KILO CODE INTEGRATION · MCP SERVER · APACHE-2.0

Kilo Code QA testing, in one tool call

Add the Prufa MCP server to Kilo Code. The agent calls one tool, Prufa drives a real browser against your URL, and hands back an evidence-gated verdict — not a screenshot to eyeball.

No signup. No card. Public URL in, shareable report out.

In our June 2026 audit of 49 Show HN launches, 78% (38 of 49) shipped a critical bug on day one — and 38 of 49 sent no analytics at all. See the 49-launch dataset.

kilo.jsonc
// kilo.jsonc · ./kilo.json overrides ~/.config/kilo/kilo.json
{
"mcp": {
"prufa": {
"type": "local",
"command": ["prufa-mcp"],
"enabled": true
}
}
}
✓ free audit tools need no key — prufa_run_audit / prufa_get_report
The exact, copy-pasteable Kilo Code stdio config that registers the Prufa server — note the non-standard schema (mcp key, type, array command).

Kilo Code just shipped a change. Can it check that the page still works — the analytics fire, the cookies are Secure, the layout doesn't overflow on a phone — without you opening a browser?

Add the Prufa MCP server to Kilo Code and it can. The agent calls prufa_run_audit, Prufa loads the URL in a real browser, captures every network beacon, console error, cookie and response code, runs a fixed suite of deterministic checks against that captured evidence, and returns the verdict as JSON. Kilo Code reads it, fixes what broke, and runs it again. The first call needs no key and no card.

Why give Kilo Code a QA tool over MCP?

Kilo Code writes code fast and checks it badly. It can read a stack trace, but it can't see that the signup button does nothing, that the analytics tag loaded but never fired, or that the hero overflows 103px past the viewport on a phone. The usual answer — "open a browser and look" — breaks the agent loop: it needs a human, or it needs you to hand-author a Playwright suite the agent then has to maintain. Most "MCP for testing" servers are browser drivers: they hand the agent click/type/screenshot primitives and leave the judging to you.

Prufa's architecture is agentic navigation + deterministic verification: an LLM-backed agent loop plans and drives the browser; a plain-code harness owns the session, records all network traffic over CDP, and grades the captured evidence against a versioned spec. The LLM navigates — it never judges whether a tracking beacon is correct. That separation is why the verdict is trustworthy enough for Kilo Code to act on: same input, same verdict (determinism is regression-tested against a golden fixture site). Prufa's MCP server is a thin client over that — the same product as our CLI, HTTP API and dashboard, just spoken in tool calls. Read the long version in how Prufa verifies a signup flow.

How do I add a QA MCP server to Kilo Code?

Three steps: add the server, have Kilo Code call one tool, and read a verdict that only verified evidence can move.

  1. Add the server

    pip install prufa-mcp, then in Kilo Code open Settings → MCP Servers (Agent Behaviour tab) → Add Server and choose Local (stdio) — or edit kilo.jsonc directly under the mcp key. Kilo Code runs as a VS Code extension and a CLI; the same config serves both.

  2. Kilo Code calls a tool

    It runs prufa_run_audit({ url }). Prufa spins up a real browser, walks the public pages, and captures beacons, console output, cookies and response codes — no script for you to write.

  3. Evidence keeps the verdict

    Findings come back in two tiers — verified (a machine-checked fact, in mono) and advisory (a labeled LLM observation, never phrased as broken). Only verified findings move the section grades; there is no composite 0–100 score, ever.

Add the Prufa MCP server to Kilo Code

Kilo Code's schema differs from the common mcpServers convention: the top key is mcp, type is required, command is an array (command + args together), and the env key is environment (not env). Interpolate env vars with {env:VAR}. A project ./kilo.json[c] overrides the global ~/.config/kilo/kilo.json.

