MCP SERVER · OPEN SOURCE · APACHE-2.0

The MCP server for testing your web app

Wire Prufa into your coding agent. It calls one tool, drives a real browser against your URL, and hands back an evidence-gated verdict — not a screenshot to eyeball.

No signup. No card. Public URL in, shareable report out.

In our June 2026 audit of 49 Show HN launches, 78% (38 of 49) shipped a critical bug on day one — and 38 of 49 sent no analytics at all. See the 49-launch dataset.

agent session
▸ prufa_run_audit({ url: "https://myapp.com", wait: true })
running real-browser audit … (blocks up to ~90s)
← { # the full report.json (truncated)
"run_id": "a1b2c3d4-…",
"share_token": "k7m2p9",
"report_url": "https://prufa.dev/r/k7m2p9",
"headline": "2 critical issues and 5 warnings found",
"counts": { "critical": 2, "warning": 5, "info": 3 }, # verified only
"sections": [ { "key": "found", "grade": "D", … }, … ],
"check_results": [ … findings: finding_key, tier, severity, evidence … ]
}
✓ agent reads the verdict, fixes 2 criticals, re-runs.
The agent calls prufa_run_audit and reads an evidence-gated verdict back — no human, no script.

Your agent just built a feature. Can it check that the page still works — the analytics fire, the links resolve, the layout doesn't overflow on mobile — without you opening a browser?

Add the Prufa MCP server and it can. The agent calls prufa_run_audit, Prufa loads the URL in a real browser, captures every network beacon, console error, cookie and response code, runs a fixed suite of deterministic checks against that captured evidence, and returns the verdict as JSON. The agent reads it, fixes what broke, and runs it again. The first call needs no key and no card.

Why have your agent test through an MCP server at all?

Coding agents write code fast and check it badly. They can read a stack trace, but they can't see that the signup button does nothing, that the analytics tag loaded but never fired, or that the hero overflows 103px past the viewport on a phone. The usual answer — "open a browser and look" — breaks the agent loop: it needs a human, or it needs you to hand-author a Playwright suite the agent then has to maintain. Most "MCP for testing" options are browser drivers: they hand the agent click/type/screenshot primitives and leave the judging to you.

Prufa's architecture is agentic navigation + deterministic verification: an LLM-backed agent loop plans and drives the browser; a plain-code harness owns the session, records all network traffic over CDP, and grades the captured evidence against a versioned spec. The LLM navigates — it never judges whether a tracking beacon is correct. That separation is why the verdict is trustworthy enough for an agent to act on: same input, same verdict (determinism is regression-tested against a golden fixture site). The MCP server is a thin client over that — the same product as our CLI, HTTP API and dashboard, just spoken in tool calls. Read the long version in how Prufa verifies a signup flow.

How do I add a QA MCP server to Claude Code?

Three steps: add the server, have your agent call one tool, and read a verdict that only verified evidence can move.

  1. Add the server

    pip install prufa-mcp, then claude mcp add prufa --command prufa-mcp — or drop the stdio config into .mcp.json for Cursor, Cline, Continue, or any MCP host.

  2. Your agent calls a tool

    It runs prufa_run_audit({ url }). Prufa spins up a real browser, walks the public pages, and captures beacons, console output, cookies and response codes — no script for you to write.

  3. Evidence keeps the verdict

    Findings come back in two tiers — verified (a machine-checked fact, in mono) and advisory (a labeled LLM observation, never phrased as broken). Only verified findings move the section grades; there is no composite 0–100 score, ever.

Install the Prufa MCP server

Two real, copy-pasteable forms — one command for Claude Code, one stdio block for any other MCP host.

Claude Code
pip install prufa-mcp
claude mcp add prufa --command prufa-mcp
.mcp.json
{
  "mcpServers": {
    "prufa": {
      "command": "prufa-mcp"
    }
  }
}

That's the whole setup. The server speaks JSON-RPC 2.0 over stdio (MCP protocol 2025-06-18); your client spawns it as a subprocess. The free audit tools — prufa_run_audit and prufa_get_report — work anonymously, with no key and no card. Everything deeper (saved flows behind logins, scheduled monitors, gremlin chaos, full-auto discovery, run history) needs a workspace — and the agent can self-provision one: it calls prufa_setup_workspace, which mints a no-card 7-day trial (100 credits) and remembers the token for you. Prefer to bring your own? Set PRUFA_API_TOKEN (format prk_…, minted in the dashboard) in the server's env to attribute runs to an existing workspace.

The server is open source — prufa-mcp on PyPI, Apache-2.0, source at github.com/prufa-dev/prufa-mcp. It registers 44 tools — the whole product: audits and reports, flows, workspace and billing, monitors, gremlin chaos, and full-auto discovery. Gating is server-side: free tools run anonymously or on the trial; paid tools return a 402 with a checkout hint. Every mutating tool takes an optional idempotency_key so an agent's retry replays the original response instead of re-executing — how we built that layer.

Which coding agents can use the QA MCP server?

The same stdio server drops into any MCP host. Each guide has the exact config and the official docs for that tool.

