Open-source AI testing tools, April 2026: a four-question filter

For a regular npm package, MIT or Apache on the repository plus a published source tree is enough. For an AI testing tool the bar is higher because the tool's behaviour is not in the source you read; it is in the system prompt the tool sends to its LLM at runtime. A repo can be MIT licensed and still keep the prompt server-side, fetched by the SDK from a closed endpoint. So the practical question becomes: can you read the prompt the testing agent reads before it touches your app? In Assrt's reference, the answer lives in two files. The 57-line SYSTEM_PROMPT is at /Users/matthewdi/assrt-mcp/src/core/agent.ts lines 198 to 254. The 18-line PLAN_SYSTEM_PROMPT is at /Users/matthewdi/assrt-mcp/src/mcp/server.ts lines 219 to 236. Both are committed text in a public repo. If you cannot point at the equivalent file in another tool's repo, the tool is open-runtime in name only.

One: can you read the system prompt the testing agent reads? Two: when the tool produces a test, what file lands on disk and can a human who has never seen the tool execute it by reading? Three: can the tool drive your real Chrome instance with your real cookies, or does it require a sandbox? Four: is the agent's tool surface fixed (a finite JSON schema) or open-ended (free-text Playwright code that can hallucinate APIs)? A 'yes / portable / yes / bounded' tool is genuinely open-source AI testing. A tool that misses any of these is something else, possibly useful, but not the same shape.

About five minutes per tool, mostly clicking through GitHub. Question one is two grep commands against the repo. Question two is one ls of the output directory after a generated run. Question three is 'does the docs index page mention extension mode, --extension, or CDP attach?'. Question four is 'open the file that defines the agent's tool schema and count entries.' For Assrt the answers are agent.ts:198-254 (yes), /tmp/assrt/scenario.md plus a Markdown #Case format (portable), --extension flag wired at agent.ts line 338 (yes), and 18 entries at agent.ts:16-196 (bounded). For tools where any of these answers is 'closed', 'vendor YAML', 'sandbox only', or 'free-text codegen', note that and move on.

Because flexibility at the tool surface means the agent can hallucinate calls. A code-emitting agent that writes Playwright is free to invent page.fillFormFields or page.clickByLabel; the resulting .spec.ts looks plausible until you run it and discover those methods do not exist. A bounded-surface agent is physically incapable of hallucinating because the MCP server rejects any call not in the schema. Assrt's surface is 18 entries declared at agent.ts:16-196: navigate, snapshot, click, type_text, select_option, scroll, press_key, wait, screenshot, evaluate, create_temp_email, wait_for_verification_code, check_email_inbox, assert, complete_scenario, suggest_improvement, http_request, wait_for_stable. Every action the agent takes is one of those 18, and every one is a real Playwright MCP call you can read the implementation of. There is no other call site.

A portable artifact is one you can hand to a colleague who has never used the tool, and they can read it top to bottom and execute the steps with eyes alone. Assrt's artifact is one Markdown file with #Case blocks. The format is: '#Case 1: name', then plain English steps. A reader who has never heard of Assrt can read 'Click the Login button. Type test@example.com into the email field. Verify the dashboard appears.' and execute it manually or paste it into another agent. Compare with vendor formats that look like 'browserstack:ai/v1/scenario' wrapped around a JSON DSL. If you stop using the vendor, the JSON is dead. The Markdown file is just instructions; it survives the tool. Assrt writes the file at /tmp/assrt/scenario.md, watches it for edits with fs.watch, and syncs changes back so you can hand-tune the plan in any text editor.

Most AI testing tools launch a fresh Chromium with no cookies and no extensions. That is fine for testing a public landing page. It is useless for testing anything behind a real login: your Stripe dashboard, your Cal.com booking page, your Slack admin console. Re-creating those auth states in a fresh browser means scripted login flows, fixture seeds, OAuth juggling, or shipping production credentials to a SaaS sandbox. The shorter path is to attach to your existing Chrome instance, where the cookies already live. In Assrt's reference, the --extension flag is wired through to Playwright's CDP attach mode at /Users/matthewdi/assrt-mcp/src/core/agent.ts line 338, with extensionToken persistence at the same path. The first time you use it, Chrome shows an approval dialog; the token is saved to ~/.assrt/extension-token; every subsequent run skips the dialog. You test the same page you are looking at, signed in as you.

