "2026-03-21T09:00:00Z",
      "last_run_status": "passed",
      "run_count": 42,
      "created_at": "2026-03-20T12:00:00Z"
    }
  ],
  "total": 5,
  "page": 1,
  "limit": 20
}

Get full details of a single automation, including recorded steps, generated Playwright script, schedule, and recent run history.

Response

{
  "id": "uuid",
  "name": "Login flow smoke test",
  "steps": [
    { "action": "navigate", "url": "https://app.example.com/login" },
    { "action": "fill", "selector": "#email", "value": "test@example.com" },
    { "action": "fill", "selector": "#password", "value": "********" },
    { "action": "click", "selector": "button[type=submit]" },
    { "action": "assert", "selector": ".dashboard-title", "text": "Welcome" }
  ],
  "script": "import { test, expect } from '@playwright/test'; ...",
  "schedule": "0 9 * * 1-5",
  "start_url": "https://app.example.com/login",
  "status": "active",
  "team_id": "uuid",
  "created_by": "uuid",
  "created_at": "2026-03-20T12:00:00Z",
  "updated_at": "2026-03-21T08:00:00Z",
  "recent_runs": [
    { "id": "uuid", "status": "passed", "duration_ms": 4200, "started_at": "2026-03-21T09:00:00Z" }
  ]
}

Update an existing automation. Only provided fields are changed. Use this to rename, update the script, change the schedule, or pause/resume.

Request Body

Response

{
  "id": "uuid",
  "name": "Login flow smoke test (updated)",
  "status": "paused",
  "schedule": null,
  "updated_at": "2026-03-21T14:00:00Z"
}

Permanently delete an automation and all its associated run history. This action cannot be undone.

Response

{ "deleted": true }

Generate a Playwright script from recorded browser steps using AI. The generated script includes assertions, error handling, and is ready to run. Optionally saves the script to an existing automation.

Request Body

Response

{
  "script": "import { test, expect } from '@playwright/test';\n\ntest('Login flow smoke test', async ({ page }) => {\n  await page.goto('https://app.example.com/login');\n  await page.fill('#email', 'test@example.com');\n  await page.fill('#password', '********');\n  await page.click('button[type=submit]');\n  await expect(page.locator('.dashboard-title')).toContainText('Welcome');\n});",
  "automation_id": "uuid"
}

Send a Playwright script to Sonnet 4 for AI-powered optimization. Applies a 12-point checklist that automatically fixes selectors, wait strategies, assertions, error handling, auth patterns, mobile compatibility, and strict mode issues. The current script version is saved before optimization so you can undo the change.

URL Parameters

Response

{
  "script": "// optimized Playwright script...",
  "version": 3,
  "changes_summary": "Fixed 4 issues: replaced fragile text selectors with data-testid, added explicit waitForLoadState, improved assertions with toBeVisible, added error recovery for auth flow."
}

Revert the automation script to its previous version. Up to 10 previous versions are retained. Versions are saved before manual edits, AI optimization, and script regeneration.

URL Parameters

Response

{
  "script": "// previous version of the script...",
  "version": 2,
  "versions_remaining": 1
}

{ "error": "No previous versions available to undo" }

Trigger an on-demand run of an automation. The run is queued and executed asynchronously. Poll GET /api/automations/runs or use the returned run ID to check status.

Request Body

Response

{
  "run_id": "uuid",
  "automation_id": "uuid",
  "status": "queued",
  "device": "desktop",
  "queued_at": "2026-03-21T14:30:00Z"
}

List automation runs for the user's active team. Filter by automation ID or status. Returns run results including duration, pass/fail status, and any error output.

Query Parameters

Response

{
  "runs": [
    {
      "id": "uuid",
      "automation_id": "uuid",
      "automation_name": "Login flow smoke test",
      "status": "passed",
      "duration_ms": 4200,
      "started_at": "2026-03-21T09:00:00Z",
      "finished_at": "2026-03-21T09:00:04Z",
      "error": null
    },
    {
      "id": "uuid",
      "automation_id": "uuid",
      "automation_name": "Checkout flow",
      "status": "failed",
      "duration_ms": 8500,
      "started_at": "2026-03-21T09:00:00Z",
      "finished_at": "2026-03-21T09:00:08Z",
      "error": "Timeout waiting for selector '#confirm-btn'"
    }
  ],
  "total": 42,
  "page": 1,
  "limit": 20
}

Trigger an automation run from CI/CD pipelines. Authenticates via API key instead of session token. Designed to be called from GitHub Actions, GitLab CI, or any CI/CD system. Returns immediately with a run ID for polling.

Request Body

Headers

Response

{
  "run_id": "uuid",
  "automation_id": "uuid",
  "status": "queued",
  "device": "desktop",
  "poll_url": "/api/v1/automations/runs/uuid",
  "queued_at": "2026-03-21T14:30:00Z"
}

Poll the status of a CI/CD automation run. Returns the current status, duration, and any error output. Use this to wait for completion in CI/CD scripts.

Headers

Response

{
  "id": "uuid",
  "automation_id": "uuid",
  "automation_name": "Login flow smoke test",
  "status": "passed",
  "duration_ms": 4200,
  "started_at": "2026-03-21T09:00:00Z",
  "finished_at": "2026-03-21T09:00:04Z",
  "error": null,
  "trace_url": "https://bugagent.com/traces/uuid",
  "screenshots": [
    { "step": "login-success", "url": "https://storage.bugagent.com/screenshots/uuid.png" }
  ]
}

Initiate the GitHub OAuth flow. Returns a redirect URL that opens the GitHub authorization page. Once the user authorizes, GitHub redirects back to bugAgent with an installation token. Connect from Settings → Integrations in the dashboard.

Request Body

Response

{
  "authorization_url": "https://github.com/login/oauth/authorize?client_id=...",
  "state": "random-state-token"
}

List all GitHub repositories accessible via the connected GitHub account. Use this to select which repo to map to a bugAgent project.

Response

{
  "repos": [
    {
      "id": 123456,
      "full_name": "acme/web-app",
      "default_branch": "main",
      "private": true
    }
  ]
}

Map a bugAgent project to a GitHub repository. Once mapped, Playwright automation scripts created or updated in that project are automatically pushed to tests/bugagent/{name}.spec.ts in the target repo. Deleting or archiving an automation removes the file from the repo.

Request Body

Response

{
  "mapping_id": "uuid",
  "project_id": "uuid",
  "repo_full_name": "acme/web-app",
  "branch": "main",
  "path_prefix": "tests/bugagent",
  "created_at": "2026-03-22T10:00:00Z"
}

Check the current GitHub connection status and project-to-repo mappings for the authenticated user's organization. Also returns recent sync history and any SHA conflict errors.

Response

{
  "connected": true,
  "github_username": "acme-dev",
  "mappings": [
    {
      "project_id": "uuid",
      "project_name": "Web App",
      "repo_full_name": "acme/web-app",
      "branch": "main",
      "path_prefix": "tests/bugagent",
      "last_sync_at": "2026-03-22T09:45:00Z",
      "sync_status": "ok"
    }
  ]
}

Notes

• If sync_status is sha_conflict, the remote file was modified outside bugAgent. Use POST /api/github/mapping to re-map and force a fresh push, or resolve the conflict in GitHub first.
• Scripts are pushed to {path_prefix}/{automation-name}.spec.ts using the GitHub Contents API.

Disconnect the GitHub integration. Removes the OAuth token and all project-to-repo mappings. Scripts already pushed to GitHub are not deleted.

Response

{
  "disconnected": true
}

List notes for the authenticated user's team. Returns notes the user owns or notes with shared visibility. Supports keyword search, project filtering, author filtering, and date range filtering.

Query Parameters

Response

{
  "notes": [
    {
      "id": "uuid",
      "title": "Checkout flow observations",
      "format": "markdown",
      "visibility": "shared",
      "project_id": "uuid",
      "author_id": "uuid",
      "author_name": "Jane Smith",
      "time_spent_seconds": 1820,
      "attachments_count": 2,
      "created_at": "2026-03-22T10:00:00Z",
      "updated_at": "2026-03-22T10:30:00Z"
    }
  ],
  "total": 42,
  "page": 1,
  "per_page": 20
}

Create a new note. If no title is provided, the first 30 characters of the content are used as the auto-title. Notes auto-save as you type in the dashboard, but this endpoint creates the initial note record.

Request Body

Response

{
  "id": "uuid",
  "title": "Checkout flow observations",
  "content": "## Session 1\n- Payment form loads slowly...",
  "format": "markdown",
  "visibility": "private",
  "project_id": "uuid",
  "author_id": "uuid",
  "time_spent_seconds": 0,
  "attachments": [],
  "created_at": "2026-03-22T10:00:00Z",
  "updated_at": "2026-03-22T10:00:00Z"
}

Get full details of a single note including content and attachments. Returns the note only if the user is the author or the note has shared visibility within the same team.

Response

{
  "id": "uuid",
  "title": "Checkout flow observations",
  "content": "## Session 1\n- Payment form loads slowly on 3G...",
  "format": "markdown",
  "visibility": "shared",
  "project_id": "uuid",
  "author_id": "uuid",
  "author_name": "Jane Smith",
  "time_spent_seconds": 1820,
  "attachments": [
    {
      "id": "uuid",
      "filename": "screenshot.png",
      "size_bytes": 245000,
      "mime_type": "image/png",
      "url": "https://storage.bugagent.com/notes/uuid/screenshot.png"
    }
  ],
  "created_at": "2026-03-22T10:00:00Z",
  "updated_at": "2026-03-22T10:30:00Z"
}

Update an existing note. Only provided fields are changed. Only the note author can update a note. The dashboard uses this endpoint for auto-save (triggered on content changes) and manual save (Save button or Cmd/Ctrl+S).

Request Body

Response

{
  "id": "uuid",
  "title": "Checkout flow observations (updated)",
  "content": "...",
  "format": "markdown",
  "visibility": "shared",
  "time_spent_seconds": 2400,
  "updated_at": "2026-03-22T11:00:00Z"
}

Permanently delete a note and all its attachments. Only the note author can delete a note. This action cannot be undone.

Response

{ "deleted": true }

Upload a file attachment to a note. Files are stored in Supabase Storage and linked to the note. Maximum file size is 10 MB. Supports images, documents, PDFs, and text files.

