MCP · WINDSURF
Add one MCP server and Cascade can test any URL. The agent loop drives a real browser; plain code grades the evidence into a verdict. Free audit, no card.
Free audit — no signup, no card. The same run Cascade triggers through MCP.
We pointed this audit at 49 Show HN launches: 78% had a critical bug on day one. See the 49-launch dataset.
Windsurf can QA-test a website if you give it a tool that does QA. Add
Prufa's QA MCP server to Windsurf's mcp_config.json, click
Refresh in Cascade's MCP panel, and ask the agent to test a URL — it
calls prufa_run_audit, a real browser drives the page, and
plain code grades the captured evidence into an A–F report across six
sections.
The audit tools run anonymously: no signup, no card, no API key. This isn't Cascade running a Playwright suite you wrote; it's Cascade handing a live URL to a QA engineer and reading back a verdict.
Cascade will happily write you a Playwright test, but that leaves you owning a suite you have to author, fix, and re-run. What you actually want after the agent ships a change is simpler: point it at the running site and ask “is this broken?” Out of the box Windsurf has no eyes on your live app — it can't open the page, watch the network, or tell you the signup button does nothing.
Prufa ships an MCP server that gives Cascade exactly
that tool. You add it to Windsurf's mcp_config.json once.
Then you ask the agent to test a URL and it calls
prufa_run_audit: a managed agent loop opens a real browser,
navigates the public pages, and records everything over CDP — every
analytics beacon, console error, cookie, and response code, plus a DOM
snapshot. Then deterministic code grades the captured evidence against
declarative specs. The LLM navigates; it never decides whether a link is
broken or a beacon is correct — captured traffic is asserted against a
spec, so the same input gives the same verdict. That's why an
agent-triggered result is trustworthy enough to act on. See
how Prufa verifies a signup flow (the LLM never grades the result).
Three steps: open the raw config from Cascade, paste the stdio block and click Refresh, then ask the agent to test a URL.
In Cascade, go to Manage MCP Servers > View raw config — it opens ~/.codeium/windsurf/mcp_config.json (on Windows, %USERPROFILE%\.codeium\windsurf\mcp_config.json). Paste the stdio config below. The free audit needs no key — PRUFA_API_TOKEN is optional, only for the paid persistent tools.
Windsurf uses a single global config file and reloads servers when you click Refresh in the MCP panel — no full restart needed. After it reloads, prufa appears with prufa_run_audit and prufa_get_report available to the agent.
“Run a QA audit on https://myapp.com.” The agent calls prufa_run_audit and reads back the report: six sections graded A–F. Counts and grades come from VERIFIED findings only; ADVISORY (LLM-judged) observations are labeled and excluded. There is no composite 0–100 score — we don't fake precision.
The exact, copy-pasteable stdio config Cascade's “View raw config”
opens — prufa-mcp launched directly as the command, with
${env:…} keeping the optional key out of the file.
{
"mcpServers": {
"prufa": {
"command": "prufa-mcp",
"env": { "PRUFA_API_TOKEN": "${env:PRUFA_API_TOKEN}" }
}
}
} Official Windsurf MCP docs The env block is optional. Only needed for the paid persistent tools (saved flows, monitors). The free audit runs with no key.
prufa-mcp is a
Python package on PyPI: pip install prufa-mcp. That
installs the prufa-mcp console script, which is what
"command" launches over stdio.
prufa_run_audit and prufa_get_report run
anonymously — no card, no PRUFA_API_TOKEN. Set the key
only to unlock saved flows, monitors, and run history (paid tiers).
An agent can self-provision a free, no-card trial workspace via
prufa_setup_workspace (it just needs the human's email),
or a human can mint the bearer token in the dashboard for a paid,
persistent one.
${env:VAR} keeps the key out of the
file. Windsurf interpolates
${env:PRUFA_API_TOKEN} across
command, args, env,
serverUrl, url and headers —
so the actual token lives in your shell environment, not in the
committed JSON.
~/.codeium/windsurf/mcp_config.json (macOS/Linux) or
%USERPROFILE%\.codeium\windsurf\mcp_config.json
(Windows). It's a single global file — there's no per-project
config in Windsurf, so the same servers are available in every
workspace.
"disabled": true turns a
server off in place; "alwaysAllow": [...] auto-approves
named tools.
"serverUrl" (stdio + HTTP + SSE), but
prufa-mcp runs locally over stdio today. A hosted
serverUrl endpoint is planned, not yet available — use
the stdio config above. To call Prufa directly from your own code
instead of through Cascade, use the HTTP API.
What prufa_run_audit hands the agent. Verified tier first
(a machine-checked fact, in mono), never interleaved with advisory (a
labeled opinion that counts toward nothing).
Your product is shipping blind — no events fired across the public pages.
Search engines are told the real page lives somewhere else.
No CSP means a single injected script can run unchecked.
A judgment call, not a verified fact — excluded from every count and grade.
The honest answers to what Windsurf users ask before they wire a QA tool into the agent loop.
No. Cascade writing Playwright leaves you owning the suite — selectors to fix, fixtures to maintain, a CI job to babysit. Prufa is zero test authoring: you give it a URL and it returns broken links, dead analytics, console errors, consent state and layout breakage from a real browser run. The two are complementary — keep Playwright for the assertions you care about long-term; use the MCP server for a fast, maintenance-free “does this page work?” Where Playwright wins: precise, durable assertions on flows you control end-to-end.
The agent loop only navigates and drives the browser. Grades and severity counts are computed by deterministic code from captured evidence — the LLM never judges whether a finding is real, so the verdict is reproducible (regression-tested against a golden fixture site). LLM-judged observations ship as a separate, labeled ADVISORY tier and count toward nothing. More: agentic testing vs scripted testing.
Honest limits: the free audit walks public pages, not authenticated
flows — saved flows and monitors are paid-tier and need a card-first
workspace. Prufa does not scan for exposed secrets. The hosted remote
serverUrl endpoint isn't live yet, so you run the stdio
server locally. And the evidence-gated AI-VERIFIED path currently
lives in the Gremlin chaos modality, not the standard audit — in a
standard audit the lone LLM check stays advisory. If you built your
app with AI, the maintenance-free QA story is in
how to test a vibe-coded app.
The questions Windsurf users and their agents ask before wiring a QA MCP server into Cascade.
In Cascade, open Manage MCP Servers > View raw config — it opens ~/.codeium/windsurf/mcp_config.json (on Windows, %USERPROFILE%\.codeium\windsurf\mcp_config.json). Add a stdio entry that launches prufa-mcp, save, then click Refresh in the MCP panel — Windsurf reloads servers without a full restart. Cascade can then call prufa_run_audit on any URL. The free audit needs no API key and no card.
Windsurf's Cascade writes and runs code, including Playwright tests you author and then maintain. A QA MCP server is different: you point Prufa at a live URL and it drives a real browser through the page, capturing network traffic, console errors, cookies and response codes, then grades that evidence. No test file to write. The agent loop navigates; deterministic code produces the verdict, so the same input gives the same result.
Yes. prufa-mcp is open source (Apache-2.0) and the audit tools — prufa_run_audit and prufa_get_report — run anonymously: no signup, no card, no API key. You add the stdio server to mcp_config.json and ask Cascade to test a URL. A PRUFA_API_TOKEN is optional and only unlocks the persistent tools (saved flows, monitors, run history) on the paid tiers.
Windsurf reads MCP config on demand but you must reload it: after saving ~/.codeium/windsurf/mcp_config.json, click Refresh in the Manage MCP Servers panel — editing the file alone does nothing until you do. Windsurf uses one global config file, not per-project, so there is no project file to shadow it. Keep secrets in env via ${env:PRUFA_API_TOKEN}, not in args.
Try the free 60-second audit from the browser first — the same run Cascade triggers
through MCP, no card. Then paste the mcp_config.json config
above, click Refresh in Cascade, and ask it to test your site. Saved
flows and monitoring start on the paid tiers; see
pricing.