Tusk

Record live API traffic and replay it as deterministic, sandboxed tests, plus AI code review and unit test generation, all from one Go CLI built by YC W2024's Use-Tusk.

143stars
5forks
Apache License 2.0
Go

Tusk is an Apache-2.0 licensed, Go-based command-line tool from Use-Tusk (Y Combinator W2024) that bundles three AI-assisted testing workflows behind a single tusk binary: Tusk Drift for API traffic record/replay, Tusk Review for AI code review of your working tree, and Tusk Unit for retrieving and applying AI-generated unit tests. The CLI itself ships as prebuilt cross-platform binaries via an install script, a Homebrew tap, and GitHub Releases, with the source fully open on GitHub.

Tusk Drift is the most fully-featured piece: it captures real inbound/outbound API traffic through a language SDK (Node.js and Python SDKs exist, more are planned), then replays those recorded traces against your service through a local Unix-socket mock server. A priority-based mock matcher (internal/runner/mock_matcher.go) resolves each outbound call to the right recorded response, and the whole replay runs inside a sandbox powered by Use-Tusk’s own fence project, which blocks live outbound connections to Postgres, Redis, or other services so results stay deterministic. Everything works entirely offline against .tusk/traces on disk, or optionally against Tusk Drift Cloud for hosted trace storage and PR-scoped deviation classification.

Tusk Review and Tusk Unit are thinner CLI surfaces over Use-Tusk’s hosted service: tusk review run uploads a git patch of your uncommitted and untracked changes for AI review and prints results straight to the terminal (nothing is ever posted to GitHub or GitLab), while tusk unit commands let you pull AI-generated unit test runs, inspect scenarios, submit feedback, and apply diffs with git apply. Both require authenticating with tusk auth login or a TUSK_API_KEY since the actual AI analysis happens server-side.

A standout piece of the codebase is internal/agent, a Claude Sonnet 4.5-powered onboarding agent that drives tusk drift setup: it runs a phase-based tool-calling loop that detects your project’s language, instruments the Drift SDK, writes configuration, and validates the whole thing with a live record-and-replay cycle before handing control back to you.

What You Get

  • A trace record/replay engine (tusk drift run) that replays captured API traffic against your service and diffs the live response against what was recorded
  • A Unix-socket protobuf mock server (internal/runner/server.go) that intercepts outbound calls from the Drift SDK and serves matched recorded responses instead of hitting real dependencies
  • Sandboxed replay via the Use-Tusk/fence tool, which blocks localhost outbound I/O (Postgres, Redis, HTTP) so tests stay deterministic
  • An AI setup agent (tusk drift setup) that instruments your codebase with the Drift SDK, writes .tusk/config.yaml, and validates the setup automatically
  • tusk review run for AI code review of uncommitted and untracked changes, printed to your terminal without ever commenting on GitHub or GitLab
  • tusk unit commands to fetch AI-generated unit test runs, inspect scenarios, leave feedback, and apply diffs with git apply
  • An interactive terminal UI (built on Charm’s bubbletea/bubbles/lipgloss) showing live test progress, pass/fail counts, and per-test service logs side by side
  • Cross-platform prebuilt binaries distributed via an install script, a Homebrew tap, and GitHub Releases (macOS, Linux, Windows)

Common Use Cases

  • Running Drift-recorded API traces as regression tests in CI/CD without hand-writing test fixtures
  • Feeding coding agents structured deviation reports via tusk drift run --agent so they can act on test failures directly
  • Recording and replaying traces entirely offline from .tusk/traces, with no calls to Tusk’s cloud backend
  • Running tusk review run against a local working tree before opening a pull request, without posting anything publicly
  • Pulling and applying AI-generated unit test diffs for a pull request with tusk unit get-diffs

Under The Hood

Architecture The CLI is a thin Cobra command layer (cmd/*.go, wired up in cmd/root.go) over several focused internal packages: internal/runner implements the Drift replay engine as an Executor/Server pair communicating with the instrumented SDK over a length-prefixed protobuf protocol on a Unix socket, with mock_matcher.go doing priority-based span matching (trace-scoped, then suite-wide); internal/agent runs a separate Claude-driven phase loop with its own tool registry (executor.go, tools/) for the onboarding wizard; internal/api is a protobuf-over-HTTP client for Tusk Drift Cloud, Review, and Unit backends; and internal/tui plus internal/agent/tui.go render bubbletea-based terminal UIs. Platform-specific sandboxing is isolated behind sandbox_unix.go/sandbox_windows.go. Because the wire protocol for SDK↔CLI communication is versioned via a shared tusk-drift-schemas package, the SDK and CLI must stay compatible, and an explicit SDK_CONNECT handshake checks this at replay start.