Install, then add the local (stdio) server — the free audit needs no key:

install
pip install prufa-mcp
kilo.jsonc
// kilo.jsonc  (project ./kilo.json overrides global ~/.config/kilo/kilo.json)
{
  "mcp": {
    "prufa": {
      "type": "local",
      "command": ["prufa-mcp"],
      "enabled": true
    }
  }
}
Official Kilo Code MCP docs

With a workspace key (only for persistent tools — monitors, history, Gremlin):

kilo.jsonc — with key
{
  "mcp": {
    "prufa": {
      "type": "local",
      "command": ["prufa-mcp"],
      "enabled": true,
      "environment": { "PRUFA_API_TOKEN": "{env:PRUFA_API_TOKEN}" }
    }
  }
}

Config last verified 2026-07-01 against Kilo Code's published MCP schema (top key mcp, type: "local", command as an array). prufa-mcp launches via its pip console-script — Kilo Code spawns the installed entry point directly, not via npx (npx runs npm packages; prufa-mcp is on PyPI). We have not yet run an end-to-end spawn against every Kilo Code build, and editor MCP schemas drift between versions — treat the one-step setup as beta until your build confirms it. If Kilo Code rejects this shape, re-verify against its MCP Servers settings before swapping the launcher.

That's the whole setup. The server speaks JSON-RPC 2.0 over stdio (MCP protocol 2025-06-18); Kilo Code spawns it as a subprocess. The free audit tools — prufa_run_audit and prufa_get_report — work anonymously, with no key and no card. A PRUFA_API_TOKEN (a workspace token, format prk_…) is optional and only needed for persistent tools (saved monitors, run history, Gremlin chaos runs). An agent can self-provision a free, no-card trial workspace by calling prufa_setup_workspace (it just needs the human's email), or a human can mint a token in the dashboard for a paid, persistent one.

The server is open source — prufa-mcp on PyPI, Apache-2.0, source at github.com/prufa-dev/prufa-mcp. It registers 20+ tools across three tiers: a free setup tier (audits, flows, reports), a Pro persistent tier (monitors, alerts, usage), and Gremlin chaos tools. Every mutating tool takes an optional idempotency_key so a Kilo Code retry replays the original response instead of re-executing.

Remote, for later: Kilo Code also supports a remote server (type: "remote", StreamableHTTP with SSE fallback). Prufa's MCP server is stdio today; a hosted endpoint at mcp.prufa.dev is on the roadmap, not yet live — use the local config above until it ships.

kilo code · agent session
▸ prufa_run_audit({ url: "https://myapp.com", wait: true })
running real-browser audit … (blocks up to ~90s)
← {
"run_id": "a1b2c3d4-…",
"share_token": "k7m2p9",
"report_url": "https://prufa.dev/r/k7m2p9",
"report": { … six graded sections, verified severity counts … }
}
✓ Kilo Code reads the graded report, fixes the criticals, re-runs.
Kilo Code calls prufa_run_audit on a URL and gets a structured, evidence-gated verdict back — no human, no script.

What does the verdict Kilo Code reads look like?

Illustrative rows in the real finding shape (finding_key · evidence) — the keys, tiers and severities are exactly what the analyzers emit. Verified tier first, never interleaved with advisory.

app.prufa.dev/r/k7m2p9
No analytics events detected on any public page.
✓ verified critical
tracking.none_detected · / , /pricing · 0 beacons captured

You're flying blind — no pageviews, no conversions, nothing reaching GA. The single most common critical in our 49-launch audit (38 of 49).

No Strict-Transport-Security header.
✓ verified warning
security.missing_hsts · / , /pricing · no HSTS header

A first visit can be downgraded to plain HTTP by an on-path attacker before the redirect fires — HSTS closes that window.

The hero may bury the primary call to action below denser secondary copy.
advisory · opinion

An LLM observation, not a machine-checked fact — excluded from every severity count and grade. Kilo Code can weigh it, but it never counts as a defect.

Verified findings are facts the harness can prove from captured traffic. Advisory findings are clearly fenced off so Kilo Code never treats an opinion as a defect.

