explaingit

rajat-dandoti/specothesis

7TypeScriptAudience · developerComplexity · 3/5ActiveSetup · moderate

TLDR

CLI that records your browser session with Playwright, then generates an OpenAPI spec, StepCI workflow, curl scripts, and an HTML report from the captured API calls.

Mindmap

mindmap
  root((specothesis))
    Inputs
      Browser clicks
      Network traffic
      Auth config
    Outputs
      OpenAPI 3.0 spec
      StepCI workflow
      curl script
      HTML report
    Use Cases
      Generate API docs from real use
      Build regression test suite
      Detect API drift
    Tech Stack
      TypeScript
      Node.js
      Playwright
      Chromium

Things people build with this

USE CASE 1

Generate an OpenAPI spec from a click-through of your own web app

USE CASE 2

Capture protected endpoints by saving a logged-in browser profile

USE CASE 3

Replay the StepCI workflow in CI to catch regressions

USE CASE 4

Compare a new run against a baseline to spot API drift

Tech stack

TypeScriptNode.jsPlaywrightChromium

Getting it running

Difficulty · moderate Time to first run · 30min

Needs Node.js 18+ and Chromium installed via npx playwright install chromium; auth setup varies per app.

In plain English

Specothesis is a command-line tool that watches what your web app does in a real browser and uses that recording to generate API documentation and regression tests. You install it from npm, run specint start, click through your app like a normal user, and when you press q to stop, it writes out a folder of artifacts derived from the network traffic. The pitch in the README is that you do not need to set up a proxy, install a custom certificate, or write an OpenAPI spec by hand. Under the hood it uses Playwright with Chromium to record a HAR file, then filters that down to XHR and fetch requests. From the filtered traffic it produces an OpenAPI 3.0.3 spec (in YAML and JSON), a StepCI workflow you can replay as a regression suite in CI, a shell script with one curl command per captured request, and a few analytic outputs: coverage stats per endpoint, an anomalies file that flags errors, slow responses, or missing auth, and a drift file that compares the current run to a baseline. Everything is summarized in a self-contained dark-themed HTML report. There are a few helpful workflow touches in the README. The login command saves a logged-in browser profile so you can capture protected endpoints without retyping credentials each run. A URL filter (passed as --filter or set as SCANNER_URL_FILTER in .env) lets you ignore noise from analytics and CDN calls and only record traffic to, say, /api/ paths. Each of the output files (OpenAPI, StepCI, curl, coverage, anomalies, drift, HTML) can be turned off individually with environment variables, and there is a redaction toggle for sensitive values. The README also documents auth setups: a login endpoint that returns a Bearer token, a static Bearer token, an API key header, HTTP Basic, or no auth at all, with extra knobs for the body format and the JSONPath used to find the token in the response. Two optional companions are mentioned: StepCI replays the generated workflow, and Schemathesis can fuzz the generated OpenAPI spec. Requirements are Node.js 18 or newer and Chromium installed via npx playwright install chromium. The author notes the project was directed by Rajat Dandoti and built with AI-assisted development using Claude.

Copy-paste prompts

Prompt 1
Install specothesis and record an OpenAPI spec for my app at localhost:3000
Prompt 2
Set SCANNER_URL_FILTER so specothesis only captures /api/ traffic and ignores analytics
Prompt 3
Walk me through specint login to save a Bearer-token session for a protected app
Prompt 4
Wire the generated StepCI workflow into GitHub Actions as a smoke test
Prompt 5
Feed the specothesis OpenAPI output into Schemathesis to fuzz the same endpoints
Open on GitHub → Explain another repo

Generated 2026-05-22 · Model: sonnet-4-6 · Verify against the repo before relying on details.