Why ReGrade
Your tests validate what you expect. ReGrade detects what you don't — by comparing real traffic across versions field by field. It doesn't replace the testing you already do; it catches what that testing structurally can't.
| Approach | What it verifies | What it can't see | How ReGrade complements it |
|---|---|---|---|
| Unit & integration tests | The specific behaviors you wrote assertions for. | Behavior you never thought to assert on — the unknown unknowns. | Compares entire responses field by field, so unexpected differences surface without a written assertion. |
| Contract testing | That two services still agree on an API schema. | Changes that stay within the contract — wrong values, side effects, a field that shouldn't be there. | Compares the actual response content across versions, not just its shape. |
| Snapshot testing | That an output still matches a previously recorded snapshot. | Anything you didn't snapshot; snapshots are brittle and hand-curated. | Replays real traffic and maps expected noise (tokens, timestamps) automatically, so only real diffs remain. |
| DAST & scanners | Known vulnerability classes from a signature or CVE list. | Novel, app-specific flaws that have no signature yet. | Found a real password-hash leak (CVE-2023-5968) with zero prior knowledge, from traffic alone. |
| Manual QA | Whatever a human thinks to click through, with real judgment. | Everything, repeatably — it doesn't scale and isn't deterministic. | Turns every recorded request into a repeatable, automated behavioral check. |
Additive, not a replacement. Keep your tests — ReGrade grades every real request against a known-good version and surfaces the differences no one wrote a check for.