ROO CODE INTEGRATION · MCP · OPEN SOURCE

Roo Code QA testing, over an MCP server

Add Prufa to Roo Code's MCP config. Ask it to test a URL — Roo drives a real browser and hands back an evidence-gated verdict, not a screenshot to eyeball.

No signup. No card. Public URL in, shareable report out.

In our June 2026 audit of 49 Show HN launches, 78% (38 of 49) shipped a critical bug on day one — and 38 of 49 sent no analytics at all. See the 49-launch dataset.

roo code · agent session
▸ prufa_run_audit({ url: "https://myapp.com", wait: true })
running real-browser audit … (blocks up to ~90s)
← {
"run_id": "a1b2c3d4-…",
"share_token": "k7m2p9",
"report_url": "https://prufa.dev/r/k7m2p9",
"counts": { "critical": 2, "warning": 5, "info": 0 },
"headline": "2 critical issues and 5 warnings found"
}
✓ Roo reads the verdict, fixes 2 criticals, re-runs.
Roo Code calls prufa_run_audit on a URL and gets a structured, evidence-gated verdict back — inside its own loop, no human, no script.

Roo Code just built a feature and marked it done. Did it check that the page still works in a browser — that the analytics fire, the session cookie is Secure, the layout doesn't overflow on a phone? Reading the diff doesn't tell you that.

Wire Prufa's MCP server into Roo Code and it can find out for itself. Roo calls prufa_run_audit, Prufa loads the URL in a real browser, captures every beacon, console error, cookie and status code, runs a fixed suite of deterministic checks against that captured evidence, and returns the verdict as JSON. Roo reads it, fixes what broke, and runs it again — all inside its own loop. The first call needs no key and no card.

Why give Roo Code a QA tool over MCP at all?

Roo Code edits files and runs commands well, but it checks its own work badly. It can read a stack trace; it can't see that the signup button does nothing, that the tag manager loaded but never fired an event, or that the hero overflows the viewport on mobile. The usual fix — "open a browser and look" — needs you, the human, back in the loop. The alternative — hand-author a Playwright suite Roo then has to keep green — is the work you were trying to skip. Most "MCP for testing" options are browser drivers: they hand Roo click/type/screenshot primitives and leave the judging to you.

Prufa's architecture is agentic navigation + deterministic verification: an LLM-backed agent loop plans and drives the browser; a plain-code harness owns the session, records all network traffic over CDP, and grades the captured evidence against a versioned spec. The LLM navigates — it never judges whether a tracking beacon is correct. That separation is why the verdict is trustworthy enough for Roo to act on automatically: same input, same verdict (determinism is regression-tested against a golden fixture site). The MCP server is a thin client over that — the same product as our CLI, HTTP API and dashboard, just spoken in tool calls. Read the long version in how Prufa verifies a signup flow.

How do I add a QA MCP server to Roo Code?

Three steps: add the server to Roo's config, ask it to test a URL, and read a verdict that only verified evidence can move.

  1. Add the server to Roo Code

    Click the MCP Servers icon in Roo's sidebar → Edit Global MCP to open mcp_settings.json (or create a project .roo/mcp.json to scope it to one repo), then paste the stdio block below under the top-level mcpServers key. Roo Code is a VS Code extension; a project .roo/mcp.json overrides the global file on a name collision.

  2. Ask Roo to test a URL

    Say “Run a QA audit on https://myapp.com.” Roo calls prufa_run_audit({ url }). Prufa spins up a real browser, walks the public pages, and captures beacons, console output, cookies and response codes — no test script for you to write.

  3. Evidence keeps the verdict

    Findings come back in two tiers. Verified = a machine-checked fact (the check name + captured evidence + a timestamp). Advisory = a clearly-labeled LLM observation, never phrased as broken. Only verified findings move the section grades; there is no composite 0–100 score, ever.

