Testing at scale @ Spotify
Our team discusses testing techniques from Swiftable BA.
The integration of AI tools and models is rapidly reshaping the development landscape, especially in Quality Assurance (QA).
The shift from testing as code to testing as instruction marks a significant paradigm shift, demanding new approaches to standardization, safety, and collaboration. This article examines the transformative potential of AI in QA, highlighting critical tools and practices, including open-source versus SaaS architectures, sensitive data handling, language model flexibility, CI/CD integration, and the support for Retrieval-Augmented Generation (RAG) and Model Context Protocol (MCP).
This exploration will pave the way for understanding how these advancements are not just speculative, but are actively redefining the future of QA automation and coding in general.
The market for AI tools and models is transforming the development industry, with critical implications for QA. This document outlines relevant tools and practices, focusing on:
- Open-source vs Closed SaaS Architecture
- Sensitive Data Handling
- Flexibility in Language Models
- Integration with CI/CD Workflows
- Support for RAG (Retrieval-Augmented Generation) and MCP (Model Context Protocol)
What is RAG (Retrieval-Augmented Generation)?
RAG is a technique that augments language models by injecting relevant external knowledge into the generation process. It bridges the gap between static model training and real-time, up-to-date context.
Core Components:
- Retrieval: Dynamically searches structured or unstructured knowledge bases (e.g., Confluence, GitHub, KBs)
- Generation: Uses LLMs to generate natural language or code responses based on retrieved info
- Integration: Injects the retrieved content into the prompt/context to produce accurate, domain-specific output
Why it matters for QA: Enables LLMs to answer questions or generate tests based on live product specs, API docs, and historical test failures — not just what they were trained on.
What is MCP (Model-Context Protocol)?
MCP is an open standard for securely connecting external data sources with LLM-powered agents and tools. It defines how context flows between systems.
Basic Flow:
Query -> Knowledge base search / MCP Query -> Relevant context -> LLM generation
Key Benefits:
- Secure, auditable access to internal data sources
- Bi-directional communication between tools and agents
- Compatible with custom models, RAG pipelines, and enterprise QA systems
Use Case: A QA assistant using MCP can pull logs from your CI/CD platform, compare them to recent test failures, and suggest potential flaky root causes — all without exposing raw logs to third-party tools.
The combination of RAG and MCP allow for QA use-cases such as:
- False Positive Reduction: Bug detection via historical embeddings
- Contextual Test Generation: Self-updating tests based on new docs
- Onboarding Assistants: Answers to QA team questions using indexed KBs
Featured Tools
Cline (formerly Claude Dev) and Roo Code (Cline Fork) | VSCode Extension (Open Source)
Why it’s my tool of choice:
- Custom fork-friendly, advanced terminal tools, and unified agent workflows make it ideal for evolving QA pipelines or, in my case, developing side-projects.
Features:
- Task context analysis
- Inline diff previews (streamed)
- Browser automation for testing
- Detailed cost tracking
- Terminal tool creation
- OpenRouter support
Model Support:
- OpenRouter: Single endpoint for GPT-4, Claude, Mistral, etc.
- Local Models via Ollama: Run LLaMA 2, CodeLLaMA locally—ideal for air-gapped/privacy-focused setups
- Cline has transitioned to a SaaS-style subscription model, which I haven’t explored personally — Roo Code focuses more on the original API key-based flexibility.
Feedback:
- My favorite tools. Extendable, powerful, highly automatable
- Some advanced features and prompt design have a learning curve
https://github.com/cline/cline
Why I Use Roo Code (Cline Fork)
Roo Code is my go-to personal AI coding tool. It’s a maintained, open-source fork of Cline that stays true to the original vision — no lock-in, full control, and powerful features baked right into VSCode. You can read here Qubika’s review of Roo Code in an enterprise setting.
While Cline has moved its focus toward a more closed SaaS model (while retaining its open-source counterpart), Roo Code retains the focus on its original API key–based architecture, giving you flexibility to work with OpenRouter, OpenAI-compatible models, or even local models like Ollama.
Why I use Roo Code:
- Natural language coding assistant right in my editor
- Reads, writes, and creates files across the workspace
- Refactors and debugs existing code reliably
- Automates boring or repetitive CLI tasks
- Automates browser actions for scraping or quick test flows, great for QA automation
- Works with any OpenAI-style endpoint or local model
Bonus: Custom Modes let you change the assistant’s personality and capabilities — I’ve tweaked mine for different tasks like JS scaffolding, doc generation, and test preparation.