Without naming individual products in marketing copy: code-emitting generators that ship a free CLI but a closed agent prompt fail check one. Tools that emit a vendor-specific YAML or JSON DSL fail check two. Tools whose 'browser' is a SaaS-hosted sandbox without a CDP attach option fail check three. Tools whose agent can write arbitrary Playwright code in the output fail check four because the runtime cost of hallucinated APIs falls on you. None of these are bad tools categorically; they are different products. Calling them 'open source AI testing' tools is the misnomer, because the parts you cannot read or relocate are the parts that determine the testing behaviour.

Open the repository at github.com/m13v/assrt-mcp in a browser and read four files. src/core/agent.ts lines 198 to 254 is the SYSTEM_PROMPT (check one passes). src/core/agent.ts lines 16 to 196 is the TOOLS array (check four passes; count is 18). README.md mentions --extension and the Playwright extension token (check three passes). src/mcp/server.ts and src/core/scenario-files.ts describe /tmp/assrt/scenario.md as the test artifact (check two passes; the artifact is Markdown). Total time, about three minutes. Compare against any other tool you are evaluating, file by file. The quality of the comparison depends entirely on whether the equivalent files exist in the other tool's public repo.

Two costs: the LLM tokens, and the seat license. Assrt defaults to claude-haiku-4-5-20251001, set at agent.ts line 9. Per scenario, the cost lands in the cents range, dominated by snapshot text and screenshot bytes the agent reads before each click. The seat license is zero, because the runtime is MIT licensed and self-hosted. Comparable hosted AI testing platforms in April 2026 still price competitive offerings at four to five figures per month per team for the equivalent functionality. The arithmetic over a year of one team is not subtle. The reason the vendors can charge that much is not the runtime itself; it is the closed prompt and the lock-in shape that make migration off the vendor expensive.

Yes, and the trade-off is intentional. With 18 tools, the agent cannot, for example, run an arbitrary Playwright fixture composition, install a per-test browser context with custom storage, or invoke a Playwright trace viewer programmatically. Those things still belong in code-emitter territory. The 18 tools cover the common path: navigate, see what is on the page, interact with it, verify outcomes, talk to email, talk to external APIs, mark assertions, complete the run. For the 80 percent of testing that is 'click some buttons, fill some fields, check some text', a bounded surface is faster, cheaper, and harder to break. For the remaining 20 percent, a code emitter is still the right shape. The two architectures coexist; pick the one that matches the test, not the brand.

Yes, with the verbs swapped. Question one (readable prompt) is unchanged. Question two becomes 'what artifact lands on disk and is it portable?' For an API testing tool, that might be a YAML or JSON spec; it is portable if a curl-literate human can run the cases by hand. Question three becomes 'can it run against your real environment, or does it require a vendor sandbox?'. Question four becomes 'is the agent's tool surface fixed?' The answer for a mobile testing tool would point at an Appium adapter; for an API tool, at the HTTP verb set the agent is allowed to call. The principle is identical: the boundary the agent moves inside is the part you must be able to read.

Three commits and a license. Commit the system prompt as a string in your repo (not a runtime fetch from your CDN). Commit the tool schema as a typed array in your repo (not generated dynamically from a closed source). Document one example artifact your tool produces and show that a human can read it without your software running. License the runtime under MIT, Apache, or BSD; if your business model is a hosted control plane, the runtime can still be open. Assrt's example: SYSTEM_PROMPT and PLAN_SYSTEM_PROMPT are committed strings; TOOLS is a typed Anthropic.Tool array; the artifact is /tmp/assrt/scenario.md in plain Markdown; the license is MIT. The honesty bar is low; surprisingly few products clear it.