bugAgent MCP Server
officialConnect bugAgent to any MCP-compatible AI client. File, classify, and manage bugs, feature requests, and more directly from your AI coding assistant. No context switching, no copy-paste โ just describe the issue and bugAgent handles the rest.
Documentation
MCP v1
Navigation
Model Context Protocol
MCP
Connect bug_Agent_ to any MCP-compatible AI client.
File, classify, and manage bugs, feature requests, and more directly from your AI coding assistant. No context switching, no copy-paste โ just describe the issue and bug_Agent_ handles the rest.
Discord Community [email protected]
Getting Started
The bug_Agent_ MCP server lets AI clients create, query, and manage bug reports, feature requests, enhancements, and more through the Model Context Protocol. It runs locally and communicates with bug_Agent_'s cloud API.
1
Get your API key
Sign up at app.bugagent.com and generate an API key from the console.
2
Configure your AI client
Add bug_Agent_ as an MCP server in your client's config (see setup below).
3
Start filing bugs
Describe a bug in natural language and bug_Agent_ auto-classifies, enriches, and stores it.
Quick Example
# Create a bug report
"File a bug: Login button is unresponsive on iOS Safari.
Steps: tap login, nothing happens. Expected: navigate to
dashboard. Severity: high."
# bugAgent auto-classifies as UI bug, severity high
# File a feature request
"Feature request: Add dark mode toggle to the
settings page. Users have asked for this in surveys."
# Auto-classified as feature-request, severity medium
Setup
Install
No global install required. Use npx to run the MCP server on demand:
npx @bugagent/mcp-server
Configure your API key
When you first connect, bug_Agent_ will prompt you for your API key. You can also set it via environment variable:
export BUGAGENT_API_KEY=ba_live_your_key_here
Get your API key from the bug_Agent_ console.
MCP Client Configuration
Add the following to your MCP client's configuration file:
mcp.json
{
"mcpServers": {
"bugagent": {
"command": "npx",
"args": ["-y", "@bugagent/mcp-server"],
"env": {
"BUGAGENT_API_KEY": "ba_live_your_key_here"
}
}
}
}
๐ก
Replace ba_live_your_key_here with your actual API key from the console.
Connect to the Server
The bug_Agent_ MCP server is live at https://mcp.bugagent.com/mcp over Streamable HTTP transport. Connect from any of the eight clients below โ pick the one that fits your workflow.
๐
Get your API key first. Sign in to app.bugagent.com/dashboard/settings/api-keys, click Create API Key, and copy the value (starts with ba_live_). Youโll only see it once, so paste it somewhere safe. Every example below uses this key.
Option 1 โ MCP Inspector (Web UI, recommended for first-time testing)
The official Anthropic tool. Spins up a local web UI where you can click through every tool, fill in parameters, and see responses. Zero config, no IDE required.
macOS (Terminal)
Terminal
npx @modelcontextprotocol/inspector
Windows (PowerShell or CMD)
PowerShell
In the browser UI that opens:
- Transport Type: select
Streamable HTTP - URL:
https://mcp.bugagent.com/mcp - Connection Type: select Proxy (the default โ the Inspector proxies through a local Node process to bypass browser CORS)
- Click the Authentication tab โ add a custom header:
- Header Name:
Authorization - Value:
Bearer ba_live_YOUR_KEY_HERE
- Header Name:
- Click Connect. Youโll see all 60+ bug_Agent_ tools in the left panel.
- Click any tool (e.g.
list_bug_reports), fill in parameters, click Run Tool. Response shows on the right.
Prerequisites: Node.js 18 or later. Install from nodejs.org if you donโt have it.
Option 2 โ Claude Desktop (Mac + Windows)
If you use the Claude Desktop app, you can add bug_Agent_ as a permanent MCP server. Claude will then have all bug_Agent_ tools available in every conversation.
macOS
- Open Claude Desktop โ menu bar Claude โ Settings โ Developer โ Edit Config. This opens
~/Library/Application Support/Claude/claude_desktop_config.json. - Add the bug_Agent_ entry under
mcpServers:
claude_desktop_config.json
{
"mcpServers": {
"bugagent": {
"type": "http",
"url": "https://mcp.bugagent.com/mcp",
"headers": {
"Authorization": "Bearer ba_live_YOUR_KEY_HERE"
}
}
}
}
- Save the file and fully quit Claude Desktop (Cmd+Q, not just close the window).
