CI/CD Integration
Any run can be triggered remotely over HTTP, from a GitHub Actions workflow, a Vercel deploy hook, a Fly.io release command, or any other pipeline that can make an HTTP request after a deploy, so you can run the same scenario automatically every time you ship, without opening VeriWasp and clicking Re-run by hand.
Finding your trigger URL
On the private run detail page (/runs/{id}) for any run, there's a
collapsible Trigger from CI/CD panel showing a ready-to-copy command:
curl -X POST https://veriwasp.com/api/trigger/{token}
Click Copy to grab it exactly as shown. Every run has its own unique
token, generated the moment the run is created (even a draft has one
already, in case you want to wire up the pipeline before ever running it
manually the first time).
:::caution This URL is a secret Anyone with this exact URL can trigger runs on your account, spending your credits each time. Treat it the way you'd treat an API key: store it in your CI provider's encrypted secrets store (GitHub Actions secrets, for instance), never commit it to a repository, and never post it anywhere public. It is not shown anywhere on the run's public shareable report, only on the private, logged-in run detail page. :::
What happens on trigger
A POST to /api/trigger/{token}:
- Looks up the run that owns that trigger token.
- Clones it into a brand-new run (same target URL, viewport, Chaos Mode setting, and steps, with its own fresh ID, share slug, and trigger token) and immediately queues it for execution. This is the exact same clone-and-trigger logic the Re-run button uses; see Re-running a Test for the underlying mechanics.
- Deducts credits from your account the same way any other run start does
(1 for a normal run, 3 with Chaos Mode). If your balance is too low, the
request fails with an HTTP
402 Payment Requiredresponse instead of silently queuing. - Responds immediately (it doesn't wait for the run to finish) with a JSON body:
{
"run_id": "3f1e2c9a-...",
"status": "queued",
"report_url": "https://veriwasp.com/r/f8a2c1"
}
The report_url in that response is the fastest way to link straight to the
new run's live report from within your pipeline's own logs or a deploy
notification, for instance posting it into a Slack message alongside a
"deploy succeeded" notice.
Using the original run's trigger URL, every time
Because triggering clones the run rather than re-executing the exact run row the token belongs to, you always use the same original run's trigger URL every time. You don't need to fetch a new token after each deploy. Each new triggered run gets its own new ID and its own new token, but those new tokens aren't the ones you use going forward; keep using the original one you copied from the run detail page.
Rate limits
Trigger requests are rate-limited per token: up to 30 requests immediately
in a burst, refilling at a rate of 1 additional request every 2 minutes
after that. This is generous enough for normal CI usage (triggering on every
merge to main, for instance) while still preventing a misconfigured pipeline
or a leaked token from being used to drain your credit balance in a tight
loop. A request beyond the limit gets an HTTP 429 Too Many Requests
response rather than being queued.
A GitHub Actions example
name: Post-deploy playtest
on:
deployment_status:
jobs:
playtest:
if: github.event.deployment_status.state == 'success'
runs-on: ubuntu-latest
steps:
- name: Trigger VeriWasp run
run: curl -X POST "${{ secrets.VERIWASP_TRIGGER_URL }}"
Store the full https://veriwasp.com/api/trigger/{token} URL as a single
GitHub Actions secret (VERIWASP_TRIGGER_URL) rather than splitting the
token out separately. There's no reason to reconstruct the URL at runtime,
and keeping it as one opaque secret value minimizes how much of it is ever
visible in workflow logs.