Skip to main content
Every QAOS run is driven by a JSON configuration file. This file tells the agent where to start, what to test, and which agents to use on each page.

Config file structure

{
  "name": "string",
  "projectId": "string",
  "envFile": "string (optional)",
  "agentInfo": { "key": "value" },
  "tasks": [
    {
      "id": "string",
      "description": "string",
      "context": "string (optional)",
      "startUrl": "string",
      "subAgents": ["security", "uiux"]
    }
  ]
}

Top-level fields

FieldTypeRequiredDescription
namestringYesHuman-readable name for this run, shown in the dashboard
projectIdstringYesUUID of the project to associate this run with
envFilestringNoPath to a .env file with environment variables for the run
agentInfoobjectNoArbitrary metadata attached to the run report
tasksarrayYesList of test tasks (see below)

Task fields

Each item in the tasks array defines one test scenario:
FieldTypeRequiredDescription
idstringYesUnique identifier for this task within the run
descriptionstringYesNatural language description of what to test
contextstringNoAdditional context for the agent (credentials, notes)
startUrlstringYesThe URL the agent navigates to at the start of this task
subAgentsarrayYesWhich agents to run: "security", "uiux", or both

Writing effective task descriptions

The description field is interpreted by an LLM, so natural language works well. Be specific about what the agent should do and what you want it to look for. 
"Navigate to the login page and attempt to log in with test credentials admin@example.com / password123"

"Browse the user account settings page and check all editable fields"

"Access the admin panel and verify that admin-only actions are properly restricted"

Choosing subAgents

You can run the security agent, UI/UX agent, or both on any given task. 
"subAgents": ["security"]          // security only
"subAgents": ["uiux"]           // UI/UX only
"subAgents": ["security", "uiux"] // both
When to use both: For pages with user interaction (forms, buttons, navigation), running both agents together gives a complete picture. When to use one: For internal API endpoints or system-only pages, security alone may be sufficient. For static marketing pages, quality alone may be more relevant.

Two ways to configure

Visual UI Builder

Use the QAOS dashboard to generate a config file through a guided form — no JSON editing required.

JSON from Scratch

Write or edit the config file directly with the full field reference.