Agent Types
Swarm QA deploys up to eight specialized agents, each targeting a distinct quality dimension. Every agent runs independently and in parallel with the others.
Link Patrol
Crawls all anchor tags and resource references on every visited page.
Checks: broken links (4xx/5xx), redirect chains (3+ hops), external unreachable domains, anchor fragments pointing to missing IDs, mixed-protocol links.
Severity mapping: broken internal link = High, broken external link = Medium, redirect chain = Low.
HTTP Guard
Inspects HTTP response headers and cookie configuration for security best practices.
Checks:
Content-Security-Policypresence and strictnessStrict-Transport-Security(HSTS) with adequatemax-ageX-Frame-Options/frame-ancestorsdirectiveX-Content-Type-Options: nosniff- Mixed content (HTTP resources on HTTPS pages)
- Cookie attributes:
SameSite,Secure,HttpOnly
Severity mapping: missing CSP = High, missing HSTS = Medium, insecure cookies = High.
A11y Scout
Performs accessibility checks aligned with WCAG 2.1 AA and the German BFSG (Barrierefreiheitsstarkungsgesetz).
Checks: missing alt text on images, invalid or missing ARIA attributes, insufficient color contrast (< 4.5:1 for normal text), missing form labels, keyboard navigation traps, focus order violations, missing skip-to-content links.
Severity mapping: keyboard trap = Critical, missing alt text = High, contrast violation = Medium.
Smoke Flow
Verifies basic page functionality — the first line of defense.
Checks: HTTP 200 on page load, JavaScript console errors, unhandled promise rejections, white-screen-of-death (blank <body>), rendering failures (empty viewport), resource load failures (fonts, scripts, stylesheets).
Severity mapping: WSOD = Critical, console error = Medium, resource failure = Low.
Perf Sentinel
Measures Core Web Vitals and identifies performance bottlenecks.
Checks: Largest Contentful Paint (LCP), Cumulative Layout Shift (CLS), Time to First Byte (TTFB), resources over 1 MB, total page weight, number of HTTP requests, long tasks blocking the main thread.
Severity mapping: LCP > 4s = High, CLS > 0.25 = Medium, TTFB > 800ms = Medium.
SEO Recon
Evaluates search engine optimization fundamentals.
Checks: <title> and <meta description> presence and length, Open Graph tags (og:title, og:image), canonical URL, H1 structure (exactly one per page), robots.txt accessibility, sitemap.xml presence, structured data (JSON-LD), duplicate titles across pages, image alt attributes, lang attribute on <html>.
Severity mapping: missing title = High, missing canonical = Medium, missing OG tags = Low.
Form Fuzzer
Submits forms with adversarial and edge-case inputs to test validation and error handling.
Checks:
- Empty submission (all fields blank)
- XSS probes (
<script>, event handlers, SVG payloads) - SQL injection patterns (
' OR 1=1 --) - Integer overflow and boundary values
- Excessively long strings (10k+ characters)
- Error feedback quality and accessibility of error messages
Severity mapping: XSS reflected in DOM = Critical, missing server-side validation = High, poor error feedback = Low.
WARNING
Form Fuzzer submits real data to your application. Run it against a staging environment, not production, to avoid side effects like created accounts or submitted orders.
API Health
Discovers and tests API endpoints by intercepting XHR/fetch requests and probing well-known paths.
Checks: endpoint discovery via network intercept, well-known paths (/health, /api/status, /graphql, /swagger), HTTP status codes, response time (> 2s = warning), unreachable endpoints, JSON parse errors in responses.
Severity mapping: unreachable endpoint = High, slow response = Medium, missing health check = Low.