- Relaunch Claude Desktop. The tools hammer icon at the bottom of the chat input should now show bug_Agent_ tools.
- Try it: type โList my 5 most recent bug reportsโ โ Claude will call
list_bug_reportsautomatically.
Windows
- Open Claude Desktop โ File โ Settings โ Developer โ Edit Config. This opens
%APPDATA%\Claude\claude_desktop_config.json(typicallyC:\Users\YourName\AppData\Roaming\Claude\claude_desktop_config.json). - Add the same JSON block shown in the macOS section.
- Save the file and fully quit Claude Desktop from the system tray (right-click the Claude icon โ Quit), then relaunch.
- The tools hammer icon will show bug_Agent_ tools.
Option 3 โ Claude Code (CLI)
If you use Claude Code from your terminal (the CLI version of Claude), register the bug_Agent_ server with one command. Works identically on macOS, Linux, and Windows.
Terminal / PowerShell
claude mcp add --transport http bugagent https://mcp.bugagent.com/mcp \
--header "Authorization: Bearer ba_live_YOUR_KEY_HERE"
Then restart your Claude Code session. Verify itโs connected:
claude mcp list
You should see bugagent in the list with a green dot. Start using tools in any chat: โShow me my exploration usage for this month.โ
To remove it later:
claude mcp remove bugagent
Option 4 โ OpenAI Codex CLI
If you use the OpenAI Codex CLI, add bug_Agent_ to ~/.codex/config.toml for permanent registration, or pass the config inline for a one-off session.
Permanent registration (add to config)
~/.codex/config.toml
[[mcp_servers]]
name = "bugagent"
type = "http"
url = "https://mcp.bugagent.com/mcp"
[mcp_servers.headers]
Authorization = "Bearer ba_live_YOUR_KEY_HERE"
Inline โ one session
Terminal
codex \
--mcp-server '{"name":"bugagent","type":"http","url":"https://mcp.bugagent.com/mcp","headers":{"Authorization":"Bearer ba_live_YOUR_KEY_HERE"}}' \
"list the last 5 bug reports"
Codex resolves tool calls automatically from your natural-language prompt. Try: โList my open bugs sorted by severity.โ
Option 5 โ Cursor (Mac + Windows)
Cursor has built-in MCP support. Add bug_Agent_ once and the AI assistant inside Cursor can file bugs, list reports, run scans, etc. without leaving your editor.
- Open Cursor โ Settings (Cmd+, on Mac / Ctrl+, on Windows) โ MCP in the left sidebar.
- Click + Add new MCP server.
- Select HTTP transport type.
- Fill in:
- Name:
bugagent - URL:
https://mcp.bugagent.com/mcp - Header name:
Authorization - Header value:
Bearer ba_live_YOUR_KEY_HERE
- Name:
- Click Save. Cursor shows a green indicator when connected.
- Open Cursorโs chat (Cmd+L / Ctrl+L) and type โCreate a bug report titled โLogin brokenโ with severity high.โ Cursor will invoke
create_bug_report.
Alternative: Cursor also reads ~/.cursor/mcp.json (Mac) or %USERPROFILE%\.cursor\mcp.json (Windows). Add the same JSON format shown in the Claude Desktop section.
Option 6 โ VS Code with Continue extension (Mac + Windows)
If you prefer VS Code, the Continue extension supports MCP servers natively.
- Install the Continue extension from the VS Code marketplace.
- Open Continueโs config: Command Palette (Cmd+Shift+P / Ctrl+Shift+P) โ Continue: Open config.json. The file is at:
- macOS:
~/.continue/config.json - Windows:
%USERPROFILE%\.continue\config.json
- macOS:
- Add an
mcpServersentry:
~/.continue/config.json
{
"mcpServers": [
{
"name": "bugagent",
"type": "streamable-http",
"url": "https://mcp.bugagent.com/mcp",
"requestOptions": {
"headers": {
"Authorization": "Bearer ba_live_YOUR_KEY_HERE"
}
}
}
]
}
- Save. Continue will auto-reload and show the bug_Agent_ tools in the sidebar.
- Open the Continue chat panel and try: โList my security scans.โ
Other VS Code MCP-capable extensions: Cline, Roo Code, and Windsurf (fork) all follow similar JSON config patterns with an mcpServers key and HTTP transport.
