Fagun — one MCP server that lets any AI tool (Claude, Cursor, Codex, Antigravity, Windsurf) drive a browser, hunt bugs, and run a full QA sweep.
Project description
🦊 Fagun
Give any AI a browser and let it hunt real bugs for you.
Fagun is a single tool that plugs into Claude, Cursor, Codex, Antigravity, Windsurf,
Cline, or VS Code. Once it's set up, you just type fagun (or /fagun) and your
AI can open a real browser, click around, and run a full quality check on any website —
finding broken links, console errors, failed requests, form problems, accessibility
issues, slow pages, and security misconfigurations.
You set it up once. It works in every AI tool. Chrome installs itself.
🌐 Website: https://mejbaurbahar.github.io/fagun/ · 📦 PyPI: https://pypi.org/project/fagun/
⚡ One command sets up everything
uvx fagun init
That's the whole install. fagun init installs the Chrome engine and auto-detects
every AI tool on your machine (Claude Code, Claude Desktop, Cursor, Codex, Windsurf)
and registers the fagun browser tools + the /fagun skill in each one.
Then restart your AI tool and type fagun — followed by what you want tested.
Prefer pip?
pip install fagun && fagun initdoes the same thing.
Other ways to install
Paste-prompt (let the AI do it):
Install and set up fagun for me: install
uvif missing, then runuvx fagun init. Follow https://github.com/mejbaurbahar/fagun/blob/main/install.md if anything fails.
Claude Code plugin:
/plugin marketplace add mejbaurbahar/fagun
/plugin install fagun@fagun
Target one tool:
uvx fagun install claude-code # or: cursor | claude | vscode
Don't have uv yet? (one line, no Python needed)
macOS / Linux: curl -LsSf https://astral.sh/uv/install.sh | sh
Windows: powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
Then restart your terminal.
🚀 Manual install (any OS — no Python or pip needed)
Step 1 — install uv (it brings its own Python, so nothing else is required):
macOS / Linux:
curl -LsSf https://astral.sh/uv/install.sh | sh
Windows (PowerShell):
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
⚠️ Restart your terminal after this so
uvis on your PATH. (macOS/Linux: or runsource $HOME/.local/bin/envin the current shell.)
Step 2 — set up Fagun:
uvx fagun setup # installs the Chrome engine automatically
uvx fagun install # shows the config to paste into your AI tool
That's it. Restart your AI tool, type fagun, and go.
Already have
pip/Python?pip install uvalso works — but the installer above needs no Python at all, which is why we recommend it.
💡 Don't want to think about config? Just tell your AI: "Install and set up fagun for me — follow https://github.com/mejbaurbahar/fagun/blob/main/install.md" and it does everything above for you.
🔌 Connect it to your AI tool
Every tool uses the same setting: run uvx fagun. Pick yours:
| Tool | How |
|---|---|
| Claude Code | claude mcp add fagun -- uvx fagun |
| Claude Desktop | add the JSON below to claude_desktop_config.json |
| Cursor | uvx fagun install cursor (writes ~/.cursor/mcp.json) |
| VS Code (Copilot) | uvx fagun install vscode (writes .vscode/mcp.json) |
| Windsurf / Cline / Antigravity | paste the JSON below into their MCP settings |
| Codex CLI | add the TOML below to ~/.codex/config.toml |
// Claude Desktop / Cursor / Windsurf / Cline / Antigravity
{ "mcpServers": { "fagun": { "command": "uvx", "args": ["fagun"] } } }
# Codex — ~/.codex/config.toml
[mcp_servers.fagun]
command = "uvx"
args = ["fagun"]
Restart the tool after adding it. Then type fagun.
💬 How to use it
Just talk to your AI in plain English:
fagun→ shows the menu and starts upgo to example.com and take a screenshotrun QA on https://example.comdeep test https://example.com and save the report to ./report.mdcheck for broken links on https://example.comtest the forms on the signup pageare there any console errors?·any failed network requests?log in with test@x.com / password123, then check the dashboard
🕵️ The /fagun bug hunter
Fagun ships with a skill that turns your AI into a methodical QA tester. It sweeps 10 kinds of problems and only reports bugs it can actually reproduce (no guessing):
| # | Checks for |
|---|---|
| 1 | Functional — broken journeys, buttons/links that lie |
| 2 | JavaScript errors — crashes, console errors on load & on click |
| 3 | Network / API — 4xx/5xx, failed calls, mixed content |
| 4 | Forms — missing validation, insecure submission, no labels |
| 5 | Auth / sessions — login errors, leaks, access control |
| 6 | Accessibility — missing alt text, labels, keyboard traps |
| 7 | Performance — slow loads, heavy resources |
| 8 | Visual / responsive — layout breakage, overflow, cut-off text |
| 9 | Security — missing CSP/HSTS, exposed versions, secrets in code |
| 10 | Edge cases — reloads, back button, huge inputs, offline |
Every finding comes with steps to reproduce, what was observed, and the impact.
