MCP · ZED

Zed QA testing: give Zed a QA engineer via MCP

Add one context server and Zed's Agent Panel can test any URL. The agent loop drives a real browser; plain code grades the evidence into a verdict. Free audit, no card.

Free audit — no signup, no card. The same run Zed triggers through MCP.

We pointed this audit at 49 Show HN launches: 78% had at least one critical finding on day one. See the 49-launch dataset.

Zed — agent panel
you ▸ run a QA audit on https://myapp.com
zed ▸ calling tool prufa_run_audit { url: "https://myapp.com" }
↳ real browser · public pages · evidence captured
✓ VERIFIED critical tracking.none_detected · / · 10:14:22Z
✓ VERIFIED warning security.missing_csp · /
· ADVISORY opinion hero CTA placement (not counted)
report https://prufa.dev/r/k7m2qx · Measured F · Works A
In Zed's Agent Panel the user asks to QA a URL; the agent calls prufa_run_audit and reads back a verdict — a verified critical plus a labeled advisory note that counts toward nothing.

Zed can QA-test a website if you give it a tool that does QA. Add Prufa's MCP server to Zed's context_servers block in settings.json, restart Zed, and ask the Agent Panel to test a URL — it calls prufa_run_audit, a real browser drives the page, and plain code grades the captured evidence into an A–F report across six sections.

The audit tools run anonymously: no signup, no card, no API key. This isn't Zed running a test suite you wrote; it's Zed handing a live URL to a QA engineer and reading back a verdict. The one Zed-specific gotcha: it's context_servers, not mcpServers, and source: "custom" is mandatory or Zed silently skips the entry.

Can Zed actually QA-test my site?

Zed's Agent Panel will happily write you a test, but that leaves you owning a suite you have to author, fix, and re-run. What you actually want after the agent ships a change is simpler: point it at the running site and ask "is this broken?" Out of the box Zed has no eyes on your live app — it can't open the page, watch the network, or tell you the signup button does nothing.

Prufa ships an MCP server that gives Zed exactly that tool. You add it to Zed's context_servers once. Then you ask the Agent Panel to test a URL and it calls prufa_run_audit: a managed agent loop opens a real browser, navigates the public pages, and records everything over CDP — every analytics beacon, console error, cookie, and response code, plus a DOM snapshot. Then deterministic code grades the captured evidence against declarative specs. The LLM navigates; it never decides whether a link is broken or a beacon is correct — captured traffic is asserted against a spec, so the same input gives the same verdict. That's why an agent-triggered result is trustworthy enough to act on. See how Prufa verifies a flow without letting the model grade the result.

How do I add a QA MCP server to Zed?

Three steps: install the server and add it to Zed's context_servers, restart, and ask the Agent Panel to test a URL — a verdict that only verified evidence can move.

  1. Install prufa-mcp, then add it to context_servers

    Run pip install prufa-mcp, then drop the config below into Zed's settings.json under context_servers (or use Agent Panel settings > Add Custom Server). source: "custom" is required — omit it and Zed silently skips the entry. The free audit needs no key; PRUFA_API_TOKEN is optional and only for the paid persistent tools.

  2. Restart Zed

    Config is read at startup, so a full restart is required after editing settings.json. A green dot next to prufa in the Agent Panel means the server connected and prufa_run_audit / prufa_get_report are available to the agent.

  3. Ask Zed to test a URL — evidence keeps the score

    “Run a QA audit on https://myapp.com.” The agent calls prufa_run_audit and reads back the report: six sections graded A–F. Counts and grades come from VERIFIED findings only; ADVISORY (LLM-judged) observations are labeled and excluded. There is no composite 0–100 score — we don't fake precision.

The Zed settings.json config for Prufa

The exact, copy-pasteable stdio block — Zed's own context_servers key, the required source: "custom", and an optional API-key line for the paid tiers.

~/.config/zed/settings.json
{
  "context_servers": {
    "prufa": {
      "source": "custom",
      "command": "prufa-mcp",
      "env": { "PRUFA_API_TOKEN": "prk_..." }
    }
  }
}
Official Zed MCP docs

Run pip install prufa-mcp first — command points straight at the installed prufa-mcp console-script, no args needed. The free audit tools — prufa_run_audit and prufa_get_report — run anonymously, with no card and no PRUFA_API_TOKEN.

It's context_servers, not mcpServers. Zed's term for an MCP server is a "context server", so the top-level key is context_servers. A config copied from Cursor or Claude Code (mcpServers) won't be read.

source: "custom" is mandatory. For a hand-configured server Zed requires source: "custom". Leave it out and Zed silently skips the entry — no error, the server just never appears. This is the single most common Zed setup mistake.

No key needed for the free audit. The env block is optional. Set the key only to unlock saved flows, monitors, and run history (paid tiers). The key is a workspace bearer token — an agent can self-provision a free, no-card trial one via prufa_setup_workspace (it just needs the human's email), or a human can mint one in the dashboard for a persistent workspace. The same key authenticates Prufa's HTTP API, if you'd rather call the audit from code than through Zed's MCP loop.

Restart, then look for the green dot. Zed reads config at startup. After editing settings.json, restart Zed and check the Agent Panel — a green dot next to prufa means it connected. Use absolute paths for any file args; relative paths resolve unpredictably under Zed.

Gate tools per server. Zed supports per-tool approval via tool_permissions — e.g. "mcp:prufa:prufa_run_audit": "allow" to auto-approve, or "confirm" to be prompted on each call.

Prefer npx or uvx? Not yet — prufa-mcp ships on PyPI only, so the pip install above is the canonical setup; don't copy an npx -y prufa-mcp invocation from elsewhere, it won't resolve. And the server runs locally over stdio today. Zed also supports remote MCP servers, but a hosted url-based Prufa endpoint is planned, not yet available — use the stdio config above.

What does Zed read back from prufa_run_audit?

Illustrative rows in the real finding shape (finding_key · evidence) — the keys, tiers and severities are exactly what the analyzers emit. Verified tier first, never interleaved with advisory.

app.prufa.dev/r/k7m2qx
No analytics events detected on any page.
✓ verified critical
tracking.none_detected · / · 2026-07-01T10:14:22Z

Your product is shipping blind — no events fired across the public pages.

Canonical points to a different host.
✓ verified critical
seo.canonical_host_mismatch · /pricing · 2026-07-01T10:14:31Z

Search engines are told the real page lives somewhere else.

No Content-Security-Policy header sent.
✓ verified warning
security.missing_csp · / · 2026-07-01T10:14:25Z

Nothing constrains which scripts the page is allowed to load.

Hero copy may bury the primary CTA.
advisory · opinion

A judgment call, not a verified fact — excluded from every count and grade.

Verified findings are facts the harness can prove from captured traffic — exactly what an agent should act on. Advisory findings are fenced off so Zed never treats an opinion as a defect.

Isn't this the same as asking Zed to write me a test?

The honest answers to what Zed users ask before they wire a QA tool into the agent loop.

Isn't this the same as asking Zed to write me a test?

No. Zed writing a test suite leaves you owning it — selectors to fix, fixtures to maintain, a CI job to babysit. Prufa is zero test authoring: you give it a URL and it returns broken links, dead analytics, console errors, consent state and layout breakage from a real browser run. The two are complementary — keep a hand-written suite for the assertions you care about long-term; use the MCP server for a fast, maintenance-free "does this page work?" Where a code-owned suite wins: precise, durable assertions on flows you control end-to-end. For Zed users who built their app with AI, here's the maintenance-free QA story in full: how to test a vibe-coded app.

Can I trust a verdict that involves an LLM enough to act on it?

The agent loop only navigates and drives the browser. Grades and severity counts are computed by deterministic code from captured evidence — the LLM never judges whether a finding is real, so the verdict is reproducible (regression-tested against a golden fixture site). LLM-judged observations ship as a separate, labeled ADVISORY tier and count toward nothing. More: agentic testing vs scripted testing.

What does it not do from Zed yet?

Honest limits: the free audit walks public pages, not authenticated flows — saved flows and monitors are paid-tier and need a card-first workspace. Prufa does not scan for exposed secrets. The hosted remote MCP endpoint isn't live yet, so you run the stdio server locally. And the evidence-gated AI-VERIFIED path currently lives in the Gremlin chaos modality, not the standard audit — in a standard audit the lone LLM check stays advisory.

Frequently asked questions

The questions Zed users and their agents ask before wiring a QA MCP server into the loop.

How do I add a QA MCP server to Zed?

Add a context_servers entry to Zed's settings.json that launches prufa-mcp (run pip install prufa-mcp first), or use Agent Panel settings > Add Custom Server. Zed calls MCP servers "context servers", so the key is context_servers, not mcpServers, and source: "custom" is mandatory — omit it and Zed silently skips the server, no error shown. Restart Zed, then look for a green dot next to prufa in the Agent Panel. The free audit needs no API key and no card.

Is there a free QA MCP server for Zed?

Yes. prufa-mcp is open source (Apache-2.0) and the audit tools — prufa_run_audit and prufa_get_report — run anonymously: no signup, no card, no API key. You add the context_servers entry to settings.json and ask Zed's agent to test a URL. A PRUFA_API_TOKEN is optional and only unlocks the persistent tools (saved flows, monitors, run history) on the paid tiers.

What's the difference between Zed running tests and a QA MCP server?

Zed's agent can write and run a test suite — which you then own and maintain. A QA MCP server is different: you point Prufa at a live URL and it drives a real browser through the page, capturing network traffic, console errors, cookies and response codes, then grades that evidence into an A–F report. No test file to write. The agent loop navigates; deterministic code produces the verdict, so the same input gives the same result.

Can Zed's Agent Panel run a full website QA test through MCP?

Yes, within the free audit's scope. Ask Zed to test a URL and it calls prufa_run_audit; a real browser loads the public pages and Prufa returns a graded report across six sections (Works, Fast, Found, Measured, Accessible, Compliant). The free audit walks public pages, not logged-in flows — saved flows and monitoring are paid-tier and need a card-first workspace. Per-tool approval is configurable via tool_permissions.

Give Zed a QA tool and test your first URL

Try the free audit from the browser first — the same run Zed triggers through MCP, no card. Then paste the context_servers config above, restart Zed, and ask the Agent Panel to test your site. Saved flows and monitoring start on the paid tiers; see pricing.

See pricing →