MCP · WINDSURF

Windsurf QA testing: give Cascade a QA engineer via MCP

Add one MCP server and Cascade can test any URL. The agent loop drives a real browser; plain code grades the evidence into a verdict. Free audit, no card.

Free audit — no signup, no card. The same run Cascade triggers through MCP.

We pointed this audit at 49 Show HN launches: 78% had a critical bug on day one. See the 49-launch dataset.

cascade — agent
you ▸ run a QA audit on https://myapp.com
cascade ▸ calling tool prufa_run_audit { url: "https://myapp.com" }
↳ real browser · public pages · evidence captured
✓ VERIFIED critical tracking.none_detected · / · 10:14:22Z
✓ VERIFIED warning security.missing_csp · /
· ADVISORY opinion hero CTA placement (not counted)
report https://prufa.dev/r/k7m2qx · Measured F · Works A
In Cascade, the user asks to QA a URL; the agent calls prufa_run_audit and reads back an evidence-gated verdict — a VERIFIED critical plus a labeled ADVISORY note that counts toward nothing.

Windsurf can QA-test a website if you give it a tool that does QA. Add Prufa's QA MCP server to Windsurf's mcp_config.json, click Refresh in Cascade's MCP panel, and ask the agent to test a URL — it calls prufa_run_audit, a real browser drives the page, and plain code grades the captured evidence into an A–F report across six sections.

The audit tools run anonymously: no signup, no card, no API key. This isn't Cascade running a Playwright suite you wrote; it's Cascade handing a live URL to a QA engineer and reading back a verdict.

Can Windsurf actually QA-test my site?

Cascade will happily write you a Playwright test, but that leaves you owning a suite you have to author, fix, and re-run. What you actually want after the agent ships a change is simpler: point it at the running site and ask “is this broken?” Out of the box Windsurf has no eyes on your live app — it can't open the page, watch the network, or tell you the signup button does nothing.

Prufa ships an MCP server that gives Cascade exactly that tool. You add it to Windsurf's mcp_config.json once. Then you ask the agent to test a URL and it calls prufa_run_audit: a managed agent loop opens a real browser, navigates the public pages, and records everything over CDP — every analytics beacon, console error, cookie, and response code, plus a DOM snapshot. Then deterministic code grades the captured evidence against declarative specs. The LLM navigates; it never decides whether a link is broken or a beacon is correct — captured traffic is asserted against a spec, so the same input gives the same verdict. That's why an agent-triggered result is trustworthy enough to act on. See how Prufa verifies a signup flow (the LLM never grades the result).

How do I add a QA MCP server to Windsurf?

Three steps: open the raw config from Cascade, paste the stdio block and click Refresh, then ask the agent to test a URL.

  1. Open the raw config from Cascade

    In Cascade, go to Manage MCP Servers > View raw config — it opens ~/.codeium/windsurf/mcp_config.json (on Windows, %USERPROFILE%\.codeium\windsurf\mcp_config.json). Paste the stdio config below. The free audit needs no key — PRUFA_API_TOKEN is optional, only for the paid persistent tools.

  2. Save, then click Refresh

    Windsurf uses a single global config file and reloads servers when you click Refresh in the MCP panel — no full restart needed. After it reloads, prufa appears with prufa_run_audit and prufa_get_report available to the agent.

  3. Ask Cascade to test a URL — evidence keeps the score

    “Run a QA audit on https://myapp.com.” The agent calls prufa_run_audit and reads back the report: six sections graded A–F. Counts and grades come from VERIFIED findings only; ADVISORY (LLM-judged) observations are labeled and excluded. There is no composite 0–100 score — we don't fake precision.

The Windsurf mcp_config.json config for Prufa

The exact, copy-pasteable stdio config Cascade's “View raw config” opens — prufa-mcp launched directly as the command, with ${env:…} keeping the optional key out of the file.

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "prufa": {
      "command": "prufa-mcp",
      "env": { "PRUFA_API_TOKEN": "${env:PRUFA_API_TOKEN}" }
    }
  }
}
Official Windsurf MCP docs

The env block is optional. Only needed for the paid persistent tools (saved flows, monitors). The free audit runs with no key.

  • Install it first. prufa-mcp is a Python package on PyPI: pip install prufa-mcp. That installs the prufa-mcp console script, which is what "command" launches over stdio.
  • No key needed for the free audit. prufa_run_audit and prufa_get_report run anonymously — no card, no PRUFA_API_TOKEN. Set the key only to unlock saved flows, monitors, and run history (paid tiers). An agent can self-provision a free, no-card trial workspace via prufa_setup_workspace (it just needs the human's email), or a human can mint the bearer token in the dashboard for a paid, persistent one.
  • ${env:VAR} keeps the key out of the file. Windsurf interpolates ${env:PRUFA_API_TOKEN} across command, args, env, serverUrl, url and headers — so the actual token lives in your shell environment, not in the committed JSON.
  • Where it lives. ~/.codeium/windsurf/mcp_config.json (macOS/Linux) or %USERPROFILE%\.codeium\windsurf\mcp_config.json (Windows). It's a single global file — there's no per-project config in Windsurf, so the same servers are available in every workspace.
  • Refresh, don't restart. After editing the file, click Refresh in Manage MCP Servers — Windsurf reloads servers without a full restart. "disabled": true turns a server off in place; "alwaysAllow": [...] auto-approves named tools.
  • Remote/HTTP? Windsurf supports a remote server via "serverUrl" (stdio + HTTP + SSE), but prufa-mcp runs locally over stdio today. A hosted serverUrl endpoint is planned, not yet available — use the stdio config above. To call Prufa directly from your own code instead of through Cascade, use the HTTP API.