🪙 Token-saving (on by default)
Browser tools normally flood your AI's context with huge JSON blobs and full network/console dumps — burning tokens fast. Fagun is built to be token-lean:
- Terse output by default — compact one-line-per-finding text instead of pretty
JSON (~70% fewer tokens per result). Set
FAGUN_TERSE=0for full JSON, or passverbose=trueto any tool for one call. - One call, not ten —
deep_testcrawls + checks console, network, forms, headers, a11y, perf across the whole site in a single tool call, instead of many manualnavigate+get_console+get_networkround-trips. - Capped & deduped — long link/console/network lists are truncated with a
+N moremarker; duplicate findings are collapsed. - Reports go to disk, not context — pass
report_pathand the full detail is written to a file while only a compact summary returns to the AI.
💡 Cheapest workflow:
deep test <url> and save the report to ./report.md→ one call, tiny summary in context, full report on disk.
⚙️ Options (optional)
Set these as environment variables if you need them:
| Variable | Default | What it does |
|---|---|---|
FAGUN_HEADLESS |
1 |
Set to 0 to watch the browser work |
FAGUN_BROWSER |
chromium |
Use firefox or webkit instead |
FAGUN_CDP_URL |
— | Attach to your own open Chrome, e.g. http://127.0.0.1:9222 |
FAGUN_TERSE |
1 |
Compact token-lean output. Set 0 for full JSON. |
🔐 Security scanning (authorized targets only)
security scan <url> runs the bug classes hunters get paid for — non-destructive,
GET/HEAD only, no attacks on third parties:
- Exposed files (
/.git,/.env,/.aws/credentials, backups, actuator) - Leaked secrets in HTML/JS (AWS, Stripe, Google, GitHub, JWT, private keys)
- CORS misconfiguration · reflected-XSS candidates · open redirect · SQLi error signals
- Cookie flags · security headers (CSP/HSTS/X-Frame)
⚠️ Only scan sites you own or are authorized to test.
🔌 Use your own logged-in Chrome (self-healing + sessions)
connect to my Chrome→ Fagun launches a debuggable Chrome and attaches — no manualchrome://inspectstep. Great for testing behind a login (reuses your session).browser_exec→ when no built-in tool fits, the AI writes Python against the live page (full Playwright).save_helperpersists what works, so Fagun gets smarter every run.
🧰 Everything it can do (MCP tools)
fagun_start · open_browser · navigate · click · fill · press_key ·
screenshot · evaluate_js · get_console · get_network · crawl · run_qa ·
check_links · test_forms · security_headers · security_scan · deep_test ·
full_qa_sweep · write_report · browser_exec · save_helper · list_helpers ·
load_helper · connect_chrome · close_browser
🛠️ For developers
git clone https://github.com/mejbaurbahar/fagun && cd fagun
pip install -e .
python -m playwright install chromium
python -m fagun # runs the MCP server on stdio
Release (maintainer): publishing is automatic via GitHub Actions +
PyPI Trusted Publishing. Bump the
version in pyproject.toml and src/fagun/__init__.py, then:
git tag v0.3.0 && git push origin v0.3.0
MIT © Mejbaur Bahar Fagun
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fagun-0.6.0.tar.gz.
File metadata
- Download URL: fagun-0.6.0.tar.gz
- Upload date:
- Size: 43.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9537ce963ac706f63c3fc16c3df7e72d66a9d88ee82fd94765d79b22120caffa
|
|
| MD5 |
703ff61527aaf88ac8bdac5c4a47d866
|
|
| BLAKE2b-256 |
e3b5c5a4bec84ebee6a1ee20b52df4900030ba8d1801a1bf1c684bcc443f0e71
|
Provenance
The following attestation bundles were made for fagun-0.6.0.tar.gz:
Publisher:
publish.yml on mejbaurbahar/fagun
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
fagun-0.6.0.tar.gz -
Subject digest:
9537ce963ac706f63c3fc16c3df7e72d66a9d88ee82fd94765d79b22120caffa - Sigstore transparency entry: 2037781784
- Sigstore integration time:
-
Permalink:
mejbaurbahar/fagun@71cf35e401c182a45a6af817ffcd21e6a9ae2422 -
Branch / Tag:
refs/tags/v0.6.0 - Owner: https://github.com/mejbaurbahar
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@71cf35e401c182a45a6af817ffcd21e6a9ae2422 -
Trigger Event:
push
-
Statement type:
File details
Details for the file fagun-0.6.0-py3-none-any.whl.
File metadata
- Download URL: fagun-0.6.0-py3-none-any.whl
- Upload date:
- Size: 33.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0a761cdeb5813bb2f95405e01b7eae53feb49b629c74207e49d732859a3de79b
|
|
| MD5 |
ae61efe384c72f684d6bed92380fce5f
|
|
| BLAKE2b-256 |
50238d79eeff82eebda94f6e9c86c379c1cd5cda520cb4d5f7693fb3a70b009d
|
Provenance
The following attestation bundles were made for fagun-0.6.0-py3-none-any.whl:
Publisher:
publish.yml on mejbaurbahar/fagun
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
fagun-0.6.0-py3-none-any.whl -
Subject digest:
0a761cdeb5813bb2f95405e01b7eae53feb49b629c74207e49d732859a3de79b - Sigstore transparency entry: 2037782069
- Sigstore integration time:
-
Permalink:
mejbaurbahar/fagun@71cf35e401c182a45a6af817ffcd21e6a9ae2422 -
Branch / Tag:
refs/tags/v0.6.0 - Owner: https://github.com/mejbaurbahar
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@71cf35e401c182a45a6af817ffcd21e6a9ae2422 -
Trigger Event:
push
-
Statement type: