qaeverest-mcp
v1.1.0
Published
MCP server for QAEverest — generate AI-powered functional, API, UI & mobile test cases, plus security and performance checks, from inside Claude Code, Cursor, VS Code Copilot, or any MCP-compatible IDE.
Maintainers
Readme
QAEverest MCP Server
Generate AI-powered test cases — and run security & performance checks — from inside your IDE. This Model Context Protocol server connects AI coding agents — Claude Code, Cursor, VS Code Copilot, Windsurf, and any other MCP-compatible client — to the QAEverest public API.
Ask your agent things like:
"Generate functional test cases for the login story in
auth/README.mdand save them as a feature file.""Generate API tests from this
openapi.yaml, then scaffold Playwright specs from them.""Generate UI automation test cases for the checkout flow."
"Run a full security scan against https://staging.example.com."
"Run a 30-second load test on the /search endpoint."
"How many QAEverest credits do I have left?"
Prerequisites
- Node.js 18+
- A QAEverest API key (
qae_...) — issued from Admin → API Management or by your account manager.
Configuration
The server is configured entirely through environment variables:
| Variable | Required | Description |
|---|---|---|
| QAEVEREST_API_KEY | yes | Your QAEverest API key (qae_...) |
| QAEVEREST_API_URL | no | Backend base URL. Defaults to https://api.qaeverest.ai |
The server exchanges your API key for a short-lived access token automatically and refreshes it when it expires — you never handle tokens yourself.
Setup
Claude Code
claude mcp add qaeverest -e QAEVEREST_API_KEY=qae_your_key_here -- npx qaeverest-mcpOr add to your project's .mcp.json (checked in, so the whole team gets it — keep the key in an env var):
{
"mcpServers": {
"qaeverest": {
"command": "npx",
"args": ["qaeverest-mcp"],
"env": {
"QAEVEREST_API_KEY": "${QAEVEREST_API_KEY}"
}
}
}
}Cursor
Add to .cursor/mcp.json (project) or ~/.cursor/mcp.json (global):
{
"mcpServers": {
"qaeverest": {
"command": "npx",
"args": ["qaeverest-mcp"],
"env": {
"QAEVEREST_API_KEY": "qae_your_key_here"
}
}
}
}VS Code (GitHub Copilot agent mode)
Add to .vscode/mcp.json:
{
"servers": {
"qaeverest": {
"type": "stdio",
"command": "npx",
"args": ["qaeverest-mcp"],
"env": {
"QAEVEREST_API_KEY": "${input:qaeverest-api-key}"
}
}
},
"inputs": [
{
"id": "qaeverest-api-key",
"type": "promptString",
"description": "QAEverest API key",
"password": true
}
]
}Windsurf
Add to ~/.codeium/windsurf/mcp_config.json:
{
"mcpServers": {
"qaeverest": {
"command": "npx",
"args": ["qaeverest-mcp"],
"env": {
"QAEVEREST_API_KEY": "qae_your_key_here"
}
}
}
}Running from a local checkout (before npm publish)
Replace "command": "npx", "args": ["qaeverest-mcp"] with:
"command": "node",
"args": ["C:/path/to/CreateMyTestcases/mcp-server/src/index.js"](run npm install inside mcp-server/ first).
Tools
The server exposes these tools. Each generation/scan call is billed to your account at an admin-configured per-service credit cost; whether a tool works depends on which services are enabled for your API key (check with get_usage). You don't call these directly — describe what you want and the agent picks the tool.
generate_testcases — functional / general (sync)
Generate test cases from a user story or feature description. Returns Gherkin-style scenarios (Given/When/Then) with tags, priorities, and test data. Generation typically takes 1–3 minutes.
| Parameter | Type | Required | Description |
|---|---|---|---|
| user_story | string | yes | The story / requirement / feature description |
| test_type | enum | no | Functional (default), System, Performance, Security, API |
| tc_type | enum | no | manual (default) or automated |
| domain_name | string | no | Business domain context, e.g. Banking |
| module_name | string | no | Feature area, e.g. Login |
| additional | string | no | Extra instructions for the AI |
generate_api_tests — API automation (sync)
Generate automation-ready API test cases from a description or an OpenAPI/Swagger spec or Postman collection pasted as text (positive, negative, boundary, auth).
