Documentation
Everything you need to install QAOnFire, configure it for your repo, and get great QA reports on every PR.
On this page
Install
QAOnFire is a GitHub App. Installation takes about 30 seconds:
- Go to github.com/apps/qaonfire and click Install.
- Choose the account or organization to install on.
- Pick "All repositories" or just the ones you want QAOnFire to review.
- Click Install. You'll land back on QAOnFire's post-install page.
That's it. QAOnFire is now listening for pull request events. Open a PR on any installed repo and a QA report comment appears within ~30 seconds.
qabot.md file in your repo, the first report uses sensible defaults. To make reports reference your actual roles, tables, and rules, set up qabot.md next โ the fastest way is /qaonfire init.
How a PR review happens
When you open or update a pull request on a repo where QAOnFire is installed:
- GitHub fires a
pull_requestwebhook to QAOnFire. - QAOnFire fetches the PR diff and the contents of small changed files.
- It reads
qabot.mdfrom your repo root, if present. - It sends all of that to Anthropic's Claude API with a tuned prompt that asks for test scenarios, edge cases, setup notes, verification scripts, and PM notes.
- It posts a single comment on the PR with the result โ or updates the existing comment if the PR was already reviewed.
Re-running on a new commit doesn't create duplicate comments. The same PR run doesn't double-count against your quota.
qabot.md โ teaching it your domain
The single biggest lever for report quality is qabot.md โ a markdown file at your repo root that tells QAOnFire what your app actually does. Without it, you get generic test plans. With it, reports reference your real roles and rules.
Fastest way to get one: /qaonfire init
Comment /qaonfire init on any issue or PR in the repo. QAOnFire will scan the repo (package files, README, key source directories), generate a tailored draft, and open a PR with the new qabot.md. Review and merge.
Or write it yourself
The format is intentionally loose markdown. Aim for ~50โ200 lines. The headings below are suggestions โ use whatever makes sense for your app.
# qabot.md
## What this app does
Short description so QAOnFire knows the domain.
## User roles
- **Admin** โ full access; can manage billing, users, settings
- **Member** โ can view and edit projects they're invited to
- **Guest** โ read-only access to public projects
## Key business rules
- Free plan allows max 3 projects per account
- Soft-deleted records are kept for 30 days then purged
- All API endpoints require an API key in the `X-API-Key` header
## How to verify changes manually
- Local: `npm run dev` then visit http://localhost:3000
- Test users: alice@test.dev (Admin), bob@test.dev (Member)
- DB access: `psql $DATABASE_URL`
## Tables and key relationships
- `users` โ one per account
- `projects` โ owned by a user, has many tasks
- `tasks` โ belongs to a project; soft-deletable
## Things to look for in any review
- Auth checks on new endpoints
- N+1 queries when listing projects/tasks
- Migrations are reversible
- Stripe webhook handlers are idempotent
QAOnFire reads this file fresh on every PR, so updates take effect on the next PR review with no redeploy needed.
Slash commands
Comment any of these on an issue or PR in a repo where QAOnFire is installed:
| Command | What it does |
|---|---|
/qaonfire init |
Scans the repo and opens a PR with a starter qabot.md. Counts as one PR run against your monthly quota. |
/qaonfire status |
Replies with your current plan, this month's usage, your installation ID, and a link to the Stripe Customer Portal (for paid plans). |
/qaonfire help |
Lists available commands. |
Quotas and billing
Quotas are per installation (one installation = QAOnFire installed on one GitHub account/org), per calendar month, and reset on the 1st (UTC).
| Plan | PRs/month | Price |
|---|---|---|
| Free | 5 | $0 |
| Solo | 50 | $49/mo |
| Team | 200 | $149/mo |
Upgrade or cancel anytime via the Stripe Customer Portal โ reach it with /qaonfire status. Cancellation takes effect at the end of the current billing period.
What counts as one PR:
- Each unique PR that gets a successful QA report = 1
- Re-running on the same PR after a push = 0 (we update the existing comment)
/qaonfire init= 1- Failed runs (e.g., API timeouts) = 0
Permissions and security
QAOnFire requests the minimum GitHub permissions needed to do its job:
| Permission | Why |
|---|---|
| Pull requests (read/write) | Read PR metadata and post the QA report comment |
| Contents (read) | Read the diff, file contents, and qabot.md |
| Issues (read/write) | Read slash commands, post responses, open the qabot.md PR from /qaonfire init |
| Metadata (read) | Required by GitHub for any App |
PR content (diff + selected file contents + qabot.md) is sent to Anthropic's Claude API to generate the report. Anthropic does not train on API-submitted data per their commercial terms. We retain metadata about PR runs (which PR, when, how many tokens) but not the source code itself once the report is generated. See privacy policy for details.
Troubleshooting
For common issues (no comment posted, quota questions, cancellation, etc.) see the troubleshooting section on the support page. If you can't find an answer there, email hello@qaonfire.dev.