What does Cascade read back?

What prufa_run_audit hands the agent. Verified tier first (a machine-checked fact, in mono), never interleaved with advisory (a labeled opinion that counts toward nothing).

app.prufa.dev/r/k7m2qx
No analytics events detected on any page.
✓ verified critical
tracking.none_detected · / · 2026-07-01T10:14:22Z

Your product is shipping blind — no events fired across the public pages.

Canonical points to a different host.
✓ verified critical
seo.canonical_host_mismatch · /pricing · 2026-07-01T10:14:31Z

Search engines are told the real page lives somewhere else.

No Content-Security-Policy header.
✓ verified warning
security.missing_csp · / · 2026-07-01T10:14:25Z

No CSP means a single injected script can run unchecked.

Hero copy may bury the primary CTA.
advisory · opinion

A judgment call, not a verified fact — excluded from every count and grade.

Verified findings are facts the harness can prove from captured traffic. Advisory findings are clearly fenced off so Cascade never treats an opinion as a defect — they count toward nothing.

Isn't this the same as asking Cascade to write a Playwright test?

The honest answers to what Windsurf users ask before they wire a QA tool into the agent loop.

Isn't this the same as asking Cascade to write me a Playwright test?

No. Cascade writing Playwright leaves you owning the suite — selectors to fix, fixtures to maintain, a CI job to babysit. Prufa is zero test authoring: you give it a URL and it returns broken links, dead analytics, console errors, consent state and layout breakage from a real browser run. The two are complementary — keep Playwright for the assertions you care about long-term; use the MCP server for a fast, maintenance-free “does this page work?” Where Playwright wins: precise, durable assertions on flows you control end-to-end.

Can I trust a verdict that involves an LLM enough to act on it?

The agent loop only navigates and drives the browser. Grades and severity counts are computed by deterministic code from captured evidence — the LLM never judges whether a finding is real, so the verdict is reproducible (regression-tested against a golden fixture site). LLM-judged observations ship as a separate, labeled ADVISORY tier and count toward nothing. More: agentic testing vs scripted testing.

What does it not do from Windsurf yet?

Honest limits: the free audit walks public pages, not authenticated flows — saved flows and monitors are paid-tier and need a card-first workspace. Prufa does not scan for exposed secrets. The hosted remote serverUrl endpoint isn't live yet, so you run the stdio server locally. And the evidence-gated AI-VERIFIED path currently lives in the Gremlin chaos modality, not the standard audit — in a standard audit the lone LLM check stays advisory. If you built your app with AI, the maintenance-free QA story is in how to test a vibe-coded app.

Frequently asked questions

The questions Windsurf users and their agents ask before wiring a QA MCP server into Cascade.

How do I add a QA MCP server to Windsurf?

In Cascade, open Manage MCP Servers > View raw config — it opens ~/.codeium/windsurf/mcp_config.json (on Windows, %USERPROFILE%\.codeium\windsurf\mcp_config.json). Add a stdio entry that launches prufa-mcp, save, then click Refresh in the MCP panel — Windsurf reloads servers without a full restart. Cascade can then call prufa_run_audit on any URL. The free audit needs no API key and no card.

What's the difference between Windsurf's built-in testing and a QA MCP server?

Windsurf's Cascade writes and runs code, including Playwright tests you author and then maintain. A QA MCP server is different: you point Prufa at a live URL and it drives a real browser through the page, capturing network traffic, console errors, cookies and response codes, then grades that evidence. No test file to write. The agent loop navigates; deterministic code produces the verdict, so the same input gives the same result.

Is there a free QA MCP server for Windsurf?

Yes. prufa-mcp is open source (Apache-2.0) and the audit tools — prufa_run_audit and prufa_get_report — run anonymously: no signup, no card, no API key. You add the stdio server to mcp_config.json and ask Cascade to test a URL. A PRUFA_API_TOKEN is optional and only unlocks the persistent tools (saved flows, monitors, run history) on the paid tiers.

Why doesn't Cascade see the Prufa tools after I edit mcp_config.json?

Windsurf reads MCP config on demand but you must reload it: after saving ~/.codeium/windsurf/mcp_config.json, click Refresh in the Manage MCP Servers panel — editing the file alone does nothing until you do. Windsurf uses one global config file, not per-project, so there is no project file to shadow it. Keep secrets in env via ${env:PRUFA_API_TOKEN}, not in args.

Give Cascade a QA tool and test your first URL

Try the free 60-second audit from the browser first — the same run Cascade triggers through MCP, no card. Then paste the mcp_config.json config above, click Refresh in Cascade, and ask it to test your site. Saved flows and monitoring start on the paid tiers; see pricing.

See pricing →