Quick Review:
It feels like pair programming with an agent that actually understands your repo. I use Roo Code to scaffold side projects, prototype CLI tools, automate Markdown edits, and occasionally do quick browser automations. It’s lightweight, extendable, and respects your workflow.
https://github.com/RooVetGit/Roo-Code
Features Roo Code offers that Cline doesn’t (yet):
- New_Task Tool: Launch new tasks inside existing ones with automatic context continuation and approval logic
- Custom Modes: Define unlimited modes with their own tools, prompts, and model configs
- Smarter Mode Switching: Roo auto-suggests context-aware mode switches (e.g., Ask → Code)
- Per-Mode File Pattern Restrictions: e.g., Markdown-only mode for documentation agents
- Markdown Editing: Ask/Architect modes now support direct markdown edits
- Quick Actions: Inline fixes, explanations, and improvements right from code highlight or Problems tab
- Support for Glama API: Includes costing, caching, and image processing
- Message Deletion: Delete single or all messages with their API calls
- Enhance Prompt Button: Automatically optimize your prompts with one click
- Multi-Language Support: Use English, Spanish, Japanese, French, German, and more
- Add Models Easily: Browse and add OpenAI-compatible models with/without streaming
- Git Commit Mentions: Reference commits in AI convos using @commit
- Prompt History Copy: One-click reuse of past prompts
- Terminal Output Control: Avoid context bloat by limiting terminal line output
- API Retry Controls: Custom retry logic with exponential backoff
- Rate Limiting: Control minimum delay between API calls
- Slash Commands: Instantly switch modes with /ask, /code, etc.
- Post-Edit Delay: Configure pause after file writes for diagnostics
- Experimental Diff Modes: Toggle unified diff engine, control match precision
- Browser Screenshot Quality: Tweak quality vs token use tradeoff
- MCP Timeout Config: Control network timeout per session
Aider | CLI Open Source
Strengths:
- Multi-file operations
- Auto-Git commits
- Voice/image input
- Local/cloud models
Feedback:
- Great for complex refactoring
- Needs supervision on sequential changes, disable auto-commits; hard to track costs
Cursor | VSCode Fork
Features:
- Predictive multiline autocompletion
- Code optimization
- Documentation generation
- Manual indexing
- Free trial, paid afterwards
GitHub Copilot | Multi-IDE Extension
Features:
- Native GitHub integration
- Contextual test generation
- Natural language chat
- Auto-documentation
- Enterprise-grade data protection
Feedback:
- Great for AI/code tooling beginners
- Premium features/models require a higher-tier subscription
https://github.com/features/copilot
GitLab Duo | DevSecOps Suite + Extension
Main Features:
- Proactive vulnerability detection
- Productivity impact dashboard
- Auto issue resolution
- GDPR/HIPAA compliance
- Free tier + paid tiers
Enterprise Features:
- MR summaries
- Advanced troubleshooting (DevSecOps-ready)
https://about.gitlab.com/gitlab-duo/
Blackbox.ai | Web + IDE Plugin (Free/Paid)
Features:
- Code search across millions of public repositories
- Natural language to code generation
- Inline autocomplete + multi-line completions
- Snippet search from error messages or stack traces
- Chrome extension + JetBrains/VSCode plugin support
Pricing:
- Free tier includes limited daily completions and code search, “pro” searches are limited to 3 a day, as well as file uploads
- Pro version unlocks unlimited completions, faster latency, and priority model usage
Feedback:
- A great “AI StackOverflow” for quick test fixes, mocking strategies, or DSL edge cases
- Pricing can be a bit limiting, as you are locked-down into a subscription model instead of using your own AI keys
| Tool | Best For (in my testing) |
|---|---|
| Roo Code | Full-control, custom QA workflows, all-around best for daily driving |
| Cline | Lighter users, SaaS-friendly setup |
| Aider | CLI refactoring, multi-file ops |
| Cursor | Predictive coding & IDE UX |
| Copilot | Beginner-friendly suggestions |
| GitLab Duo | Secure, enterprise DevSecOps flows |
| Blackbox.ai | Public code search, snippet lookup, fast fixes |
Key Technical Considerations
Data Security
Dual Trust Model:
- Tool Code:
- Open source doesn’t mean zero risk—watch for CVEs and audit dependencies
- LLM Provider:
- On-prem/self-hosting is expensive (GPUs, infra)
- Jurisdiction matters: GPT-4 via Azure (EU) vs API (US) has different compliance (e.g., GDPR)
Security Tactics:
- Trust-minimization: Assume breaches can happen (e.g., CircleCI 2023 incident)
- Prompt privacy leak tests
