INTEGRATION · CLAUDE CODE

Claude Code QA testing: add a QA tool, then ask it to test your site

Add one MCP server and Claude Code gets a QA engineer it can call. The agent drives a real browser; plain code grades the evidence. Free first audit, no card.

Free audit — no signup, no card. The same run Claude Code triggers through MCP.

We pointed this audit at 49 Show HN launches: 78% had a critical bug on day one.

agent session
$ pip install prufa-mcp
$ claude mcp add prufa --transport stdio -- prufa-mcp
✓ Added MCP server 'prufa' (stdio) · scope local
> audit https://yourapp.com with Prufa
⚙ calling prufa_run_audit({ url: "https://yourapp.com" })
→ report_url https://prufa.dev/r/k7m2qx
✓ VERIFIED critical tracking.none_detected · / · 10:14:22Z
✓ VERIFIED warning ux.dead_links · /docs/old
· ADVISORY opinion hero CTA placement (not counted)
Two moves: add the MCP server, then ask. Claude Code calls prufa_run_audit and reads back VERIFIED counts plus a clearly-labeled ADVISORY note that counts toward nothing.

How do you make Claude Code actually QA the site it just built?

Claude Code can write the feature, but it can't tell you whether the deployed page actually works. Out of the box it has no way to load your site in a browser, watch the network, and check that the analytics fired or the form submitted. You're left running the smoke test by hand — or wiring Claude Code up with Playwright MCP and then writing and grading the tests yourself.

Prufa ships a dedicated QA MCP server that hands Claude Code a finished QA tool, not raw browser primitives. When the agent calls prufa_run_audit({url}), a managed agent loop opens a real browser, navigates the public pages, and records everything over CDP — every analytics beacon, console error, cookie, response code, and a DOM snapshot. Then deterministic code grades the captured evidence against declarative specs. The LLM navigates; it never decides whether a beacon is correct or a link is broken — captured traffic is asserted against a spec, so the same input gives the same verdict.

That separation is what makes a verdict Claude Code can act on. See how Prufa verifies a flow without letting the model grade the result.

How do I add a QA MCP server to Claude Code?

Two moves to add the tool, one ask to get a verdict — then the evidence, not the model, keeps the score.

  1. Add the MCP server.

    Install it with pip install prufa-mcp, then register it: claude mcp add prufa --transport stdio -- prufa-mcp. Flags go before the server name; everything after -- is the launch command Claude Code spawns. No key needed for the free audit.

  2. Ask Claude Code to test your site.

    In the agent, say “audit https://yourapp.com with Prufa.” It calls prufa_run_audit, which blocks (wait=true, up to ~90s) while a real browser loads the pages and captures network traffic, console output, cookies, and response codes.

  3. Evidence keeps the score.

    The tool returns the JSON report and a share_token. Six sections graded A–F — Works, Fast, Found, Measured, Accessible, Compliant — plus an ungraded Flows section. Counts and grades come from VERIFIED findings only; ADVISORY observations are labeled and excluded. There is no composite 0–100 score — we don't fake precision.

The exact Claude Code config for a QA MCP server

Real, copy-pasteable. Install the server, then add it over stdio — or hand-edit a committable .mcp.json at your repo root.

mcp config
# Recommended: install the server, then add it over stdio.
# No key, no card for the free audit.
pip install prufa-mcp
claude mcp add prufa --transport stdio -- prufa-mcp
 
# With a workspace key, for persistent tools (saved flows, deploy monitors):
claude mcp add prufa --env PRUFA_API_TOKEN=prk_... --transport stdio -- prufa-mcp
 
# Share it with your team — writes .mcp.json at the repo root (project scope):
claude mcp add prufa --scope project --transport stdio -- prufa-mcp
.mcp.json
{
  "mcpServers": {
    "prufa": {
      "command": "prufa-mcp",
      "env": { "PRUFA_API_TOKEN": "prk_..." }
    }
  }
}
Official Claude Code MCP docs
  • Flags before the name. --transport, --env, --scope and --header must precede prufa; everything after -- is the command Claude Code launches. Scopes: local (default, personal), project (writes the shareable .mcp.json above), user (all your projects). (Source: code.claude.com/docs/en/mcp.)
  • No key for the free audit. prufa_run_audit and prufa_get_report work anonymously — PRUFA_API_TOKEN is optional and only for persistent tiers. The key is a workspace bearer token (prk_...): an agent can self-provision a free, no-card trial via prufa_setup_workspace (it just needs the human's email), or a human can mint one in the dashboard for a persistent tier.
  • Install note. prufa-mcp is a stdio server published on PyPI (pip install prufa-mcp or pipx install prufa-mcp, console script prufa-mcp). The pip install + -- prufa-mcp launch command is the verified setup — Claude Code passes everything after -- through untouched. (An npx/uvx one-liner is planned for when the package is published to npm; until that lands, use pip.)
  • Early-stage note. The MCP server is v0.1.0 — early, but the audit it calls is the same engine behind the CLI and dashboard. The free prufa_run_audit / prufa_get_report tools are the stable, no-key path; persistent tools are gated server-side.
  • Remote transport. Claude Code also supports --transport http; a hosted Prufa MCP endpoint is the path for that. The pip-installed stdio server above is the verified setup today.

