MK QA Master
Universal MCP server that drives your test suite end-to-end: run pytest/Jest/Cypress/Go/Maestro, analyze pages, generate tests, and advise.
Add to your client
Copy the config for your MCP client and paste it into its config file.
uvx mk-qa-masterPaste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"mk-qa-master": {
"command": "uvx",
"args": [
"mk-qa-master"
],
"env": {
"QA_RUNNER": "pytest",
"QA_PROJECT_ROOT": "/path/to/your-test-project"
}
}
}
}Requires `uv` (the Python package runner). Install it from https://docs.astral.sh/uv/ if `uvx` is not found.
Step-by-step guides: Add to Claude Desktop · Add to Cursor · Add to Windsurf
Before you start
- uv (for the recommended uvx zero-install path) or Python 3 with pip
- QA_RUNNER and QA_PROJECT_ROOT environment variables
- Per-runner deps: pytest-playwright + 'playwright install chromium' for pytest; a Node project with jest/cypress installed; Go toolchain for go; Maestro CLI + a booted simulator/emulator/device for maestro
- API runners: 'pip install mk-qa-master[api]' for Schemathesis; 'npm install -g newman' for Newman
- Edge runner: 'pip install mk-qa-master[edge]' + ffmpeg + mediamtx on PATH
About MK QA Master
An MCP server for AI-driven QA: it wires a test framework (pytest+Playwright, Jest, Cypress, Go, Maestro, Schemathesis, or Newman) into Claude/Cursor so the AI can analyze a URL or app screen, generate runnable tests, run them, inspect failures with artifacts, and get a data-driven optimization plan after every run. Exposes a frozen 22-tool surface, stable since v1.0.0.
Tools & capabilities (21)
get_runner_infoReport which test runner is active plus all available runners.
list_testsEnumerate the tests in the project under test.
run_testsRun tests with optional filter / headed / browser options (headed and browser are pytest-playwright only).
run_failedRe-run only the last failures (pytest --lf).
get_test_reportReturn a summary: pass / fail / skipped / duration / flaky-in-run.
get_failure_detailsPer-failure message plus paths to screenshot, Playwright trace, and video.
generate_testGenerate a test skeleton; with a module from analyze_url/analyze_screen, writes a runnable Playwright .py or Maestro .yaml with concrete selectors.
auto_generate_testsOne-shot: analyze a URL then generate one test per discovered module.
codegenLaunch Playwright codegen (web) or return a hint pointing at 'maestro studio' (mobile).
generate_html_reportRender the latest run as a self-contained HTML report (dark mode).
get_test_historyReturn the last N archived run summaries for trend and flake debugging.
analyze_urlWeb DOM probe: discovers form/nav/dialog/CTA modules with selectors, candidate test cases, the API endpoints the page hits, and layout-overflow warnings.
analyze_screenMobile: runs 'maestro hierarchy' and emits form / cta / tab_bar modules plus noise-filtered candidate test cases.
analyze_streamEdge AI runner (v1.1.0+): probe RTSP stream geometry and emit candidate detection test cases per detected YOLO label.
init_qa_knowledgeScaffold the project's bilingual QA knowledge layer (methodology + domain) as qa-knowledge.md.
get_qa_contextRead the QA knowledge layer; optional section filter (e.g. ISTQB, Bug, CAPTCHA, Edge Vision Inference).
get_optimization_planThree-layer self-improvement coach: suite quality, MCP usability, and AI generation effectiveness, emitting prioritized actions.
qa_planDeclare a task plus critical points up front; returns a plan_id threaded into core tools for an auto-verifying plan_verification envelope (universal plan+verify bookend).
inspect_visual_challengeDetect a reCAPTCHA v2 / hCaptcha image-grid challenge on the active Playwright page and screenshot the tile grid for the AI client. Consent-gated.
solve_visual_challengeAccept the AI client's tile selection and execute the click chain to solve the CAPTCHA. Requires consent and per-call confirm=true; raw token never returned in evidence.
run_api_security_scanOWASP API Security Top 10 (2023) rule-based scanner over an OpenAPI 3.x spec: API1 BOLA/IDOR, API2 Broken Auth, API3 Mass Assignment, API5 Function-Level Authz, API8 Misconfig. Consent + authorized-domain gated.
What this server can do
MK QA Master provides tools for these capabilities — tap one to see every MCP server that does the same:
When to use it
- Analyze a live login or checkout page and auto-generate runnable Playwright tests with concrete selectors
- Run a cross-framework test suite (web, mobile via Maestro, or API via Schemathesis/Newman) from a single MCP surface and inspect failures with screenshots and traces
- Get a prioritized, data-driven 'what should I fix next' plan after each run, surfacing flaky tests and coverage gaps
- Scan an OpenAPI spec for OWASP API Top 10 issues (BOLA, broken auth, mass assignment) on staging environments you own
- Drive Maestro flows against iOS Simulator / Android Emulator / BlueStacks via remote ADB without rewriting tests per platform
Security notes
The AI Visual Challenge Solver (reCAPTCHA/hCaptcha) and the OWASP API Security scanner are dangerous capabilities and are disabled by default. They require explicit opt-in env vars: QA_VISUAL_CHALLENGE_CONSENT=true and QA_API_SECURITY_CONSENT=true respectively, plus per-call confirmation. Authorized-domain allowlists (QA_VISUAL_CHALLENGE_AUTHORIZED_DOMAINS, QA_API_SECURITY_AUTHORIZED_DOMAINS) restrict where they operate; hard-stop blacklists refuse known identity providers and camera-vendor hosts. The security scanner runs adversarial test cases and the mass_assignment rule mutates server state — never point it at systems you do not own or are not authorized to test. Secrets in env (auth headers, tokens) are redacted from archived reports by default unless QA_NO_REDACT=1.
MK QA Master FAQ
How do I choose which test framework runs?
Set the QA_RUNNER env var to one of pytest / jest / cypress / go / maestro / schemathesis / newman / edge, and QA_PROJECT_ROOT to the project under test. Each runner has its own prerequisites (e.g. 'playwright install chromium' for pytest-playwright, 'npm install -g newman' for Newman).
Is the CAPTCHA solver enabled by default?
No. Both inspect_visual_challenge and solve_visual_challenge return a consent_required error until you set QA_VISUAL_CHALLENGE_CONSENT=true, and solving requires per-call confirm=true. It also refuses hard-stop domains like known identity providers regardless of consent.
Does it bundle JIRA/Slack/GitHub integrations?
No — it stays a pure test-execution and analysis layer. You compose workflows by running other MCP servers (Atlassian, Slack, GitHub, Sentry, Filesystem) side-by-side in the same client config and letting the AI client orchestrate the chain across servers.
Will accepting updates change the tool surface?
No. mk-qa-master is stable since v1.0.0 with a frozen 22-tool surface enforced by a CI snapshot test. Within v1.x you only get additive changes (new tools, optional args, new fields); breaking changes require a v2.0 bump with a deprecation cycle.
Alternatives to MK QA Master
Compare all alternatives →
Microsoft's official browser-automation MCP using Playwright's accessibility tree (no vision model).
Up-to-date, version-specific library documentation injected into your coding agent.
Code intelligence engine that indexes repos into a persistent knowledge graph for AI coding agents.
Compare MK QA Master with: