What is Plaintest and how does it work?

Plaintest is an AI testing platform that automatically explores your web or mobile application, discovers all screens and flows, detects bugs, and generates real Playwright or Maestro test code. Just enter your URL and the AI does the rest — no test code to write.

How is Plaintest different from Playwright, Cypress, or Selenium?

Unlike Playwright, Cypress, or Selenium where you write test code manually, Plaintest uses AI to automatically explore your app and generate tests. You describe what to test in plain English via a chat interface, and Plaintest creates production-ready Playwright tests you can export and run anywhere.

Do I need to write any code to use Plaintest?

No. Plaintest requires zero code to get started. Enter your app URL, and the AI explores every page and generates tests automatically. You can also create tests by chatting with the AI in plain English. The generated Playwright tests can be exported if you want to run them locally.

Can Plaintest test apps that require login?

Yes. Plaintest automatically detects login pages and uses credentials you provide securely. It captures the login flow and replays it before each test. Credentials are encrypted at rest with AES-256-GCM.

What is the best AI testing tool for web apps in 2025?

Plaintest is an AI-first testing platform purpose-built for modern web apps. It combines autonomous app exploration, AI-powered test generation, bug detection, accessibility auditing, and CI/CD integration. Start free at plaintest.dev.

Does Plaintest support mobile app testing?

Yes. Plaintest supports iOS and Android testing on the Pro plan ($399/mo). It generates Maestro tests for mobile apps, using real simulators and emulators for accurate results.

How much does Plaintest cost?

Plaintest offers a free tier with 10 test runs per month. Paid plans start at $29/mo (Indie) for 50 test runs and 3 projects, $149/mo (Starter) for 100 test runs with repo builds, and $399/mo (Pro) for 500 test runs with mobile testing.

Can I use Plaintest with CI/CD pipelines?

Yes. Plaintest integrates with GitHub Actions, GitLab CI, and Bitbucket Pipelines. Promoted tests run automatically on every push or pull request. Available on Indie plan and above.

December 10, 2025·

AI DevelopmentTestingBest Practices

Testing AI-Generated Code: How to QA Applications Built Entirely by AI Agents

When Claude, Cursor, Devin, or GPT builds your entire application, how do you know it works? A practical guide to testing AI-generated code, catching AI-introduced bugs, and building confidence in code you didn't write.

You just built an entire feature without writing a single line of code yourself. Claude Code scaffolded the backend. Cursor filled in the frontend components. Devin wired up the database migrations. You reviewed the diffs, nodded along, and shipped it.

Everything works. Until it doesn't.

A user reports that the settings page saves correctly the first time, but silently fails on subsequent saves. The API returns a 200 but doesn't persist the update. The AI-generated code looked clean. It passed TypeScript checks. It even had comments explaining the logic. But buried three files deep, the AI introduced a stale closure over a state variable that only manifests after the first render cycle.

Welcome to 2026, where the hardest bugs to find are the ones you didn't write.

The New Reality: Most Production Code Is AI-Generated

This is not a prediction anymore. It is the current state of software development. A significant and growing percentage of production code shipping today was generated by AI coding agents. Claude Code, Cursor, Devin, GitHub Copilot, Windsurf, and a growing list of AI coding tools have fundamentally changed how software gets built.

Developers are no longer just writing code. They are prompting, reviewing, and shipping code that an AI produced. Some teams have entire repositories where the majority of commits were AI-assisted. Solo developers and indie hackers are building full-stack applications in days instead of months, largely by directing AI agents to implement features end to end.

This is genuinely incredible for productivity. It is also a massive, largely unaddressed problem for quality assurance.

The traditional testing model assumed a human developer who understood every line they wrote. When you write code yourself, you carry a mental model of how the pieces fit together. You know which functions are fragile, which edge cases you skipped, which patterns you reused from the last project. That mental model is your first line of defense against bugs.

When AI writes your code, that mental model does not exist. You have a rough idea of what you asked for and a general sense that the output looks right. But you do not have the deep, line-by-line understanding that comes from having written it yourself.

This is the trust gap, and closing it is the central challenge of testing AI-generated code.

What AI-Generated Bugs Actually Look Like

Before diving into testing strategies, it is worth understanding the specific ways AI-generated code fails. These are not the same bugs you would introduce yourself. AI coding bugs have distinct patterns, and recognizing them is essential to catching them.

Happy Path Perfection, Edge Case Chaos

AI agents are remarkably good at implementing the happy path. Ask Claude to build a user registration flow and you will get clean, well-structured code that handles the normal case beautifully. A user enters valid data, submits the form, and gets redirected to the dashboard.