What Claude Code reads back from prufa_run_audit

Two tiers, never interleaved. VERIFIED findings carry a Geist Mono evidence line and a severity chip; ADVISORY observations are labeled opinion and count toward nothing.

✓ VERIFIED CRITICAL No analytics events detected on any page
tracking.none_detected · / · 2026-07-01T10:14:22Z

The build ships blind — no events fired across the public pages (the most common critical in our 49-launch audit, 38 of 49).

✓ VERIFIED CRITICAL Canonical points to a different host
seo.canonical_host_mismatch · /pricing · 2026-07-01T10:14:31Z

Search engines are told the real page lives somewhere else.

✓ VERIFIED WARNING No Content-Security-Policy header
security.missing_csp · / · 2026-07-01T10:14:25Z

No CSP means a single injected script can run unchecked.

✓ VERIFIED WARNING Broken internal link returns 404
ux.dead_links · /docs/old · 2026-07-01T10:14:28Z

A user (or your agent's next step) hits a dead end.

OPINION Hero copy may bury the primary CTA

A judgment call, not a verified fact — excluded from every count and grade.

Objections, answered honestly

The questions a developer asks before handing Claude Code a new tool — including where the alternative wins.

Isn't this just Playwright MCP with extra steps?

Different jobs. Playwright MCP gives Claude Code raw browser primitives — click, type, navigate — and you still author and judge the test. Prufa returns a verdict: the agent loop drives the browser, then deterministic code grades the captured evidence and labels each finding VERIFIED or ADVISORY. If you want fine-grained browser control, Playwright MCP wins. If you want a trustworthy pass/fail without writing assertions, use Prufa. Many people run both. More: agentic testing vs scripted testing.

Can I trust a verdict from an LLM-driven tool enough to act on it?

The agent loop only navigates and drives the browser. Grades and severity counts are computed by deterministic code from captured evidence — the LLM never judges whether a finding is real, so the verdict is reproducible (regression-tested against a golden fixture site). LLM-judged observations ship as a separate, labeled ADVISORY tier and count toward nothing. There is no composite 0–100 score; we don't fake precision.

What does it not do through MCP yet?

Honest limits: the free audit walks public pages, not authenticated flows — login/checkout flows use prufa_create_flow / prufa_run_flow and need a card-first paid workspace. Prufa does not scan for exposed secrets. Full-auto discovery is gated, not a one-call feature. The evidence-gated AI-VERIFIED path currently lives in the Gremlin chaos modality, not the standard audit — in a standard audit the lone LLM check stays advisory.

Frequently asked questions

What developers ask before adding a QA MCP server to Claude Code.

What is a QA MCP server for Claude Code?

It is a Model Context Protocol server that gives Claude Code a QA tool it can call mid-task. Prufa's MCP server (prufa-mcp) exposes tools like prufa_run_audit and prufa_get_report. Once added, Claude Code can point a real browser at a URL, capture network traffic, console errors and cookies, and read back a graded verdict — without you leaving the agent or writing a test.

How do I add a QA MCP server to Claude Code?

Two steps: install the server (pip install prufa-mcp), then register it — claude mcp add prufa --transport stdio -- prufa-mcp. Flags (--transport, --env, --scope) go before the server name; everything after -- is the launch command. Use --scope project to write a shareable .mcp.json at your repo root. The free audit needs no key — add --env PRUFA_API_TOKEN=prk_... only for persistent tiers (flows, monitors) — the agent can self-provision a free, no-card trial token by calling prufa_setup_workspace with the human's email, or a human mints one in the dashboard for a paid workspace.

Is there a free, open-source QA MCP server?

Yes. prufa-mcp is open source (Apache-2.0, GitHub prufa-dev/prufa-mcp) and its core audit tools run with no key and no card. prufa_run_audit on a public URL returns a JSON verdict anonymously — the free 60-second audit is the first tool call. Persistent tools (saved flows, deploy monitors) are gated server-side and start on the paid tiers; a free-tier call to them returns the API's checkout hint.

Can Claude Code run a full website test through MCP?

Yes, within honest limits. Through prufa_run_audit Claude Code runs a real-browser audit of public pages and reads six graded sections plus findings as JSON. Authenticated flows (login, checkout) use prufa_create_flow and prufa_run_flow and require a card-first paid workspace. The free audit walks public pages only; it does not scan for exposed secrets, and full-auto discovery is gated, not a one-call feature.

Give Claude Code a QA tool — run the first audit now

Try the free 60-second audit from the browser first — same run Claude Code triggers through MCP, no card. Then install prufa-mcp, add it with one claude mcp add, and let the agent verify what it just built. Prefer to call Prufa straight from your own code? The same audit runs over the HTTP API. The free audit tools (prufa_run_audit, prufa_get_report) need no key; saved flows, deploy monitoring and the full MCP tool set start on the paid tiers — see pricing.

or see pricing →