Option 7 โ OAuth-aware hosts (Claude.ai web shown as the example)
Some MCP hosts authenticate via OAuth 2.0 and ask for a static client_id and client_secret upfront instead of accepting a bearer API key. For those hosts you generate a workspace-scoped OAuth credential pair from the bug_Agent_ dashboard and paste it into the hostโs connector form. The credentials are MCP-host-agnostic โ any OAuth client supporting Authorization Code + PKCE can use them. The walkthrough below uses the Claude.ai web app as the most common example.
- In bug_Agent_: open Settings โ Developers โ MCP Connectors. Click Generate connector, give it a name describing the host (e.g. โClaude.ai (work)โ), paste the redirect URI your MCP host requires (for the Claude.ai web app thatโs
https://claude.ai/api/mcp/auth_callbackโ check your hostโs connector docs for others), and choose Confidential for the auth method. Copy theclient_idandclient_secretshown once on the success screen. - In your MCP hostโs connector / OAuth settings, paste:
- Server URL:
https://mcp.bugagent.com/mcp - Client ID + Client Secret: from step 1
- Authorization URL:
https://mcp.bugagent.com/authorize - Token URL:
https://mcp.bugagent.com/token
For Claude.ai specifically: go to claude.ai/customize/connectors and click Add MCP connector.
- Server URL:
- Save. The host redirects you to bug_Agent_ to sign in (Google or email/password โ whichever method you use for the dashboard) and approve consent, then completes the OAuth handshake.
- Manage and revoke generated connectors from the same Settings page. Revoking is immediate โ the next request from that connector returns
invalid_client.
Note: Claude Code, Cursor, VS Code, and the MCP Inspector donโt need this flow โ they handle dynamic client registration (RFC 7591) automatically and authenticate via API key as shown above. The MCP Connectors form is only for hosts that require static OAuth credentials.
Option 8 โ Direct HTTP with curl (Terminal)
If you want to test the server directly without any client, or integrate it into a script, you can hit the HTTP endpoint with curl. The MCP protocol is JSON-RPC 2.0 over Streamable HTTP.
macOS / Linux
Terminal
# Set your API key as a variable
export BUGAGENT_API_KEY="ba_live_YOUR_KEY_HERE"
# 1. List all available tools
curl -N -s https://mcp.bugagent.com/mcp \
-H "Authorization: Bearer $BUGAGENT_API_KEY" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
# 2. Call a tool โ list 5 reports from a specific project
curl -N -s https://mcp.bugagent.com/mcp \
-H "Authorization: Bearer $BUGAGENT_API_KEY" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{
"jsonrpc":"2.0",
"id":2,
"method":"tools/call",
"params":{
"name":"list_bug_reports",
"arguments":{"project":"bugagent","limit":5}
}
}'
Windows (PowerShell)
PowerShell
# Set your API key
$env:BUGAGENT_API_KEY = "ba_live_YOUR_KEY_HERE"
# Use Invoke-RestMethod (PowerShell's curl equivalent)
$headers = @{
"Authorization" = "Bearer $env:BUGAGENT_API_KEY"
"Content-Type" = "application/json"
"Accept" = "application/json, text/event-stream"
}
# 1. List all tools
$body = '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
Invoke-RestMethod -Uri "https://mcp.bugagent.com/mcp" `
-Method Post -Headers $headers -Body $body
# 2. Call list_bug_reports for a specific project
$body = @{
jsonrpc = "2.0"
id = 2
method = "tools/call"
params = @{
name = "list_bug_reports"
arguments = @{ project = "bugagent"; limit = 5 }
}
} | ConvertTo-Json -Depth 5
Invoke-RestMethod -Uri "https://mcp.bugagent.com/mcp" `
-Method Post -Headers $headers -Body $body
Responses arrive as Server-Sent Events (the MCP Streamable HTTP standard). Each chunk is a line prefixed with data: followed by a JSON object. The Accept: application/json, text/event-stream header is required โ the server rejects requests without it.
โน๏ธ
Troubleshooting 401 Unauthorized: Check that your API key hasnโt been revoked in Settings โ API Keys. Keys start with ba_live_. If youโre still stuck, regenerate the key and retry.
Try It โ Plain-English Prompts
Once connected, you donโt need to know tool names or parameters. Describe what you want in plain English and your AI assistant calls the right bug_Agent_ tool automatically.
