Fagun / docs

Documentation Β· v0.7.0 Β· Open source (MIT)

The complete guide to Fagun.

One MCP server that gives any AI tool a real browser to click, crawl, and find real bugs β€” functional, security, performance, accessibility, SEO. Every finding is backed by evidence. Nothing is faked; if it can't be reproduced, it isn't reported.

30 MCP toolsWCAG 2.1 a11yReal Core Web Vitals20+ security classesActive form fuzzingWorks with local models

What is Fagun

A senior QA + security engineer that lives in your AI tool.

Fagun is a Model Context Protocol (MCP) server. Install it once and your AI assistant β€” Claude Code, Cursor, Codex, Windsurf, Claude Desktop, or any MCP client β€” gains 30 browser + QA tools. It drives a real Chromium browser (auto-installed), navigates like a user, and reports defects the way an engineering team would: with steps, evidence, severity, and a suggested fix.

🎯

Real, not hallucinated

Every finding comes from an actual tool result β€” a console error, a status code, a measured metric. No "could potentially".

πŸ”Œ

Any AI, any model

Pure MCP β€” no built-in model. Works with frontier models and fully local open-source ones via Ollama (Qwen, DeepSeek, Llama, Mistral…).

πŸͺΆ

Token-lean

Terse output by default cuts tool-result tokens ~70%. Full detail goes to a Markdown report on disk, not your context.

Why you need it

AI can write code. It usually can't see it run.

An LLM writing a feature is flying blind β€” it never loads the page, never clicks the button, never reads the 500 in the network tab. Fagun closes that loop. It gives the model eyes and hands on a live browser, so it can verify its own work, catch regressions, and hunt the bugs that only appear at runtime.

Without Fagun

  • "Looks correct" β€” never actually run
  • Console errors & failed API calls unseen
  • Broken links, form gaps, a11y issues shipped
  • Security misconfigs undetected
  • Perf regressions found by users, not you
  • Manual QA repeated by hand every release

With Fagun

  • Feature loaded, clicked, verified end-to-end
  • Console + network watched after every action
  • Links, forms, WCAG checked automatically
  • 20+ security classes probed (non-destructive)
  • Real Core Web Vitals with a Lighthouse-style score
  • One command re-runs the whole sweep any time

Who it's for

If you build, ship, or break software β€” it's for you.

πŸ‘©β€πŸ’»

Developers & AI-pair-programmers

Verify a change actually works in the browser before you commit. Catch console errors and failed requests the moment they appear. Let the model self-check its own output.

πŸ§ͺ

QA & SDET engineers

Generate positive / negative / boundary / edge / injection test data automatically, fuzz every form, and get a reproducible report β€” without writing the harness by hand.

πŸ›‘οΈ

Security researchers & bug bounty hunters

Non-destructive probes for XSS, SQLi, CSP, clickjacking, CRLF, LFI, SSTI, host-header injection, exposed files, secrets, GraphQL introspection & more β€” every hit evidence-backed. Authorized targets only.

πŸ“Š

Product managers & analysts

Find missing workflows, broken journeys, and validation gaps. Get an executive summary grouped by severity and business impact β€” not a wall of stack traces.

β™Ώ

Accessibility & SEO specialists

Real WCAG 2.1 checks including computed color-contrast, plus metadata, canonical, viewport, and Core Web Vitals in one pass.

🏒

Agencies, freelancers & indie hackers

Audit any client site in minutes and hand over a professional Markdown report. Runs locally and privately β€” great for offline or air-gapped work.

Install

One line. Nothing to configure.

No Python, no pip β€” uv brings its own runtime, and Chromium auto-installs on first run. Fagun auto-detects every AI tool on your machine and wires up the MCP server + /fagun skill.

$ uvx fagun init # browser + all AI tools + skill $ uvx fagun install claude-code # or target one tool

Inside Claude Code, as a plugin:

/plugin marketplace add mejbaurbahar/fagun /plugin install fagun@fagun

Env toggles: FAGUN_TERSE=0 full JSON Β· FAGUN_HEADLESS=0 show the browser Β· FAGUN_BROWSER=firefox|webkit Β· FAGUN_CDP_URL attach to your own Chrome.

All 30 MCP tools

Everything it can do.

Browse & debug

ToolWhat it does
open_browserLaunch (or attach to) the browser.
navigateGo to a URL; returns status + title.
click Β· fill Β· press_keyDrive the page by selector or visible text.
screenshotSave a PNG (full-page optional).
evaluate_jsRun JS in the page, get JSON back.
get_console Β· get_networkCaptured console messages / requests (errors & 4xx-5xx only, if asked).
close_browserClose and free resources.

QA & bug hunting

ToolWhat it does
crawlBreadth-first map of the site (same host).
run_qaSingle-page sweep: console, network, WCAG a11y, SEO, load time.
check_linksProbe every link; report 4xx / 5xx / unreachable.
test_formsStatic form audit (security / validation / a11y) β€” no submit.
fuzz_formsActive: fills each field with the labelled test-data catalog, reads the browser's real validity verdict, flags gaps. submit=true opt-in.
list_test_dataShow the test cases used for a field type.
deep_testThe big one: crawl + per-page QA + forms + full security + real vitals β†’ one report.
full_qa_sweep Β· write_reportMulti-page QA / write a Markdown report from results.

