What is QAOS?
QAOS is an intelligent testing agent that browses your web application exactly like a real user would — clicking buttons, filling forms, navigating pages — while simultaneously scanning for security vulnerabilities and accessibility problems. Unlike static analysis tools, QAOS understands context. It identifies issues that only surface during real interactions: session tokens exposed after login, privilege escalation through hidden form parameters, or rate limiting that only kicks in after the tenth failed attempt.What QAOS detects
Security Vulnerabilities
Access control bypasses, injection attacks, weak cryptography, session hijacking vectors, misconfigured headers, and more — mapped to industry standards.
Accessibility & UI/UX Issues
WCAG 2.1 violations, keyboard navigation gaps, color contrast failures, missing form labels, and UX problems that affect real users.
How it works
Configure a run
Write a JSON config file describing the pages to test and which agents to use, or generate one through the web UI.
Run the agent
Execute
qaos run — the agent launches a browser, navigates your site, and streams results in real time.Core concepts
| Concept | Description |
|---|---|
| Run | A single test execution defined by a config file |
| Task | A scoped test scenario within a run (e.g. “log in and check the settings page”) |
| SubAgent | A specialized agent module — either security or quality |
| QAOS Mode | Automatic crawl mode: the agent discovers and tests all pages autonomously |
| Issue | A detected problem, classified by type, severity, and location |