Note for step 1: for a stdio server you can omit type — Roo defaults it to "stdio" when command is present. The inverse is a real gotcha: any URL-based entry must set type ("streamable-http" or "sse") or Roo errors out — it can't infer the transport. Prufa is stdio-only today, so you won't hit that here.

Add the Prufa MCP server to Roo Code

The exact, copy-pasteable stdio block — with Roo's own disabled / alwaysAllow keys and type omitted — and where the config lives if you'd rather edit it directly.

mcp_settings.json
{
  "mcpServers": {
    "prufa": {
      "command": "prufa-mcp",
      "disabled": false,
      "alwaysAllow": []
    }
  }
}
Official Roo Code MCP docs
where the config lives
Global:   mcp_settings.json
            (MCP Servers icon → Edit Global MCP;
             applies to every workspace)

Project:  .roo/mcp.json
            (in the repo root — overrides the
             global file, committable per-project)

Install the package first so the prufa-mcp command is on your PATH: pip install prufa-mcp. That's the whole setup. The server speaks JSON-RPC 2.0 over stdio (MCP protocol 2025-06-18); Roo Code spawns it as a subprocess. The free audit tools — prufa_run_audit and prufa_get_report — work anonymously, with no key and no card. (type is omitted above because Roo defaults a command entry to "stdio".)

Two Roo-specific keys are worth setting. disabled: false keeps the server live (flip it to true to switch the server off without deleting the entry). alwaysAllow auto-approves named tools so Roo doesn't prompt on every call — to run audits hands-free, set "alwaysAllow": ["prufa_run_audit", "prufa_get_report"]. Roo's cwd for the server defaults to your first workspace folder, which is fine for prufa-mcp (it's a network client, not a file tool).

For persistent tools (saved monitors, run history, Gremlin chaos runs) add a workspace key under env"env": { "PRUFA_API_TOKEN": "prk_…" }. An agent can self-provision a free, no-card trial workspace by calling prufa_setup_workspace (it just needs the human's email), or a human can mint the key in the dashboard for a paid, persistent one.

Roo Code also supports a remote server form (type: "streamable-http" or "sse" with a url + headers) instead of command. Prufa's MCP server is stdio-only today, so use the command form above; a hosted remote endpoint is on the roadmap, not shipped. (When you do use a URL entry in Roo, remember type is mandatory.)

The server is open source — prufa-mcp on PyPI, Apache-2.0, source at github.com/prufa-dev/prufa-mcp. It registers 20+ tools across three tiers: a free setup tier (audits, flows, reports), a Pro persistent tier (monitors, alerts, usage), and Gremlin chaos tools. Every mutating tool takes an optional idempotency_key, so when Roo retries on a network blip the API replays the original response instead of re-executing.

What does the verdict Roo Code reads look like?

Illustrative rows in the real finding shape (finding_key · evidence) — the keys, tiers and severities are exactly what the analyzers emit. Verified tier first, never interleaved with advisory.

app.prufa.dev/r/k7m2p9
No analytics events detected on any public page.
✓ verified critical
tracking.none_detected · / , /pricing · 0 beacons captured

You're flying blind — no pageviews, no conversions reaching your analytics. The single most common critical in our June 2026 audit of 49 Show HN launches (38 of 49).

No Content-Security-Policy header on the page.
✓ verified warning
security.missing_csp · / · no CSP response header

No CSP means no defense-in-depth against injected scripts. In our June 2026 audit of 14 r/SideProject launches, 11 of 14 served no CSP header.

The hero may bury the primary call to action below denser secondary copy.
advisory · opinion

An LLM observation, not a machine-checked fact — excluded from every severity count and grade. Roo's call whether to act on it.

Verified findings are facts the harness can prove from captured traffic — exactly what an agent should act on. Advisory findings are fenced off so Roo never treats an opinion as a defect.

Is this just Playwright MCP for Roo Code with extra steps?

The honest answers to what Roo Code users ask before they wire a QA tool into the agent loop.

