Command-line QA

A website testing CLI that drives a real browser

curl tells you the server answered. Prufa loads the page like a user, runs the flows, and returns a graded verdict with evidence — from one command in your terminal.

No signup, no card. Public URL in, shareable report out.

We pointed this exact audit at 49 Show HN launches — 38 of 49 had a critical bug on day one.

~/myapp $
~/myapp $ prufa audit https://myapp.com --json-out report.json
audit 7f3a1c queued
status: running
status: running
{
"run_id": "7f3a1c…",
"status": "succeeded",
"report_url": "https://prufa.dev/r/x8k2qa",
"sections": { "Measured": "F", "Compliant": "C", "Fast": "A" }
}
wrote report.json
~/myapp $ jq '.sections.Measured' report.json
"F"
~/myapp $ echo $?
0
prufa audit streams progress to stderr while a real browser walks the site, then prints the graded JSON report to stdout. echo $? shows 0 — the exit code tells you the run completed, not that the site is clean. Gate on findings with jq.

What does a website testing CLI actually check?

A curl or wget one-liner returns an HTTP status code. That's an uptime ping, not a test — a 200 OK can still ship a broken signup form, a tracking tag that never fires, or a layout that overflows 103px on a phone. None of that shows up in a status code.

Prufa is different by construction. Point it at a URL and an LLM-backed agent loop drives a real browser — clicking, navigating, filling forms — while a plain-code harness records every network request, console error, cookie, and response code and grades that captured evidence against a fixed spec. The model navigates; it never decides whether your site passed. That separation is why the verdict is reproducible: same input, same result, regression-tested against a golden fixture. (More on the split: the LLM navigates, plain code verifies.)

How does a website testing CLI run an audit?

Three steps, no script to write. The same engine backs the dashboard, the MCP server, and how a flow run is verified end to end.

  1. Point it at a URL

    prufa audit https://yoursite.com — or skip the install entirely and POST the URL to the public API with curl. No key and no card for the anonymous audit.

  2. The agent drives a real browser

    A real browser session loads your public pages and walks them; the harness captures network traffic, console output, cookies, and status codes the whole time.

  3. Evidence keeps the score

    Findings come back tiered. Verified findings are machine-checked facts with a mono evidence line; advisory observations are kept separate and never phrased as “broken.” Only verified findings move the six section grades — there is no fake 0–100 score.

How do I test a website from the command line?

Two real, copy-pasteable paths. Path A is the proven zero-install route — the public API. Path B is the prufa command for CI ergonomics: JSON on stdout, exit codes you can gate on.

Path A — no install, works right now

bash — public API
# Anonymous: no key, no card. Public pages only.
curl -s -X POST https://prufa.dev/api/v1/audits \
-H 'content-type: application/json' \
-d '{"url": "https://yoursite.com"}'
# -> { run_id, status: queued, report_url, events_url }
 
# Stream progress as it runs (Server-Sent Events) —
# curl the events_url the POST returned:
curl -N https://prufa.dev/api/audits/<id>/events
One anonymous POST to the public API returns a run id, a status, a shareable report URL, and an events_url you can curl for live Server-Sent Events progress. No key, no card.

Path B — the prufa command

bash — prufa CLI v0.1.0
# The prufa CLI is a thin client over the same /api/v1 API (v0.1.0).
prufa init --base-url https://prufa.dev
# optional; only for paid/persistent commands
export PRUFA_API_KEY=prk_…
 
# JSON report to stdout, progress to stderr.
prufa audit https://yoursite.com --json-out report.json
The prufa CLI is a thin client over the same /api/v1 API. prufa audit prints the JSON report to stdout and progress to stderr; --json-out writes the report to a file you can pipe to jq.

The prufa CLI is deliberately thin: every command is a typed wrapper over the public HTTP API, so anything the dashboard does, the CLI does. If you'd rather install a package, the MCP server (pip install prufa-mcp) is the packaged agent surface today; or run the free website audit in a browser — the anonymous audit above needs nothing installed at all.