Request Body (multipart/form-data)

Response

{
  "id": "uuid",
  "note_id": "uuid",
  "filename": "network-waterfall.png",
  "size_bytes": 185000,
  "mime_type": "image/png",
  "url": "https://storage.bugagent.com/notes/uuid/network-waterfall.png"
}

Notes

• Accepted file types: images (PNG, JPEG, GIF, WebP), documents (PDF, DOC, DOCX), text files (TXT, CSV, JSON, XML).
• Maximum file size: 10 MB per file.
• Files are stored in the team's Supabase Storage bucket and served via signed URLs.

List time tracking entries for the authenticated user's team. Supports filtering by time period, project, and category.

Query Parameters

Response

{
  "entries": [
    {
      "id": "uuid",
      "description": "Regression testing checkout flow",
      "category": "testing",
      "duration_minutes": 45,
      "project_id": "uuid",
      "entry_date": "2026-03-22",
      "user_id": "uuid",
      "created_at": "2026-03-22T10:00:00Z",
      "updated_at": "2026-03-22T10:00:00Z"
    }
  ],
  "count": 1
}

Create a new time tracking entry. Log hours spent on QA tasks with categories for team reporting and analytics.

Request Body

Response

{
  "id": "uuid",
  "description": "Regression testing checkout flow",
  "category": "testing",
  "duration_minutes": 45,
  "project_id": "uuid",
  "entry_date": "2026-03-22",
  "created_at": "2026-03-22T10:00:00Z"
}

Update an existing time tracking entry. Only provided fields are changed.

Request Body

Response

{
  "id": "uuid",
  "description": "Regression testing checkout flow (updated)",
  "category": "testing",
  "duration_minutes": 60,
  "project_id": "uuid",
  "entry_date": "2026-03-22",
  "updated_at": "2026-03-22T11:00:00Z"
}

Delete a time tracking entry. This action cannot be undone.

Response

{ "deleted": true }

Notes

• Time Tracking is a Team plan feature. Free and Pro plan users receive a 403 Forbidden response.
• Entries are scoped to the authenticated user's team. All team members can view entries; only the entry creator or team admins can update or delete.

Send a message to the AI Assistant. The assistant is context-aware — it has access to your organization's bug data, projects, Jira connection status, custom AI instructions, and uploaded knowledge documents (product specs, testing playbooks, etc.). It can answer questions about your bugs, suggest testing strategies, and guide you through creating bug reports via text or voice.

Request Body

Response

{"response": "You have 12 open critical bugs. The most recent is..."}

Notes

• Powered by Claude Sonnet. Responses are professional, concise, and emoji-free.
• The assistant is scoped to your current organization's data only.
• Context-aware: automatically includes custom AI instructions and uploaded knowledge documents (product specs, testing playbooks, etc.) configured in Settings.
• Supports voice-to-text input via Whisper transcription for long recording sessions (up to 20+ minutes).
• History role values are validated server-side. Only user and assistant roles are accepted.
• Off-topic questions (politics, opinions, etc.) are politely redirected.

Create a report via the AI Assistant. Supports all 19 report types including bugs, feature requests, enhancements, technical debt, and more. This endpoint is typically called automatically when the assistant completes a guided report creation flow. It verifies team membership and project ownership before creating the report.

Request Body

Response

{
  "success": true,
  "id": "uuid",
  "title": "Login button unresponsive on mobile",
  "type": "ui",
  "severity": "high",
  "attachments_count": 2,
  "jira_key": "PROJ-42"
}

Security

• Verifies the authenticated user is a member of the current organization before creating the report.
• Project ID is validated against the organization. Cross-org report creation is blocked.
• File types are restricted to images, video, PDF, and text files.

Push a bug report to Claude for root cause analysis. Claude analyzes the report and returns a structured analysis including probable cause, affected areas, suggested fix, verification steps, and risk assessment. The analysis is stored on the bug report for future reference. Requires a Claude connection configured in Settings → Integrations.

Request Body

Response

{
  "analysis": "## Probable Root Cause\n...",
  "pushed_at": "2026-03-22T14:30:00Z"
}

Notes

• Requires a Claude connection configured in Settings → Integrations with a valid Anthropic API key.
• The analysis is stored on the bug report and returned in GET /reports/:id as claude_analysis and claude_pushed_at.
• Re-pushing the same report overwrites the previous analysis.
• Available on Pro and Team plans.

Submit a session recording captured by the bugAgent SDK. The SDK records the last 60 seconds of user activity — clicks, navigation, errors, and network failures — and sends the data to this endpoint. The AI then analyzes the session to help auto-draft bug reports. Available on Pro, Team, and Enterprise plans.

Request Body

Response

{
  "id": "uuid",
  "duration_ms": 58200,
  "event_count": 34,
  "created_at": "2026-03-19T14:30:00Z"
}

Notes

• Requires Pro, Team, or Enterprise plan. Free plan users receive a 403 error.
• Maximum payload size: 5 MB per session capture.
• Sessions are retained for 30 days (Pro/Team) or configurable on Enterprise.

List SDK sessions for the current organization. Supports pagination and filtering.

