Zerocheck
Zerocheck generates E2E tests from your pull request diffs. Tests are written in plain English, interact with your UI visually (no CSS selectors), and produce timestamped compliance evidence on every run.
Key concepts
Quick start
1. Connect your repo
Paste your staging URL and connect your GitHub repository. No config files, no CI pipeline changes.
Staging URL: https://staging.yourapp.com
Repository: github.com/yourorg/app
Status: Connected ✓2. Write your first test
Describe what should work in plain English. Zerocheck handles the interaction.
test "New user can complete a purchase"
Navigate to the products page
Click "Add to cart" on the first product
Open the cart and click "Checkout"
Enter test credit card 4242 4242 4242 4242
Complete payment
Verify the order confirmation shows the correct total3. Run on a pull request
Push a PR. Zerocheck runs only the tests relevant to your change and posts results as a PR comment.
zerocheck bot · 2 min ago
✓ Complete purchase flow 1m 52s
✓ Subscription renewal flow 0m 38s
✗ Failed payment retry 0m 17s ← real failure
2 passed · 1 failed · 2m 47s
Generated from diff · Confidence 87%4. Review evidence artifacts
Every test run produces a timestamped evidence artifact bound to the commit SHA. Export as PDF or JSON for compliance.
Concepts
PR-diff awareness
When a PR modifies PaymentForm.tsx and CartSummary.tsx, Zerocheck maps file changes to user flows and generates targeted tests. On a codebase with 50 tests, a typical PR triggers 2-5 relevant tests.
Files changed:
src/checkout/PaymentForm.tsx +42 -18
src/checkout/CartSummary.tsx +15 -7
src/lib/payments.ts +3 -1
Zerocheck detected 2 affected flows:
→ Complete purchase flow
→ Cart total after discount code
Result: 2 tests ran, 45 skipped · Confidence 94%Visual interaction
Zerocheck interacts with your UI the way a real user would — by what elements look like and what role they have, not by their position in the DOM. No data-testid attributes, no CSS selectors, no XPath.
When your UI changes (button moves, class name changes, component gets wrapped in a new div), the test still passes because the element is still visually present. No selectors to break, no maintenance.
page.locator('#btn-checkout').click()
page.locator('div.cart > span.price')
page.locator('[data-testid="iframe"]')Click the "Checkout" button Verify the cart total is correct Complete the payment form
Confidence scoring
Every test run produces a confidence score per PR — not just pass/fail. The score reflects how much of your change is covered by tests, whether any affected flows were untested, and the stability of the test results.
Flaky test classification
Zerocheck auto-classifies each CI failure as FLAKE or INVESTIGATE based on 30-day failure history. High-flake tests are quarantined automatically and don't block your merge.
Writing tests
Test spec format
Tests are plain English descriptions of user flows. Each step describes what a user would do, not how to locate an element.
test "New user completes onboarding via magic link"
Navigate to the signup page
Enter "[email protected]" in the email field
Click "Send magic link"
Open the magic link from the inbox # built-in SMTP capture
Verify the welcome page loads
Complete the onboarding wizard
Verify the dashboard shows "Getting started"Handling complex flows
Zerocheck handles flows that typically require workarounds in traditional frameworks:
| Flow | Traditional approach | Zerocheck |
|---|---|---|
| Stripe checkout | frameLocator() + cross-origin iframe handling | "Complete payment with test card" |
| Magic links | Mailosaur / MailSlurp + SMTP config | Built-in SMTP capture |
| OAuth / SSO | Mock the IdP or skip auth in test env | "Log in via Okta SSO" |
| 3DS challenge | Separate browser context + iframe nesting | "Complete 3DS verification" |
| MFA / OTP | TOTP secret extraction + manual code gen | "Enter the MFA code" |
PR integration
How results appear
Zerocheck posts a comment on every pull request with test results, step traces, and evidence artifacts. Failed tests include screenshots of the failure state.
zerocheck bot
┌─────────────────────────────────────────────────────┐
│ 3 passed · 0 failed · 1 flaky (quarantined) │
├─────────────────────────────────────────────────────┤
│ ✓ Complete purchase flow 2m 14s │
│ ✓ User onboarding (magic link) 1m 03s │
│ ✓ SSO login via Okta 0m 41s │
│ ~ Dashboard chart render quarantined │
├─────────────────────────────────────────────────────┤
│ Evidence: CC7.2 ✓ CC6.1 ✓ CC8.1 ✓ │
│ Commit a3f7c2e · 2026-03-27T00:14:32Z │
│ Export: [PDF] [JSON] │
└─────────────────────────────────────────────────────┘Merge gating
Zerocheck can be configured as a required status check on your repository. PRs with failing tests (excluding quarantined flakes) will block merge until failures are resolved.
Evidence & compliance
SOC 2 control tagging
Tag tests with SOC 2 control IDs. Every test run generates a timestamped, commit-bound evidence artifact per control.
test "Admin cannot access other org data"
tags: CC6.1, CC7.2
Log in as [email protected]
Navigate to the organization settings
Attempt to access org ID "other-org-123"
Verify access denied page is shownEvidence artifact format
Artifacts are structured JSON bound to a specific commit and timestamp.
{
"commit": "a3f7c2e",
"timestamp": "2026-03-27T00:14:32Z",
"controls": [
{
"id": "CC7.2",
"category": "Change Management",
"test": "Complete purchase flow",
"result": "pass",
"duration": "2m 14s",
"screenshots": ["step-1.png", "step-2.png", "step-3.png"],
"step_trace": [
"Navigate to products page",
"Click Add to cart on first product",
"Open cart and click Checkout",
"Enter test credit card",
"Verify order confirmation"
]
}
]
}Integrations
Zerocheck integrates with your existing development workflow. No CI pipeline changes required.
Don't see your tool? Suggest an integration.
Reference
Test spec syntax
| Keyword | Description | Example |
|---|---|---|
| test | Declare a named test | test "User can sign up" |
| tags: | SOC 2 control IDs | tags: CC6.1, CC7.2 |
| Navigate to | Go to a page or URL | Navigate to the settings page |
| Click | Click an element by visible label | Click "Submit order" |
| Enter | Type into an input | Enter "[email protected]" in the email field |
| Verify | Assert visible content | Verify the dashboard shows 3 items |
| # | Comment (ignored) | # This tests the happy path |
Evidence export formats
| Format | Use case | Contents |
|---|---|---|
| Auditor review | Control ID, test name, result, screenshots, step trace, commit, timestamp | |
| JSON | Programmatic access | Same data in structured format for Vanta, Drata, or custom integrations |
| MD | Release notes | Changelog entries auto-generated from verified test results per PR |