FOR AGENCIES
Run one evidence-gated check on every client site before handoff. A real browser drives the page; plain code verifies what breaks. Forward the report as proof.
Free audit in about 90 seconds, no signup, no card. Public pages only; reports are unlisted by default behind a share token. We never see your client's forms, users, or data.
We audited 49 fresh Show HN launches in June 2026 — 78% shipped a critical bug on day one.
You ship a site, the client clicks the one button you didn't, and the bug is now yours to explain. Manual QA doesn't scale across a roster: a checklist tells you what to remember, a crawler reads the HTML and tells you what tag is missing — neither one loads the page in a browser and confirms the signup actually completes, the analytics actually fired, or the checkout didn't 500. So the quiet defects ride through to launch. In our June 2026 run, 38 of 49 launches sent no analytics events at all — the page loaded, no tracking request ever left it — and the builders found out only when we ran the audit.
Prufa is built on one split: the LLM navigates, plain code verifies. A managed agent loop drives a real browser through the page — act, observe, extract — while a deterministic harness records every network request, console error, cookie and response code over the Chrome DevTools Protocol and asserts them against a spec. The model never grades the result; captured evidence does. That's what makes a finding forwardable: each one is tiered VERIFIED (machine-checked fact, shown in mono with a green check) or clearly labeled ADVISORY (opinion, never phrased as "broken"). Section grades and severity counts come from verified findings only — so when you hand a client a report, the criticals are facts, not vibes.
Three steps, the same on every project — no per-client manual pass, no test scripts to maintain.
Paste the URL on this page, or run prufa audit <url> in the client's CI. No test scripts to write, no selectors to maintain — the agent figures out the page.
The agent loop loads the public pages and runs a plain-English flow test — "go to /signup, fill the form, submit, confirm the account page loads" — free on every audit; saving that flow and re-running it on each deploy is a paid tier. Plain code captures the full network, console, cookie and response-code trail via CDP throughout.
Plain code grades the captured evidence into six A–F sections — Works, Fast, Found, Measured, Accessible, Compliant — with no fake 0–100 composite score, ever. Each finding is VERIFIED or ADVISORY. Forward the shareable report link to the client; the JSON goes to your CI.
One prufa audit <url> returns a graded report with no
key. On Pro, prufa watch starts a deploy-hook monitor that
re-runs on every release.
The audit command and the report are free and anonymous. watch (continuous, deploy-triggered monitoring), saved flows, and multi-site workspaces are paid tiers — see pricing.
Verified findings first — each one machine-checked against captured evidence. Advisory opinions stay last and quieter: they never move a section grade or land in the client's critical list.
The client's launch traffic is invisible — the page loaded but no tracking request ever left the browser.
Search engines are told the real page lives on the staging domain — a silent ranking leak you don't want to discover after handoff.
Session cookies can travel over plain HTTP. (22 of the 49 audited launches had this.)
The questions agencies ask before they put a QA gate between a build and a client handoff.
Not today — honestly. Prufa reports are not rebranded or logo-swapped PDFs. Each report is a shareable HTML page plus machine-readable JSON, unlisted by default behind a share token at /r/<token>. You forward the link to a client as proof the site was QA'd; what makes it trustworthy is that every finding is machine-verified against captured evidence, not a logo in the corner.
You run the same audit on every project instead of a per-client manual pass. Point Prufa at a URL and a real browser loads the public pages, captures network traffic, console errors, cookies and response codes, then plain code grades the evidence into six A–F sections. The free audit needs no card and includes a one-shot plain-English flow test; paid tiers add saved flows and re-runs on every deploy, so the same gate runs on three sites or thirty. See our client-site QA checklist for the order we run them in.
Yes. A workspace holds multiple sites: Starter covers 3 sites, Pro covers 10 and runs staging plus production in one workspace, and Team is unlimited sites with 5 seats included (then $29/seat) and org-scoped API keys and roles. The free tier is one-shot audits with a 7-day email re-check — enough to vet a single handoff, not to run a roster of clients on a deploy schedule.
On paid tiers, yes. A monitor re-runs the audit and your flows daily or hourly, and each monitor exposes a deploy hook — a one-time webhook secret you drop into a client's CI so a fresh check runs on every release. Alerts fire to Slack or email only when something changes, not on every clean run. The free tier is one-shot only; continuous, deploy-triggered checks are a Starter-and-up feature.
Prufa is your cost input, not your client price. A Pro workspace ($99/mo, 10 sites, 5,000 runs) covers a typical client roster; you bundle "automated QA on every release, with a forwardable report" into your retainer or charge it as a per-site line item. Because reruns are deterministic and only LLM-driven runs meter, a monitored client site costs you a predictable, prepaid amount — see pricing for the per-tier run counts.
Paste a public URL and get an evidence-gated report in about 90 seconds. No signup, no card. Forward the report to your client when it's done.
No signup, no card. Forward the report to your client when it's done.