Fagun / docs

Documentation · v0.9.0 · Open source (MIT)

The complete guide to Fagun.

One MCP server that gives any AI tool a real browser to use your product like real customers do — as multiple personas, across whole user journeys — run full UAT, hunt real bugs (functional, security, performance, accessibility, SEO), and return a product-readiness verdict. Every finding is backed by evidence. Nothing is faked; if it can't be reproduced, it isn't reported.

42 MCP tools11 end-user personasUser-journey runner16-category readiness scorecardWCAG 2.1 a11yReal Core Web Vitals20+ security classesAuthenticated testingWorks with local models

What is Fagun

A senior UAT, QA & security engineer that lives in your AI tool.

Fagun is a Model Context Protocol (MCP) server. Install it once and your AI assistant — Claude Code, Cursor, Codex, Windsurf, Claude Desktop, or any MCP client — gains 42 browser + QA tools. It drives a real Chromium browser (auto-installed) and does what a whole product team would: uses the product as real customers (mobile, slow-internet, keyboard-only, screen-reader…), walks complete journeys (signup, login, search, checkout…), hunts defects, and ends with a product-readiness verdict — every finding with steps, evidence, severity, and a suggested fix.

🎯

Real, not hallucinated

Every finding comes from an actual tool result — a console error, a status code, a measured metric. No "could potentially".

🔌

Any AI, any model

Pure MCP — no built-in model. Works with frontier models and fully local open-source ones via Ollama (Qwen, DeepSeek, Llama, Mistral…).

🪶

Token-lean

Terse output by default cuts tool-result tokens ~70%. Full detail goes to a Markdown report on disk, not your context.

Why you need it

AI can write code. It usually can't see it run.

An LLM writing a feature is flying blind — it never loads the page, never clicks the button, never reads the 500 in the network tab. Fagun closes that loop. It gives the model eyes and hands on a live browser, so it can verify its own work, catch regressions, and hunt the bugs that only appear at runtime.

Without Fagun

  • "Looks correct" — never actually run
  • Console errors & failed API calls unseen
  • Broken links, form gaps, a11y issues shipped
  • Security misconfigs undetected
  • Perf regressions found by users, not you
  • Manual QA repeated by hand every release

With Fagun

  • Product used as real personas, journeys walked end-to-end
  • Console + network watched after every action
  • Links, forms, WCAG, keyboard checked automatically
  • 20+ security classes probed (non-destructive)
  • Real Core Web Vitals with a Lighthouse-style score
  • A product-readiness verdict + one-command re-runs

UAT & readiness

Not just "are there bugs" — is it ready for real users?

Fagun's primary job is a release decision. It experiences the product as real customers, validates that they can actually finish what they came to do, then scores readiness across 16 dimensions and gives a verdict — from Ready to Critical issues block release.

🎭

11 end-user personas

Become a first-time, mobile, tablet, slow-internet, low-end, keyboard-only, screen-reader, dark-mode, or international user — real device, network + CPU throttle, and media prefs, not just a resized window.

🧭

Complete user journeys

Walk login, signup, search, checkout, password-reset and more step-by-step. Each step records pass/fail, a screenshot, console errors, failed requests and timing — a step only "passes" if the browser actually did it.

📊

Readiness scorecard

16 category scores (UX, UI, business logic, reliability, a11y, performance, security, mobile…) + a release verdict + prioritized fixes (why it matters, how to fix). Rendered to Markdown / HTML / JSON / JUnit XML.

🔐

Test behind login

Log in once, save_session, then load_session restores it — so crawl, deep test and security scan run as the logged-in user: dashboards, checkout, and authorization surface.

⌨️

Keyboard walk

Tab through the page like a keyboard-only / screen-reader user — focus reachability, missing visible focus, and focus traps, with evidence.

🔎

Tech fingerprint

fingerprint detects server, hosting, framework, CMS and analytics from real headers + DOM signals — so the hunt is tuned to the actual stack.

Who it's for

If you build, ship, or break software — it's for you.

👩‍💻

Developers & AI-pair-programmers

Verify a change actually works in the browser before you commit. Catch console errors and failed requests the moment they appear. Let the model self-check its own output.

🧪

QA & SDET engineers

Generate positive / negative / boundary / edge / injection test data automatically, fuzz every form, and get a reproducible report — without writing the harness by hand.

