Astrolexis
Astrolexis
Inquisitor is an autonomous testing daemon. Three AI agents invent flows, generate adversarial inputs, and watch for the bugs that look like success. They write a developer-ready PDF when they find something.
The bugs Inquisitor was built to catch. They all return exit code 0. None of them get caught by Jest, Playwright, or your eyeballs in code review.
A sub-task returns HTTP 401. Your agent "analyzes" the error string as if it were the answer. Exit 0, fabricated response.
Three signals pointing three different directions. The user sees "success" but nothing happened.
Empty input bypasses validation, hits the model server, and the user sees raw template source line numbers in the error.
Non-interactive mode with no UI to prompt. Every tool call denied. Looks like the system just decided to do nothing.
Bidi overrides, zero-width joiners, ANSI sequences. Real users send these by accident. Real attackers send them on purpose.
"Create file X but guarantee X has never existed." The agent doesn't recognize the contradiction and silently spins until the external timeout fires.
Three specialized agents. One pipeline. Generate scenarios with an LLM, run them against your target, judge the output with a separate LLM that's biased toward skepticism.
Generates legitimate user-flow scenarios that exercise typical and edge interactions. Catches regressions and broken happy paths before users do.
Generates adversarial inputs designed to break things — Unicode pathologies, contradictory tasks, resource exhaustion, malformed payloads. Looks for crashes, hangs, leaks, silent corruption.
Prompt injection, secret leakage, path-traversal and auth-bypass probes against your agent or CLI surface. Surfaces shallow security regressions an attacker would try first — not deep binary 0-days. Available on the Enterprise plan.
Inquisitor was dogfooded against kcode, our own production AI coding CLI. In a handful of runs it surfaced bugs no human or test suite had caught.
When a parallel sub-task returned HTTP 401, the orchestrator passed the error string as input to the next sub-task, which "analyzed" the 401 body as if it were the failing test output. Exit 0, fabricated answer.
A logically contradictory task caused the agent to hang silently. Telemetry: exitCode=0, timedOut=true, stdout empty. Three signals saying three different things — user has no idea what happened.
--print mode with default permissionMode="ask" had no UI to prompt. Every tool call denied. CLI looked like it just decided to do nothing.
Empty input bypassed local validation, hit the model server, raised an internal Jinja exception. Raw template source and line numbers surfaced in the user-facing error, with a misleading "transient — retry" hint when the failure was deterministic.
Agent reported "linter ran, no errors" but the tool-call array showed only a single Read of package.json — no Bash invocation, no biome.json verification. Fabricated steps in the summary.
When the daemon finds something, you get the artifact. Not a notification, not a dashboard — the actual report you'd hand to the dev team.
Hand it to a developer. Or attach it to a Jira ticket. Or print it. It reads like an audit document because it is one.
Same content, plain text. Drop into a PR comment. Search by severity. Pipe through your tooling.
Every finding includes a copy-paste shell command that reproduces it. No "works on my machine" excuses.
Appendix shows every LLM call the agent made — input prompt and raw response. You can audit how each finding was reached.
Buy a pack of testing sessions, use them whenever. Sessions don't expire. One session = one job, up to 20 scenarios, full PDF + Markdown report.
No. Unit tests verify the code does what it's supposed to do. Inquisitor verifies the system handles what it's not supposed to do — adversarial inputs, contradictory tasks, partial upstream failures. They're complementary.
Because Inquisitor needs to spawn your CLI, hit your localhost APIs, exercise your dev environment. Running in our cloud would mean punching holes through your firewall. Instead, the daemon runs on your machine; only the LLM calls are bridged through our service. We never see your code or test outputs.
No. Each session you buy includes all LLM usage required to run that job. We bridge the calls through our infrastructure using our own keys. You never deal with provider keys, rate limits, or upstream outages.
One session = one job execution, up to 20 scenarios. The session includes the agent generating scenarios, running them against your target, judging the outputs, persisting findings, and producing the PDF + Markdown report. If you only run 5 scenarios, that's still 1 session — sessions are billed per job, not per scenario.
No. Buy a pack, use them when you need them. They sit in your account indefinitely.
Today: any CLI tool. The kcode adapter is generic enough that most prompt-driven CLIs work out of the box. v0.4 adds an HTTP adapter for any REST/JSON service. v0.5 adds an iOS adapter for SwiftUI/SpriteKit apps.
Every report includes a full reasoning appendix — every LLM call the agent made, with the exact input prompt and raw response. Nothing is hidden. The judge model can be wrong, but its reasoning is auditable. Cross-judging (same scenario judged by two independent models, disagreement flagged for review) is on the v0.6 roadmap.
The daemon is cross-platform. Validated on Linux x86_64 and macOS arm64 (Apple Silicon, M-series). The Inquisitor pipeline doesn't care what your target is doing internally — it tests whatever you point it at.
You sign up with email + credit card (we use Stripe — same checkout you've used a hundred times). You get 3 free sessions immediately. If you cancel any time within 7 days, you're not charged a cent. If you don't cancel, the card is charged for a Starter pack ($39 / 5 sessions) on day 7, and you keep going from there. One-click cancellation in your account settings.
There aren't any. Inquisitor sells one-time session packs. The only auto-charge is the trial-to-Starter conversion (which you can cancel before it triggers). After that, you buy more session packs only if and when you need them.
Start the 7-day trial. 3 free sessions, full PDF reports, no commitment beyond the card on file.