Is this just another browser-driver MCP for Kilo Code?

The honest answers to what Kilo Code teams ask before they wire a QA tool into the agent loop.

Isn't this the same as Playwright MCP or a browser-driver MCP?

No — and Playwright MCP is genuinely good at what it does. It hands Kilo Code raw browser primitives (click, type, navigate, screenshot); the agent still has to decide what to do and judge whether the result is correct. That's the right tool when you want fine-grained scripted control. Prufa is the opposite contract: one tool call returns a graded verdict — deterministic checks over captured network traffic, tiered into verified vs advisory. Use Playwright MCP to drive; use Prufa to get a verdict without authoring and maintaining a suite. More on the distinction: agentic testing vs scripted testing.

Why is Kilo Code's config different — mcp, an array command, environment?

Kilo Code's schema isn't the common mcpServers convention. The top key is mcp, type is required, command is an array (command + args together), and the env key is environment, not env — with {env:VAR} interpolation. The block above is already in Kilo Code's exact shape, so it's copy-paste; just don't reach for a Cursor/Cline snippet and expect it to load.

Can Kilo Code rack up charges, or do I need a card?

The audit tools (prufa_run_audit, prufa_get_report) run anonymously — no key, no card, rate-limited per IP. Persistent tools (monitors, alerts, Gremlin) are Pro and return a 402 with a checkout hint on the free tier — explicit, never a silent charge. We don't meter deterministic checks or pinned-selector flow replays, and a request that never returns doesn't count.

Is it safe to point at production, and do you see my data?

The audit loads your public pages in a real browser — the same thing a visitor's browser does. It doesn't mutate state. In Gremlin chaos mode, mutations are dry-run by default and only become real on a host you've explicitly authorized; payments are never executed. Flow credentials are write-only — stored encrypted, never returned by any read tool, never placed in an LLM prompt; they're resolved at the tool boundary at run time.

Frequently asked questions

The questions Kilo Code teams and their agents ask before wiring a QA MCP server into the loop.

What is Kilo Code QA testing?

Kilo Code QA testing is giving Kilo Code's agent a tool to run a real quality check on a website and read the result as structured data, instead of only generating code. With the Prufa MCP server added, Kilo Code calls one tool, Prufa drives a real browser against the URL, and returns findings. The free audit tool needs no key and no card.

How do I add an MCP server to Kilo Code?

Run pip install prufa-mcp, then in Kilo Code open Settings → MCP Servers (Agent Behaviour tab) → Add Server and pick Local (stdio), or edit kilo.jsonc under the mcp key. Note Kilo Code's schema: type is required, command is an array, and the env key is environment, not env. A project ./kilo.json overrides the global ~/.config/kilo/kilo.json.

Is there a free QA MCP server for Kilo Code?

Yes. The Prufa MCP server is open source — prufa-mcp on PyPI under Apache-2.0, source at github.com/prufa-dev/prufa-mcp. Its audit tools (prufa_run_audit, prufa_get_report) run free and anonymously: no signup, no card, rate-limited per IP. Kilo Code ships as a VS Code extension and a CLI, and both spawn the same local stdio server. Persistent tools (saved monitors, alerts, Gremlin chaos) need a workspace key and a paid plan.

Can Kilo Code run a full website test through MCP?

Yes. Through Prufa's MCP server Kilo Code can run a one-shot audit of a public URL and — still on the free tier — compile a plain-text test case into a reviewable flow (prufa_create_flow), confirm it, and run it. Saved monitors, alerts, and Gremlin chaos runs are the parts that need a paid, persistent workspace. The audit returns six graded sections — works, fast, found, measured, accessible, compliant — as JSON, with verified severity counts and A–F grades, no composite score.

Add the server and let Kilo Code run the first QA test

Or skip the agent and run the free 60-second website audit yourself: paste a URL, get a shareable report in about a minute. Persistent monitors and Gremlin chaos runs start on Pro ($99/mo).

See plans →