Bug Reports
Ask your AI assistant
List my 5 most recent bug reports
Show all open critical bugs in the Auth project
Create a bug titled "Login broken on Safari" with severity s2
Update TEST-451 status to in-progress and assign it to me
Add a comment to TEST-451: "root cause confirmed โ null check missing in auth middleware"
Show me everything filed this week, grouped by severity
Test Management
Create a test suite called "Smoke Tests" with cases for login, checkout, and account settings
Run the Regression suite and list all failures
Show failing test cases from the last 7 days
Which test cases have never been run in the past 90 days?
Get a pass-rate trend for this month vs last month
Security & Performance
Run a security scan on https://app.example.com
Get this month's security scan results โ show only high and critical findings
Create a performance test for the landing page and check Lighthouse scores
What are the Core Web Vitals for our checkout flow?
Playwright Automation
Create a Playwright script that logs in and verifies the dashboard loads
Run the checkout automation on iPhone 15 Pro on a real device
Optimize the login automation script
Show runs for the checkout automation โ any failures?
Schedule the smoke test suite to run every weekday at 6 AM UTC
Exploratory AI
Run an exploratory AI session on https://app.example.com with 5 parallel agents
Get the latest exploration run results โ list any bugs that were filed
What testing strategies did the agents use and which found the most issues?
Usage & Stats
Check my plan usage for this month
Show team bug stats for this week broken down by severity and type
List all team members and their roles
How many security scans do I have left this month?
Quick Reference
Config file locations for all eight clients. Every client connects to https://mcp.bugagent.com/mcp with the header Authorization: Bearer ba_live_YOUR_KEY_HERE over Streamable HTTP.
Client Config location / command
MCP Inspector No file โ enter URL + auth header in the browser UI after npx @modelcontextprotocol/inspector
Claude Desktop โ macOS ~/Library/Application Support/Claude/claude_desktop_config.json
Claude Desktop โ Windows %APPDATA%\Claude\claude_desktop_config.json
Claude Code (CLI) claude mcp add --transport http bugagent https://mcp.bugagent.com/mcp --header "Authorization: Bearer ba_live_..."
Codex CLI ~/.codex/config.toml
Cursor โ macOS Settings โ MCP UI, or ~/.cursor/mcp.json
Cursor โ Windows %USERPROFILE%\.cursor\mcp.json
VS Code + Continue ~/.continue/config.json (macOS) / %USERPROFILE%\.continue\config.json (Windows)
Direct HTTP (curl) curl / Invoke-RestMethod โ include Accept: application/json, text/event-stream
Troubleshooting
Symptom Fix
401 Unauthorized Key is wrong, expired, or revoked. Check Settings โ API Keys โ keys start with ba_live_. Regenerate if needed.
Tools not showing in client Fully quit and relaunch the client after editing the config. In Claude Desktop, Cmd+Q (not just close the window). In Cursor, check Settings โ MCP for a green dot.
Accept header required Direct HTTP calls must include Accept: application/json, text/event-stream โ the Streamable HTTP spec requires it. The server returns 406 without it.
Wrong workspaceโs data Each API key is scoped to one workspace. Generate a new key from the workspace you want to query in Settings โ API Keys.
Tools appear but calls fail silently Confirm the server is reachable: curl -I https://mcp.bugagent.com/health should return 200. If it times out, check network/firewall rules.
MCP Inspector CORS error Select Proxy (not Direct) for Connection Type in the Inspector UI. The Inspector proxies through a local Node process to bypass browser CORS restrictions.
Codex CLI โ tools not recognized Verify ~/.codex/config.toml uses [[mcp_servers]] (double brackets, array syntax). Check Codex CLI version is recent enough to support MCP (codex --version).
