What is Fagun
A senior UAT, QA & security engineer that lives in your AI tool.
Fagun is a Model Context Protocol (MCP) server. Install it once and your AI assistant — Claude Code, Cursor, Codex, Windsurf, Claude Desktop, or any MCP client — gains 42 browser + QA tools. It drives a real Chromium browser (auto-installed) and does what a whole product team would: uses the product as real customers (mobile, slow-internet, keyboard-only, screen-reader…), walks complete journeys (signup, login, search, checkout…), hunts defects, and ends with a product-readiness verdict — every finding with steps, evidence, severity, and a suggested fix.
Real, not hallucinated
Every finding comes from an actual tool result — a console error, a status code, a measured metric. No "could potentially".
Any AI, any model
Pure MCP — no built-in model. Works with frontier models and fully local open-source ones via Ollama (Qwen, DeepSeek, Llama, Mistral…).
Token-lean
Terse output by default cuts tool-result tokens ~70%. Full detail goes to a Markdown report on disk, not your context.
Why you need it
AI can write code. It usually can't see it run.
An LLM writing a feature is flying blind — it never loads the page, never clicks the button, never reads the 500 in the network tab. Fagun closes that loop. It gives the model eyes and hands on a live browser, so it can verify its own work, catch regressions, and hunt the bugs that only appear at runtime.
Without Fagun
- "Looks correct" — never actually run
- Console errors & failed API calls unseen
- Broken links, form gaps, a11y issues shipped
- Security misconfigs undetected
- Perf regressions found by users, not you
- Manual QA repeated by hand every release
With Fagun
- Product used as real personas, journeys walked end-to-end
- Console + network watched after every action
- Links, forms, WCAG, keyboard checked automatically
- 20+ security classes probed (non-destructive)
- Real Core Web Vitals with a Lighthouse-style score
- A product-readiness verdict + one-command re-runs
UAT & readiness
Not just "are there bugs" — is it ready for real users?
Fagun's primary job is a release decision. It experiences the product as real customers, validates that they can actually finish what they came to do, then scores readiness across 16 dimensions and gives a verdict — from Ready to Critical issues block release.
11 end-user personas
Become a first-time, mobile, tablet, slow-internet, low-end, keyboard-only, screen-reader, dark-mode, or international user — real device, network + CPU throttle, and media prefs, not just a resized window.
Complete user journeys
Walk login, signup, search, checkout, password-reset and more step-by-step. Each step records pass/fail, a screenshot, console errors, failed requests and timing — a step only "passes" if the browser actually did it.
Readiness scorecard
16 category scores (UX, UI, business logic, reliability, a11y, performance, security, mobile…) + a release verdict + prioritized fixes (why it matters, how to fix). Rendered to Markdown / HTML / JSON / JUnit XML.
Test behind login
Log in once, save_session, then load_session restores it — so crawl, deep test and security scan run as the logged-in user: dashboards, checkout, and authorization surface.
Keyboard walk
Tab through the page like a keyboard-only / screen-reader user — focus reachability, missing visible focus, and focus traps, with evidence.
Tech fingerprint
fingerprint detects server, hosting, framework, CMS and analytics from real headers + DOM signals — so the hunt is tuned to the actual stack.
Who it's for
If you build, ship, or break software — it's for you.
Developers & AI-pair-programmers
Verify a change actually works in the browser before you commit. Catch console errors and failed requests the moment they appear. Let the model self-check its own output.
QA & SDET engineers
Generate positive / negative / boundary / edge / injection test data automatically, fuzz every form, and get a reproducible report — without writing the harness by hand.
Security researchers & bug bounty hunters
Non-destructive probes for XSS, SQLi, CSP, clickjacking, CRLF, LFI, SSTI, host-header injection, exposed files, secrets, GraphQL introspection & more — every hit evidence-backed. Authorized targets only.
Product managers & analysts
Find missing workflows, broken journeys, and validation gaps. Get an executive summary grouped by severity and business impact — not a wall of stack traces.
Accessibility & SEO specialists
Real WCAG 2.1 checks including computed color-contrast, plus metadata, canonical, viewport, and Core Web Vitals in one pass.
Agencies, freelancers & indie hackers
Audit any client site in minutes and hand over a professional Markdown report. Runs locally and privately — great for offline or air-gapped work.
Install
One line. Nothing to configure.
No Python, no pip — uv brings its own runtime, and Chromium auto-installs on first run. Fagun auto-detects every AI tool on your machine and wires up the MCP server + /fagun skill.
Inside Claude Code, as a plugin:
Env toggles: FAGUN_TERSE=0 full JSON · FAGUN_HEADLESS=0 show the browser · FAGUN_BROWSER=firefox|webkit · FAGUN_CDP_URL attach to your own Chrome · FAGUN_SCOPE=host1,host2 restrict active probes to authorized hosts (FAGUN_SCOPE_DENY always wins).
All 42 MCP tools
Everything it can do.
UAT & end-user simulation
| Tool | What it does |
|---|---|
list_personas · emulate_persona | Reconfigure the browser to experience the site as a real user type — 11 presets (first-time, mobile, tablet, slow-internet, low-end, keyboard-only, screen-reader, dark-mode, international…) with real device, network/CPU throttle & media prefs. |
run_journey | Walk a full flow step-by-step; per-step pass/fail, screenshot, console errors, failed requests & timing. A step passes only if the browser actually did it. |
list_journeys · journey_template | Built-in journey scaffolds (login, register, password-reset, search, checkout, contact) to copy and fill in. |
keyboard_walk | Tab through like a keyboard-only user — focus reachability, invisible focus, traps. |
readiness_report | 16-category readiness scorecard + release verdict + prioritized fixes from collected findings. |
Browse & debug
| Tool | What it does |
|---|---|
open_browser | Launch (or attach to) the browser. |
navigate | Go to a URL; returns status + title. |
click · fill · press_key | Drive the page by selector or visible text. |
screenshot | Save a PNG (full-page optional). |
evaluate_js | Run JS in the page, get JSON back. |
get_console · get_network | Captured console messages / requests (errors & 4xx-5xx only, if asked). |
close_browser | Close and free resources. |
QA & bug hunting
| Tool | What it does |
|---|---|
crawl | Breadth-first map of the site (same host). |
run_qa | Single-page sweep: console, network, WCAG a11y, SEO, load time. |
check_links | Probe every link; report 4xx / 5xx / unreachable. |
test_forms | Static form audit (security / validation / a11y) — no submit. |
fuzz_forms | Active: fills each field with the labelled test-data catalog, reads the browser's real validity verdict, flags gaps. submit=true opt-in. |
list_test_data | Show the test cases used for a field type. |
deep_test | The big one: crawl + per-page QA + forms + full security + real vitals + keyboard + readiness verdict → one report (.md/.html/.json/.xml). |
full_qa_sweep · write_report | Multi-page QA / write a report (Markdown, HTML, JSON, or JUnit XML by extension). |
Performance, accessibility & security
| Tool | What it does |
|---|---|
fingerprint | Detect server / hosting / framework / CMS / analytics from real headers + DOM signals — tune the hunt to the stack. |
perf_audit | Real Core Web Vitals (LCP, CLS, TBT, FCP, TTFB) + a Lighthouse-comparable 0-100 score. No estimates. |
a11y_audit | Deep WCAG 2.1 incl. real computed color-contrast, ARIA, labels, headings, focus order, zoom. |
security_headers | CSP, HSTS, X-Frame, nosniff, version/stack leaks. |
security_scan | Full non-destructive scan (core + advanced, see below). |
advanced_security | Advanced probe battery only. |
Authenticated sessions
| Tool | What it does |
|---|---|
save_session | Save the current logged-in session (cookies + localStorage) to disk after you log in. |
load_session | Restore a saved session into a fresh context — crawl / deep test / security scan then run authenticated. |
list_sessions · delete_session | Manage saved sessions. |
Power & self-healing
| Tool | What it does |
|---|---|
connect_chrome | Auto-launch YOUR real Chrome with debugging on and attach — reuse logged-in sessions, no manual setup. |
browser_exec | Run any async Python against the live page — full Playwright power when a built-in tool can't do it. |
save_helper · list_helpers · load_helper | Persist reusable snippets so the agent gets smarter each run. |
fagun_start | Show the capability menu. |
Test taxonomy
What it tests, top to bottom.
Functional
Core journeys end-to-end, buttons/nav, state persistence, empty & zero-result states.
Runtime / JS
Console errors after load & every interaction, unhandled rejections, null derefs, lazy-chunk failures.
Network / API
4xx/5xx, failed & timed-out calls, CORS, N+1, mixed content.
Forms & input
Required enforcement, type/boundary/edge validation, injection reflection, maxlength, double-submit.
Auth / session
Login errors, session persistence & logout, protected-URL leaks, IDOR smell, password-over-GET.
Accessibility
WCAG 2.1: contrast, labels, ARIA, headings, focus order, zoom, landmarks.
Performance
Real vitals, page weight, long tasks, load time, worst offenders with numbers.
SEO
Title/description length, canonical, viewport, h1 count, noindex, robots.
Security
20+ classes, non-destructive, evidence-backed — see the full list below.
Test data
Every case, labelled & traceable.
fuzz_forms generates the right cases for each field type (email, number, tel, url, date, password, text…). Every value is tagged so a finding always names the exact case that produced it — no guesswork.
| Category | Examples |
|---|---|
valid | well-formed values that should be accepted — user@example.com, +8801712345678, 2024-02-29 |
invalid | malformed that should reject — missing @, letters in tel, month 13, non-leap Feb 29 |
edge | empty, single char, whitespace-only, shortest-legal |
boundary | length+1, int32 max+1, 5000-char overflow, 400-digit number, >254-char email |
outofbox | unicode/emoji, RTL override, cyrillic homoglyph, null byte, format-string tokens, leading zeros, hex, IDN email, SSRF hosts |
injection | '"><script>, {{7*7}}, ' OR '1'='1, ../../etc/passwd, ;echo, CRLF — observed for handling, never weaponized |
Security classes
Bug-bounty-grade, non-destructive.
GET/HEAD/OPTIONS only. No writes, no attacks on third parties, unique harmless markers. Every finding quotes what was actually seen. Set FAGUN_SCOPE to fence probes to authorized hosts. Run only against systems you're authorized to test.
Example prompts
Just talk to it.
Safety & ethics
Non-destructive by design.
- No fake results. Observations come from tool output; hypotheses are labelled as such.
- No data changes by default. Form fuzzing doesn't submit unless you pass
submit=true. - Authorized targets only. Active security probing is for systems you own or have permission to test.
- No third-party attacks, no DoS, no mass enumeration. Least-intrusive testing that proves the point.
- Private & local. Runs on your machine; nothing phones home. Works fully offline with local models.
FAQ
Quick answers.
Does it need an API key?
No. Fagun is a browser tool server. Your AI client provides the model — frontier or local (Ollama).
Which AI tools work?
Any MCP client: Claude Code & Desktop, Cursor, Codex, Windsurf, Cline, VS Code, and more.
Do I need to install Chrome or Python?
No. uv bundles its runtime and Chromium auto-installs on first run.
Is the security scan safe to run?
It's non-destructive (read-only probes). Still — only run it on systems you're authorized to test.
Give your AI a browser.
One command. Real bugs. Real evidence.