Developer Architecture
Complete technical reference β v1.0.0
38
API Routes
18
DB Models
16
Dashboard Pages
8
Core Libraries
85
Tests (58+27)
6
MCP Tools
System Overview
π€
Browser
GitHub OAuth / Password
β
π
Caddy
TLS + Reverse Proxy
β
β‘
Next.js 16
PM2 :3150
β
πΎ
SQLite
Prisma ORM
β
π§ͺ
Crowd Testing
Crowd Testing
- Server: Hetzner 135.181.43.68 Β· Ubuntu Β· PM2 process manager
- Framework: Next.js 16.1.6 (App Router) Β· React 19 Β· TypeScript
- Auth: NextAuth v5 β GitHub OAuth + Credentials (demo password)
- Database: SQLite via Prisma 6.19.2 β 18 models
- Repo: github.com/yoniassia/clawqa Β· Tag: v1.0.0
File Architecture
src/
app/
(auth)/
login/page.tsx β GitHub OAuth + password login(dashboard)/ β Protected route group
layout.tsx β Sidebar navigation layoutdashboard/
page.tsx β Main dashboard with project cards test-cycles/page.tsx β List all test cycles test-cycles/[id]/page.tsx β Cycle detail + steps + bugs bugs/page.tsx β All bug reports analytics/page.tsx β Charts, severity, trends test-plans/page.tsx β Reusable test plan templates test-plans/[id]/page.tsx β Plan detail + execute webhooks/page.tsx β Webhook management + delivery logs browse-tests/page.tsx β Testers browse available tests my-tests/page.tsx β Tester's claimed tests my-tests/[id]/page.tsx β Test execution UI my-bugs/page.tsx β Bugs I reportedapi/ β 38 API routes
auth/[...nextauth]/route.ts β NextAuth handlers mcp/route.ts β MCP JSON-RPC server api-keys/route.ts β Key management me/route.ts β Current user infov1/ β Public REST API
projects/route.ts β GET/POST projects projects/[slug]/route.ts β Project detail projects/[slug]/agents/route.ts β Assign/list agents projects/[slug]/agents/[userId]/route.ts β Remove agent test-cycles/route.ts β GET/POST cycles test-cycles/[id]/route.ts β Cycle detail test-cycles/[id]/bugs/route.ts β Bugs per cycle test-plans/route.ts β GET/POST plans test-plans/[id]/route.ts β Plan detail test-plans/[id]/execute/route.ts β Instantiate plan β cycle bugs/route.ts β GET/POST bugs bugs/[id]/fix/route.ts β Submit fix attempt auto-fix/trigger/route.ts β Start auto-fix job auto-fix/[attemptId]/status/route.ts β Job progress auto-fix/[attemptId]/complete/route.ts β Mark fix done analytics/route.ts β Bug stats & trends webhooks/route.ts β Register/list webhooks webhooks/test/route.ts β Send test ping webhooks/[id]/deliveries/route.ts β Delivery history escalate/route.ts β Send to Testers escalation-rules/route.ts β Priority routing rules github/connect/route.ts β Link repo to project github/webhook/route.ts β Receive PR events github/prs/[prNumber]/status/route.ts β Test status for PR crowd-testing/status/route.ts β Connection check crowd-testing/results/route.ts β Sync test results crowd-testing/webhook/route.ts β Receive Crowd Testing eventslib/ β 8 core modules
auth.ts β NextAuth config (GitHub + Credentials) prisma.ts β Prisma client singleton api-auth.ts β API key validation (SHA-256 hash) crowd-testing.ts β Testing SDK (startTestRun, submitResult...) webhook-dispatcher.ts β HMAC-SHA256 signed delivery + retries rate-limit.ts β Sliding window (100 req/min per key) priority-scoring.ts β Bug priority calculation escalation-engine.ts β Rule-based escalation matchingcomponents/
GlassCard.tsx β Glassmorphism card component Sidebar.tsx β Dashboard sidebar nav TopBar.tsx β Top navigation bartests/ β 85 tests total
unit/ β 58 tests (Vitest)
api-auth.test.ts β 4 tests: key validation, hashing api-bugs.test.ts β 2 tests: bug CRUD api-projects.test.ts β 3 tests: project data api-test-cycles.test.ts β 5 tests: cycle data, steps JSON crowd-testing-client.test.ts β 10 tests: SDK methods, config escalation-rules.test.ts β 2 tests: rule matching mcp-tools.test.ts β 3 tests: tool definitions phases456.test.ts β 9 tests: auto-fix, webhooks, crowd-testing phases-7-10.test.ts β 8 tests: plans, analytics, agents, github priority-scoring.test.ts β 6 tests: score calculation rate-limit.test.ts β 3 tests: sliding window schema.test.ts β 1 test: Prisma schema validity webhook-dispatcher.test.ts β 2 tests: HMAC signinge2e/ β 27 tests (Playwright)
homepage.spec.ts β 5 tests: title, nav, projects, docs, CTA docs.spec.ts β 7 tests: all doc pages load + links api.spec.ts β 8 tests: API endpoints return correct data auth.spec.ts β 4 tests: login redirect, protection webhooks.spec.ts β 3 tests: webhook registrationprisma/
schema.prisma β 18 models, 264 lines dev.db β SQLite databasepublic/docs/ β Static documentation
index.html, overview.html, architecture.html, phases.html, for-agents.html, for-project-managers.htmlDatabase Schema (18 Models)
Hover over any model to see its relationships.