But try registering with an email that already exists. Try submitting with JavaScript disabled. Try pasting a 10,000-character string into the name field. Try double-clicking the submit button. The AI often does not think about these cases unless you explicitly ask, and even when it does, its handling can be superficial.

Hallucinated API Usage

This remains one of the most common and dangerous categories of AI coding bugs. The AI generates code that calls an API method that does not exist, or passes parameters in the wrong order, or uses a deprecated interface that was removed two versions ago. The code looks completely legitimate. It reads well. It might even pass type checking if the types are loosely defined. But it throws a runtime error the moment it executes.

This is especially prevalent when AI agents work with third-party libraries, newer frameworks, or internal APIs that were not heavily represented in training data.

Inconsistent Patterns Across Files

When a human developer builds a feature, they tend to use consistent patterns. If they use a custom hook for data fetching in one component, they use the same pattern in the next. AI agents do not always maintain this consistency, especially across multiple prompting sessions.

You might end up with three different error handling patterns in three different API routes. One uses try-catch with a custom error class. Another returns raw error objects. A third swallows errors silently. Each one works in isolation, but together they create an inconsistent codebase that is difficult to reason about and prone to unexpected behavior.

Over-Engineered Abstractions

AI agents have a tendency to over-engineer. Ask for a simple utility function and you might get a full abstraction layer with generics, factory patterns, and configuration objects. This is not just an aesthetic problem. Over-engineered code has more surface area for bugs, is harder to test, and is harder for the next developer (or the next AI) to modify correctly.

Security Vulnerabilities the AI Does Not Flag

AI coding tools are getting better at security, but they still regularly produce code with vulnerabilities they do not mention. SQL injection through string concatenation instead of parameterized queries. Missing authentication checks on new API routes. Sensitive data logged to the console. Race conditions in concurrent operations. The AI does not flag these because, from its perspective, the code does what you asked it to do.

Subtle Data Flow Issues

Perhaps the most insidious category. The AI restructures your async code during a refactor. The logic is equivalent in most cases, but the new ordering introduces a race condition when two requests fire simultaneously. Or the AI moves a state update above an await, changing when downstream effects trigger. The code passes type checking, looks correct on review, and works in manual testing. It fails in production under load.

The Trust Gap: Why You Cannot Just Review and Ship

When you write code yourself, your confidence comes from the act of writing it. You understand the decisions because you made them. Code review of your own work is a final check, not the primary quality gate.

When AI writes your code, the review becomes your only quality gate. And here is the problem: code review is not sufficient for AI-generated code.

Human code review is good at catching obvious errors, style violations, and architectural concerns. It is not reliable at catching the subtle bugs described above. You are reviewing code you did not write, using patterns you did not choose, implementing logic you specified at a high level but did not design in detail.

Studies from early 2025 showed that developers reviewing AI-generated code approve changes with latent bugs at significantly higher rates than when reviewing human-written code. The code looks professional. It follows conventions. It has helpful comments. These surface-level signals of quality create false confidence.

Testing AI-generated code is not optional. It is the essential mechanism for building justified confidence in code you did not write.

Practical Testing Strategies for AI-Generated Code

Here is where this gets concrete. These are proven strategies for maintaining quality when AI agents are generating your code, ordered from quickest wins to most comprehensive coverage.

1. Use Type Checking and Linting as Your First Pass

This is the lowest-effort, highest-value first step. Before you even run the application, ensure that AI-generated code passes strict type checking and linting.

Configure TypeScript in strict mode. Enable ESLint with a comprehensive rule set. Run these checks automatically on every change, whether it comes from a human or an AI.

Type checking catches hallucinated API usage immediately. If the AI calls a method that does not exist or passes the wrong argument type, tsc will catch it before you waste time debugging at runtime. Linting catches inconsistent patterns, unused variables, and common anti-patterns.

This will not catch logic errors, but it eliminates an entire category of AI-generated bugs with zero manual effort.

# Run these after every AI-generated change
npx tsc --noEmit
npx eslint . --ext .ts,.tsx

2. Run AI Exploration Against Every AI-Generated Feature

This is the critical strategy that addresses the trust gap directly. After an AI coding agent modifies your application, point a separate AI testing tool at it and let it explore autonomously.

The principle is simple: use a different AI to find bugs that the first AI introduced. The coding AI optimized for implementing your feature. The testing AI optimizes for breaking it.

This is where Plaintest fits naturally into AI-assisted development workflows. After Claude Code or Cursor modifies your application, you point Plaintest at your URL. It autonomously explores every page, clicks every button, fills every form, and follows every navigation path. It captures JavaScript errors, network failures, accessibility violations, and visual regressions. It generates real Playwright tests for everything it discovers.

