What is Fagun
A senior QA + security engineer that lives in your AI tool.
Fagun is a Model Context Protocol (MCP) server. Install it once and your AI assistant β Claude Code, Cursor, Codex, Windsurf, Claude Desktop, or any MCP client β gains 30 browser + QA tools. It drives a real Chromium browser (auto-installed), navigates like a user, and reports defects the way an engineering team would: with steps, evidence, severity, and a suggested fix.
Real, not hallucinated
Every finding comes from an actual tool result β a console error, a status code, a measured metric. No "could potentially".
Any AI, any model
Pure MCP β no built-in model. Works with frontier models and fully local open-source ones via Ollama (Qwen, DeepSeek, Llama, Mistralβ¦).
Token-lean
Terse output by default cuts tool-result tokens ~70%. Full detail goes to a Markdown report on disk, not your context.
Why you need it
AI can write code. It usually can't see it run.
An LLM writing a feature is flying blind β it never loads the page, never clicks the button, never reads the 500 in the network tab. Fagun closes that loop. It gives the model eyes and hands on a live browser, so it can verify its own work, catch regressions, and hunt the bugs that only appear at runtime.
Without Fagun
- "Looks correct" β never actually run
- Console errors & failed API calls unseen
- Broken links, form gaps, a11y issues shipped
- Security misconfigs undetected
- Perf regressions found by users, not you
- Manual QA repeated by hand every release
With Fagun
- Feature loaded, clicked, verified end-to-end
- Console + network watched after every action
- Links, forms, WCAG checked automatically
- 20+ security classes probed (non-destructive)
- Real Core Web Vitals with a Lighthouse-style score
- One command re-runs the whole sweep any time
Who it's for
If you build, ship, or break software β it's for you.
Developers & AI-pair-programmers
Verify a change actually works in the browser before you commit. Catch console errors and failed requests the moment they appear. Let the model self-check its own output.
QA & SDET engineers
Generate positive / negative / boundary / edge / injection test data automatically, fuzz every form, and get a reproducible report β without writing the harness by hand.
Security researchers & bug bounty hunters
Non-destructive probes for XSS, SQLi, CSP, clickjacking, CRLF, LFI, SSTI, host-header injection, exposed files, secrets, GraphQL introspection & more β every hit evidence-backed. Authorized targets only.
Product managers & analysts
Find missing workflows, broken journeys, and validation gaps. Get an executive summary grouped by severity and business impact β not a wall of stack traces.
Accessibility & SEO specialists
Real WCAG 2.1 checks including computed color-contrast, plus metadata, canonical, viewport, and Core Web Vitals in one pass.
Agencies, freelancers & indie hackers
Audit any client site in minutes and hand over a professional Markdown report. Runs locally and privately β great for offline or air-gapped work.
Install
One line. Nothing to configure.
No Python, no pip β uv brings its own runtime, and Chromium auto-installs on first run. Fagun auto-detects every AI tool on your machine and wires up the MCP server + /fagun skill.
Inside Claude Code, as a plugin:
Env toggles: FAGUN_TERSE=0 full JSON Β· FAGUN_HEADLESS=0 show the browser Β· FAGUN_BROWSER=firefox|webkit Β· FAGUN_CDP_URL attach to your own Chrome.
All 30 MCP tools
Everything it can do.
