Prufa
OfficialThe Prufa MCP server provides a comprehensive suite of tools for web application QA, enabling agents to audit, monitor, and manage web application health.
Audit & Reporting: Run one-shot QA audits on public URLs to detect broken flows, console errors, tracking failures, consent violations, security headers issues, mobile tap targets, and accessibility problems. Supports blocking mode (waits and returns findings directly) and non-blocking mode (returns a
run_idfor later polling). Fetch completed reports by run UUID or share token, retrieving structured JSON with findings grouped into graded sections (A–F), each with severity, impact, and fix hints. List recent runs, alerts, and findings.Workspace & Usage Management: Create free trial workspaces, retrieve workspace details and usage/credits, configure settings and notification preferences (email/Slack).
Billing: Access Stripe checkout for upgrading plans or buying credits, and manage subscriptions via the Stripe customer portal.
Flows: Create, confirm, run, edit, list, and delete multi-step user journeys defined as plain text, including setting credentials for execution.
Monitors: Set up monitors to watch URLs or flows on a schedule, trigger on demand, pause/resume, and manage deploy-hook secrets.
Gremlin (Chaos QA): Run chaos tests imitating difficult users, rerun past tests, authorize domains for mutation, and promote reproduced bug paths into draft flows.
Discovery: Register and verify domains via DNS, crawl them to automatically draft meaningful user flows, and retrieve discovery run statuses.
CI Integration: Generate a GitHub Action template to fail PRs on critical regressions.
Health Check: Probe the server and API for health status.
prufa-mcp — the QA agent for your vibe-coded app
Vibe-coded apps ship faster than anyone can review them. In June 2026 we audited 49 fresh Show HN launches — 38 had a critical bug on day one: a broken signup, a silent console error, analytics that never fired, a consent banner that did nothing.
Prufa is the agent that catches those before your users do. Point it at a URL and it audits the things humans skip when they're moving fast — broken flows, JS console errors, missing tracking, consent violations, security headers, mobile tap targets, accessibility — and hands back machine-verified findings, graded A–F. This repo is the open-source MCP server that wires that audit straight into your coding agent.
30-second demo

Related MCP server: polaris-audit
What an audit gives you
Ask your agent to audit https://yourapp.com and prufa_run_audit returns one
JSON report. Findings are grouped into graded sections, each finding carries a
severity, the impact (why it matters), and a fix hint. Real output,
trimmed:
{
"url": "https://yourapp.com",
"headline": "2 warnings found",
"counts": { "critical": 0, "warning": 2, "info": 5 },
"sections": [
{ "label": "Works", "grade": "C", "counts": { "warning": 2, "info": 1 } },
{ "label": "Fast", "grade": "A" },
{ "label": "Found", "grade": "A" },
{ "label": "Compliant", "grade": "A" }
],
"check_results": [
{
"check_id": "ux",
"findings": [{
"severity": "warning",
"title": "2 javascript console error(s) during page load",
"impact": "Errors at load time often mean broken features visitors never report.",
"evidence": { "count": 2, "sample": [
"Access to XMLHttpRequest at 'https://api.fontshare.com/...' blocked by CORS policy",
"Failed to load resource: net::ERR_FAILED"
]}
}]
},
{
"check_id": "mobile",
"findings": [{
"severity": "warning",
"title": "13 tap target(s) smaller than 24px",
"impact": "Fingers are not cursors — undersized buttons mean mis-taps on exactly the elements you want pressed.",
"fix_hint": "Give interactive elements at least 24x24px of hit area (WCAG 2.5.8)."
}]
},
{
"check_id": "security",
"findings": [{
"severity": "info",
"title": "no Content-Security-Policy header",
"impact": "Without a CSP, one injected script owns the page — and every third-party tag you load is trusted completely.",
"fix_hint": "Start with a report-only CSP and tighten from real violation reports."
}]
}
],
"report_url": "/r/G82RpzTi_zn-o71_XoMLCprP7uvCQP87"
}report_url is a shareable HTML version of the same report. The full payload
also includes tracking, consent, seo/aeo, a11y, forms, and detected
user flows — see the OSS surface below.
Install
The package is on PyPI. Install it
globally with pipx (recommended — isolated venv, exposes the prufa-mcp
binary on your PATH) or into a project venv with pip:
# Recommended — global install, isolated venv
pipx install prufa-mcp
# Or, into your project venv
pip install prufa-mcp
# Pin a specific version with ==, e.g. pipx install prufa-mcp==0.1.3
# Verify the binary is on PATH
which prufa-mcp
# Should print something like: /Users/you/.local/bin/prufa-mcpYou also need a free Prufa API key. The first audit is free, no card required.
Sign in at prufa.dev (Google OAuth)
Create an API key from the dashboard
Wire into your agent
The MCP server runs as a stdio subprocess, spawned by your agent on first use.
The cleanest way to register it is claude mcp add (Claude Code's built-in
command — it writes the config to ~/.claude.json correctly, which the
~/.claude/mcp.json path does NOT).
Claude Code (recommended path)
# Get the absolute path of the binary (use whatever `which prufa-mcp` returned)
PRUFA_BIN=$(which prufa-mcp)
# Add the MCP server. The token stays out of your shell history.
read -s -p "Prufa API token: " PRUFA_TOKEN && echo
claude mcp add \
--scope user \
--env "PRUFA_API_TOKEN=$PRUFA_TOKEN" \
prufa \
-- "$PRUFA_BIN"Restart Claude Code (config is read at startup), then verify:
/mcpYou should see prufa listed as Connected, with prufa_run_audit and
prufa_get_report as available tools.
Cursor / Cline / Continue (hand-edit .mcp.json)
In your project root or in ~/.config/Claude/ etc.:
{
"mcpServers": {
"prufa": {
"command": "/Users/you/.local/bin/prufa-mcp",
"env": {
"PRUFA_API_TOKEN": "your-prufa-api-key"
}
}
}
}Restart the host app. The command path must be the absolute binary path
(not ~, not $()) — those don't expand in MCP config.
Prefer config files to env vars? Drop your token in
~/.config/prufa/mcp.jsoninstead — see ADVANCED.md.
Use it
In your agent:
> audit https://my-vibe-coded-app.com and show me the criticals
> run prufa on my staging deploy
> fetch the report for the audit I just ranprufa_run_audit with wait=true (the default) blocks until the audit
completes and returns the JSON report directly — typically 25–60s for a public
page. If you set wait=false, the call returns immediately with the queued
state plus a share_token you can poll with prufa_get_report.
What you get — the full agent surface
prufa-mcp exposes the whole product over MCP (44 tools). Point your agent
at Prufa and it can audit pages, drive multi-step flows, watch for regressions,
run chaos tests, run full-auto discovery, and manage the workspace + billing —
no dashboard round-trip. Free/anonymous tools need no card; Pro tools return the
API's 402 with a checkout link when you're not on a plan (the tool is visible,
the paywall is server-side).
Audit & reports
Tool | What it does |
| One-shot public-page audit; blocks and returns findings JSON. |
| Fetch a report by UUID or |
| Poll a run's status. |
| Recent runs in the workspace. |
| Persisted findings, machine-readable. |
| Alert ledger (newest first, incl. suppressions). |
Workspace, usage & conversion
Tool | What it does |
| Create a free, no-card |
| Current workspace + inlined usage + a |
| Usage object + |
| Usage webhook, auto-recharge, email/Slack switches. |
| The 9-event × {email, slack} routing matrix. |
Billing (returns a URL for the human to open — never takes a card)
Tool | What it does |
| Stripe checkout URL for a paid plan (starter/pro/team). |
| Stripe checkout URL for a one-time credit pack. |
| Stripe customer portal URL (card, invoices, cancel). |
Flows (describe a journey → reviewable spec → run)
Tool | What it does |
| Compile a plain-text test case to a draft spec. |
| Approve a draft — only confirmed flows run. |
| Execute a confirmed flow. |
| Store |
| Edit the spec (returns it to draft). |
| Read · list · remove. |
Monitors (watch a URL or flow on a schedule)
Tool | What it does |
| 1-click monitor; returns a deploy-hook secret once. |
| Run now (rate-capped). |
| Lifecycle. |
| Rotate the deploy-hook secret. |
| Deploy-hook delivery log + CI snippets. |
Gremlin (chaos QA)
Tool | What it does |
| Imitate a difficult user; detectors verify what breaks. Mutations dry-run unless authorized; payments never execute. |
| Re-run a past gremlin with the same intent + saved login. |
| Allow real (non-payment) writes on a host you own. |
| List mutation authorizations. |
| Reuse a prior login (owning workspace only — sensitive). |
| Turn a reproduced bug path into a draft flow. |
Discovery (full-auto — crawl, infer flows, draft them)
Tool | What it does |
| Register a domain, get the DNS TXT record to publish. |
| Verify the DNS proof. |
| Manage authorized domains. |
| Crawl a verified site and draft its meaningful flows. |
| Run status + the flows it surfaced. |
Plus prufa_health_check() (probe the server/API).
The free trial, and when to upgrade
prufa_setup_workspace mints a free agent_temp workspace: no card, a 7-day
trial, and an included credit budget. Monitors, discovery, and full-length
gremlin runs work during the trial, then need a paid plan.
The MCP makes this legible to your agent: prufa_get_usage, prufa_setup_workspace,
and every metered result carry a trial block (days + credits remaining) and,
when you're low on credits or near the trial's end, an upsell block with a
message_for_human your agent can relay plus the exact tool to call
(prufa_upgrade_plan / prufa_buy_credits). When a Pro tool is called off-plan,
the 402 passes through with a checkout_url — no silent failures, no surprise
charges.
Examples
Three runnable scripts in examples/:
examples/nextjs-app/— audit a deployed Next.js appexamples/vite-spa/— audit a Vite SPA (focuses on client-side routing audits)examples/stripe-checkout/— audit a Stripe-checkout page (payment-flow verification)
Each is a copy-pasteable demo:
export PRUFA_API_TOKEN=...
python examples/nextjs-app/audit.py https://your-nextjs-app.comGitHub Action
Fail a PR when Prufa finds a critical regression:
# .github/workflows/prufa-scan.yml
name: Prufa scan
on: [pull_request]
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- run: pip install prufa-mcp
- name: Run audit
env:
PRUFA_API_TOKEN: ${{ secrets.PRUFA_API_TOKEN }}
run: |
python -c "
import asyncio, sys
from prufa_mcp.audit import run_audit
report = asyncio.run(run_audit(url='${{ secrets.STAGING_URL }}', wait=True))
print(report.get('headline', 'audit complete'))
criticals = report.get('counts', {}).get('critical', 0)
if criticals:
print(f'::error::Prufa found {criticals} critical finding(s)', file=sys.stderr)
sys.exit(1)
"See examples/prufa-scan.yml for the full template.
License
Apache-2.0. See LICENSE. Contributions welcome — see CONTRIBUTING.md.
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/prufa-dev/prufa-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server