The AI that wrote your code has blind spots. It knows what it built, so it implicitly tests the happy path in its mental model. A separate AI testing tool has no such bias. It approaches your application the way a new user would, and that is exactly the perspective you need.

3. Maintain a Core Test Suite for Critical Paths

Not everything needs AI-powered exploration. Some paths are so critical that they need deterministic, reliable, always-running tests: authentication, payment processing, data creation and deletion, permission checks.

Write these tests yourself or generate them with AI assistance, but review them carefully. They should be straightforward, readable, and focused on verifiable outcomes.

// Core path test: user can complete checkout
test('checkout flow completes successfully', async ({ page }) => {
  await page.goto('/products');
  await page.getByRole('button', { name: /add to cart/i }).first().click();
  await page.getByRole('link', { name: /cart/i }).click();
  await page.getByRole('button', { name: /checkout/i }).click();

  // Fill payment form
  await page.getByLabel(/card number/i).fill('4242424242424242');
  await page.getByLabel(/expiry/i).fill('12/27');
  await page.getByLabel(/cvc/i).fill('123');
  await page.getByRole('button', { name: /pay/i }).click();

  // Verify success
  await expect(page).toHaveURL(/\/confirmation/);
  await expect(page.getByText(/thank you/i)).toBeVisible();
});

Keep this suite small and focused. Run it on every deployment. This is your safety net that catches the catastrophic failures that would otherwise reach production.

4. Use Snapshot and Regression Testing to Catch Unintended Changes

AI agents frequently make changes beyond what you asked for. You ask for a new button on the settings page, and the AI also restructures the component hierarchy, changes the CSS class names, and moves a shared utility function.

Snapshot testing catches these unintended changes. Visual regression testing catches layout shifts and styling changes that are invisible in code review.

After each AI-generated change, compare the current state against a known-good baseline. Any differences should be reviewed explicitly. This forces you to acknowledge and approve every change the AI made, not just the ones you asked for.

Tools like Playwright's built-in screenshot comparison, Percy, and Chromatic provide visual regression capabilities. Combine them with Plaintest's autonomous exploration to get full coverage without manually navigating every page yourself.

5. Review AI-Generated Tests Critically

Here is a trap that catches many teams: they ask AI to write tests for AI-generated code, and the tests pass, so they assume everything works.

AI-generated tests can pass without testing anything meaningful. The AI knows what the code does, so it writes tests that confirm the current behavior rather than verifying the intended behavior. These tests are essentially tautological: they assert that the code does what the code does.

Watch for these patterns in AI-generated tests:

Tests that only check the happy path with no edge cases
Assertions that are too specific (asserting exact timestamps, UUIDs, or implementation details)
Tests that mock everything and verify nothing about actual behavior
Missing negative tests (what should happen when input is invalid?)
Tests with no meaningful assertions (they run without errors but don't check outcomes)

When you use AI to generate tests, always ask: "If the implementation were subtly wrong, would this test catch it?" If the answer is no, the test needs to be rewritten.

6. Implement Contract Testing for API Changes

When AI agents modify your API endpoints, they can inadvertently change response shapes, remove fields that the frontend depends on, or alter error formats. Contract testing ensures that API changes do not break consumers.

Define your API contracts explicitly using tools like OpenAPI specifications, Zod schemas, or TypeScript interfaces that are shared between your backend and frontend. When the AI modifies an endpoint, the contract test fails immediately if the response shape changes.

// Contract test: ensure API response matches expected shape
import { z } from 'zod';

const UserResponseSchema = z.object({
  id: z.string().uuid(),
  email: z.string().email(),
  name: z.string(),
  createdAt: z.string().datetime(),
  plan: z.enum(['free', 'indie', 'starter', 'pro']),
});

test('GET /api/user returns correct shape', async () => {
  const response = await fetch('/api/user', {
    headers: { Authorization: `Bearer ${token}` },
  });
  const data = await response.json();

  // This fails immediately if AI changes the response shape
  expect(() => UserResponseSchema.parse(data)).not.toThrow();
});

This is especially critical in monorepo setups where AI agents can modify both the API and the frontend in the same session, inadvertently coupling them to a new contract that was never explicitly agreed upon.

The AI Testing AI Code Loop

There is an elegant symmetry to the current moment in software development. AI agents write code faster than humans ever could, but they introduce bugs that are harder for humans to catch. AI testing tools find bugs faster than manual QA ever could, and they have no bias toward assuming the code works.

This creates a reliable loop:

AI coding agent implements a feature (Claude Code, Cursor, Devin)
AI testing tool explores the application and generates tests (Plaintest)
Failures surface as specific, reproducible test cases
AI coding agent fixes the identified issues
AI testing tool verifies the fixes and checks for regressions

This loop is more comprehensive than the traditional write-test-fix cycle because both sides are tireless. The coding AI can implement features at 2 AM. The testing AI can explore the entire application after every change. No human needs to remember to test the edge case on the third tab of the settings page.