Tech Stack Written in Go 1.25 using Cobra/pflag for the command surface, the Charm ecosystem (bubbletea, bubbles, lipgloss, huh, glamour) for interactive TUIs, koanf for YAML config loading, and generated Protobuf types (google.golang.org/protobuf, tusk-drift-schemas) as the wire format shared with the Node.js and Python Drift SDKs. Sandboxing is delegated to Use-Tusk’s own fence library, which needs bubblewrap and socat on Linux. PostHog powers CLI analytics, and gitleaks is vendored for secret-scanning in the review/patch path. There’s no database — state lives in local files under .tusk/ and a CLI config directory. Builds and releases run through a Makefile plus GoReleaser, with a Nix flake for a reproducible dev shell, producing signed multi-platform binaries.

Code Quality The repo carries 55 _test.go files across cmd/ and internal/, using testify’s assert/require for assertions. Error handling is explicit and typed: a custom ExitCodeError wraps errors with a specific process exit code and supports errors.As unwrapping, and formatApiError translates raw API errors into actionable, status-code-specific user messages. CI (.github/workflows/main.yml) runs a build, lint, and test matrix across Ubuntu, macOS, and Windows, plus an OpenSSF Scorecard security badge. Linting is enforced with a strict golangci-lint v2 config (errcheck, gosec, govet, staticcheck, unused, revive, gocritic, ineffassign, misspell) and gofumpt formatting, all wired into CI.

What Makes It Unique The most distinctive piece is the built-in AI setup agent: rather than a static wizard, tusk drift setup runs a phase-based, tool-calling loop against Claude that inspects your codebase, instruments the SDK, writes configuration, and proves the result works via a real record/replay cycle — all before you touch anything by hand. Combined with fence-based sandboxing that actively blocks live outbound I/O during replay (rather than just relying on library-level mocking), and a single authenticated CLI spanning three distinct AI-testing products (traffic replay, code review, unit generation), Tusk packages a broader workflow than typical single-purpose testing tools, even though each underlying technique (sandboxing, TUI rendering, protobuf transport) builds on established open-source libraries.

Self-Hosting

Licensing Model The Tusk CLI is Apache-2.0 licensed, and Tusk Drift’s local record/replay/mock-matching engine runs entirely on your machine with no license key required.

Self-Hosting Restrictions Without a Tusk account, only local Drift replay (tusk drift run against .tusk/traces) is available. tusk review run, all tusk unit commands, and tusk drift run --cloud require tusk auth login or a TUSK_API_KEY, because the actual AI review and test-generation work is performed server-side on Use-Tusk’s backend, not in the open-source CLI code.

Enterprise Features Per Use-Tusk’s public pricing page, the paid Team plan ($50/active developer/month, no seat minimum) adds unlimited AI test generation, an observability/monitoring dashboard, CoverBot, Jira/Linear integrations, and priority Slack support. Enterprise (custom pricing, 200-seat minimum) adds SAML/SSO, an analytics API, multi-org support, white-glove implementation, a vendor security review, and a self-hosting option.

Cloud vs Self-Hosted Tusk Drift’s trace replay and mock matching run fully locally against files in .tusk/traces with zero network calls. Opting into --cloud adds hosted trace storage, automatic recording from live traffic, and PR-scoped intelligent deviation classification. Tusk Review and Tusk Unit have no offline mode at all, since the AI analysis itself happens on Tusk’s servers regardless of plan.

License Key Required No license key is needed to build or run the open-source CLI binary. An account/API key is required only to use the hosted Review, Unit, or Drift Cloud features — the free tier covers this with no credit card required.

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search