Manage Targets

Playwright Specs

Modern web applications are built around complex, state-driven business workflows that cannot be accurately tested through simple crawling alone. Critical flows such as multi-step checkout processes, HR onboarding journeys, approval chains, support ticket escalations, and role-based feature access require precise sequencing, authenticated states, and conditional logic.

Traditional automated crawlers lack business context and frequently fail to traverse these workflows correctly. As a result, important parts of the application may remain untested.

To address this gap, ZeroThreat supports Playwright Specs integration. You can use your existing Playwright test suites to execute real business workflows during security scans. This ensures deeper coverage across conditionally accessible features and complex user flows that automated crawling alone cannot reach.

Feature Availability
Playwright Specs integration is available exclusively in Enterprise Cloud and Enterprise On-Prem plans. Check out ZeroThreat Plans page for more.

Setting Up Playwright Specs in ZeroThreat

Step 1: Navigate to Targets

Go to the Targets section from ZeroThreat dashboard

Select Target Image

Step 2: Select the Target

Click on the Select Target Image specific target you wish to configure. This will open the Target Configuration settings.

Step 3: Open Playwright Specs

Inside Target Configuration, click on the Playwright Specs section.

Thumbnail

You will see two options to upload or connect your Playwright project. However, before importing your Playwright Specs, you must first configure them to run through the ZeroThreat proxy so they can execute correctly during scans.

Two Quick Ways to Create Playwright Specs (Optional)

If you do not already have a Playwright project, these are two of the quickest ways to get started from an empty directory and create working specs.

Method 1: Using Playwright Codegen

This is one of the fastest ways to create Playwright Specs by recording browser interactions.

  1. Create and open an empty project folder:
mkdir playwright-specs
cd playwright-specs
  1. Initialize a Node.js project:
npm init -y
  1. Set up Playwright:
npm init playwright@latest
  1. Once Playwright is installed, start Codegen against your target application:
npx playwright codegen https://your-target-url.com

This opens a browser and begins recording your actions. As you interact with the application, Playwright generates the corresponding test steps.

  1. Create a spec file inside your tests folder and save the generated steps into it, for example:
mkdir -p tests
  1. Save the recorded flow into a file such as:
tests/login-flow.spec.ts
  1. Run the spec to confirm it works:
npx playwright test

For more information, Refer https://playwright.dev/docs/codegen#generate-tests-with-the-playwright-inspector

Method 2: Using Playwright Test Agents - Planner, Generator, and Healer

This method is useful when you want agent-assisted help to create Playwright Specs from scratch. Playwright provides three built-in test agents: planner, generator, and healer. The usual flow is to let the planner explore the app and produce a Markdown test plan, then let the generator turn that plan into Playwright Test files, and finally use the healer to repair failing tests.

1. Create and open an empty project folder.

mkdir playwright-specs
cd playwright-specs

2. Initialize a Node.js project.

npm init -y

3. Create a Playwright project.

npm init playwright@latest

This creates the base Playwright project structure so you can start generating tests.

4. Generate the Playwright agent definitions for VS Code.

npx playwright init-agents --loop=vscode

Playwright recommends regenerating these agent definitions whenever Playwright is updated so the agents pick up new tools and instructions. VS Code version 1.105 or later is required for this agentic experience.

AI Assistant Setup for Playwright Test Agents
Playwright Test Agents work through an AI assistant in VS Code. Before using the Planner, Generator, or Healer, make sure your VS Code AI setup is ready and has access to a supported model.

If you are using GitHub Copilot, ensure Copilot is installed, signed in, and able to use an available model. VS Code also supports choosing between available language models and, in some setups, bringing your own language model API key. Refer to the VS Code AI language model setup documentation for more details: AI language models in VS Code.

Run the following command to generate the Playwright agent definitions for the VS Code workflow:

npx playwright init-agents --loop=vscode
This generates the Playwright Planner, Generator, and Healer agent definitions. Playwright recommends regenerating these definitions whenever Playwright is updated so the agents can use the latest tools and instructions.

If you are using a different AI coding assistant, such as Codex, the generated Playwright agents may not appear as native selectable agents inside that assistant’s panel. In that case, manually ask the assistant to read and follow the generated Playwright agent instructions when planning, generating, or healing tests.

5. Create a seed test.

The planner expects a seed test that sets up the environment needed to interact with your app. Playwright states that the planner uses this test to run initialization such as global setup, project dependencies, fixtures, and hooks, and also uses it as an example for generated tests.

Create a simple seed test such as:

import { test } from '@playwright/test';

test('seed', async ({ page }) => {
  await page.goto('https://your-app-url.com');
});

Save it as:

tests/seed.spec.ts

6. Ask the planner to create a bounded and precise plan.

The planner explores your app and produces a Markdown test plan for one or more scenarios and user flows. It works best when the request is narrow and explicit. Avoid vague requests like “cover the whole app.” Instead, tell it exactly what flow should be automated, where it starts, what success looks like, and which seed test it should use.

A very basic prompt can be:

Generate a plan for a Playwright spec that logs into the application, opens the billing page, verifies that the invoices table is visible, and logs out. Use tests/seed.spec.ts as the seed test. Keep the plan focused only on this flow.

Bounded, precise planner tasks usually give better results than broad ones.

7. Review the generated Markdown plan.

The planner produces a human-readable Markdown plan under specs/, such as specs/basic-operations.md. Review it before continuing and make sure it matches the exact workflow you want.

