Developer docs
CI/CD Integration
Run automated QA checks as part of your deployment pipeline. One POST request returns a score, issue list, and pass/fail result — so you can block bad deploys before your users see them.
Authentication
Generate a secret key and set it as WEBHOOK_API_KEY in your Vercel environment variables. Pass the same value in every request.
# Option A — x-api-key header (recommended) x-api-key: your_secret_key # Option B — Authorization header Authorization: Bearer your_secret_key
Endpoint
POST
https://agentqa.viyalabs.com/api/webhook/scanRequest body
| Field | Type | Required | Description |
|---|---|---|---|
| url | string | yes | The URL to scan (must be publicly accessible) |
| failThreshold | number | no | Minimum passing score 0–100. Default: 70 |
Response
Returns 200 when score >= failThreshold, 422 otherwise. Your CI runner treats 422 as a build failure.
{
"passed": true,
"score": 87,
"failThreshold": 75,
"scanId": "3fa85f64-...",
"url": "https://your-app.vercel.app",
"reportUrl": "https://agentqa.viyalabs.com/report/3fa85f64-...",
"summary": {
"totalPages": 8,
"totalIssues": 3,
"critical": 0,
"medium": 2,
"low": 1
},
"criticalIssues": []
}| Status | Meaning |
|---|---|
| 200 | Scan passed — score ≥ failThreshold |
| 401 | Invalid or missing API key |
| 422 | Scan failed — score < failThreshold (also used for invalid URL) |
| 429 | Scanner busy — retry in a few minutes |
| 500 | Internal error |
Examples
curl
curl -f -X POST https://agentqa.viyalabs.com/api/webhook/scan \
-H "x-api-key: $AGENTQA_API_KEY" \
-H "Content-Type: application/json" \
-d '{"url":"https://your-app.vercel.app","failThreshold":75}'GitHub Actions
# .github/workflows/qa.yml
name: QA Gate
on:
deployment_status:
jobs:
qa:
if: github.event.deployment_status.state == 'success'
runs-on: ubuntu-latest
steps:
- name: Run QA scan
run: |
curl -f -X POST https://agentqa.viyalabs.com/api/webhook/scan \
-H "x-api-key: ${{ secrets.AGENTQA_API_KEY }}" \
-H "Content-Type: application/json" \
-d '{"url":"${{ github.event.deployment_status.target_url }}","failThreshold":75}'Vercel + GitHub
# Use Vercel's deployment URL from the CLI output
PREVIEW_URL=$(vercel deploy --token $VERCEL_TOKEN)
curl -f -X POST https://agentqa.viyalabs.com/api/webhook/scan \
-H "x-api-key: $AGENTQA_API_KEY" \
-H "Content-Type: application/json" \
-d "{"url":"$PREVIEW_URL","failThreshold":80}"Quick setup
- 1Generate a secret key — e.g. run: openssl rand -hex 32
- 2Add WEBHOOK_API_KEY=<your-key> to your Vercel environment variables
- 3Add AGENTQA_API_KEY as a secret in your GitHub repository (Settings → Secrets)
- 4Paste the GitHub Actions YAML above into .github/workflows/qa.yml
- 5Push — scans will run automatically on every successful deployment
What we detect
Every scan checks for the following issue types across all discovered pages. Issues are classified into three severity levels that feed directly into the QA score.
| Type | Severity | Description |
|---|---|---|
| page_crash | critical | Page threw an unhandled exception during navigation — users see a blank or broken page |
| navigation_failure | critical | Playwright could not reach the page at all — server timeout, DNS failure, or hard crash |
| js_error | critical | Uncaught JavaScript exception detected in the browser console with full stack trace |
| page_not_found | medium | Page returned HTTP 404 — internal link pointing to a missing route |
| console_error | medium | Non-fatal console.error() call — often a failed resource, API error, or React warning |
| network_failure | medium | An XHR or fetch request returned a 4xx/5xx status or timed out |
| missing_image | medium | An <img> tag failed to load — broken src URL or missing file |
| missing_alt | medium | Images without alt text — WCAG 2.1 SC 1.1.1 accessibility violation |
| mobile_layout | medium | Content overflows the 375 px mobile viewport — users scroll horizontally |
| broken_form | medium | Form submission returned a network error or the form could not be submitted |
| slow_load | low | Page took longer than 5 seconds to reach interactive — performance regression risk |
| large_asset | low | A script, stylesheet, or image exceeded 500 KB uncompressed |
| console_warning | low | console.warn() calls — deprecation notices, missing keys, or React prop warnings |
| missing_meta | low | Missing meta description, Open Graph image, H1 heading, or mobile viewport tag |
Score formula
The QA score starts at 100 and deducts points by severity. Deductions per severity are capped so a single category can't zero out your score alone.
Critical
−20 pts each
max −60
Medium
−8 pts each
max −30
Low
−2 pts each
max −10
Example: 1 critical + 2 medium + 3 low issues → 100 − 20 − 16 − 6 = 58 / 100. The failThreshold defaults to 70 in the CI/CD webhook — scores below that return HTTP 422.
Questions? info@viyalabs.com← Back to AgentQA