Skip to main content

Fagun — one MCP server that lets any AI tool (Claude, Cursor, Codex, Antigravity, Windsurf) drive a browser, hunt bugs, and run a full QA sweep.

Project description

🦊 Fagun

Give any AI a browser and let it hunt real bugs for you.

Fagun is a single tool that plugs into Claude, Cursor, Codex, Antigravity, Windsurf, Cline, or VS Code. Once it's set up, you just type fagun (or /fagun) and your AI can open a real browser, click around, and run a full quality check on any website — finding broken links, console errors, failed requests, form problems, accessibility issues, slow pages, and security misconfigurations.

You set it up once. It works in every AI tool. Chrome installs itself.

🌐 Website: https://mejbaurbahar.github.io/fagun/ · 📦 PyPI: https://pypi.org/project/fagun/


⚡ One command sets up everything

uvx fagun init

That's the whole install. fagun init installs the Chrome engine and auto-detects every AI tool on your machine (Claude Code, Claude Desktop, Cursor, Codex, Windsurf) and registers the fagun browser tools + the /fagun skill in each one.

Then restart your AI tool and type fagun — followed by what you want tested.

Prefer pip? pip install fagun && fagun init does the same thing.

Other ways to install

Paste-prompt (let the AI do it):

Install and set up fagun for me: install uv if missing, then run uvx fagun init. Follow https://github.com/mejbaurbahar/fagun/blob/main/install.md if anything fails.

Claude Code plugin:

/plugin marketplace add mejbaurbahar/fagun
/plugin install fagun@fagun

Target one tool:

uvx fagun install claude-code   # or: cursor | claude | vscode
Don't have uv yet? (one line, no Python needed)

macOS / Linux: curl -LsSf https://astral.sh/uv/install.sh | sh Windows: powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex" Then restart your terminal.


🚀 Manual install (any OS — no Python or pip needed)

Step 1 — install uv (it brings its own Python, so nothing else is required):

macOS / Linux:

curl -LsSf https://astral.sh/uv/install.sh | sh

Windows (PowerShell):

powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"

⚠️ Restart your terminal after this so uv is on your PATH. (macOS/Linux: or run source $HOME/.local/bin/env in the current shell.)

Step 2 — set up Fagun:

uvx fagun setup      # installs the Chrome engine automatically
uvx fagun install    # shows the config to paste into your AI tool

That's it. Restart your AI tool, type fagun, and go.

Already have pip/Python? pip install uv also works — but the installer above needs no Python at all, which is why we recommend it.

💡 Don't want to think about config? Just tell your AI: "Install and set up fagun for me — follow https://github.com/mejbaurbahar/fagun/blob/main/install.md" and it does everything above for you.


🔌 Connect it to your AI tool

Every tool uses the same setting: run uvx fagun. Pick yours:

Tool How
Claude Code claude mcp add fagun -- uvx fagun
Claude Desktop add the JSON below to claude_desktop_config.json
Cursor uvx fagun install cursor (writes ~/.cursor/mcp.json)
VS Code (Copilot) uvx fagun install vscode (writes .vscode/mcp.json)
Windsurf / Cline / Antigravity paste the JSON below into their MCP settings
Codex CLI add the TOML below to ~/.codex/config.toml
// Claude Desktop / Cursor / Windsurf / Cline / Antigravity
{ "mcpServers": { "fagun": { "command": "uvx", "args": ["fagun"] } } }
# Codex — ~/.codex/config.toml
[mcp_servers.fagun]
command = "uvx"
args = ["fagun"]

Restart the tool after adding it. Then type fagun.


💬 How to use it

Just talk to your AI in plain English:

  • fagun → shows the menu and starts up
  • go to example.com and take a screenshot
  • run QA on https://example.com
  • deep test https://example.com and save the report to ./report.md
  • check for broken links on https://example.com
  • test the forms on the signup page
  • are there any console errors? · any failed network requests?
  • log in with test@x.com / password123, then check the dashboard

🕵️ The /fagun bug hunter

Fagun ships with a skill that turns your AI into a methodical QA tester. It sweeps 10 kinds of problems and only reports bugs it can actually reproduce (no guessing):

# Checks for
1 Functional — broken journeys, buttons/links that lie
2 JavaScript errors — crashes, console errors on load & on click
3 Network / API — 4xx/5xx, failed calls, mixed content
4 Forms — missing validation, insecure submission, no labels
5 Auth / sessions — login errors, leaks, access control
6 Accessibility — missing alt text, labels, keyboard traps
7 Performance — slow loads, heavy resources
8 Visual / responsive — layout breakage, overflow, cut-off text
9 Security — missing CSP/HSTS, exposed versions, secrets in code
10 Edge cases — reloads, back button, huge inputs, offline

Every finding comes with steps to reproduce, what was observed, and the impact.