🛡️

Security researchers & bug bounty hunters

Non-destructive probes for XSS, SQLi, CSP, clickjacking, CRLF, LFI, SSTI, host-header injection, exposed files, secrets, GraphQL introspection & more — every hit evidence-backed. Authorized targets only.

📊

Product managers & analysts

Find missing workflows, broken journeys, and validation gaps. Get an executive summary grouped by severity and business impact — not a wall of stack traces.

Accessibility & SEO specialists

Real WCAG 2.1 checks including computed color-contrast, plus metadata, canonical, viewport, and Core Web Vitals in one pass.

🏢

Agencies, freelancers & indie hackers

Audit any client site in minutes and hand over a professional Markdown report. Runs locally and privately — great for offline or air-gapped work.

Install

One line. Nothing to configure.

No Python, no pip — uv brings its own runtime, and Chromium auto-installs on first run. Fagun auto-detects every AI tool on your machine and wires up the MCP server + /fagun skill.

$ uvx fagun init # browser + all AI tools + skill $ uvx fagun install claude-code # or target one tool

Inside Claude Code, as a plugin:

/plugin marketplace add mejbaurbahar/fagun /plugin install fagun@fagun

Env toggles: FAGUN_TERSE=0 full JSON · FAGUN_HEADLESS=0 show the browser · FAGUN_BROWSER=firefox|webkit · FAGUN_CDP_URL attach to your own Chrome · FAGUN_SCOPE=host1,host2 restrict active probes to authorized hosts (FAGUN_SCOPE_DENY always wins).

All 42 MCP tools

Everything it can do.

UAT & end-user simulation

ToolWhat it does
list_personas · emulate_personaReconfigure the browser to experience the site as a real user type — 11 presets (first-time, mobile, tablet, slow-internet, low-end, keyboard-only, screen-reader, dark-mode, international…) with real device, network/CPU throttle & media prefs.
run_journeyWalk a full flow step-by-step; per-step pass/fail, screenshot, console errors, failed requests & timing. A step passes only if the browser actually did it.
list_journeys · journey_templateBuilt-in journey scaffolds (login, register, password-reset, search, checkout, contact) to copy and fill in.
keyboard_walkTab through like a keyboard-only user — focus reachability, invisible focus, traps.
readiness_report16-category readiness scorecard + release verdict + prioritized fixes from collected findings.

Browse & debug

ToolWhat it does
open_browserLaunch (or attach to) the browser.
navigateGo to a URL; returns status + title.
click · fill · press_keyDrive the page by selector or visible text.
screenshotSave a PNG (full-page optional).
evaluate_jsRun JS in the page, get JSON back.
get_console · get_networkCaptured console messages / requests (errors & 4xx-5xx only, if asked).
close_browserClose and free resources.

QA & bug hunting

ToolWhat it does
crawlBreadth-first map of the site (same host).
run_qaSingle-page sweep: console, network, WCAG a11y, SEO, load time.
check_linksProbe every link; report 4xx / 5xx / unreachable.
test_formsStatic form audit (security / validation / a11y) — no submit.
fuzz_formsActive: fills each field with the labelled test-data catalog, reads the browser's real validity verdict, flags gaps. submit=true opt-in.
list_test_dataShow the test cases used for a field type.
deep_testThe big one: crawl + per-page QA + forms + full security + real vitals + keyboard + readiness verdict → one report (.md/.html/.json/.xml).
full_qa_sweep · write_reportMulti-page QA / write a report (Markdown, HTML, JSON, or JUnit XML by extension).

Performance, accessibility & security

ToolWhat it does
fingerprintDetect server / hosting / framework / CMS / analytics from real headers + DOM signals — tune the hunt to the stack.
perf_auditReal Core Web Vitals (LCP, CLS, TBT, FCP, TTFB) + a Lighthouse-comparable 0-100 score. No estimates.
a11y_auditDeep WCAG 2.1 incl. real computed color-contrast, ARIA, labels, headings, focus order, zoom.
security_headersCSP, HSTS, X-Frame, nosniff, version/stack leaks.
security_scanFull non-destructive scan (core + advanced, see below).
advanced_securityAdvanced probe battery only.

Authenticated sessions

ToolWhat it does
save_sessionSave the current logged-in session (cookies + localStorage) to disk after you log in.
load_sessionRestore a saved session into a fresh context — crawl / deep test / security scan then run authenticated.
list_sessions · delete_sessionManage saved sessions.