Query Parameters

Response

{
  "sessions": [
    {
      "id": "uuid",
      "duration_ms": 58200,
      "event_count": 34,
      "url": "https://app.example.com/checkout",
      "report_id": null,
      "created_at": "2026-03-19T14:30:00Z"
    }
  ],
  "total": 42
}

Get full detail of a SDK session, including all recorded events. Use this to render the session timeline or feed the events into the AI for analysis.

Response

{
  "id": "uuid",
  "duration_ms": 58200,
  "event_count": 34,
  "url": "https://app.example.com/checkout",
  "environment": {"browser": "Chrome 120", "os": "macOS 15"},
  "report_id": null,
  "events": [
    {"type": "click", "timestamp": "2026-03-19T14:29:02Z", "data": {"selector": "#checkout-btn"}},
    {"type": "error", "timestamp": "2026-03-19T14:29:03Z", "data": {"message": "TypeError: Cannot read property..."}}
  ],
  "created_at": "2026-03-19T14:30:00Z"
}

Attach a SDK session to an existing bug report. This links the session data to the report so reviewers can see what the user did in the 60 seconds before the bug was filed.

Request Body

Response

{
  "success": true,
  "session_id": "uuid",
  "report_id": "uuid"
}

Notes

• Both the session and the report must belong to the same organization.
• A session can only be attached to one report. Re-attaching overwrites the previous link.

Instantly scale your QA team with booster testers. Accounts are provisioned automatically with tester access. Pro and Team plans only. Free plan returns 403. You will not be charged until approval has been given.

Request Body

Response

{ "success": true, "created": 5 }

Error Responses

{ "error": "Team Booster is available on Pro and Team plans only." }

List all changelog entries, most recent first. Also available as an RSS feed.

Response

{
  "entries": [
    {
      "id": "uuid",
      "title": "REST API parity with MCP tools",
      "summary": "Added 12 new REST API endpoints...",
      "content": "Detailed markdown content...",
      "tags": ["api", "new-feature"],
      "published_at": "2026-03-17T12:46:28Z"
    },
    ...
  ]
}

List test cases for the authenticated user's team. Supports search, filtering by priority, type, and status, sorting, and pagination.

Query Parameters

Response

{
  "cases": [
    {
      "id": "uuid",
      "name": "Verify checkout with discount code",
      "description": "Ensure discount codes apply correctly",
      "priority": "high",
      "type": "functional",
      "status": "active",
      "tags": ["checkout", "discounts"],
      "estimated_time": 300,
      "steps_count": 5,
      "project_id": "uuid",
      "created_at": "2026-03-25T10:00:00Z",
      "updated_at": "2026-03-25T10:00:00Z"
    }
  ],
  "total": 42,
  "page": 1,
  "per_page": 20
}

Create a new test case with detailed steps. Each step includes an action to perform and the expected result.

Request Body

Response

{
  "id": "uuid",
  "name": "Verify checkout with discount code",
  "description": "Ensure discount codes apply correctly",
  "preconditions": "User is logged in with items in cart",
  "steps": [
    { "order": 1, "action": "Navigate to cart", "expected": "Cart page loads with items" },
    { "order": 2, "action": "Enter code SAVE20", "expected": "20% discount applied" },
    { "order": 3, "action": "Click checkout", "expected": "Order total reflects discount" }
  ],
  "priority": "high",
  "type": "functional",
  "status": "active",
  "tags": ["checkout", "discounts"],
  "estimated_time": 300,
  "project_id": "uuid",
  "created_at": "2026-03-25T10:00:00Z",
  "updated_at": "2026-03-25T10:00:00Z"
}

Get a test case by ID with its full steps and execution history.

Response

{
  "id": "uuid",
  "name": "Verify checkout with discount code",
  "description": "Ensure discount codes apply correctly",
  "preconditions": "User is logged in with items in cart",
  "steps": [
    { "order": 1, "action": "Navigate to cart", "expected": "Cart page loads with items" },
    { "order": 2, "action": "Enter code SAVE20", "expected": "20% discount applied" }
  ],
  "priority": "high",
  "type": "functional",
  "status": "active",
  "tags": ["checkout", "discounts"],
  "estimated_time": 300,
  "project_id": "uuid",
  "history": [
    { "run_id": "uuid", "run_name": "Sprint 12 Regression", "status": "passed", "executed_at": "2026-03-24T14:00:00Z" }
  ],
  "created_at": "2026-03-25T10:00:00Z",
  "updated_at": "2026-03-25T10:00:00Z"
}

Update any field of a test case. Only provided fields are changed.

Request Body

Response

{ "id": "uuid", "name": "Updated name", ... }

Permanently delete a test case. Removes it from all suites.

Response

{ "success": true }

Duplicate an existing test case including all steps, tags, and metadata. The copy is created with the name prefix "[Copy]".

Request Body

Response

{ "id": "uuid", "name": "[Copy] Verify checkout with discount code", ... }

List test suites for the authenticated user's team. Returns each suite with its case count and last run status.

Query Parameters

Response

{
  "suites": [
    {
      "id": "uuid",
      "name": "Checkout Regression Suite",
      "description": "All checkout-related test cases",
      "case_count": 12,
      "last_run_status": "passed",
      "project_id": "uuid",
      "created_at": "2026-03-25T10:00:00Z"
    }
  ],
  "total": 8
}

Create a new test suite to group related test cases.

