MCP · ZED
Add one context server and Zed's Agent Panel can test any URL. The agent loop drives a real browser; plain code grades the evidence into a verdict. Free audit, no card.
Free audit — no signup, no card. The same run Zed triggers through MCP.
We pointed this audit at 49 Show HN launches: 78% had at least one critical finding on day one. See the 49-launch dataset.
Zed can QA-test a website if you give it a tool that does QA. Add
Prufa's MCP server to Zed's context_servers block in
settings.json, restart Zed, and ask the Agent Panel to test
a URL — it calls prufa_run_audit, a real browser drives the
page, and plain code grades the captured evidence into an A–F report
across six sections.
The audit tools run anonymously: no signup, no card, no API key. This
isn't Zed running a test suite you wrote; it's Zed handing a live URL to
a QA engineer and reading back a verdict. The one Zed-specific gotcha:
it's context_servers, not mcpServers, and
source: "custom" is mandatory or Zed silently skips the
entry.
Zed's Agent Panel will happily write you a test, but that leaves you owning a suite you have to author, fix, and re-run. What you actually want after the agent ships a change is simpler: point it at the running site and ask "is this broken?" Out of the box Zed has no eyes on your live app — it can't open the page, watch the network, or tell you the signup button does nothing.
Prufa ships an MCP server that gives Zed exactly that
tool. You add it to Zed's context_servers once. Then you ask
the Agent Panel to test a URL and it calls prufa_run_audit:
a managed agent loop opens a real browser, navigates the public pages,
and records everything over CDP — every analytics beacon, console error,
cookie, and response code, plus a DOM snapshot. Then deterministic code
grades the captured evidence against declarative specs. The LLM
navigates; it never decides whether a link is broken or a beacon is
correct — captured traffic is asserted against a spec, so the same input
gives the same verdict. That's why an agent-triggered result is
trustworthy enough to act on. See
how Prufa verifies a flow without letting the model grade the result.
Three steps: install the server and add it to Zed's
context_servers, restart, and ask the Agent Panel to test
a URL — a verdict that only verified evidence can move.
Run pip install prufa-mcp, then drop the config below into Zed's settings.json under context_servers (or use Agent Panel settings > Add Custom Server). source: "custom" is required — omit it and Zed silently skips the entry. The free audit needs no key; PRUFA_API_TOKEN is optional and only for the paid persistent tools.
Config is read at startup, so a full restart is required after editing settings.json. A green dot next to prufa in the Agent Panel means the server connected and prufa_run_audit / prufa_get_report are available to the agent.
“Run a QA audit on https://myapp.com.” The agent calls prufa_run_audit and reads back the report: six sections graded A–F. Counts and grades come from VERIFIED findings only; ADVISORY (LLM-judged) observations are labeled and excluded. There is no composite 0–100 score — we don't fake precision.
The exact, copy-pasteable stdio block — Zed's own
context_servers key, the required source: "custom",
and an optional API-key line for the paid tiers.
{
"context_servers": {
"prufa": {
"source": "custom",
"command": "prufa-mcp",
"env": { "PRUFA_API_TOKEN": "prk_..." }
}
}
} Official Zed MCP docs
Run pip install prufa-mcp first — command
points straight at the installed prufa-mcp console-script,
no args needed. The free audit tools —
prufa_run_audit and prufa_get_report — run
anonymously, with no card and no PRUFA_API_TOKEN.
It's context_servers, not mcpServers.
Zed's term for an MCP server is a "context server", so the top-level
key is context_servers. A config copied from Cursor or
Claude Code (mcpServers) won't be read.
source: "custom" is mandatory. For a
hand-configured server Zed requires source: "custom".
Leave it out and Zed silently skips the entry — no error, the server
just never appears. This is the single most common Zed setup mistake.
No key needed for the free audit. The env
block is optional. Set the key only to unlock saved flows, monitors,
and run history (paid tiers). The key is a workspace bearer token — an
agent can self-provision a free, no-card trial one via
prufa_setup_workspace (it just needs the human's email),
or a human can mint one in the
dashboard for a persistent workspace. The same key authenticates Prufa's
HTTP API, if you'd rather call the audit from code
than through Zed's MCP loop.
Restart, then look for the green dot. Zed reads config
at startup. After editing settings.json, restart Zed and
check the Agent Panel — a green dot next to prufa means it
connected. Use absolute paths for any file args; relative paths resolve
unpredictably under Zed.
Gate tools per server. Zed supports per-tool approval
via tool_permissions — e.g.
"mcp:prufa:prufa_run_audit": "allow" to auto-approve, or
"confirm" to be prompted on each call.
Prefer npx or uvx? Not yet —
prufa-mcp ships on PyPI only, so the pip install
above is the canonical setup; don't copy an npx -y prufa-mcp
invocation from elsewhere, it won't resolve. And the server runs
locally over stdio today. Zed also supports remote MCP
servers, but a hosted url-based Prufa endpoint is planned,
not yet available — use the stdio config above.
Illustrative rows in the real finding shape
(finding_key · evidence) — the keys, tiers and severities
are exactly what the analyzers emit. Verified tier first, never
interleaved with advisory.
Your product is shipping blind — no events fired across the public pages.
Search engines are told the real page lives somewhere else.
Nothing constrains which scripts the page is allowed to load.
A judgment call, not a verified fact — excluded from every count and grade.
The honest answers to what Zed users ask before they wire a QA tool into the agent loop.
No. Zed writing a test suite leaves you owning it — selectors to fix, fixtures to maintain, a CI job to babysit. Prufa is zero test authoring: you give it a URL and it returns broken links, dead analytics, console errors, consent state and layout breakage from a real browser run. The two are complementary — keep a hand-written suite for the assertions you care about long-term; use the MCP server for a fast, maintenance-free "does this page work?" Where a code-owned suite wins: precise, durable assertions on flows you control end-to-end. For Zed users who built their app with AI, here's the maintenance-free QA story in full: how to test a vibe-coded app.
The agent loop only navigates and drives the browser. Grades and severity counts are computed by deterministic code from captured evidence — the LLM never judges whether a finding is real, so the verdict is reproducible (regression-tested against a golden fixture site). LLM-judged observations ship as a separate, labeled ADVISORY tier and count toward nothing. More: agentic testing vs scripted testing.
Honest limits: the free audit walks public pages, not authenticated flows — saved flows and monitors are paid-tier and need a card-first workspace. Prufa does not scan for exposed secrets. The hosted remote MCP endpoint isn't live yet, so you run the stdio server locally. And the evidence-gated AI-VERIFIED path currently lives in the Gremlin chaos modality, not the standard audit — in a standard audit the lone LLM check stays advisory.
The questions Zed users and their agents ask before wiring a QA MCP server into the loop.
Add a context_servers entry to Zed's settings.json that launches prufa-mcp (run pip install prufa-mcp first), or use Agent Panel settings > Add Custom Server. Zed calls MCP servers "context servers", so the key is context_servers, not mcpServers, and source: "custom" is mandatory — omit it and Zed silently skips the server, no error shown. Restart Zed, then look for a green dot next to prufa in the Agent Panel. The free audit needs no API key and no card.
Yes. prufa-mcp is open source (Apache-2.0) and the audit tools — prufa_run_audit and prufa_get_report — run anonymously: no signup, no card, no API key. You add the context_servers entry to settings.json and ask Zed's agent to test a URL. A PRUFA_API_TOKEN is optional and only unlocks the persistent tools (saved flows, monitors, run history) on the paid tiers.
Zed's agent can write and run a test suite — which you then own and maintain. A QA MCP server is different: you point Prufa at a live URL and it drives a real browser through the page, capturing network traffic, console errors, cookies and response codes, then grades that evidence into an A–F report. No test file to write. The agent loop navigates; deterministic code produces the verdict, so the same input gives the same result.
Yes, within the free audit's scope. Ask Zed to test a URL and it calls prufa_run_audit; a real browser loads the public pages and Prufa returns a graded report across six sections (Works, Fast, Found, Measured, Accessible, Compliant). The free audit walks public pages, not logged-in flows — saved flows and monitoring are paid-tier and need a card-first workspace. Per-tool approval is configurable via tool_permissions.
Try the free audit from the browser
first — the same run Zed triggers through MCP, no card. Then paste the context_servers config above,
restart Zed, and ask the Agent Panel to test your site. Saved flows and
monitoring start on the paid tiers; see
pricing.