8. Pass the approved plan to the generator.

The generator takes the Markdown plan from specs/ and converts it into executable Playwright Test files under tests/. Playwright notes that the generator verifies selectors and assertions live while performing the scenarios.

Your end result should be a clean spec file such as:

tests/billing-flow.spec.ts

9. Run the generated tests.

npx playwright test

Or run only the generated spec:

npx playwright test tests/billing-flow.spec.ts

10. Use the healer if the spec fails.

When a test fails, the healer replays the failing steps, inspects the current UI, suggests a patch such as a locator update or wait adjustment, and reruns the test until it passes or until its guardrails stop the loop.

11. Review the healed result and make manual corrections where needed.

The healer can fix many practical issues, but it should not replace human review. After healing, check whether the final test is still doing exactly what you intended. If selectors, waits, assertions, or flow logic still need adjustment, update the spec manually and run it again.

12. Repeat the same flow for additional user journeys.

This workflow works best when the requested plan is bounded and precise. Smaller, clearly defined flows are easier for the planner to map, easier for the generator to turn into useful specs, and easier for the healer to fix when something breaks. This also aligns with Playwright’s documented flow of planner to generator to healer producing test coverage sequentially.

For more information, Refer https://playwright.dev/docs/test-agents

Once the spec runs successfully, it is ready to be adapted for ZeroThreat by applying the proxy configuration described below.

Configuring Playwright Specs to Run in ZeroThreat

To allow ZeroThreat to execute your existing Playwright tests, you must configure them to route traffic through the ZeroThreat proxy and prepare the project so it runs reliably during scans.

Before importing your Playwright project into ZeroThreat, make sure your project is prepared correctly. At the top of your playwright.config.ts, ensure that devices is imported. For example:

import { defineConfig, devices } from '@playwright/test'

In your default Playwright configuration, keep the project running in headless mode. If you already have headless: true set, keep it as it is. Otherwise, do not explicitly add or override this setting.

You should also structure your Playwright project so that each individual spec completes within 30 seconds. This is the timeout used for Playwright Spec execution inside ZeroThreat. You can have as many individual specs as needed, but each spec should stay within that limit to ensure the best coverage.

Inside your playwright.config.ts, add the following project configuration under projects:

{
    name: 'ZT-Proxy-Chromium',
    use: {
        ...devices['Desktop Chrome'],
        proxy: {
            server: 'http://localhost:8000',
        },
        ignoreHTTPSErrors: true,
    },
}

This ensures that Playwright traffic flows through the ZeroThreat scanning engine.

Inside your package.json, add the following script under scripts:

"zt:test": "npx playwright test --project=ZT-Proxy-Chromium"
Keep your Playwright Specs focused and modular. Smaller specs are easier to maintain, easier to debug, and more reliable during scans.

After these changes, your existing Playwright Specs will automatically execute within ZeroThreat without requiring any modifications to your test spec logic.

Upload Methods

Method 1: Import from GitHub

Use this method to connect your existing Playwright GitHub repository directly to ZeroThreat using the ZeroThreat GitHub App.

Follow these steps:

  1. Click the Connect Your GitHub Repository card. In the popup, click Connect GitHub.
Thumbnail
Make sure you are logged in to GitHub in the same browser profile. If not, you can log in during the next step.
  1. You will be redirected to the GitHub App access page.
Thumbnail
  1. Select the repository that contains your Playwright Specs and grant access to the ZeroThreat AI GitHub App. Click Save to complete the GitHub App authorization.
Thumbnail
  1. After the connection is successful, you will see a GitHub App Installed confirmation page.
Thumbnail
  1. Back in ZeroThreat Portal, select:
  • your repository
  • the path to your Playwright Specs in the repository
  • optionally, the branch name
Thumbnail
  1. Click Save.
Thumbnail

Once connected, your Playwright Specs will be used to improve coverage in future scans.

Method 2: Upload a ZIP File

You can also upload your Playwright project directly.

  1. Create a .zip file of the project containing playwright specs
  2. Ensure that playwright.config.ts is present in the root directory of the ZIP
  3. Upload the ZIP file
Thumbnail
If your ZIP file is larger than 50 MB, use the Import from GitHub option instead.

Once uploaded, your Playwright Specs will be listed in the Playwright Specs section for that target.

Viewing Playwright Specs During a Scan

Once Playwright Specs are configured for a target, they will automatically run when you initiate a scan.

In Scan Report

After the scan completes:

  • Open the Scan Report
  • In the top-right dashboard, you will see a Playwright section
Thumbnail
  • Clicking it will display:
    • All specs executed during the scan
    • Execution status (Pass / Fail)
    • Execution time per spec
Thumbnail

During an Active Scan

While a scan is running, you can monitor Playwright spec execution progress within the AI-Driven Penetration view.

A dedicated Playwright Spec block will display:

  • Currently running specs
  • Execution status
  • Runtime information
Thumbnail

This allows you to verify that critical workflows using Playwright specs are being tested as expected.

Why Use Playwright Specs?

Integrating Playwright Specs provides:

  • Coverage for multi-step and stateful workflows
  • Testing of conditionally accessible features
  • Improved attack surface exploration beyond ZeroThreat static crawling

By combining crawler-based discovery with business-aware execution flows, ZeroThreat ensures more realistic and comprehensive security testing.

Summary

Playwright Specs enable you to bring real business workflows into your security scans. By reusing existing automation suites, you can significantly improve coverage of critical application features that traditional crawlers cannot reliably test.

Once configured, Playwright execution becomes a seamless part of your scanning process, providing visibility, control, and deeper testing across your application’s most important flows.