Request Body

Response

{
  "id": "uuid",
  "name": "Checkout Regression Suite",
  "description": "All checkout-related test cases",
  "case_count": 0,
  "project_id": "uuid",
  "created_at": "2026-03-25T10:00:00Z"
}

Get a test suite by ID with its full list of cases in order.

Response

{
  "id": "uuid",
  "name": "Checkout Regression Suite",
  "description": "All checkout-related test cases",
  "cases": [
    { "id": "uuid", "name": "Verify checkout with discount code", "priority": "high", "type": "functional", "order": 1 }
  ],
  "project_id": "uuid",
  "created_at": "2026-03-25T10:00:00Z"
}

Update a test suite's name or description.

Request Body

Response

{ "id": "uuid", "name": "Updated Suite Name", ... }

Delete a test suite. Test cases within the suite are not deleted.

Response

{ "success": true }

Add one or more test cases to a suite.

Request Body

Response

{ "added": 3, "case_count": 15 }

Remove a test case from a suite.

Request Body

Response

{ "success": true, "case_count": 14 }

Reorder the test cases within a suite. Provide the full ordered list of case IDs.

Request Body

Response

{ "success": true }

List test runs for the authenticated user's team. Returns each run with suite name, assignee, and pass/fail summary.

Query Parameters

Response

{
  "runs": [
    {
      "id": "uuid",
      "name": "Sprint 12 Regression",
      "suite_id": "uuid",
      "suite_name": "Checkout Regression Suite",
      "status": "in_progress",
      "assigned_to": "uuid",
      "assignee_name": "Jane Smith",
      "summary": { "total": 12, "passed": 8, "failed": 2, "blocked": 1, "skipped": 0, "untested": 1 },
      "created_at": "2026-03-25T10:00:00Z"
    }
  ],
  "total": 5
}

Create a new test run from a test suite. Snapshots all cases from the suite at creation time.

Request Body

Response

{
  "id": "uuid",
  "name": "Sprint 12 Regression",
  "suite_id": "uuid",
  "status": "in_progress",
  "assigned_to": "uuid",
  "results": [
    { "case_id": "uuid", "case_name": "Verify checkout with discount code", "status": "untested" }
  ],
  "created_at": "2026-03-25T10:00:00Z"
}

Get a test run by ID with all case results.

Response

{
  "id": "uuid",
  "name": "Sprint 12 Regression",
  "suite_id": "uuid",
  "suite_name": "Checkout Regression Suite",
  "status": "in_progress",
  "assigned_to": "uuid",
  "assignee_name": "Jane Smith",
  "results": [
    {
      "case_id": "uuid",
      "case_name": "Verify checkout with discount code",
      "status": "passed",
      "actual_result": "Discount applied correctly",
      "notes": "",
      "executed_at": "2026-03-25T11:00:00Z"
    }
  ],
  "summary": { "total": 12, "passed": 8, "failed": 2, "blocked": 1, "skipped": 0, "untested": 1 },
  "created_at": "2026-03-25T10:00:00Z"
}

Update a test run's name or assignee.

Request Body

Response

{ "id": "uuid", "name": "Updated Run Name", ... }

Save the execution result for a specific test case in a run. Mark each case as passed, failed, blocked, or skipped.

Request Body

Response

{ "success": true, "status": "failed", "case_id": "uuid" }

Mark a test run as completed. Calculates and stores the final pass rate.

Response

{
  "id": "uuid",
  "status": "completed",
  "summary": { "total": 12, "passed": 10, "failed": 2, "blocked": 0, "skipped": 0, "untested": 0 },
  "pass_rate": 83.3,
  "completed_at": "2026-03-25T15:00:00Z"
}

Create a new test run containing only the failed cases from a completed run. Useful for re-testing after fixes.

Response

{
  "id": "uuid",
  "name": "Re-run: Sprint 12 Regression (failed)",
  "suite_id": "uuid",
  "status": "in_progress",
  "results": [
    { "case_id": "uuid", "case_name": "Apply expired discount code", "status": "untested" }
  ],
  "created_at": "2026-03-25T16:00:00Z"
}

Get completed test run reports with pass rate and date range filtering. Returns aggregated test execution data.

Query Parameters

Response

{
  "reports": [
    {
      "run_id": "uuid",
      "run_name": "Sprint 12 Regression",
      "suite_name": "Checkout Regression Suite",
      "status": "completed",
      "pass_rate": 83.3,
      "summary": { "total": 12, "passed": 10, "failed": 2, "blocked": 0, "skipped": 0 },
      "completed_at": "2026-03-25T15:00:00Z"
    }
  ],
  "total": 15,
  "average_pass_rate": 87.5
}

List saved Geo-Snap screenshots. Filter by country, search by URL, and paginate results.

Query Parameters

Response

{
  "snaps": [
    {
      "id": "uuid",
      "url": "https://example.com",
      "country": "US",
      "screenshot_url": "https://storage.bugagent.com/geo-snaps/uuid-us.png",
      "status": "completed",
      "created_at": "2026-03-25T10:00:00Z"
    }
  ],
  "total": 15,
  "page": 1,
  "per_page": 20
}

Capture screenshots of a URL from one or more countries. Free plan: 1 country per request, 10 saved screenshots. Pro/Team: up to 5 countries per request, unlimited saved screenshots.

