FOR AGENCIES

Ship client sites with QA you can forward.

Run one evidence-gated check on every client site before handoff. A real browser drives the page; plain code verifies what breaks. Forward the report as proof.

Free audit in about 90 seconds, no signup, no card. Public pages only; reports are unlisted by default behind a share token. We never see your client's forms, users, or data.

We audited 49 fresh Show HN launches in June 2026 — 78% shipped a critical bug on day one.

A per-client report you forward at handoff — the criticals are machine-verified facts, not a logo-swapped PDF.

Why does QA break at client handoff?

You ship a site, the client clicks the one button you didn't, and the bug is now yours to explain. Manual QA doesn't scale across a roster: a checklist tells you what to remember, a crawler reads the HTML and tells you what tag is missing — neither one loads the page in a browser and confirms the signup actually completes, the analytics actually fired, or the checkout didn't 500. So the quiet defects ride through to launch. In our June 2026 run, 38 of 49 launches sent no analytics events at all — the page loaded, no tracking request ever left it — and the builders found out only when we ran the audit.

Prufa is built on one split: the LLM navigates, plain code verifies. A managed agent loop drives a real browser through the page — act, observe, extract — while a deterministic harness records every network request, console error, cookie and response code over the Chrome DevTools Protocol and asserts them against a spec. The model never grades the result; captured evidence does. That's what makes a finding forwardable: each one is tiered VERIFIED (machine-checked fact, shown in mono with a green check) or clearly labeled ADVISORY (opinion, never phrased as "broken"). Section grades and severity counts come from verified findings only — so when you hand a client a report, the criticals are facts, not vibes.

How does an agency QA a client site with Prufa?

Three steps, the same on every project — no per-client manual pass, no test scripts to maintain.

  1. Point it at a client URL.

    Paste the URL on this page, or run prufa audit <url> in the client's CI. No test scripts to write, no selectors to maintain — the agent figures out the page.

  2. A real browser does the walk.

    The agent loop loads the public pages and runs a plain-English flow test — "go to /signup, fill the form, submit, confirm the account page loads" — free on every audit; saving that flow and re-running it on each deploy is a paid tier. Plain code captures the full network, console, cookie and response-code trail via CDP throughout.

  3. Evidence keeps the score.

    Plain code grades the captured evidence into six A–F sections — Works, Fast, Found, Measured, Accessible, Compliant — with no fake 0–100 composite score, ever. Each finding is VERIFIED or ADVISORY. Forward the shareable report link to the client; the JSON goes to your CI.

Run client-site QA from CI, one command per deploy.

One prufa audit <url> returns a graded report with no key. On Pro, prufa watch starts a deploy-hook monitor that re-runs on every release.

~/ci $
# vet a client site before handoff — anonymous, no key, no card
$ prufa audit https://acme-client.com
 
run a1b2c3 · 6 sections graded · report ready
Measured F no analytics events detected (critical)
Found C canonical points to a different host (critical)
Works A all internal links resolve
report → https://prufa.dev/r/a1b2c3 (HTML + JSON)
 
# on Pro: re-run on every client deploy via the monitor's deploy hook
$ prufa watch https://acme-client.com --flow signup
monitor started · deploy hook issued (one-time secret — shown once)
Vet a client site before handoff, then wire the same check into the client's CI on Pro.

The audit command and the report are free and anonymous. watch (continuous, deploy-triggered monitoring), saved flows, and multi-site workspaces are paid tiers — see pricing.

What a forwardable finding looks like

Verified findings first — each one machine-checked against captured evidence. Advisory opinions stay last and quieter: they never move a section grade or land in the client's critical list.

✓ verified critical No analytics events detected
0 tracking requests captured · acme-client.com · 2026-07-01T14:02Z

The client's launch traffic is invisible — the page loaded but no tracking request ever left the browser.

✓ verified critical Canonical points to a different host
<link rel="canonical"> → staging.acme.com (page host: acme.com)

Search engines are told the real page lives on the staging domain — a silent ranking leak you don't want to discover after handoff.

✓ verified warning Cookies set without the Secure flag
Set-Cookie on /checkout missing Secure · captured 14:02Z

Session cookies can travel over plain HTTP. (22 of the 49 audited launches had this.)

opinion Hero headline may be hard to scan on mobile
Advisory — an LLM observation, excluded from grades and counts. A reviewer suggestion, not a verdict; it never moves a section grade and never lands in the client's critical list.

Frequently asked questions

The questions agencies ask before they put a QA gate between a build and a client handoff.

Can I white-label or rebrand the QA reports for clients?

Not today — honestly. Prufa reports are not rebranded or logo-swapped PDFs. Each report is a shareable HTML page plus machine-readable JSON, unlisted by default behind a share token at /r/<token>. You forward the link to a client as proof the site was QA'd; what makes it trustworthy is that every finding is machine-verified against captured evidence, not a logo in the corner.

How do agencies QA client websites at scale?

You run the same audit on every project instead of a per-client manual pass. Point Prufa at a URL and a real browser loads the public pages, captures network traffic, console errors, cookies and response codes, then plain code grades the evidence into six A–F sections. The free audit needs no card and includes a one-shot plain-English flow test; paid tiers add saved flows and re-runs on every deploy, so the same gate runs on three sites or thirty. See our client-site QA checklist for the order we run them in.

Can I manage multiple client sites in one workspace?

Yes. A workspace holds multiple sites: Starter covers 3 sites, Pro covers 10 and runs staging plus production in one workspace, and Team is unlimited sites with 5 seats included (then $29/seat) and org-scoped API keys and roles. The free tier is one-shot audits with a 7-day email re-check — enough to vet a single handoff, not to run a roster of clients on a deploy schedule.

Can I run a QA report automatically on every client deploy?

On paid tiers, yes. A monitor re-runs the audit and your flows daily or hourly, and each monitor exposes a deploy hook — a one-time webhook secret you drop into a client's CI so a fresh check runs on every release. Alerts fire to Slack or email only when something changes, not on every clean run. The free tier is one-shot only; continuous, deploy-triggered checks are a Starter-and-up feature.

How do I price white-label QA as an agency add-on?

Prufa is your cost input, not your client price. A Pro workspace ($99/mo, 10 sites, 5,000 runs) covers a typical client roster; you bundle "automated QA on every release, with a forwardable report" into your retainer or charge it as a per-site line item. Because reruns are deterministic and only LLM-driven runs meter, a monitored client site costs you a predictable, prepaid amount — see pricing for the per-tier run counts.

QA a client site now — free.

Paste a public URL and get an evidence-gated report in about 90 seconds. No signup, no card. Forward the report to your client when it's done.

No signup, no card. Forward the report to your client when it's done.

See plans for multi-site & per-deploy QA →