Auth and Messages
Test OTP, email inboxes, static accounts, SMS, and protected previews.
Many important journeys leave the browser: magic links, OTP codes, welcome emails, receipts, SMS verification, and password resets. Autonomy keeps those messages attached to the same run as the browser or mobile session.
Inboxes
Generated inboxes are useful for disposable signup, invite, and receipt checks. Static inboxes are better when an auth provider rejects disposable domains, when a staging tenant has seeded users, or when a third-party system must approve a fixed address.
OTP
Autonomy can wait for email OTP messages, extract the code, and continue the flow. Keep OTP waits narrow by naming the sender, subject, and expected code shape so the run does not accidentally use an old or unrelated message.
SMS
Use SMS checks for verification flows that cannot be exercised through email. Treat SMS numbers as test resources: document who owns them, which environments can use them, and when they should be rotated.
Protected previews
For protected previews, document the bypass token or preview password as an environment variable, not in the plan body.
| Variable | Required | Description |
|---|---|---|
| AUTONOMY_PREVIEW_BYPASS | No | Bypass token or password for protected previews. |
| AUTONOMY_STATIC_TEST_EMAIL | No | Static inbox address for providers that reject disposable email. |
Troubleshooting
No message arrives
Check the recipient address or number, sender restrictions, environment-specific email settings, and whether the provider suppresses messages for test domains.
The wrong code is used
Tighten the sender, subject, and timestamp constraints. OTP checks should wait for a new message created during the run, not the most recent message in the inbox.