Test Environments & Accounts
This is where you decide which address verification opens and who it signs in as. Site addresses, test accounts, and safely encrypted secrets — everything to set up before running a verification.
Verification needs a "where" and a "who"
Verification means a real browser opening a real address and clicking through it. So before running one, two things must be decided:
- Where — the site address to test (a test environment)
- Who — for flows that require signing in, which account to use (a test account)
Both live in the Test Environment tab of your workspace board. Set them up once, and every verification after that follows the same settings.
Registering a test environment
A test environment is simply "the site address verification opens." In the Test Environment tab, a name and an address are all it takes:
- Name — a label for yourself (e.g. "Staging", "Production")
- Site address — the frontend address verification opens (e.g.
https://staging.example.com)
You can keep several environments — say, "Staging" for pre-release checks alongside "Production" — and pick one per run. Mark one as the default environment, and any verification that doesn't specify otherwise runs there.
When a run group (round) is created, the environment and account you chose at that moment are locked to that group — so re-verifying within the same group always uses the same environment and account, keeping results consistent.
The address must be reachable by Specnote's servers. If your app only runs on your own PC (
localhost), see "If your app only runs on your computer" below.
Connecting test accounts
To verify member-only screens, Specnote needs a test account to sign in with. Register an email and password under Sign-in accounts in the Test Environment tab.
Accounts can be scoped per environment — staging and production credentials usually differ. An account you register without picking an environment isn't tied to one; it can be used in any environment. When accounts must differ per environment, register them with a specific environment instead.
One principle applies here too: register a test-only account, not production credentials. An account that costs you nothing if leaked is the safest kind.
Each test can be viewed as a member or a visitor (not signed in), so the same screen can be verified from both perspectives — for example, "can someone who isn't signed in reach the checkout screen?"
Secrets — stored safely
Registered accounts and keys are encrypted the moment you save them (using KMS, a dedicated vault). Only you can reveal them, and even then "show value" displays a value for just 5 seconds before masking it again.
Beyond accounts, other values your verification needs — like sandbox payment keys — can be stored as secrets. They're kept fully separate from your production secrets, so store only the minimum your tests require.
If Specnote spots credential-like values while your code is connected, it asks "store this as a secret?" — you review and decide.
If your app only runs on your computer (LOCAL)
You can verify apps that only run on your PC (localhost) before they're deployed. Just choose the My computer (LOCAL) option when registering the environment.
Sign-in flows work a little differently here. Specnote's servers can't reach the sign-in screen on your PC, so you sign in once on its behalf:
- Click Sign in on my computer in the Test Environment tab.
- A sign-in browser window opens on your computer shortly after.
- Sign in there as you normally would.
- Come back and click Signed in — done.
Specnote safely carries that signed-in state into the verification. If the browser window doesn't open for a while, follow the on-screen guide to start the Specnote helper on your computer.
You can ask your AI instead
Everything above can be done on screen — or by asking your connected AI:
Register a test environment in Specnote. Name it "Staging", address https://staging.example.com. Also add the test account tester@example.com with password ○○○.
Your AI registers the environment and account for you. Not connected yet? See Connect Your AI (Install MCP) first.
With environments and accounts in place, head to Running Verifications & Reading Results and try a run. If sign-in steps keep failing, Troubleshooting has a checklist for that.