Isn't this the same as Playwright MCP or a browser-driver MCP?

No — and Playwright MCP is genuinely good at what it does. It hands Roo raw browser primitives (click, type, navigate, screenshot); Roo still has to decide what to do and judge whether the result is correct. That's the right tool when you want fine-grained scripted control. Prufa is the opposite contract: one tool call returns a graded verdict — deterministic checks over captured network traffic, tiered into verified vs advisory. Use Playwright MCP to drive; use Prufa to get a verdict without authoring and maintaining a suite. More on the distinction: agentic testing vs scripted testing.

Can Roo rack up charges, or do I need a card?

The audit tools (prufa_run_audit, prufa_get_report) run anonymously — no key, no card, rate-limited per IP. Persistent tools (monitors, alerts, Gremlin) are Pro and return a 402 with a checkout hint on the free tier — explicit, never a silent charge. We don't meter deterministic checks or pinned-selector flow replays, and a request that never returns doesn't count.

Should I put the server in the global file or a project .roo/mcp.json?

Either works. Roo Code reads a global mcp_settings.json (every workspace) and a project .roo/mcp.json (one repo, committable); the project file overrides global on a name collision. Use the project file when you want the QA tool checked in with the repo so teammates and CI get it; use global when you want it everywhere. Both run the same prufa-mcp command — that's a Roo behavior, not a Prufa one.

Is it safe to point Roo at production, and do you see my data?

The audit loads your public pages in a real browser — the same thing a visitor's browser does. It doesn't mutate state. In Gremlin chaos mode, mutations are dry-run by default and only become real on a host you've explicitly authorized; payments are never executed. Flow credentials are write-only — stored encrypted, never returned by any read tool, never placed in an LLM prompt; they're resolved at the tool boundary at run time.

Frequently asked questions

The questions Roo Code users and their agents ask before wiring a QA MCP server into the loop.

How do I add a QA MCP server to Roo Code?

In Roo Code, click the MCP Servers icon → Edit Global MCP to open mcp_settings.json (or create a project .roo/mcp.json), then add {"mcpServers":{"prufa":{"command":"prufa-mcp","disabled":false,"alwaysAllow":[]}}} after running pip install prufa-mcp. For a stdio server you can omit type — Roo defaults it to stdio. The audit tools work anonymously, no key needed.

Is there a free or open-source QA MCP server for Roo Code?

Yes. The Prufa MCP server is open source — prufa-mcp on PyPI under Apache-2.0, source at github.com/prufa-dev/prufa-mcp. Its audit tools (prufa_run_audit, prufa_get_report) run free and anonymously: no signup, no card, rate-limited per IP. Persistent tools (saved monitors, run history, Gremlin chaos) require a workspace key and a paid plan, returning a 402 with a checkout hint on the free tier.

What's the difference between Playwright MCP and a QA MCP server in Roo Code?

Playwright MCP gives Roo low-level browser primitives — click, type, navigate, screenshot — and leaves the judging to you; it's a driver. A QA MCP server like Prufa returns a graded verdict from one tool call: deterministic checks over captured network traffic, split into verified (machine-checked) and advisory (labeled opinion) tiers. Playwright MCP wins for scripted control; Prufa wins when you want a verdict without authoring a test suite.

Can Roo Code run a full website test through MCP?

Yes. Through the Prufa MCP server Roo can run a one-shot audit of a public URL, and on a paid workspace compile a plain-text test case into a reviewable flow, run that flow, start a monitor, or trigger a Gremlin chaos run. The audit returns six graded sections (works, fast, found, measured, accessible, compliant) as JSON — no composite score, just verified severity counts and A–F grades Roo can branch on.

Add the server and let Roo Code run the first QA test

Or skip the agent and run the free 60-second website audit yourself: paste a URL, get a shareable report in about a minute. Persistent monitors and Gremlin chaos runs start on Pro ($99/mo), which also includes MCP server + agent-skill access.

See plans →