GetWired is an open-source AI-powered CLI tool that tests your web applications by simulating chaotic human-like behavior. It finds bugs, broken layouts, XSS vulnerabilities, and edge cases before your users do.

Which AI providers does GetWired support?

GetWired supports Claude Code by Anthropic, Auggie by Augment Code, Codex by OpenAI, and OpenCode. You can configure your preferred provider during initialization.

Does GetWired work with any web framework?

Yes. GetWired works with any web app running on localhost — Next.js, React, Vue, Svelte, plain HTML, and more. If a browser can open it, GetWired can test it.

Yes, GetWired is free and open source. You only need credentials for your chosen AI provider (e.g. Claude Code, Auggie, Codex).

  ██████╗ ███████╗████████╗██╗    ██╗██╗██████╗ ███████╗██████╗
 ██╔════╝ ██╔════╝╚══██╔══╝██║    ██║██║██╔══██╗██╔════╝██╔══██╗
 ██║  ███╗█████╗     ██║   ██║ █╗ ██║██║██████╔╝█████╗  ██║  ██║
 ██║   ██║██╔══╝     ██║   ██║███╗██║██║██╔══██╗██╔══╝  ██║  ██║
 ╚██████╔╝███████╗   ██║   ╚███╔███╔╝██║██║  ██║███████╗██████╔╝
  ╚═════╝ ╚══════╝   ╚═╝    ╚══╝╚══╝ ╚═╝╚═╝  ╚═╝╚══════╝╚═════╝

The CLI that tests your app like a crazy QA tester

Name: GetWired
Author: GetWired

One command. AI opens your app in a browser, clicks everything, types garbage into every field, rage-refreshes, finds that one XSS you swore you fixed, and writes you a report. No test scripts. No config files. Just chaos with a purpose.

Let the chaos begin — break your app before your users do.

Install:

Run:

Supported AI Providers

Auggie

Claude Code

Codex

OpenCode

100% open-source — contribute, fork, or just poke around.

Star us on GitHub

Recommended place to run it is in Intent. Also works in any terminal, IDE integrated terminal, or CI environment.

Hacky Test — signup flow — my-app

AGENTS / COORDINATOR / COORDINATOR AGENT

I'll probe the signup flow for security weaknesses. Let me check auth, injection, and parameter tampering.

2m ago

Run a hacky test on the signup flow. Try to break auth, inject payloads, and tamper with parameters.

I'll coordinate across the signup flow. Spawning specialist agents now:

XSS Injection AgentRunning...

Injecting payloads into every text input and URL parameter.

// xss-injection.test.ts
await page.fill('#name', '<script>alert(1)</script>');

Auth Bypass AgentRunning...

Probing unprotected routes and IDOR vulnerabilities.

// auth-bypass.test.ts
const res = await fetch('/api/users/2');

Both agents are working in parallel. Current progress:

· XSS Injection Agent: Found reflected XSS in name field

· Auth Bypass Agent: /admin returns 200 with no auth!

Just now

Type a message...

Select your model

NOTES / SPEC

Hacky Testing — Signup Flow

Overview

Probe the signup flow like a malicious user. Test for injection vulnerabilities, auth bypass, parameter tampering, IDOR, CSRF, and other common web security issues.

Attack Surface

· Form inputs: name, email, password — XSS, SQLi
· API routes: /api/users/:id — IDOR, auth bypass
· Hidden fields: price, role — parameter tampering
· Session: CSRF tokens, cookie flags, replay attacks

Target

· GET /signup, POST /api/signup, GET /admin
· Persona: hacky (adversarial, security-focused)
· Provider: auggie

Tasks

✓Probe /admin route — is it auth-protected?

✓Test IDOR on /api/users/:id

✓Inject XSS payloads in all text inputs

✓Check CSRF token on form submissions

Tamper with hidden price field in progress

Submit negative quantities

Add ?role=admin to signup URL

Check cookie security flags (HttpOnly, Secure)

Hacky Test — signup

my-app/signup

AgentsContextChanges 5Files

Agent orchestration ↗

A coordinator agent breaks down your task into a spec, then delegates work to specialist agents that run in parallel.

Coordinator 2m

I'll probe the signup for security weaknesses…

● ● 2 delegated agents

XSS Injection Agent running

Auth Bypass Agent running

Background agents 3

CSRF Checker

Parameter Tamper

Report Generator

Context ↗

Context about the task, shared with all agents in this space.

📄 Spec

Changes ↗ 5

Changes made to files by agents working in this space.

⤴ test/hacky-signup → main

xss-injection.test.ts tests/ +97 -0

auth-bypass.test.ts tests/ +64 -0

getwired.config.ts src/ +5 -1

csrf-check.test.ts tests/ +38 -0

report.html .getwired/ +112 -0

How It Works (It's Stupidly Simple)

1. Point It at Your App

Run npx getwired init in your project. It detects your framework and dev server. That's the entire setup. No YAML. No 200-line config. Just go.

2. AI Goes Full Gremlin

Pick your AI (Claude Code, Auggie, Codex, or OpenCode). It opens a real browser and does everything your most chaotic user would — rage-clicks, submits forms with emoji, resizes to 200px, finds your unlocked admin page.

3. Read the Damage Report

You get an HTML report with screenshots, bug descriptions, XSS findings, and severity ratings. Fix the embarrassing stuff before your users find it. Ship with confidence (or at least fewer nightmares).