@q-mesh/mcp
v0.4.0
Published
MCP server for QMesh — query QMesh crowdtesting platform data from Claude, Cursor, and other MCP clients.
Downloads
235
Maintainers
qmeshReadme
QMesh MCP Server
Query the QMesh crowdtesting platform from Claude Desktop, Cursor, Continue, and any other Model Context Protocol client.
QMesh combines AI-detected signals with human QA judgment to produce release-confidence decisions. This MCP server lets your AI assistant surface QMesh data on demand, and (with auth) submit AI-detected quality issues into QMesh's Signal Engine for human verification.
Demo
Claude Desktop using search_bug_patterns to answer a QA question with real de-identified patterns from QMesh.
Tools
| Tool | Auth | Description |
|------|------|-------------|
| get_platform_stats | none | Platform-wide metrics — testers, QA-certified testers, businesses, bugs, tasks |
| get_leaderboard | none | Day / week / month / year tester rankings with QIS, critical/high bug counts, effective rate |
| list_pricing_plans | none | Public testing plans with budget, features, refund policy |
| search_bug_patterns | none | De-identified Bug Pattern knowledge base — scenario templates, detection techniques, checklists. Filter by category, severity, domain, or free-text |
| submit_ai_signal | API Key | Submit an AI-detected quality signal on a task you own. QMesh dedupes, scores (confidence × severity × pattern match), and routes high-value signals to human QA |
All tools except submit_ai_signal work without authentication.
Install
npx -y @q-mesh/mcpOr install globally:
npm install -g @q-mesh/mcpClaude Desktop
Add to your Claude Desktop config:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%AppData%\Claude\claude_desktop_config.json
Minimal (read-only tools):
{
"mcpServers": {
"qmesh": {
"command": "npx",
"args": ["-y", "@q-mesh/mcp"]
}
}
}With submit_ai_signal enabled:
{
"mcpServers": {
"qmesh": {
"command": "npx",
"args": ["-y", "@q-mesh/mcp"],
"env": {
"QMESH_API_KEY": "qk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}
}
}On Windows wrap npx with cmd /c:
{
"mcpServers": {
"qmesh": {
"command": "cmd",
"args": ["/c", "npx", "-y", "@q-mesh/mcp"]
}
}
}Restart Claude Desktop. Hammer icon should show 5 QMesh tools.
Getting QMESH_API_KEY
Only needed for submit_ai_signal. All read-only tools work without it.
- Log in to q-mesh.com (the account must own the target task, or be an admin).
- Go to Settings → API Keys and click Create API Key.
- Give it a name (e.g. "Claude Desktop") and copy the generated key starting with
qk_.⚠️ The full key is shown only once — save it before closing the dialog.
- Paste into your config
env.QMESH_API_KEY.
API keys are long-lived (default 90 days) and can be revoked from the same page any time.
Legacy: QMESH_USER_TOKEN (deprecated)
If you cannot create an API Key yet, a Supabase JWT still works as a fallback — pull access_token from DevTools → Local Storage → sb-cvizjnidcgonqsrwxubz-auth-token. Note: JWTs expire in ~1 hour, so this is not recommended for persistent use.
Cursor / Continue / Other MCP clients
Use the same stdio transport config. Refer to your client's MCP setup docs.
Example prompts
Once installed, try these with Claude:
Read-only (no auth):
- "Show me the QMesh leaderboard this week"
- "What testing plans does QMesh offer and what's included?"
- "How many testers are on QMesh right now?"
- "Search QMesh bug patterns about XSS"
- "What common form-ux bugs does QMesh have documented?"
- "List all critical security bug patterns from QMesh"
With auth (for task owners):
- "I'm testing my QMesh task
<task-id>and the login page accepts non-existent accounts. Submit this as an AI signal with severity high." - "Run accessibility checks on my product and submit any WCAG violations you find as signals to task
<task-id>."
How the Signal Engine works
Your AI agent QMesh Human QA
(Claude / Cursor) Signal Engine on QMesh
│ │ │
│──submit_ai_signal──▶ │ │
│ │─ dedupe ────────────▶ │
│ │ (same title + task?) │
│ │ │
│ │─ score ─────────────▶ │
│ │ (conf × severity × │
│ │ pattern bonus) │
│ │ │
│ │─ route ──────────────────▶│
│ │ (score ≥ 0.5) │
│ │ │ ← promotes valid
│ │ │ or dismisses
│ │ │
│ │◀─ visible to task owner ──│Your AI scales breadth. Human QA provides judgment. QMesh merges both into a release-confidence decision.
Development
git clone https://github.com/onedaysoftware-support/qmesh-mcp
cd qmesh-mcp
npm install
npm run build
node dist/index.js # stdio — connects to any MCP clientSmoke test
printf '%s\n' \
'{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"t","version":"0.0.1"}}}' \
'{"jsonrpc":"2.0","method":"notifications/initialized"}' \
'{"jsonrpc":"2.0","id":2,"method":"tools/list"}' | node dist/index.jsShould list all 5 tools.
Roadmap
Current release (0.3.x): 5 tools — 4 read-only + 1 write (auth-gated).
Planned:
- API Key mechanism — replace 1-hour JWT with long-lived revocable keys
post_task— create a new testing task (requires funded business account)get_task_status— poll a task's progress and bug summaryget_release_readiness— compose QCI score from signals + bugs + coverage (the flagship future tool)
Follow github.com/onedaysoftware-support/qmesh-mcp for updates.
Troubleshooting
"Failed to spawn process: No such file or directory" — your MCP client can't find npx in its PATH. Try absolute path: /opt/homebrew/bin/npx (macOS with Homebrew) or /Users/you/.nvm/versions/node/vXX.X.X/bin/npx (nvm).
"permission denied" on submit_ai_signal — either JWT expired, or you're not the task owner (submission requires tasks.business_id = auth.uid() or admin role).
submit_ai_signal returns "invalid or expired api key" — your QMESH_API_KEY is either mistyped, revoked, or past its 90-day expiry. Create a new one at q-mesh.com Settings → API Keys.
submit_ai_signal returns "permission denied" — the task you're targeting doesn't belong to the API key's owner (or the owner is not admin).
License
MIT © Oneday Software