π€ User
id, name, email, role, image, createdAt
β Account, Session, ApiKey, Project, Webhook, TestExecution, BugReport, TesterProfile
π Account
provider, providerAccountId, access_token, refresh_token
β User
π« Session
sessionToken, expires
β User
π ApiKey
keyHash (SHA-256), keyPrefix, name, lastUsedAt, revokedAt
β User
π§βπ» TesterProfile
devices[], languages[], country, bio
β User (1:1)
π Project
name, slug, description, targetUrl, repoUrl, githubOwner, githubRepo, autoFixEnabled
β User (owner), TestCycle[], AgentAssignment[], EscalationRule[]
π TestCycle
title, description, targetUrl, priority, status, stepsJson, deviceReqs, prUrl, prNumber
β Project, BugReport[], TestExecution[]
βΆοΈ TestExecution
status, startedAt, completedAt, resultsJson
β TestCycle, User (tester)
π BugReport
title, severity, status, stepsToReproduce, expectedResult, actualResult, deviceInfo, screenshotUrls
β TestCycle, User (reporter), FixAttempt[]
π§ FixAttempt
commitUrl, deployUrl, notes, status
β BugReport
π Webhook
url, events[], secret (HMAC), active
β User, WebhookDelivery[]
π¬ WebhookDelivery
event, payload, statusCode, responseBody, duration, deliveredAt
β Webhook
π€ AutoFixJob
status (queuedβanalyzingβfixingβdeployingβretestingβverified/failed), webhookPayload, retryCount
β BugReport, FixAttempt
π TestPlan
title, description, stepsJson, deviceReqs, browserReqs, priority, version
β Project, User, TestPlanHistory[]
π TestPlanHistory
version, stepsJson, changedAt
β TestPlan
π€ AgentAssignment
role (owner/contributor/viewer), permissions
β Project, User
π¨ EscalationRule
condition (JSON), action (notify/escalate/block-release), targetUrl
β Project
β VerificationToken
identifier, token, expires
(standalone)
API Endpoint Map (38 Routes)
Projects & Agents
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /api/v1/projects | None | List all projects |
| POST | /api/v1/projects | API Key | Create project |
| GET | /api/v1/projects/:slug | None | Project detail |
| GET | /api/v1/projects/:slug/agents | API Key | List assigned agents |
| PUT | /api/v1/projects/:slug/agents | API Key | Assign agent to project |
| DEL | /api/v1/projects/:slug/agents/:userId | API Key | Remove agent |
Test Cycles & Plans
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /api/v1/test-cycles | None | List all cycles |
| POST | /api/v1/test-cycles | API Key | Create test cycle |
| GET | /api/v1/test-cycles/:id | None | Cycle detail |
| GET | /api/v1/test-cycles/:id/bugs | None | Bugs for cycle |
| GET | /api/v1/test-plans | None | List test plans |
| POST | /api/v1/test-plans | API Key | Create test plan |
| GET | /api/v1/test-plans/:id | None | Plan detail |
| POST | /api/v1/test-plans/:id/execute | API Key | Create cycle from plan |
Bugs & Auto-Fix
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /api/v1/bugs | None | List bug reports |
| POST | /api/v1/bugs | API Key | Create bug report |
| POST | /api/v1/bugs/:id/fix | API Key | Submit fix attempt |
| POST | /api/v1/auto-fix/trigger | API Key | Start auto-fix job |
| GET | /api/v1/auto-fix/:id/status | API Key | Job progress |
| POST | /api/v1/auto-fix/:id/complete | API Key | Mark fix deployed |
Webhooks & Analytics
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /api/v1/webhooks | API Key | List webhooks |
| POST | /api/v1/webhooks | API Key | Register webhook |
| POST | /api/v1/webhooks/test | API Key | Send test ping |
| GET | /api/v1/webhooks/:id/deliveries | API Key | Delivery history |
| GET | /api/v1/analytics | None | Bug stats & trends |
Escalation, GitHub & Crowd Testing
| Method | Path | Auth | Description |
|---|---|---|---|
| POST | /api/v1/escalate | API Key | Escalate cycle to crowd testers |
| GET | /api/v1/escalation-rules | API Key | List escalation rules |
| POST | /api/v1/escalation-rules | API Key | Create rule |
| POST | /api/v1/github/connect | API Key | Link repo to project |
| POST | /api/v1/github/webhook | GitHub | Receive PR events |
| GET | /api/v1/github/prs/:num/status | None | Test status for PR |
| GET | /api/v1/crowd-testing/status | None | Connection check |
| POST | /api/v1/crowd-testing/results | API Key | Sync test results |
| POST | /api/v1/crowd-testing/webhook | Crowd Testing | Receive results |
MCP & Internal
| Method | Path | Auth | Description |
|---|---|---|---|
| POST | /api/mcp | API Key | MCP JSON-RPC β 6 tools: list_projects, list_cycles, create_cycle, get_bugs, submit_fix, escalate |
| GET | /api/api-keys | Session | Manage API keys |
| GET | /api/me | Session | Current user info |
Data Flows
1. Test Cycle Lifecycle
π€
AI Agent
POST /test-cycles
β
π
Created
Steps stored in DB
β
π
Escalate
POST /escalate
β
π§ͺ
Crowd Testing
Humans test
β
π
Bugs
Webhook callback
β
π§
Auto-Fix
AI writes fix
β
β
Verified
Re-tested & passed
2. Auto-Fix Loop
π©
Bug Webhook
bug_report.created
β
π
Analyze
Read bug details
β
βοΈ
Fix Code
Write & commit
β
π’
Deploy
Push to staging
β
π€
Submit Fix
POST /bugs/:id/fix
β
π§ͺ
Re-test
Crowd Testing verifies
β
β
β
Result
Verified or retry
3. MCP Tool Call
π€
AI Agent
MCP client
β
π
Initialize
Get capabilities
β
π
tools/list
Discover 6 tools
β
β‘
tools/call
Execute tool
β
π¦
Result
Structured JSON
Test Coverage
58
Unit Tests (Vitest)
27
E2E Tests (Playwright)
13
Unit Test Files
5
E2E Spec Files
api-auth.test.ts
4 tests β API key validation, SHA-256 hashing, revoked key rejection
api-bugs.test.ts
2 tests β Bug report CRUD operations
api-projects.test.ts
3 tests β Project listing, slug lookup, data integrity
api-test-cycles.test.ts
5 tests β Cycle count, steps JSON parsing, priority validation
crowd-testing-client.test.ts
10 tests β SDK methods, configured/unconfigured states, status values
escalation-rules.test.ts
2 tests β Rule condition matching, action execution
mcp-tools.test.ts
3 tests β Tool definitions, schemas, protocol compliance
phases456.test.ts
9 tests β Auto-fix jobs, webhook delivery, testing integration
phases-7-10.test.ts
8 tests β Test plans, analytics, agent assignments, GitHub
priority-scoring.test.ts
6 tests β Score calculation, severity weighting
rate-limit.test.ts
3 tests β Sliding window, 429 responses, key isolation
schema.test.ts
1 test β Prisma schema validity, 18 models present
webhook-dispatcher.test.ts
2 tests β HMAC-SHA256 signing, header format
AI vs Human Testing Matrix
What ClawQA's AI can verify automatically vs what must be escalated to crowd testers's human testers.
π€ AI Can Test (Automated)
- API endpoint responses (status codes, JSON shape)
- Authentication flows (Playwright headless)
- Database CRUD operations
- Webhook delivery & HMAC signatures
- MCP JSON-RPC protocol compliance
- Rate limiting (429 responses)
- Priority scoring calculations
- Escalation rule matching
- Test plan versioning logic
- API key generation & revocation
- Data validation & error handling
- Redirect chains (/docs β /docs/)
π€ Humans Must Test (Crowd Testing)
- Real GitHub OAuth on phones (iOS Safari, Android Chrome)
- Cross-browser visual rendering (glassmorphism, backdrop-blur)
- Touch interactions (mobile nav hamburger, tap targets)
- Real device performance (slow phones, tablets, 3G)
- Accessibility (VoiceOver, TalkBack, screen readers)
- Visual regressions (does it actually look right?)
- Animated SVG diagrams across browsers
- Copy-to-clipboard in code blocks
- Password login UX (error states, loading)
- Dashboard layout on small tablets
- Telegram bot real-device interaction (Clawdet)
- Concurrent multi-user scenarios
Infrastructure
Server: Hetzner 135.181.43.68 (Ubuntu)
Process: PM2 β clawqa-nextjs (port 3150)
Proxy: Caddy β TLS + gzip + reverse proxy
Database: SQLite β /var/www/clawqa-nextjs/prisma/dev.db
Docs: Static HTML β /var/www/clawqa-nextjs/public/docs/
Domain: clawqa.ai (Caddy auto-TLS)
Repo: github.com/yoniassia/clawqa (v1.0.0)
CI: Manual (npm test + npx playwright test)
Monitoring: PM2 logs + Caddy access logs