OnCatch by OnPath Testing

How OnCatch works — engineering deep-dive.

The technical architecture behind OnCatch's bug-capture widget: capture engine (75 KB vanilla TS, closed shadow DOM, keystroke isolation), submission pipeline (Turnstile + rate limits + HMAC-SHA256 + idempotency + SSRF defense), privacy redaction (client-side PII scrub, GPC honored end-to-end), triage admin (Postgres RLS, transactional audit log, deterministic lock order on bulk actions), integration forwarding (two-way Jira / Linear / GitHub, MCP server, webhook v1 additive-only forever).

Hostile-stack proof: Tested under WebGL, strict CSP, service workers, RTL, large DOM, streaming AI, WordPress plugin chaos, cross-origin iframes. Public test matrix at demos.oncatch.app (shipping with the next product release).

Security or architecture questions? Email hello@oncatch.app — real QA engineer at OnPath answers.