For Enterprise

QA infrastructure for
regulated crypto operations.

Operators running white-label exchange software in production need more than test scripts. They need isolation, lifecycle controls, and rails that refuse to break things. That's what we ship.

Get started Security overview

100%

Tenant data isolation

Row-level security at the database, scoped storage buckets per workspace, audit log per trigger.

3

Capture buckets, 3 retention windows

Screenshots, network bodies, and HAR each get their own private bucket and TTL.

0

Lines of bespoke code per tenant

One scenario, every white-label. Tenant-scoped credentials, env-scoped secrets.

Capabilities

What ships in the enterprise plan.

Everything below is core to the platform, not an upsell. The enterprise plan adds SLA, dedicated support, and SSO.

01 Capability

Role-based access, built in

Admin, QA, and Viewer roles enforced via Supabase RLS. QAs can author and run; Viewers can read; Admins handle credentials and integrations. Invite via email, single-sign-on on the roadmap.

02 Capability

Production-mode safety rails

Scenarios marked prod_safe: false refuse to run against production tenants. Destructive actions like api_initiate_withdraw are blocked unless both the WL flag prod_trading_test_enabled AND scenario.prod_safe are set. No accidents.

03 Capability

Versioned action catalog

Every action in the runner is documented, schema-validated, and surfaced inline in the editor. Schema changes are coordinated across runner + panel + edge functions. No silent drift.

04 Capability

Realtime, not polling

Run events stream over Supabase Realtime. The live console rebuilds in <50ms as each step lands. No log tailing, no SSH into runners.

05 Capability

Capture lifecycle, not capture sprawl

Screenshots and request bodies upload only when something interesting happens: failures, key milestones, or explicit ui_screenshot. Storage expires on a schedule. Costs don't surprise you.

06 Capability

Twilio SMS for OTP flows

Twilio inbox webhook stores incoming SMS in sms_inbox. auth_wait_sms polls it for the OTP, with a regex you control. Authenticator-only? auth_solve_totp generates the 6-digit code from the stored secret. Either way: unattended.

Compliance

Designed for the controls
your compliance team will ask about.

Full security overview
  • RLS-enforced data isolation
  • Private storage buckets
  • Encrypted credentials at rest
  • Audit log per run trigger
  • Workspace-scoped invites
  • GDPR-ready DPA available

Let's talk about your tenants.

Bring us a tenant. We'll bootstrap it, write the first scenario, and have a scheduled smoke check running before the call ends.

Get started Read the docs