#22 Digest
This week’s roundup dives deep into locking down your Playwright tests against secret leaks and security pitfalls, while also tackling smooth refactoring strategies to keep your suites sharp. We’ve got you covered with practical tips on mocking server-side HTTP and smart ways to cut testing costs using AI—plus a fresh look at testing React Router v7 with minimal hassle.
Why AI Browser Agents Need a Runbook Before They Need More Prompts
This article argues that AI browser agents need an operating runbook, not just better prompts, and lays out practical fields like account context, environment assumptions, stop conditions, retry policy, human review, and evidence capture. It’s useful for teams building Playwright-based or MCP-driven browser automation around logged-in, multi-account workflows.
Test Cost Reduction Playbook: AI-Powered Testing on a Shoestring Budget
This playbook argues that most AI-assisted Playwright testing is overpaying for vision models and self-hosted infrastructure, and shows a cheaper DOM-first workflow instead. It also covers budget-conscious mobile automation with uiautomator2, ADB, and OCR, plus a practical cost matrix for choosing models and tools.
How Playwright Tests Leak Data (and How to Stop It)
A practical security-focused deep dive on where Playwright suites leak secrets through traces, HAR files, screenshots, reporters, and storage state. It also covers concrete mitigation patterns like trace scoping, artifact scrubbing, secrets-manager workflows, and auditing scripts.
Playwright Anti-Patterns: What to Watch For
A comprehensive anti-pattern guide for scaling Playwright suites, covering isolation, selectors, timing, fixtures, suite strategy, configuration, and observability. It goes beyond basics with concrete fixes for flaky parallel runs, worker-scoped auth, composable fixtures, project separation, and better flake tracking.
Your Playwright Tests Will Need Refactoring. Here's How to Make It Painless
A practical architecture guide for scaling Playwright tests without turning refactors into a grind. It covers using fixtures as a DI layer, stateless page objects, deterministic seeded test data, fixture namespacing, and business-level step reporting.
Mocking Server Side HTTP in Playwright with mockttp
Shows how to use mockttp as a per-worker forward proxy in Playwright to mock server-side HTTP cleanly, instead of adding test-only branches or patching modules. It includes a full fixture setup, proxy/certificate wiring, and a neat pattern for using the proxy as a test channel for clocks and other hard-to-mock dependencies.
The easiest way to test React Router v7 apps
Explains a browser-based testing workflow for React Router v7 that uses TWD to run createRoutesStub inside a real dev server, letting you test route components with real DOM interactions. It also separates loader/action tests into normal unit tests and shows how to avoid fighting jsdom for route-level coverage.
Anti-detect browser benchmark 2026: 7 stealth tools, 31 Cloudflare targets, 651 verdicts
A detailed benchmark of stealth browser tools against real anti-bot targets, comparing Playwright forks, direct-CDP automation, Firefox-based stealth, and raw HTTP impersonation. It surfaces a non-obvious finding: protocol-level automation fingerprints can matter more than TLS or JS-layer patches, and that a direct-CDP approach outperformed patched Playwright in this test set.