breakit.dev

What It Is

breakit is an AI-powered autonomous exploratory testing tool for web applications, positioned as something like “25 nitpicky testers” for your site. By running npx breakit test https://your.site, users can point it at a URL and have multiple personas visit the site in parallel, simulating behaviors from attackers, impatient users, screen reader users, mobile users, non-native speakers, and more. It then generates a prioritized defect report in about 5 minutes.

Core Capabilities

Its coverage is closer to “destructive exploration in real-world usage” than traditional Lighthouse checks. It can look for XSS and injection issues, broken flows, a11y gaps, dark mode problems, slow routes, i18n issues, duplicate submissions, overlapping mobile layouts, unclear form validation, and more. Reports are not just simple checklists: they include evidence, reproduction steps, selectors, fingerprints, and suggested fixes, sorted by severity and confidence. Fingerprint-based deduplication and historical comparisons help prevent the same issue from being reported repeatedly. On the engineering side, breakit supports SARIF export, HTML/Markdown/JSON reports, and can be integrated into GitHub Actions with just two lines of configuration.

Integrations, Models, and Pricing

The page clearly states support for BYOK, with Gemini, Anthropic, and OpenAI available. It also says API keys are encrypted at rest with AES-256-GCM and are not logged. In terms of pricing, the anonymous version is free but limited to 1 run/day and does not save results. The Free plan requires GitHub login, allows 3 runs/day, supports 25 personas, Browser and snapshot modes, and keeps the latest 10 runs in history. The Pro plan is listed at $19/month, but the captured page text did not fully show the specific benefits.

Pros and Cons

The main strengths are its low barrier to entry, engineering-friendly output, and ability to cover multiple dimensions such as security, accessibility, and UX friction. It is well suited for small teams looking to quickly uncover blind spots before release. The drawbacks are that the page does not clearly state whether it is open source or self-hostable, and there is limited information on enterprise support, payment methods, and SLA. As with any AI-driven exploration, the findings still need human review and cannot fully replace systematic testing.

Who It’s For and Access from China

breakit is best suited for indie developers, small SaaS teams, and early-stage product teams that want to use it as a pre-release smoke test and CI quality gate. The page does not provide details about access from mainland China. Since it depends on overseas large model services, actual network reliability and payment experience may be uncertain. Alternatives or complementary tools include Lighthouse, Playwright/Cypress, axe, manual QA, and security scanners.