Request Body

Response

{
  "snaps": [
    {
      "id": "uuid",
      "url": "https://example.com",
      "country": "US",
      "screenshot_url": "https://storage.bugagent.com/geo-snaps/uuid-us.png",
      "status": "completed",
      "created_at": "2026-03-25T10:00:00Z"
    },
    {
      "id": "uuid",
      "url": "https://example.com",
      "country": "DE",
      "screenshot_url": "https://storage.bugagent.com/geo-snaps/uuid-de.png",
      "status": "completed",
      "created_at": "2026-03-25T10:00:00Z"
    }
  ]
}

Delete a saved Geo-Snap screenshot by ID.

Path Parameters

Response

{ "deleted": true }

List uploaded mobile apps. Filter by platform, search by name, and paginate results.

Query Parameters

Response

{
  "apps": [
    {
      "id": "uuid",
      "name": "MyApp",
      "platform": "android",
      "package_name": "com.example.myapp",
      "version": "2.1.0",
      "file_url": "https://storage.bugagent.com/apps/uuid.apk",
      "file_size": 48500000,
      "automation_count": 3,
      "created_at": "2026-03-20T10:00:00Z"
    }
  ],
  "total": 1
}

Upload an APK (Android) or IPA (iOS) app binary. Uses multipart/form-data. Max file size: 500 MB.

Request Body (multipart/form-data)

Response

{
  "id": "uuid",
  "name": "MyApp",
  "platform": "android",
  "package_name": "com.example.myapp",
  "version": "2.1.0",
  "file_url": "https://storage.bugagent.com/apps/uuid.apk",
  "file_size": 48500000,
  "created_at": "2026-03-20T10:00:00Z"
}

Get full details for a mobile app, including automation count.

Path Parameters

Response

{
  "id": "uuid",
  "name": "MyApp",
  "platform": "android",
  "package_name": "com.example.myapp",
  "version": "2.1.0",
  "file_url": "https://storage.bugagent.com/apps/uuid.apk",
  "file_size": 48500000,
  "automation_count": 3,
  "created_at": "2026-03-20T10:00:00Z",
  "updated_at": "2026-03-20T10:00:00Z"
}

Update an uploaded mobile app's metadata.

Path Parameters

Request Body

Response

{
  "id": "uuid",
  "name": "MyApp",
  "platform": "android",
  "package_name": "com.example.myapp",
  "version": "2.1.0",
  "file_url": "https://storage.bugagent.com/apps/uuid.apk",
  "file_size": 48500000,
  "automation_count": 3,
  "created_at": "2026-03-20T10:00:00Z",
  "updated_at": "2026-03-20T10:00:00Z"
}

Replace an app's binary with a new version. Deletes the old file from storage, clears cached platform URLs (forcing re-upload on next run), and updates the team's storage quota. All linked automations and schedules will automatically use the new version. For iOS apps, the simulator build is also removed — re-upload it to continue recording.

Path Parameters

Request Body

Response

{ "id": "uuid", "name": "My App", "platform": "android", "version": "2.0.0", "file_size": 15728640, "updated_at": "2026-03-29T..." }

Delete an uploaded mobile app and its storage file. Automations referencing this app will be orphaned.

Path Parameters

Response

{ "success": true }

List mobile automation scripts. Filter by app, script type, and status.

Query Parameters

Response

{
  "automations": [
    {
      "id": "uuid",
      "name": "Login Flow Test",
      "app_id": "uuid",
      "script_type": "maestro",
      "status": "active",
      "target_devices": [
        "Pixel 7",
        "Samsung Galaxy S23"
      ],
      "created_at": "2026-03-21T09:00:00Z"
    }
  ],
  "total": 1
}

Create a mobile automation script. Use Appium for complex cross-platform interactions or Maestro YAML for simple flows.

Request Body

Response

{
  "id": "uuid",
  "name": "Login Flow Test",
  "app_id": "uuid",
  "script_type": "maestro",
  "script": "appId: com.example.myapp\n---\n- launchApp\n- tapOn: \"Login\"\n- inputText: \"user@example.com\"",
  "status": "draft",
  "target_devices": [
    "Pixel 7",
    "Samsung Galaxy S23"
  ],
  "created_at": "2026-03-21T09:00:00Z"
}

Get full details for a mobile automation, including app info and recent runs.

Path Parameters

Response

{
  "id": "uuid",
  "name": "Login Flow Test",
  "app_id": "uuid",
  "app_name": "MyApp",
  "script_type": "maestro",
  "script": "appId: com.example.myapp\n---\n- launchApp\n- tapOn: \"Login\"",
  "status": "active",
  "target_devices": [
    "Pixel 7",
    "Samsung Galaxy S23"
  ],
  "recent_runs": [
    {
      "id": "uuid",
      "status": "passed",
      "device": "Pixel 7",
      "duration_ms": 45000,
      "created_at": "2026-03-22T08:00:00Z"
    }
  ],
  "created_at": "2026-03-21T09:00:00Z"
}

Update a mobile automation script or its metadata.