What does a CLI audit report look like?

Findings come back in two tiers, kept strictly apart. Verified findings are the machine's voice — a green ✓ and a mono evidence line. Advisory observations are an LLM opinion, excluded from every severity count and grade, and never phrased as “broken.”

Verified — machine-checked facts

critical No analytics detected on any page ✓ verified

tracking.none_detected · / · 14:22:07Z

You can't see who converts or where they drop. The single most common critical in our June 2026 audit of 49 Show HN launches — 38 of 49 sites.

warning No Content-Security-Policy header sent ✓ verified

security.missing_csp · response headers · 14:22:09Z

Any injected script runs with full privileges. In a companion June 2026 audit, 11 of 14 launches shipped no CSP at all.

Advisory — an LLM opinion, never a verdict

opinion The hero may bury its primary action below denser copy

Advisory — an LLM read of the page, excluded from every severity count and grade. Not a verdict.

Is a website testing CLI worth it over curl or Playwright?

Isn't this just curl checking a status code?

No. curl confirms the server replied; Prufa renders the page in a real browser and grades captured evidence — network beacons, console errors, cookies, the DOM, six sections from performance to compliance. Where curl wins: a bare uptime ping is faster, has zero dependencies, and is the right tool if all you need is “is it up?”

Is the CLI production-ready? How do I install it?

Straight answer: the prufa command is v0.1.0. The core verb — prufa audit — is solid, and the whole CLI is a thin wrapper over a versioned, OpenAPI-published API, so it can't drift from the product. The surface is small and growing. If you don't want to install anything, the one curl call above does the same audit today; the packaged agent surface is the MCP server (pip install prufa-mcp).

Can it fail my CI build when it finds a bug?

It can gate on whether the run completed out of the box: prufa audit exits 0 on success, 1 on failure/timeout, 2 on a bot-wall, 3 on a bad URL. To fail on actual findings, pipe the JSON report to jq and gate on the verified critical count yourself. Where Playwright-in-CI wins: if you want to assert one exact behavior you've already scripted, a hand-written test is more precise than a full audit.

Frequently asked questions

The questions CI engineers and agent operators ask before they wire a QA audit into the terminal.

How do I run a website QA test from the command line?

Point the engine at a public URL. With zero install, one call does it: curl -X POST https://prufa.dev/api/v1/audits -H 'content-type: application/json' -d '{"url":"https://yoursite.com"}' returns a report URL and an SSE progress stream — no key, no card. For richer output and exit codes, the prufa audit <url> command wraps the same API and prints the JSON report to stdout.

Can I add website QA to my CI pipeline with a CLI?

Yes, with one honest caveat. prufa audit exits 0 when the run completes, 1 on failure or timeout, 2 when a bot-wall blocks it, and 3 on a bad URL — so the exit code tells you whether the audit ran, not whether your site is clean. To fail a build on actual bugs, parse the JSON report (pipe to jq) and gate on the verified critical count yourself.

What's the difference between a curl uptime check and a QA CLI?

curl returns an HTTP status code: it tells you the server answered, not that the page works. Prufa's CLI loads the URL in a real browser, captures network traffic, console errors, cookies and the DOM, and grades that evidence into six sections from performance to compliance. A 200 OK can still ship a broken signup, a dead analytics tag, or a 103px mobile overflow — curl sees none of that.

Is there an AI / agent QA CLI?

Yes. Prufa's architecture is agentic navigation plus deterministic verification: an LLM-backed agent loop drives the browser, and plain code records the traffic and grades it against a spec — the model never decides whether your site passed. prufa flow create <url> --test "..." compiles a plain-English test case into a reviewable spec, and prufa gremlin <url> runs a chaos persona that poke-tests the app while detectors verify what breaks.

Run your first website test from the terminal

Paste a public URL, get a shareable report. Free audits stay free. Monitors, plain-English flows, and Gremlin chaos runs are on the paid tiers.

See pricing →