MCP Features
The bug_Agent_ MCP server provides tools for:
๐
Bug Report Management
create_bug_reportโ File a new report with auto-classification across 19 types โ bugs, feature requests, enhancements, technical debt, and more (title: 3-500 chars). Optionalattachmentsarray accepts base64-encoded files up to 400 MB each: any image, video, audio, PDF, or text/JSON. Setformat_description: trueto auto-reformat the description into a structured template using AI. Passtime_spent_secondsto track QA effort. Passpriority(urgent/high/normal/low) to set the fix urgency independently of severity. The response includesproject_id,project,short_id,legacy_short_id, andproject_short_id.list_bug_reportsโ List and filter reports (max 100 per page). Project filters are applied server-side before pagination. Filter byproject(UUID, slug, exact name, or ticket prefix),project_id,project_slug,project_prefix,workspace(UUID, exact name, or workspace ticket prefix),workspace_id/team_id,type(one of 19 dashboard categories),severity(s1-s4 or legacy critical/high/medium/low),status(using the dashboard's exact values:new,awaiting-triage,confirmed,in-progress,blocked,resolved,retesting,closed,reopenedโ hyphens are deliberate),resolution(fixed/duplicate/works-as-designed/cannot-reproduce/will-not-fix/need-more-info/unresolved),root_cause(open-ended kebab-case tag โ common values:regression,missing-requirement,documentation,incomplete-refactor,not-a-bug,requirements-mismatch), orreporter_user_id(UUID of the team member who filed the report โ calllist_team_membersfirst to resolve a name to a UUID). Each result includesreporter_user_id,project_id,project,short_id,legacy_short_id, andproject_short_idso agents can link and update the correct project-scoped report.pick_next_bugโ Returns the next bug(s) the agent loop should work on, in priority order (S1 โ S2 โ S3, oldest first within each bucket). Automatically scoped to your workspace โ returns tickets across all projects in your team withstatusnew,awaiting-triage, orconfirmedand severity S1-S3. Read-only โ does not atomically claim tickets. Optionalseverity(single tier),limit(1-50, default 1). Returns rows in the same shape aslist_bug_reportsfor tool composability. Pair withclaim_bugfor the read-then-claim pattern.claim_bugโ Atomically transition a bug fromstatusnew,awaiting-triage, orconfirmedtostatus='in-progress', setassigned_toto the calling user, and stampclaimed_at=NOW(). Race-free across concurrent callers via Postgres' UPDATE-WHERE-RETURNING pattern โ if two agents callclaim_bugon the same id in close succession, exactly one getsclaimed:truewith the bug body and the other getsclaimed:falsewith a reason string. A pg_cron reaper releases stale claims (status=in-progress+claimed_at> 30 minutes old) back tonewautomatically, so a crashed agent's tickets re-enter the queue without manual intervention. Inputs:id(UUID or short ID).get_bug_reportโ Get full details of a report by ID. ID formats: accepts either the UUID (e.g.1fb72a2c-87c7-...), the workspace-scoped short ID (e.g.WRKID-545), or the project-scoped short ID (e.g.WRKID-APP-042). Short-ID lookups are team-scoped โ guessing another workspace's short ID returns 404. Returnsproject_id,project,short_id,legacy_short_id,project_short_id,ticket_number,project_ticket_number,qualityScore(integer 1โ10), andqualityBreakdown(object with 10 dimension scores: reproductionSteps, expectedVsActual, environmentDetails, evidence, rootCauseAnalysis, impactAssessment, contextAndHistory, heuristicsAndOracles, clarityAndStructure, actionability โ each 0.0โ1.0).update_bug_reportโ Update fields on an existing report. Accepts UUID or short ID (WRKID-545). Updatable fields includetitle,description,type(any of 19 dashboard categories),severity,priority(urgent/high/normal/lowโ fix urgency, independent of severity),status(matches the dashboard exactly:new,awaiting-triage,confirmed,in-progress,blocked,resolved,retesting,closed,reopenedโ hyphens are deliberate),resolution(fixed/duplicate/works-as-designed/cannot-reproduce/will-not-fix/need-more-info/unresolved), androot_cause(open-ended kebab-case tag โ common values:regression,missing-requirement,documentation,incomplete-refactor,not-a-bug,requirements-mismatch). The agent-loop convention requires bothresolutionandroot_causeto be set wheneverstatustransitions out ofnew; the dashboard, analytics, and the futureclaude-bottraining corpus all depend on those fields. Also includesassigned_to(user ID fromlist_team_members) andtime_spent_secondsfor timer