MCP · CURSOR
Add one MCP server and Cursor can test any URL. The agent loop drives a real browser; plain code grades the evidence into a verdict. Free audit, no card.
Free audit — no signup, no card. The same run Cursor triggers through MCP.
We pointed this audit at 49 Show HN launches: 78% had a critical bug on day one.
Cursor will happily write you a Playwright test, but that leaves you owning a suite you have to author, fix, and re-run. What you actually want after the agent ships a change is simpler: point it at the running site and ask "is this broken?" Out of the box Cursor has no eyes on your live app — it can't open the page, watch the network, or tell you the signup button does nothing. (If you built the app with Cursor in the first place, here's how to test a vibe-coded app.)
Prufa ships an
MCP server
that gives Cursor exactly that tool. You add it to Cursor's
mcp.json once. Then you ask the agent to test a URL and it
calls prufa_run_audit: a managed agent loop opens a real
browser, navigates the public pages, and records everything over CDP —
every analytics beacon, console error, cookie, and response code, plus a
DOM snapshot. Then deterministic code grades the captured evidence against
declarative specs. The LLM navigates; it never decides whether a link is
broken or a beacon is correct — captured traffic is asserted against a
spec, so the same input gives the same verdict. That's why an
agent-triggered result is trustworthy enough to act on. Prefer to
drive it from your own code instead of the Cursor agent? The same
audit runs over the
HTTP API.
See
how Prufa verifies a flow without letting the model grade the result.
Three steps: install and register the server, restart Cursor, then ask the agent to test a URL. Evidence — not the model — keeps the score.
Run pip install prufa-mcp, then drop the stdio config below into ~/.cursor/mcp.json (global) or .cursor/mcp.json (project root), or use Settings > Tools & MCP > New MCP Server. The free audit needs no key — PRUFA_API_TOKEN is optional; the paid, card-first part is persistent monitors and saved flows.
MCP servers load only at startup, so a full restart is required — closing the window is not enough. After reopening, prufa appears in Tools & MCP with prufa_run_audit and prufa_get_report available to the agent.
Say 'Run a QA audit on https://myapp.com.' The agent calls prufa_run_audit and reads back the report: six sections graded A–F. Counts and grades come from VERIFIED findings only; ADVISORY observations are labeled and excluded. There is no composite 0–100 score — we don't fake precision.
Real and copy-pasteable. Install first with pip install prufa-mcp,
then add this stdio entry. The env / API-key line is optional —
the free audit needs none.
{
"mcpServers": {
"prufa": {
"command": "prufa-mcp",
"env": { "PRUFA_API_TOKEN": "prk_..." }
}
}
} Official Cursor MCP docs Verified and advisory findings ship in separate tiers, never interleaved. Counts and grades come from the verified tier only; advisory is a labeled opinion that counts toward nothing.
Your product is shipping blind — no events fired across the public pages.
Search engines are told the real page lives somewhere else.
Nothing constrains which scripts the page may load — XSS has no backstop.
A judgment call, not a verified fact — excluded from every count and grade.
Where this is and isn't the right tool — including where the alternative wins.
No. Cursor writing Playwright leaves you owning the suite — selectors to fix, fixtures to maintain, a CI job to babysit. Prufa is zero test authoring: you give it a URL and it returns broken links, dead analytics, console errors, consent state and layout breakage from a real browser run. The two are complementary — keep Playwright for the assertions you care about long-term; use the MCP server for a fast, maintenance-free "does this page work?" Where Playwright wins: precise, durable assertions on flows you control end-to-end.
The agent loop only navigates and drives the browser. Grades and severity counts are computed by deterministic code from captured evidence — the LLM never judges whether a finding is real, so the verdict is reproducible (regression-tested against a golden fixture site). LLM-judged observations ship as a separate, labeled ADVISORY tier and count toward nothing. More: agentic testing vs scripted testing.
Honest limits: the free audit walks public pages, not authenticated flows — saved flows and monitors are paid-tier and need a card-first workspace. Prufa does not scan for exposed secrets. The hosted remote MCP endpoint isn't live yet, so you run the stdio server locally. And the evidence-gated AI-VERIFIED path currently lives in the Gremlin chaos modality, not the standard audit — in a standard audit the lone LLM check stays advisory.
The questions developers ask before they wire a QA MCP server into Cursor.
Run pip install prufa-mcp, then edit ~/.cursor/mcp.json (global, all projects) or .cursor/mcp.json (project root), or use Settings > Tools & MCP > New MCP Server. Add a stdio entry whose command is prufa-mcp, then fully quit and reopen Cursor — MCP servers load only at startup, so a reload or even closing the window is not enough. If Cursor still doesn't list the tools, check scope: a project .cursor/mcp.json wins over the global ~/.cursor/mcp.json on a name collision, so a stale project entry can shadow your global one. Cursor's agent can then call prufa_run_audit on any URL. The free audit needs no API key and no card.
Cursor writes and runs code, including Playwright tests you author and maintain. A QA MCP server is different: you point Prufa at a live URL and it drives a real browser through the page, captures network traffic, console errors, cookies and response codes, then grades the captured evidence. No test file to write. The agent loop navigates; deterministic code produces the verdict, so the same input gives the same result.
Yes. prufa-mcp is open source (Apache-2.0) and the audit tools — prufa_run_audit and prufa_get_report — run anonymously: no signup, no card, no API key. You add the stdio server to mcp.json and ask Cursor to test a URL. A PRUFA_API_TOKEN is optional and is not paid-only: a free, no-card agent-temp workspace also mints one for the setup-tier flow tools (7-day, setup-only). What's paid and card-first is persistent state — monitors and saved flows that outlive a session, plus run history.
Yes, within the free audit's scope. Ask Cursor to test a URL and it calls prufa_run_audit; a real browser loads the public pages and Prufa returns a graded report across six sections (Works, Fast, Found, Measured, Accessible, Compliant). The free audit walks public pages, not logged-in flows — monitoring and persistent saved flows are paid-tier and need a card-first workspace.
Try the free website audit
from the browser first — the same run Cursor triggers through
MCP, no card. Then paste the mcp.json config above, restart
Cursor, and ask it to test your site. Saved flows and monitoring start on
the paid tiers; see
pricing.