🪙 Token-saving (on by default)

Browser tools normally flood your AI's context with huge JSON blobs and full network/console dumps — burning tokens fast. Fagun is built to be token-lean:

  • Terse output by default — compact one-line-per-finding text instead of pretty JSON (~70% fewer tokens per result). Set FAGUN_TERSE=0 for full JSON, or pass verbose=true to any tool for one call.
  • One call, not tendeep_test crawls + checks console, network, forms, headers, a11y, perf across the whole site in a single tool call, instead of many manual navigate + get_console + get_network round-trips.
  • Capped & deduped — long link/console/network lists are truncated with a +N more marker; duplicate findings are collapsed.
  • Reports go to disk, not context — pass report_path and the full detail is written to a file while only a compact summary returns to the AI.

💡 Cheapest workflow: deep test <url> and save the report to ./report.md → one call, tiny summary in context, full report on disk.

⚙️ Options (optional)

Set these as environment variables if you need them:

Variable Default What it does
FAGUN_HEADLESS 1 Set to 0 to watch the browser work
FAGUN_BROWSER chromium Use firefox or webkit instead
FAGUN_CDP_URL Attach to your own open Chrome, e.g. http://127.0.0.1:9222
FAGUN_TERSE 1 Compact token-lean output. Set 0 for full JSON.

🔐 Security scanning (authorized targets only)

security scan <url> runs the bug classes hunters get paid for — non-destructive, GET/HEAD only, no attacks on third parties:

  • Exposed files (/.git, /.env, /.aws/credentials, backups, actuator)
  • Leaked secrets in HTML/JS (AWS, Stripe, Google, GitHub, JWT, private keys)
  • CORS misconfiguration · reflected-XSS candidates · open redirect · SQLi error signals
  • Cookie flags · security headers (CSP/HSTS/X-Frame)

⚠️ Only scan sites you own or are authorized to test.

🔌 Use your own logged-in Chrome (self-healing + sessions)

  • connect to my Chrome → Fagun launches a debuggable Chrome and attaches — no manual chrome://inspect step. Great for testing behind a login (reuses your session).
  • browser_exec → when no built-in tool fits, the AI writes Python against the live page (full Playwright). save_helper persists what works, so Fagun gets smarter every run.

🧰 Everything it can do (MCP tools)

fagun_start · open_browser · navigate · click · fill · press_key · screenshot · evaluate_js · get_console · get_network · crawl · run_qa · check_links · test_forms · security_headers · security_scan · deep_test · full_qa_sweep · write_report · browser_exec · save_helper · list_helpers · load_helper · connect_chrome · close_browser


🛠️ For developers

git clone https://github.com/mejbaurbahar/fagun && cd fagun
pip install -e .
python -m playwright install chromium
python -m fagun        # runs the MCP server on stdio

Release (maintainer): publishing is automatic via GitHub Actions + PyPI Trusted Publishing. Bump the version in pyproject.toml and src/fagun/__init__.py, then:

git tag v0.3.0 && git push origin v0.3.0

MIT © Mejbaur Bahar Fagun

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fagun-0.6.0.tar.gz (43.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fagun-0.6.0-py3-none-any.whl (33.8 kB view details)

Uploaded Python 3

File details

Details for the file fagun-0.6.0.tar.gz.

File metadata

  • Download URL: fagun-0.6.0.tar.gz
  • Upload date:
  • Size: 43.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fagun-0.6.0.tar.gz
Algorithm Hash digest
SHA256 9537ce963ac706f63c3fc16c3df7e72d66a9d88ee82fd94765d79b22120caffa
MD5 703ff61527aaf88ac8bdac5c4a47d866
BLAKE2b-256 e3b5c5a4bec84ebee6a1ee20b52df4900030ba8d1801a1bf1c684bcc443f0e71

See more details on using hashes here.

Provenance

The following attestation bundles were made for fagun-0.6.0.tar.gz:

Publisher: publish.yml on mejbaurbahar/fagun

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fagun-0.6.0-py3-none-any.whl.

File metadata

  • Download URL: fagun-0.6.0-py3-none-any.whl
  • Upload date:
  • Size: 33.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fagun-0.6.0-py3-none-any.whl
Algorithm Hash digest
SHA256 0a761cdeb5813bb2f95405e01b7eae53feb49b629c74207e49d732859a3de79b
MD5 ae61efe384c72f684d6bed92380fce5f
BLAKE2b-256 50238d79eeff82eebda94f6e9c86c379c1cd5cda520cb4d5f7693fb3a70b009d

See more details on using hashes here.

Provenance

The following attestation bundles were made for fagun-0.6.0-py3-none-any.whl:

Publisher: publish.yml on mejbaurbahar/fagun

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page