Performance, accessibility & security

ToolWhat it does
perf_auditReal Core Web Vitals (LCP, CLS, TBT, FCP, TTFB) + a Lighthouse-comparable 0-100 score. No estimates.
a11y_auditDeep WCAG 2.1 incl. real computed color-contrast, ARIA, labels, headings, focus order, zoom.
security_headersCSP, HSTS, X-Frame, nosniff, version/stack leaks.
security_scanFull non-destructive scan (core + advanced, see below).
advanced_securityAdvanced probe battery only.

Power & self-healing

ToolWhat it does
connect_chromeAuto-launch YOUR real Chrome with debugging on and attach β€” reuse logged-in sessions, no manual setup.
browser_execRun any async Python against the live page β€” full Playwright power when a built-in tool can't do it.
save_helper Β· list_helpers Β· load_helperPersist reusable snippets so the agent gets smarter each run.
fagun_startShow the capability menu.

Test taxonomy

What it tests, top to bottom.

Functional

Core journeys end-to-end, buttons/nav, state persistence, empty & zero-result states.

Runtime / JS

Console errors after load & every interaction, unhandled rejections, null derefs, lazy-chunk failures.

Network / API

4xx/5xx, failed & timed-out calls, CORS, N+1, mixed content.

Forms & input

Required enforcement, type/boundary/edge validation, injection reflection, maxlength, double-submit.

Auth / session

Login errors, session persistence & logout, protected-URL leaks, IDOR smell, password-over-GET.

Accessibility

WCAG 2.1: contrast, labels, ARIA, headings, focus order, zoom, landmarks.

Performance

Real vitals, page weight, long tasks, load time, worst offenders with numbers.

SEO

Title/description length, canonical, viewport, h1 count, noindex, robots.

Security

20+ classes, non-destructive, evidence-backed β€” see the full list below.

Test data

Every case, labelled & traceable.

fuzz_forms generates the right cases for each field type (email, number, tel, url, date, password, text…). Every value is tagged so a finding always names the exact case that produced it β€” no guesswork.

CategoryExamples
validwell-formed values that should be accepted β€” user@example.com, +8801712345678, 2024-02-29
invalidmalformed that should reject β€” missing @, letters in tel, month 13, non-leap Feb 29
edgeempty, single char, whitespace-only, shortest-legal
boundarylength+1, int32 max+1, 5000-char overflow, 400-digit number, >254-char email
outofboxunicode/emoji, RTL override, cyrillic homoglyph, null byte, format-string tokens, leading zeros, hex, IDN email, SSRF hosts
injection'"><script>, {{7*7}}, ' OR '1'='1, ../../etc/passwd, ;echo, CRLF β€” observed for handling, never weaponized

Security classes

Bug-bounty-grade, non-destructive.

GET/HEAD/OPTIONS only. No writes, no attacks on third parties, unique harmless markers. Every finding quotes what was actually seen. Run only against systems you're authorized to test.

Exposed files (.git/.env/.aws)Leaked secrets (AWS/Stripe/JWT…)CORS misconfigReflected XSSOpen redirectSQLi error signalsCookie flagsCSP qualityClickjackingRisky HTTP methods / TRACEMixed contentMissing SRISensitive-page cachingHost-header injectionCRLF injectionPath traversal / LFISSTI (7*7=49)Command injection signalsGraphQL introspectionError / stack-trace disclosureSensitive data in URLSecurity headers

Example prompts

Just talk to it.

"deep test https://example.com and write the report to ./report.md"
"fuzz the signup form on staging.myapp.com β€” try invalid and edge inputs"
"perf audit our landing page and tell me what's hurting LCP"
"a11y audit this page for WCAG AA contrast and label issues"
"security scan example.com β€” I own it β€” and rank by severity"
"connect to my Chrome, log in, then check the dashboard for console errors"

Safety & ethics

Non-destructive by design.

  • No fake results. Observations come from tool output; hypotheses are labelled as such.
  • No data changes by default. Form fuzzing doesn't submit unless you pass submit=true.
  • Authorized targets only. Active security probing is for systems you own or have permission to test.
  • No third-party attacks, no DoS, no mass enumeration. Least-intrusive testing that proves the point.
  • Private & local. Runs on your machine; nothing phones home. Works fully offline with local models.

FAQ

Quick answers.

Does it need an API key?

No. Fagun is a browser tool server. Your AI client provides the model β€” frontier or local (Ollama).

Which AI tools work?

Any MCP client: Claude Code & Desktop, Cursor, Codex, Windsurf, Cline, VS Code, and more.

Do I need to install Chrome or Python?

No. uv bundles its runtime and Chromium auto-installs on first run.

Is the security scan safe to run?

It's non-destructive (read-only probes). Still β€” only run it on systems you're authorized to test.

Give your AI a browser.

One command. Real bugs. Real evidence.

$ uvx fagun init
β˜… Star on GitHub ← Back home