Show HN: Tusk Drift – Turn production traffic into API tests (github.com)

33 points by jy-tan ↗ HN
Hi HN! In the past few months my team and I have been working on Tusk Drift, a system that records real API traffic from your service, then replays those requests as deterministic tests. Outbound I/O (databases, HTTP calls, etc.) gets automatically mocked using the recorded data.

Problem we're trying to solve: Writing API tests is tedious, and hand-written mocks drift from reality. We wanted tests that stay realistic because they come from real traffic.

versus mocking libraries: Tools like VCR/Nock intercept HTTP within your tests. Tusk Drift records full request/response traces externally (HTTP, DB, Redis, etc.) and replays them against your running service, no test code or fixtures to write/maintain.

How it works:

1. Add a lightweight SDK (we currently support Python and Node.js)

2. Record traffic in any environment.

3. Run `tusk run`, the CLI sandboxes your service and serves mocks via Unix socket

We run this in CI on every PR. Also been using it as a test harness for AI coding agents, they can make changes, run `tusk run`, and get immediate feedback without needing live dependencies.

Source: https://github.com/Use-Tusk/tusk-drift-cli

Demo: https://github.com/Use-Tusk/drift-node-demo

Happy to answer questions!

7 comments

[ 3.3 ms ] story [ 21.8 ms ] thread
I'm sold on this. Have been looking for something similar!
Give it a spin and let us know what you think! :)
Can this be used for performance testing as well or just functional testing?
This is a smart approach to API testing - capturing real production patterns is way more valuable than synthetic tests.

One question: how do you handle sensitive data in the captured traces? We've been working on API governance at toran.sh and found that policy enforcement during trace capture can be tricky - especially ensuring PII doesn't leak into test fixtures.

Great work on the trace replay mechanism!

Thanks! Great question, we have a Transforms system that lets you define redaction rules (redact, mask, replace, or drop) using matchers with JSONPath support. Transforms are applied at capture time, so sensitive data never leaves your service boundary.

Full docs here: https://docs.usetusk.ai/api-tests/pii-redaction/basic-concep...

Would love to hear what patterns you've found work well at Toran!