- Air-gapped local models for high-risk industries
- Zero-retention configurations (OpenRouter, GitLab Duo)
Open Source vs SaaS
SaaS Pros:
- Maintenance handled
- Quick to scale
- Enterprise support and security
SaaS Cons:
- Vendor lock-in
- Hidden costs via API usage
- Data opacity (black-box behavior)
Open Source Pros:
- Full data control: e.g., Aider with local models
- Strategic cost efficiency (self-host or multi-API flexibility)
- Fully auditable and forkable tools
Open Source Cons:
- Complex setup (local models, API keys, quotas)
- Potential bugs/security issues in under-maintained forks (e.g., Aider ≤0.8 multi-commit overwrite bug)
- Expensive infra needed for quality local model inference
Future of AI in QA Automation
- Specialized On-Prem Clusters
- Fine-tuned models (e.g., bug history, internal design docs, QBK data foundation)
- Self-Improving Models
- Evolve using test feedback loops
- Automated test suite optimization
- Autonomous Test Agents
- Self-healing flaky tests
- Real-time regression detection
Additional Notes — Emerging Patterns in QA Automation
The intersection of reasoning-capable models, local tooling, and AI-enhanced editors like Roo Code is beginning to reshape QA pipelines and workflows. Here’s a breakdown of promising components and how they can be leveraged:
Reasoning Models: Deepseek R1, OpenAI o1
These next-gen LLMs aren’t just completing code — they’re reasoning across documents, test flows, and structured data.
Use Cases for QA:
- Flaky test debugging: Given logs from repeated flaky test runs (Detox, Playwright), these models can infer root causes (timing, race conditions, network flakiness) by correlating stack traces, retry logs, and test metadata.
- Risk-based test prioritization: Reason over bug history + test coverage + recent commits to auto-prioritize critical test suites.
- Natural Language Test Planning: Generate high-level test plans from product specs or Notion docs with traceable coverage.
Browser Automation via Puppeteer + Agents
By combining browser drivers like Puppeteer with AI agents (Cline, Roo Code, AutoGPT variants), you can generate and validate UI test flows dynamically.
Examples:
- Auto-script Playwright flows from exploratory sessions. Let Roo Code observe a Puppeteer session, then scaffold Playwright scripts from click traces.
- Regression playback validation: Feed a session recording to the LLM and ask it to verify UI elements and flows match expectations.
- Visual diffing with semantic assertions: Use agents to compare screenshots and assert differences only when semantically relevant (e.g., ignore date pickers or ads).
Automatic TestID Generation
LLMs can scan component trees and add intelligent, consistent testID or data-testid attributes.
Practical flow with Roo Code:
- Open a component with missing identifiers.
- Use Quick Action → “Add TestIDs”.
- Roo Code scans structure, names elements (testID=”SubmitButton”), and ensures uniqueness across files.
Perfect for selector-based tools like Detox, React Native Testing Library, and Playwright.
Cline/Roo Terminal Tools
Both tools allow users to define custom terminal commands accessible directly via the AI agent, enabling:
- One-command test execution: “run flaky detox tests” triggers detox test –onlyFailed.
- Snapshot builds: “create e2e test APK” calls cd android && ./gradlew assembleRelease.
- Loop-on-failure: AI auto-runs failing test cases with adjusted timeouts or mock data.
These tools become scriptable test companions that learn your workflow and adapt.
“Flappy Bird or other small games from one prompt” — Compression Potential
This popular experiment showed how powerful models (like GPT-4, o1, Deepseek) can write entire games from a single, detailed prompt.
Why this matters for QA:
This shows that compressed QA workflows are within reach:
- A single prompt that:
- Reads feature PR description
- Scaffolds Playwright tests
- Writes testIDs into source
- Updates docs + opens a PR
- Agents can manage complex test logic like API mocks, CI job config, and even trigger runs in GitLab/GitHub Actions.
Imagine writing:
“Test the new KYC onboarding screen for successful flow, invalid email, and expired document in Playwright.”
…and getting the full suite scaffolded + commit message suggestions to launch your PR/MR.
Summary
These tools and AI integrations are no longer speculative — they’re here. The challenge now is standardizing safe workflows around them, ensuring test coverage is traceable, and enabling teams to collaborate with agents just like devs or testers.
In short, the industry is moving from testing as code to testing as instruction — and these tools are paving the way.
