Software 3.0 Autonomous QA & Compliance Ecosystem
Deriv Sentinel QA is an autonomous "Software 3.0" system built for high-stakes fintech environments. It doesn't just run tests; it reasons through them. By utilizing a multi-agent loop on Google Cloud Vertex AI, it self-heals broken test scripts and enforces PCI DSS 4.0 and GDPR compliance at the point of creation.
Traditional QA in fintech is brittle and carries high security risks:
- The Maintenance Trap: Static scripts break during UI updates, creating "false alarms" that stall deployment.
- Compliance Risks: Automated tests often bypass security protocols or accidentally leak PII (Personally Identifiable Information) into logs. Sentinel QA solves this by making security and compliance an autonomous "gatekeeper" in the development lifecycle.
Our architecture follows an agentic pattern, ensuring no code is executed without a compliance audit.
- Architect Agent (Gemini 1.5 Pro): Translates user requirements into Playwright/Python code.
- Sentinel Auditor (Gemini 1.5 Flash + RAG): Audits code against a Compliance Vault (stored in Vertex AI Search).
- Execution Sandbox (Cloud Run): Runs approved code in a secure, headless environment.
- Self-Healing Loop: If a test fails due to a UI change, the agent re-inspects the DOM and patches the script automatically.
- Orchestration: Python-based state machine logic.
- AI Engine: Google Vertex AI (Gemini 1.5 Pro & Flash).
- Compliance RAG: Vertex AI Search grounded in PCI DSS & GDPR documentation.
- Execution: Playwright (Python) running in a serverless sandbox.
- Separation of Concerns: Distinct logic for
architect.py(Creation) andsentinel.py(Audit). - Security-First: No hardcoded API keys; utilizes Google Application Default Credentials (ADC).
- Traceability: Logs capture the "Chain of Thought" for every AI decision.
- A Google Cloud Project with Vertex AI API enabled.
- Python 3.9+
- Clone the repo:
git clone [https://github.com/](https://github.com/)[YOUR_USERNAME]/deriv-sentinel-qa.git cd deriv-sentinel-qa