Minuqa

Minuqa is an autonomous QA agent that continuously tests software through mission-driven exploratory verification.

The idea is straightforward: instead of writing test scripts that check what you already thought of, deploy an agent that explores your application and finds what you didn’t think of. Security probes, API contract violations, integration failures, usability issues, reliability problems — all discovered autonomously.

How it works:

The system runs an observe → plan → execute → learn loop:

Planner reads the source code, understands features, reviews past experiment history, and generates 3 testing missions per cycle. Each mission has a specific focus: security probing, API contract validation, integration testing, or reliability checks.

Executor runs the missions using Bash, curl, k6, Playwright, or tmux depending on what the target requires. API missions get curl and load testing tools. Browser missions get Playwright. TUI applications get tmux-based interaction.

Memory persists findings to PostgreSQL and maintains a study document that evolves with each cycle. Critical bugs automatically promote to regression missions for continuous monitoring.

Isolation runs everything inside Docker-in-Docker containers. The target app builds and runs in a sidecar, and the agent accesses it through internal networking. Nothing touches the host.

Results so far: hundreds of bugs found across ongoing sessions against production applications — including RBAC bypasses, privilege escalation, IDOR vulnerabilities, and session management issues.

Stack: Python, PostgreSQL, Claude Code CLI, Playwright MCP.