Path Parameters

Request Body

Response

{
  "id": "uuid",
  "name": "Login Flow Test",
  "app_id": "uuid",
  "app_name": "MyApp",
  "script_type": "maestro",
  "script": "appId: com.example.myapp\n---\n- launchApp\n- tapOn: \"Login\"",
  "status": "active",
  "target_devices": [
    "Pixel 7",
    "Samsung Galaxy S23"
  ],
  "recent_runs": [
    {
      "id": "uuid",
      "status": "passed",
      "device": "Pixel 7",
      "duration_ms": 45000,
      "created_at": "2026-03-22T08:00:00Z"
    }
  ],
  "created_at": "2026-03-21T09:00:00Z"
}

Delete a mobile automation. Fails if the automation has active schedules — delete schedules first.

Path Parameters

Response

{ "success": true }

List mobile test runs. Filter by automation and status.

Query Parameters

Response

{
  "runs": [
    {
      "id": "uuid",
      "automation_id": "uuid",
      "status": "passed",
      "device": "Pixel 7",
      "os_version": "14",
      "duration_ms": 45000,
      "created_at": "2026-03-22T08:00:00Z"
    }
  ],
  "total": 1
}

Trigger a mobile test run. Appium scripts are routed to BrowserStack; Maestro scripts are routed to Maestro Cloud.

Request Body

Response

{
  "id": "uuid",
  "automation_id": "uuid",
  "status": "queued",
  "device": "Pixel 7",
  "os_version": "14",
  "provider": "browserstack",
  "created_at": "2026-03-22T08:00:00Z"
}

Get full results for a mobile test run, including video recording, Appium logs, device logs, network logs, and duration.

Path Parameters

Response

{
  "id": "uuid",
  "automation_id": "uuid",
  "status": "passed",
  "device": "Pixel 7",
  "os_version": "14",
  "provider": "browserstack",
  "duration_ms": 45000,
  "video_url": "https://storage.bugagent.com/runs/uuid/video.mp4",
  "screenshots": [
    "https://storage.bugagent.com/runs/uuid/screen_001.png"
  ],
  "logs": "https://storage.bugagent.com/runs/uuid/device.log",
  "performance": {
    "cpu_avg": 23.5,
    "memory_peak_mb": 256,
    "battery_drain": 2.1,
    "fps_avg": 58.3
  },
  "created_at": "2026-03-22T08:00:00Z",
  "completed_at": "2026-03-22T08:00:45Z"
}

Archive a completed mobile test run. Archived runs are hidden from the default listing but can be viewed with the status=archived filter.

Request Body

List available BrowserStack real devices for mobile testing. Optionally filter by platform.

Query Parameters

List scheduled mobile test runs with cron expression, timezone, and notification settings.

Response

{
  "schedules": [
    {
      "id": "uuid",
      "automation_id": "uuid",
      "automation_name": "Login Flow Test",
      "cron_expression": "0 9 * * 1-5",
      "timezone": "America/New_York",
      "devices": [
        "Pixel 7",
        "iPhone 15 Pro"
      ],
      "notify_on_fail": "slack",
      "enabled": true,
      "next_run_at": "2026-03-23T09:00:00Z"
    }
  ],
  "total": 1
}

Create a scheduled mobile test run. Runs are dispatched to the configured devices on the cron schedule.

Request Body

Response

{
  "id": "uuid",
  "automation_id": "uuid",
  "cron_expression": "0 9 * * 1-5",
  "timezone": "America/New_York",
  "devices": [
    "Pixel 7",
    "iPhone 15 Pro"
  ],
  "notify_on_fail": "slack",
  "enabled": true,
  "next_run_at": "2026-03-23T09:00:00Z",
  "created_at": "2026-03-22T10:00:00Z"
}

Update a mobile test schedule.

Path Parameters

Request Body

Response

{
  "id": "uuid",
  "automation_id": "uuid",
  "cron_expression": "0 9 * * 1-5",
  "timezone": "America/New_York",
  "devices": [
    "Pixel 7",
    "iPhone 15 Pro"
  ],
  "notify_on_fail": "slack",
  "enabled": true,
  "next_run_at": "2026-03-23T09:00:00Z",
  "created_at": "2026-03-22T10:00:00Z"
}

Delete a mobile test schedule.

Path Parameters

Response

{ "success": true }

List all performance test configurations for the current team.

Response

{ "tests": [{ "id": "uuid", "name": "Homepage Perf", "url": "https://example.com", "device": "desktop", "virtual_users": 10, "duration": 30, "perf_threshold": 50, "auto_create_bug": true, "created_at": "..." }] }

Create a new performance test configuration. Combines page quality audits with distributed load testing. Supports mobile app profiling on real Android/iOS devices via BrowserStack. Pro/Team/Enterprise plans only.

Body Parameters

Response

{ "test": { "id": "uuid", "name": "Homepage Perf", "url": "https://example.com", ... } }

Get a single performance test configuration by ID.

Path Parameters

Update a performance test configuration. Only include fields you want to change.

Path Parameters

Body Parameters

Delete a performance test configuration and all its associated runs.

Path Parameters

Response

{ "success": true }

Trigger a performance test run (page audit + load test). The run executes asynchronously; poll GET /performance/runs/:id for results. Auto-creates a bug report when the performance score drops below the configured threshold.