What does the verdict look like?

Illustrative rows in the real finding shape (finding_key · evidence) — the keys, tiers and severities are exactly what the analyzers emit. Verified tier first, never interleaved with advisory.

app.prufa.dev/r/k7m2p9
Canonical points to a different host.
✓ verified critical
seo.canonical_host_mismatch · canonical → myapp.netlify.app · page host myapp.com

This page tells search engines its content belongs to another site. 2 of the 49 launches in our June 2026 audit shipped a canonical to a different host.

Broken links found.
✓ verified warning
ux.dead_links · 3 link(s) · HTTP 404

Dead links bleed trust and waste crawl budget. 14 of the 49 launches in that audit shipped at least one broken link.

No recognized analytics beacons.
advisory · opinion

We saw network requests but matched no vendor signature — you may run a first-party collector, so the harness will NOT call this a verified critical. It was the single most common finding in our June 2026 audit of 49 launches (38 of 49), yet it stays advisory because we can't prove the negative. Your call.

Verified findings are facts the harness can prove from captured traffic. Advisory findings are clearly fenced off so an agent never treats an opinion as a defect — even when, as with the no-analytics finding, the detector is deterministic but can't prove the negative.

Is this just Playwright MCP with extra steps?

The honest answers to what coding teams ask before they wire a QA tool into the agent loop.

Isn't this the same as Playwright MCP or a browser-driver MCP?

No — and Playwright MCP is genuinely good at what it does. Playwright MCP hands your agent raw browser primitives (click, type, navigate, screenshot); the agent still has to decide what to do and judge whether the result is correct. That's the right tool when you want fine-grained scripted control. Prufa is the opposite contract: one tool call returns a graded verdict — deterministic checks over captured network traffic, tiered into verified vs advisory. Use Playwright MCP to drive; use Prufa to get a verdict without authoring and maintaining a suite. More on the distinction: agentic testing vs scripted testing.

Can the agent rack up charges, or do I need a card?

No card is ever required to start, and nothing bills silently. The audit tools (prufa_run_audit, prufa_get_report) run anonymously — no key, no card, rate-limited per IP. To go deeper the agent self-provisions a free, no-card workspace (prufa_setup_workspace) — a 7-day trial with 100 credits. When credits run low or the trial nears its end, the tools hand the agent a plain-language message_for_human asking you to upgrade — the agent can't spend money, it can only relay the ask. Paid tiers are gated server-side; a call beyond the trial returns a 402 with a checkout hint a human completes. We don't meter deterministic checks or pinned-selector flow replays, and a request that never returns doesn't count.

Is it safe to point at production, and do you see my data?

The audit loads your public pages in a real browser — the same thing a visitor's browser does. It doesn't mutate state. In Gremlin chaos mode, mutations are dry-run by default and only become real on a host you've explicitly authorized; payments are never executed. Flow credentials are write-only — stored encrypted, never returned by any read tool, never placed in an LLM prompt; they're resolved at the tool boundary at run time.

Frequently asked questions

The questions coding teams and their agents ask before wiring a QA MCP server into the loop.

What is an MCP server for QA testing?

An MCP server for QA testing is a Model Context Protocol server that gives an AI coding agent tools to run a quality check on a website and read the result as structured data. Instead of the agent guessing whether its change works, it calls a tool, the server drives a real browser against the URL, and returns findings. Prufa's free audit tool needs no key or card.

How do I add a QA MCP server to Claude Code, Cursor, or Windsurf?

Run pip install prufa-mcp, then claude mcp add prufa --command prufa-mcp for Claude Code. For Cursor, Cline, Continue, or any MCP host, add {"mcpServers":{"prufa":{"command":"prufa-mcp"}}} to your .mcp.json. The server speaks JSON-RPC 2.0 over stdio (MCP protocol 2025-06-18). The audit tools work anonymously; a key is only needed for persistent tools.

Is there a free or open-source QA MCP server?

Yes. The Prufa MCP server is open source — prufa-mcp on PyPI under Apache-2.0, source at github.com/prufa-dev/prufa-mcp. Its audit tools (prufa_run_audit, prufa_get_report) run free and anonymously: no signup, no card, rate-limited per IP. Persistent tools (saved monitors, run history, Gremlin chaos) require a workspace key and a paid plan, returning a 402 with a checkout hint on the free tier.

What's the difference between Playwright MCP and a QA MCP server?

Playwright MCP gives an agent low-level browser primitives — click, type, navigate, screenshot — and leaves the judging to you; it's a driver. A QA MCP server like Prufa returns a graded verdict from one tool call: deterministic checks over captured network traffic, split into verified (machine-checked) and advisory (labeled opinion) tiers. Playwright MCP wins for scripted control; Prufa wins when you want a verdict without authoring a test suite.

Add the MCP server and let your agent run the first test

Or skip the agent and try it yourself: paste a URL, get a shareable report in about a minute. Persistent tools over the MCP server — saved monitors, alerts, Gremlin chaos runs — are part of Pro ($99/mo); the free audit needs neither key nor card.

See plans →