Axiomatic
Getting Started

First Test

Run Your First Test

After installing Axiomatic and running axm init, you already have an example test. Run it:

axm run

You will see output like:

  Axiomatic — run

  no-console-log ✗ fail (0.97 confidence, $0.02)
    Violations:
      src/utils/debug.ts:23 — console.log("user data:", userData)
      src/components/Header.tsx:8 — console.log("render")

  1 test, 0 passed, 1 failed

Each violation points to a specific file and line with a description of what violates the condition.

The "Aha" Moment: Write a Real Test

The starter test is useful, but the real power shows when you test properties that no linter can catch. Try this:

axm add "Every API route that performs a mutation must verify the user session before executing business logic"

The LLM agent will explore your codebase and generate a focused test definition based on your description.

Now run it:

axm run --filter "**/auth*" --verbose

With --verbose, you can watch the agent explore your codebase in real time -- reading route files, checking for session verification patterns, and building its case before rendering a verdict.

This is the core value: you described a security property in plain English, and Axiomatic verified it across every route in your codebase.

Interpreting Results

Each test result includes:

  • Status: pass or fail
  • Confidence: A score from 0 to 1 indicating how certain the agent is. Scores above 0.9 are high confidence.
  • Cost: The API cost for that test run (typically $0.01--0.05)
  • Violations: When a test fails, each violation includes:
    • The file path
    • The line number
    • A description of what violates the condition

Exit codes:

  • 0 -- all tests passed
  • 1 -- one or more tests failed
  • 2 -- configuration error or provider failure

Before and After: What Axiomatic Catches

Before Axiomatic

A developer refactors the API layer and accidentally removes the auth middleware from an admin endpoint:

// app/api/admin/users/route.ts
export async function DELETE(req: Request) {
  // Auth check was here, but got lost in the refactor
  const userId = req.nextUrl.searchParams.get("id");
  await db.user.delete({ where: { id: userId } });
  return Response.json({ success: true });
}

Unit tests pass (they mock the auth layer). Linters see valid TypeScript. The PR gets merged. The endpoint is now publicly accessible.

After Axiomatic

The CI pipeline runs axm run and catches the missing auth check:

✗ auth-required (fail, confidence: 0.94)
  Violations:
    app/api/admin/users/route.ts:2 — DELETE handler performs
    database mutation without session verification

The PR is blocked. The developer adds the auth check. The vulnerability never reaches production.

Next Steps

  • Writing tests -- learn to write effective conditions with examples across security, architecture, and code quality
  • Configuration -- configure providers, models, caching, and per-test overrides
  • CI/CD integration -- set up Axiomatic in GitHub Actions, GitLab CI, and other pipelines

Installation

Install Axiomatic and configure your API key.

Quickstart

A 5-minute end-to-end walkthrough of installing, configuring, and running Axiomatic.

On this page

Run Your First TestThe "Aha" Moment: Write a Real TestInterpreting ResultsBefore and After: What Axiomatic CatchesBefore AxiomaticAfter AxiomaticNext Steps