Body Parameters

Response

{ "run": { "id": "uuid", "status": "running", "test_id": "uuid", "created_at": "..." } }

Get full results for a performance test run. Includes Lighthouse scores (Performance, Accessibility, Best Practices, SEO), Core Web Vitals (LCP, FID, CLS, FCP, TTFB, INP, TBT, SI), and load test metrics (VUs, total requests, RPS, p50/p90/p95/p99 latencies).

Path Parameters

Download a CSV report for a performance run. Includes Lighthouse scores, Core Web Vitals, load test summary with latency percentiles, and test metadata.

Path Parameters

Response

Returns text/csv with Content-Disposition: attachment; filename="performance-report-{id}.csv"

Archive a completed performance test run. Archived runs are hidden from the default listing but can be viewed with the status=archived filter on GET /performance/runs.

Path Parameters

Response

{ "success": true, "status": "archived" }

Unarchive a previously archived performance test run, restoring it to the default listing.

Path Parameters

Response

{ "success": true, "status": "completed" }

Check monthly performance test usage against plan limits. Limits: Free=0, Pro=1/mo, Team=2/mo, Enterprise=10/mo, Admin=unlimited.

Response

{ "used": 1, "limit": 2, "remaining": 1, "plan": "team", "period_start": "2026-03-01", "period_end": "2026-03-31" }

Create a security scan configuration. Requires Pro, Team, or Enterprise plan.

Request Body

Trigger a security scan. Web scans require a verified domain. Mobile scans require an uploaded app with a valid file URL. Counts against monthly quota.

Request Body

Response

{ "id": "run-uuid", "status": "queued" }

Get scan run status and results. Poll this endpoint while status is queued or running.

Response (completed)

{
  "id": "run-uuid",
  "status": "completed",
  "security_score": 72,
  "total_findings": 15,
  "critical_count": 0,
  "high_count": 2,
  "medium_count": 5,
  "low_count": 4,
  "info_count": 4,
  "authenticated": true,
  "duration_seconds": 185
}

List verified domains for the team. Use POST to add a domain and receive a DNS TXT verification token.

List open pull requests for a GitHub repository. Returns PR number, title, author, head branch, and existing review status if previously reviewed. Requires a GitHub integration configured in Settings.

Trigger an AI code review on a pull request. Fetches the PR diff from GitHub and sends it to Claude for analysis. Returns the review ID with quality score and findings. Team/Enterprise only.

List past code reviews for the team. Returns review ID, repo, PR number/title, quality score, severity counts, and timestamps. Ordered by most recent.

Get a single code review with all findings. Each finding includes severity (critical/high/medium/low), category (bug/security/performance/style/logic/maintainability), title, description, suggestion, file path, line numbers, and code snippet.

Get code review settings for the team. Returns custom instructions, auto-review toggle, post-comments toggle, auto-bug creation config, and enabled status.

Update code review settings. All fields optional — only provided fields are updated.

Check code review usage. Returns reviews used and plan info. Unlimited reviews on Pro, Team, and Enterprise plans.

Get code review analytics for the team. Returns trends (daily review counts + avg scores), finding category and source breakdowns, severity distribution, velocity metrics (reviews/week, avg time, avg findings), top repos, top PR authors, and recent quality score sparkline data. Query param: days (7, 30, or 90, default 30).

List all GitHub webhooks registered for the team. Returns webhook ID, repo, active status, and creation date.

Register a GitHub webhook on a repository for auto-review. Requires repo (e.g. owner/name). Creates a webhook on GitHub that sends pull_request events to bugAgent. The webhook secret is auto-generated and stored securely.

Remove a GitHub webhook from a repository. Requires repo. Deletes the webhook from both GitHub and the bugAgent database.

GitHub webhook receiver endpoint. Handles pull_request events. Verifies HMAC-SHA256 signature, checks auto-review settings, and triggers a Claude-powered code review. Only processes opened and synchronize actions. Deduplicates by commit SHA.

List all Exploratory AI configs for the team. Returns name, target URL, status, last run info, and run count.

Create a new exploration config. Requires name and target_url. Optional: exploration_context (JSONB with focus_areas, instructions, auth_config, exclude_paths, max_depth, test_data), project_id, auto_create_bug, min_severity_for_bug.

Trigger an exploration run. Requires exploration_id. Dispatches to the runner for 5-phase execution (Recon, Plan, Execute, Analyze, Report). Returns the run ID. Poll GET /api/explorations/runs/:id for status.

Get exploration run details including phase data (recon, plan, execute, analyze), findings, and linked bug reports. Use for polling during execution or viewing results.

Check monthly Exploratory AI usage. Pro: 3/mo, Team: 10/mo, Enterprise: 50/mo.

Get exploration history and trends. Returns run history, finding trends by type and severity over time, screenshot comparisons between consecutive runs, and delta vs previous run. Query params: exploration_id (optional filter), days (7/30/90, default 30).

Manage exploration schedules. GET lists schedules. POST creates a new one (requires exploration_id and cron_expression). PATCH updates schedule (enable/disable, change cron). DELETE removes a schedule. Supports notifications via email or Slack on failure.