Power & self-healing

ToolWhat it does
connect_chromeAuto-launch YOUR real Chrome with debugging on and attach — reuse logged-in sessions, no manual setup.
browser_execRun any async Python against the live page — full Playwright power when a built-in tool can't do it.
save_helper · list_helpers · load_helperPersist reusable snippets so the agent gets smarter each run.
fagun_startShow the capability menu.

Test taxonomy

What it tests, top to bottom.

Functional

Core journeys end-to-end, buttons/nav, state persistence, empty & zero-result states.

Runtime / JS

Console errors after load & every interaction, unhandled rejections, null derefs, lazy-chunk failures.

Network / API

4xx/5xx, failed & timed-out calls, CORS, N+1, mixed content.

Forms & input

Required enforcement, type/boundary/edge validation, injection reflection, maxlength, double-submit.

Auth / session

Login errors, session persistence & logout, protected-URL leaks, IDOR smell, password-over-GET.

Accessibility

WCAG 2.1: contrast, labels, ARIA, headings, focus order, zoom, landmarks.

Performance

Real vitals, page weight, long tasks, load time, worst offenders with numbers.

SEO

Title/description length, canonical, viewport, h1 count, noindex, robots.

Security

20+ classes, non-destructive, evidence-backed — see the full list below.

Test data

Every case, labelled & traceable.

fuzz_forms generates the right cases for each field type (email, number, tel, url, date, password, text…). Every value is tagged so a finding always names the exact case that produced it — no guesswork.

CategoryExamples
validwell-formed values that should be accepted — user@example.com, +8801712345678, 2024-02-29
invalidmalformed that should reject — missing @, letters in tel, month 13, non-leap Feb 29
edgeempty, single char, whitespace-only, shortest-legal
boundarylength+1, int32 max+1, 5000-char overflow, 400-digit number, >254-char email
outofboxunicode/emoji, RTL override, cyrillic homoglyph, null byte, format-string tokens, leading zeros, hex, IDN email, SSRF hosts
injection'"><script>, {{7*7}}, ' OR '1'='1, ../../etc/passwd, ;echo, CRLF — observed for handling, never weaponized

Security classes

Bug-bounty-grade, non-destructive.

GET/HEAD/OPTIONS only. No writes, no attacks on third parties, unique harmless markers. Every finding quotes what was actually seen. Set FAGUN_SCOPE to fence probes to authorized hosts. Run only against systems you're authorized to test.

Exposed files (.git/.env/.aws)Leaked secrets (AWS/Stripe/JWT…)CORS misconfigReflected XSSOpen redirectSQLi error signalsCookie flagsCSP qualityClickjackingRisky HTTP methods / TRACEMixed contentMissing SRISensitive-page cachingHost-header injectionCRLF injectionPath traversal / LFISSTI (7*7=49)Command injection signalsGraphQL introspectionError / stack-trace disclosureSensitive data in URLSecurity headers

Example prompts

Just talk to it.

"deep test https://example.com and give me a readiness verdict + report to ./report.html"
"experience acme.store as a slow-internet mobile user — where would they give up?"
"run the checkout journey on staging and tell me if a real user can finish it"
"log into my app, save the session, then deep test the dashboard as that user"
"fingerprint example.com, then security scan it — I own it — and rank by severity"
"a11y audit + keyboard walk this page for WCAG AA and focus issues"

Safety & ethics

Non-destructive by design.

  • No fake results. Observations come from tool output; hypotheses are labelled as such.
  • No data changes by default. Form fuzzing doesn't submit unless you pass submit=true.
  • Authorized targets only. Active security probing is for systems you own or have permission to test.
  • No third-party attacks, no DoS, no mass enumeration. Least-intrusive testing that proves the point.
  • Private & local. Runs on your machine; nothing phones home. Works fully offline with local models.

FAQ

Quick answers.

Does it need an API key?

No. Fagun is a browser tool server. Your AI client provides the model — frontier or local (Ollama).

Which AI tools work?

Any MCP client: Claude Code & Desktop, Cursor, Codex, Windsurf, Cline, VS Code, and more.

Do I need to install Chrome or Python?

No. uv bundles its runtime and Chromium auto-installs on first run.

Is the security scan safe to run?

It's non-destructive (read-only probes). Still — only run it on systems you're authorized to test.

Give your AI a browser.

One command. Real bugs. Real evidence.

$ uvx fagun init
★ Star on GitHub ← Back home