Browse & debug
| Tool | What it does |
|---|---|
open_browser | Launch (or attach to) the browser. |
navigate | Go to a URL; returns status + title. |
click Β· fill Β· press_key | Drive the page by selector or visible text. |
screenshot | Save a PNG (full-page optional). |
evaluate_js | Run JS in the page, get JSON back. |
get_console Β· get_network | Captured console messages / requests (errors & 4xx-5xx only, if asked). |
close_browser | Close and free resources. |
QA & bug hunting
| Tool | What it does |
|---|---|
crawl | Breadth-first map of the site (same host). |
run_qa | Single-page sweep: console, network, WCAG a11y, SEO, load time. |
check_links | Probe every link; report 4xx / 5xx / unreachable. |
test_forms | Static form audit (security / validation / a11y) β no submit. |
fuzz_forms | Active: fills each field with the labelled test-data catalog, reads the browser's real validity verdict, flags gaps. submit=true opt-in. |
list_test_data | Show the test cases used for a field type. |
deep_test | The big one: crawl + per-page QA + forms + full security + real vitals β one report. |
full_qa_sweep Β· write_report | Multi-page QA / write a Markdown report from results. |
Performance, accessibility & security
| Tool | What it does |
|---|---|
perf_audit | Real Core Web Vitals (LCP, CLS, TBT, FCP, TTFB) + a Lighthouse-comparable 0-100 score. No estimates. |
a11y_audit | Deep WCAG 2.1 incl. real computed color-contrast, ARIA, labels, headings, focus order, zoom. |
security_headers | CSP, HSTS, X-Frame, nosniff, version/stack leaks. |
security_scan | Full non-destructive scan (core + advanced, see below). |
advanced_security | Advanced probe battery only. |
Power & self-healing
| Tool | What it does |
|---|---|
connect_chrome | Auto-launch YOUR real Chrome with debugging on and attach β reuse logged-in sessions, no manual setup. |
browser_exec | Run any async Python against the live page β full Playwright power when a built-in tool can't do it. |
save_helper Β· list_helpers Β· load_helper | Persist reusable snippets so the agent gets smarter each run. |
fagun_start | Show the capability menu. |
Test taxonomy
What it tests, top to bottom.
Functional
Core journeys end-to-end, buttons/nav, state persistence, empty & zero-result states.
Runtime / JS
Console errors after load & every interaction, unhandled rejections, null derefs, lazy-chunk failures.
Network / API
4xx/5xx, failed & timed-out calls, CORS, N+1, mixed content.
Forms & input
Required enforcement, type/boundary/edge validation, injection reflection, maxlength, double-submit.
Auth / session
Login errors, session persistence & logout, protected-URL leaks, IDOR smell, password-over-GET.
Accessibility
WCAG 2.1: contrast, labels, ARIA, headings, focus order, zoom, landmarks.
Performance
Real vitals, page weight, long tasks, load time, worst offenders with numbers.
SEO
Title/description length, canonical, viewport, h1 count, noindex, robots.
Security
20+ classes, non-destructive, evidence-backed β see the full list below.
Test data
Every case, labelled & traceable.
fuzz_forms generates the right cases for each field type (email, number, tel, url, date, password, textβ¦). Every value is tagged so a finding always names the exact case that produced it β no guesswork.
| Category | Examples |
|---|---|
valid | well-formed values that should be accepted β user@example.com, +8801712345678, 2024-02-29 |
invalid | malformed that should reject β missing @, letters in tel, month 13, non-leap Feb 29 |
edge | empty, single char, whitespace-only, shortest-legal |
boundary | length+1, int32 max+1, 5000-char overflow, 400-digit number, >254-char email |
outofbox | unicode/emoji, RTL override, cyrillic homoglyph, null byte, format-string tokens, leading zeros, hex, IDN email, SSRF hosts |
injection | '"><script>, {{7*7}}, ' OR '1'='1, ../../etc/passwd, ;echo, CRLF β observed for handling, never weaponized |
Security classes
Bug-bounty-grade, non-destructive.
GET/HEAD/OPTIONS only. No writes, no attacks on third parties, unique harmless markers. Every finding quotes what was actually seen. Run only against systems you're authorized to test.
Example prompts
Just talk to it.
Safety & ethics
Non-destructive by design.
- No fake results. Observations come from tool output; hypotheses are labelled as such.
- No data changes by default. Form fuzzing doesn't submit unless you pass
submit=true. - Authorized targets only. Active security probing is for systems you own or have permission to test.
- No third-party attacks, no DoS, no mass enumeration. Least-intrusive testing that proves the point.
- Private & local. Runs on your machine; nothing phones home. Works fully offline with local models.
FAQ
Quick answers.
Does it need an API key?
No. Fagun is a browser tool server. Your AI client provides the model β frontier or local (Ollama).
Which AI tools work?
Any MCP client: Claude Code & Desktop, Cursor, Codex, Windsurf, Cline, VS Code, and more.
Do I need to install Chrome or Python?
No. uv bundles its runtime and Chromium auto-installs on first run.
Is the security scan safe to run?
It's non-destructive (read-only probes). Still β only run it on systems you're authorized to test.
Give your AI a browser.
One command. Real bugs. Real evidence.