Plaintest is purpose-built for this loop. You point it at your application URL after any change, and it autonomously discovers what broke. It does not need test scripts or recorded flows. It explores from scratch, builds a map of your entire application, and generates executable Playwright tests for every flow it finds. When an AI coding agent breaks something subtle on a page three clicks deep, Plaintest finds it because it clicks through those three pages on every run.

A Comprehensive Testing Checklist for AI-Generated Code

Use this as a practical reference after every significant AI-generated change:

Before merging AI-generated code:

Run tsc --noEmit to catch type errors and hallucinated APIs
Run your linter to catch inconsistencies and anti-patterns
Review the diff for changes you did not explicitly ask for
Check for hardcoded values, missing error handling, and security issues
Verify that environment variables and secrets are handled correctly

After deploying AI-generated code:

Run your core test suite against the deployment
Run AI-powered exploration against the full application
Compare visual snapshots against the previous release
Check error monitoring for new exceptions (Sentry, LogRocket, etc.)
Verify that API contracts still match consumer expectations

Periodically (weekly or per sprint):

Review test coverage for AI-modified files specifically
Audit AI-generated tests for meaningful assertions
Run a full accessibility audit
Check for performance regressions introduced by over-engineered AI code
Update contract tests if API shapes have intentionally changed

What This Looks Like in Practice

Let me walk through a realistic scenario. You are building a SaaS application. You use Claude Code as your primary coding tool. On Monday morning, you prompt it to add a team invitation feature: invite by email, accept invitation, join the organization.

Claude Code generates the database migration, the API endpoints, the email sending logic, the invitation acceptance flow, and the frontend components. It is clean, well-organized code. You review the diff, it looks good, you merge it.

Here is what a comprehensive testing approach looks like:

Step 1: Static analysis catches that Claude used a deprecated sendgrid method signature. You fix it with a follow-up prompt. Five minutes.

Step 2: Core test suite confirms that existing authentication and billing flows still work. They do. Two minutes.

Step 3: Plaintest exploration discovers that the invitation acceptance page throws a JavaScript error when the invitation token has expired. Claude generated the error handling for invalid tokens but forgot the expiry case. The AI also finds that the team member list does not update after accepting an invitation without a page refresh. Two bugs found autonomously in a three-minute run.

Step 4: You prompt Claude to fix both issues. It does.

Step 5: Plaintest runs again and confirms both fixes work. It also generates regression tests for these flows that you can add to your CI pipeline. Total time: about fifteen minutes, with high confidence that the feature works correctly.

Without this process, those two bugs would have shipped to production. The expired token bug would have frustrated every user whose invitation email sat in their inbox for more than 24 hours. The stale member list would have generated confused support tickets.

The Cost of Not Testing AI-Generated Code

Some developers argue that AI-generated code is "good enough" and that extensive testing is overkill. This perspective underestimates the compounding nature of untested AI code.

Each AI-generated feature that ships without thorough testing adds to your application's uncertainty budget. After a few months of shipping AI-generated code without reliable testing, you have an application where you genuinely do not know which parts work correctly under all conditions. You are afraid to touch certain files because you are not sure what the AI did there three months ago. You cannot refactor with confidence because there are no tests to catch regressions.

This is not hypothetical. It is the lived experience of teams that adopted AI coding tools enthusiastically without upgrading their testing practices to match.

The investment in testing AI-generated code is not overhead. It is the mechanism that allows you to continue using AI coding tools with confidence. It is what makes the productivity gains sustainable instead of temporary.

Conclusion: Trust, but Verify

AI coding agents are the most significant productivity tool to arrive in software development in decades. They are not going away. They are getting better. The volume of AI-generated code in production will continue to grow.

The developers and teams who thrive in this environment will be the ones who embrace AI for code generation while building robust, automated testing practices around it. Not manual testing. Not "I clicked around and it seemed fine." Automated, repeatable, comprehensive testing that runs after every change.

How to test AI-written code is no longer a niche question. It is a core competency for every professional developer.

Use strict type checking as your first line of defense. Maintain a core test suite for critical paths. Run AI-powered exploration tools like Plaintest against your application after every significant change. Review AI-generated tests with healthy skepticism. Implement contract testing for API boundaries.

The goal is not to distrust AI coding tools. The goal is to build a verification layer that gives you justified confidence in the code they produce. Write with AI. Test with AI. Ship with confidence.

That is how to test AI-generated code in 2026, and it is the only reliable approach that scales with the speed at which AI writes it.