| Parameter | Type | Required | Description |
|---|---|---|---|
| spec | string | yes | API description, or an OpenAPI/Swagger spec or Postman collection as text |
| tc_type | enum | no | manual or automated (default) |
| domain_name, module_name, additional | string | no | As above |
generate_ui_tests — UI automation (async)
Generate end-to-end UI automation test cases (navigate / click / type / assert steps). Runs as a background job and may take a few minutes. Generates test cases only — it does not drive a live browser.
| Parameter | Type | Required | Description |
|---|---|---|---|
| story | string | yes | The UI scenario / user story |
| domain_name, module_name, additional | string | no | As above |
generate_mobile_tests — mobile automation (async)
Same as generate_ui_tests, but for mobile UI automation (gestures, device states, platform-specific behaviours). Generates test cases only — it does not drive a live device.
| Parameter | Type | Required | Description |
|---|---|---|---|
| story | string | yes | The mobile scenario / user story |
| domain_name, module_name, additional | string | no | As above |
security_scan — security (sync)
Scan a URL for security-header, SSL/TLS, and common-vulnerability issues; returns risk-rated findings.
| Parameter | Type | Required | Description |
|---|---|---|---|
| url | string | yes | Full URL including http:// or https:// |
| scanType | enum | no | headers, ssl, vulnerability, or full (default) |
| method | enum | no | HTTP method to probe with (default GET) |
| headers | object | no | Optional request headers (key/value) |
performance_test — performance (sync)
Run a load / stress / spike / soak test and return latency, throughput, and error-rate metrics. API-tier caps keep a single call bounded (~1 min); heavier runs belong in the in-app Performance module.
| Parameter | Type | Required | Description |
|---|---|---|---|
| url | string | yes | Full URL including http:// or https:// |
| testMode | enum | no | load (default), stress, spike, soak |
| method | enum | no | HTTP method (default GET) |
| headers | object | no | Optional request headers (key/value) |
| body | string | no | Optional request body (POST/PUT) |
| virtualUsers | number | no | Concurrent virtual users (load/soak); server caps apply |
| duration | number | no | Seconds; server caps apply (load ≤ 60s, soak ≤ 90s) |
| rampUp | number | no | Ramp-up seconds (load mode) |
get_usage
No parameters. Returns credits used/remaining, requests this month, and enabled services for your account.
How it works
IDE agent (Claude Code / Cursor / Copilot / Windsurf)
│ MCP over stdio
▼
qaeverest-mcp
│ POST /api/v1/auth/token (API key → 8h JWT, cached)
│ POST /api/v1/generate-testcases ─┐
│ POST /api/v1/api-tests/generate │ sync — returns inline
│ POST /api/v1/security-scan │
│ POST /api/v1/performance-test ─┘
│ POST /api/v1/ui-tests → poll GET /api/v1/ui-tests/{jobId} ─┐ async —
│ POST /api/v1/mobile-tests → poll GET /api/v1/mobile-tests/{jobId} ─┘ server polls for you
│ GET /api/v1/usage
▼
QAEverest backend ──► AI engine / scanners ──► resultsFor the async UI/mobile tools the server submits the job and polls the status URL for you (up to 5 minutes), so from the agent's point of view they behave like any other tool call.
Troubleshooting
- "QAEVEREST_API_KEY is not set" — the env var didn't reach the server; check the
envblock in your MCP config. - "Invalid or revoked API key" — the key was revoked or regenerated in Admin → API Management; get a fresh one.
- "Insufficient credits" (402) — your plan's credit allowance is exhausted.
- "Monthly request limit reached" (429) — resets at the next billing cycle.
- Timeouts — generation is capped at 5 minutes client-side; very long stories may need trimming.
- The server logs diagnostics to stderr (visible in your IDE's MCP logs, e.g.
claude mcp list/ Cursor's MCP output panel).