tracking. Changingassigned_toautomatically triggers the in-app bell notification AND a courtesy email to the new assignee (respecting their per-user opt-out in Account Settings โ same pipeline as the dashboard endpoints).add_commentโ Add a comment to a bug report (UUID or short ID, body 1-10000 chars). If the report is synced to Jira, the comment is automatically pushed to the linked Jira issue.list_commentsโ List a report's full comment thread, oldest first โ each comment with author name,parentId(threaded replies), and timestamps. Comments are not part ofget_bug_report, so this is how you read a ticket's discussion. Accepts UUID or short ID.link_bug_reportsโ Create a directional semantic link between two bug reports in the same workspace.link_typeis one ofduplicate-of,parent-of,related-to, ordepends-on. The inverse perspectives (duplicated-by/subtask-of/blocks) are derived at read time โ only one row needs to be stored. Bothfrom_report_idandto_report_idaccept UUIDs or short IDs (WRKID-545).unlink_bug_reportsโ Remove a previously-created bug-report link by its UUID (link_id, returned bylink_bug_reportsorlist_bug_report_links).list_bug_report_linksโ List every user-curated link touching a bug report. Returns each link as it reads from the supplied report's perspective โ e.g. a storedduplicate-ofrow where this report is the target renders asduplicated-by;parent-ofwhere this report is the target renders assubtask-of;depends-onwhere this report is the target renders asblocks.related-tois symmetric. Complements the auto-detectedsimilar_reportsfield returned byget_bug_report.classify_bugโ Classify a description into one of 19 report types (bugs, features, enhancements, etc.) with confidence scoreflush_reportsโ Bulk delete old reports (admin only)
๐
Usage & Analytics
get_usageโ Check usage against plan limitsget_statsโ Daily counts, type/severity/status breakdowns
๐
Project Management
list_projectsโ List available projects withid,name,slug,ticket_prefix, description, and default status. Use those values withcreate_bug_reportandlist_bug_reportsto target the correct project.create_projectโ Create a new project (auto-becomes default if first)delete_projectโ Permanently delete a project and all associated data (bug reports, automations, test cases, mobile apps, schedules, geo snaps, notes, time entries). Only owner/manager. Cannot delete last project. Storage is freed automaticallyexport_okf_bundleโ Export a projectโs QA knowledge โ bug reports, test cases, automations, and performance, security, and exploratory tests โ as an OKF/OQA markdown bundle (the Open Query Agent format used by oqa.ai). Defaults to the active project; pass the optionalproject(slug or name) to export a different one. Returns the list of files in the bundle plus the bundle itself as a base64-encoded zip
๐
Authentication & Account
register_accountโ Create a new account (password: 8-128 chars, rate limited: 5/15min)loginโ Sign in and receive access tokens (rate limited: 5/15min)update_profileโ Update display namechange_passwordโ Change account passwordget_settings/update_settingsโ Manage preferences
๐
API Key Management
generate_api_keyโ Create a named API keylist_api_keysโ List active keys (prefix only)regenerate_api_keyโ Revoke and replace a keydelete_api_keyโ Permanently revoke a key
๐ฅ
Team Management
list_team_membersโ List all members of your workspace with roles, status, and booster flagsinvite_team_memberโ Invite a user by email (managers can invite contributors and managers; only owners can invite admins). 5-day expiry link
๐ฏ
Integrations
sync_to_jiraโ Sync a report to Jira using team's shared connectionpush_to_claudeโ Generate (or regenerate) the Developer Notes for a bug report โ root cause, suggested fix, verification steps, and risk assessment. Accepts UUID or short ID (WRKID-545). Uses platform keys โ no per-team Claude connection required. Runs an adaptive chain: three steps ons3/mediumors4/lowbugs (Sonnet draft โ OpenAIgpt-5critique โ Sonnet synthesis), five steps on the top-two severity buckets โs1/criticalors2/highโ (draft โ critique โ Sonnet rebuttal โ Claude Opus adjudicator that reads the full transcript and writes the final notes with independent judgment). Response exposes every round:analysis,draft,critique,rebuttal,challenger_model,adjudicator_model, and adebatedflag. Any step failing falls through to the next-best answer. Auto-fires on bug creation; usually only called for manual regenerate.analyze_fix_areaโ Generate (or regenerate) the "Likely Fix Area" sub-block of Developer Notes โ a narrow Sonnet output that names where in the codebase the fix most likely belongs. Accepts UUID or short ID. Uses the platform Anthropic key. When the team has agithub_connectionsrow and the project has agithub_repomapped, output is grounded in real file snippets from the connected repo; otherwise falls back to general guidance with a nudge to connect a repo. Returnslikely_fix_areatext,generated_at,repo_used, and agroundedflag. Auto-fires on bug creation โ agents typically only need to call this for manual regenerate.upgrade_planโ Upgrade subscription via Stripe
โก
Performance Testing
create_performance_testโ Create a performance test config with URL, device, virtual users, duration, score threshold, and auto-bug creation toggle. Enterprise onlyrun_performance_testโ Trigger a page audit and load test for a web performance test. Returns a run ID to poll for results. Mobile app profiling runs are triggered from the dashboardget_performance_resultsโ Get full results including Lighthouse scores (Performance, Accessibility, Best Practices, SEO), Core Web Vitals (LCP, FID, CLS, FCP, TTFB, INP, TBT, SI), and load test metrics (VUs, requests, RPS, p50/p90/p95/p99 latencies)list_performance_testsโ List all performance test configurations for the current teamget_performance_usageโ Check monthly performance test usage. Performance testing is Enterprise-only. Free=0, Enterprise=unlimited
Example Workflow
get_performance_usageโ check remaining quotacreate_performance_testโ configure a test for your URLrun_performance_testโ trigger the audit + load testget_performance_resultsโ review scores and vitals
๐ก
Security Scanning
create_security_scanโ Create a security scan configuration. Web scans use Quick Scanner + Nuclei (4,000+ templates) with three depth levels and optional authenticated scanning. Mobile scans use MobSF for APK/IPA binary analysis. Configurable auto-bug creation with severity thresholds. Enterprise onlyrun_security_scanโ Trigger a vulnerability scan. Web scans require DNS domain verification. Mobile scans require an uploaded app. Returns a run ID to poll for resultsget_security_resultsโ Get full results including security score (0-100), findings categorized by severity (Critical, High, Medium, Low, Info) with CWE references, OWASP mappings, evidence, and remediation guidancelist_security_scansโ List all security scan configurations for the current team with last score and auth/depth badgesget_security_usageโ Check monthly security scan usage. Security scanning is Enterprise-only. Enterprise=unlimitedlist_security_schedulesโ List all scheduled security scans for the team with cron, timezone, enabled state, next run, and notification settings. Joins with the parent scan config (name, scan_type, target_url)create_security_scheduleโ Create a recurring schedule for a security scan. Requiresscan_idandcron_expression. One schedule per scan config. Optionaltimezone,notify_on_fail(none/email/slack/both),notify_email,slack_channel_id. Every run counts against your monthly cap; admin users bypass the cap. Scan depth is always read from the scan config at run timedelete_security_scheduleโ Delete a scheduled security scan. Does not affect the parent scan config or completed runs
get_security_usageโ check remaining quotacreate_security_scanโ configure a scan for your URL or reporun_security_scanโ trigger a one-off vulnerability scancreate_security_scheduleโ automate recurring runs (e.g. weekly SAST on main branch)get_security_resultsโ review findings and remediation
๐
Code Review
list_code_reviewsโ List recent AI code reviews for the team. Returns quality scores, severity counts, PR info, and timestamps. Enterprise onlyget_code_reviewโ Get a code review with all findings. Each finding includes severity, category (bug/security/performance/style/logic/maintainability), title, description, code suggestion, file path, and line numbersget_code_review_usageโ Check code review usage. AI code review is Enterprise-only; unlimited on Enterpriseget_code_review_analyticsโ Get review analytics: trends, finding categories/sources, severity breakdown, velocity metrics, top repos/authors. Supports 7/30/90-day lookback
get_code_review_usageโ check remaining reviews- Review a PR in the dashboard at
/dashboard/code-review list_code_reviewsโ see recent reviewsget_code_reviewโ get findings and suggestions
๐
Exploratory AI
Multi-agent autonomous website bug finder with up to 10 parallel agents, each using a different testing strategy.
list_explorationsโ List Exploratory AI configs for the teamcreate_explorationโ Create a new exploration. Acceptsagent_count(1โ10, max 10) to run multiple parallel agents with unique strategies: happy_path, edge_case, security, accessibility, error_path, performance, mobile, data_integrity, navigation, customget_explorationโ Get exploration config with agent settings and recent runsget_exploration_runโ Get run results with per-agent progress, phase data, findings with agent attribution (agent_index,agent_strategy), and linked bugsget_exploration_usageโ Check monthly usage. Exploratory AI is Enterprise-only; Enterprise: unlimited (10 agents)
create_explorationwithagent_count: 5โ configure 5 parallel agents- Trigger a run from the dashboard or via
POST /api/explorations/run get_exploration_runโ poll for per-agent progress and findings- View deduplicated findings with agent attribution in the dashboard
๐
Notes
list_notesโ List notes with optional keyword search, project filter, author filter, and date range. Returns notes the user owns or shared notes within the team.create_noteโ Create a note in one of 5 formats:markdown,plain_text,rich_text,checklist,outline. Setvisibilitytoprivateorshared. Auto-title from first 30 characters if no title provided. Optionalattachmentsarray accepts base64-encoded files up to 400 MB each: any image, video, audio, PDF, or text/JSON. Passtime_spent_secondsto track QA effort.get_noteโ Get full note details including content and attachments. Requiresid.update_noteโ Update title, content, format, visibility, project, ortime_spent_seconds. Pass anattachmentsarray to append new files (max 400 MB each) to the noteโs existing attachments without replacing them. Only the author can update. Requiresid.delete_noteโ Permanently delete a note and its attachments. Only the author can delete. Requiresid.
create_noteโ start a testing session noteupdate_noteโ append observations as you testlist_notesโ search past notes by keyword or projectget_noteโ retrieve full note with attachments
๐ค
Automation
create_automationโ Create a new automation with a custom Playwright script (no FAB recording required). Requiresname. Optional:target_url(auto-derived from the firstpage.goto(...)URL in the script if omitted),script(Node.js/JavaScript/TypeScript or Python โ language is auto-detected; defaults to a placeholder),status(draftoractive, default:draft),project_id. Returns the automationid. Team plan required. Tip โ Duplicate an automation: useget_automationto fetch the original script, then callcreate_automationwithnameset to"[Copy] Original Name"and pass the originalscript,target_url, andproject_id. The duplicate starts indraftstatus with no version history.list_automationsโ List Playwright automation scripts. Filter byproject_idorstatus(draft,active,paused). Returns array of automations with name, target_url, last_run_status, and run_count.get_automationโ Get full automation details including Playwright script and recent runs. Requiresid. Returns the automation with the livescript, ascript_versionsstack (oldest-first, up to 100 prior entries, each{ script, source, timestamp }), and arecent_runsarray where each run carries thescript_version_label/script_version_sourcethat executed. Call this beforerun_automationif you need to pick a specific historical version.run_automationโ Trigger an immediate run of a Playwright test. Requiresautomation_id. Virtual mode (default): optionaldevicefor viewport emulation (e.g.desktop,iphone-15). Live mode: setbrowserstack: truewithbs_browser(chrome,firefox,safari,edge),bs_os(Windows,OS X), andbs_os_versionto run on a real desktop browser. Live real-mobile: setbs_os: "android"(devices:"Samsung Galaxy S25 Ultra","Google Pixel 10","OnePlus 13R") orbs_os: "ios"(devices:"iPhone 17 Pro Max","iPhone 16 Pro Max","iPhone 15 Pro Max") and pass the device name inbs_os_version. Node.js scripts route throughbrowserstack-node-sdk(covers desktop + Android + iPhone). Python scripts route throughbrowserstack-sdk(pytest-playwright) and cover desktop only โ real mobile via Python isn't supported because pytest-playwright'sbrowser_type.connect()can't drive BrowserStack's real-mobile endpoints. Video and network logs captured automatically; console logs desktop-only. Version replay: pass optionalversion_index(integer, 0-indexed) to execute a prior entry from the automation'sscript_versionshistory. Default: whenversion_indexis omitted or null, the current live script runs โ don't pass a placeholder value just to "pick current". Out-of-range, negative, or non-integer values are rejected. The run record stores the exact snapshot that ran, and any bug report auto-created from a failed run deep-links back to that version in the editor.list_automation_runsโ List recent runs for an automation. Requiresautomation_id. Returns runs with status, duration_ms, and error_message.list_schedulesโ List all scheduled web automation runs with cron, timezone, device, and notification settingscreate_scheduleโ Create a scheduled web automation run. Requiresautomation_idandcron_expression. Supports device, timezone, notify_on_fail (email/slack/both), and Slack channel options. BrowserStack Live on scheduled runs: passbrowserstack: truewithbs_browser,bs_os, andbs_os_versionโ same device matrix asrun_automation(Node = desktop + real Android + real iPhone; Python = desktop only).delete_scheduleโ Delete a scheduled web automation runlist_mobile_schedulesโ List all scheduled mobile automation runs with devices, cron, timezone, and notificationscreate_mobile_scheduleโ Create a scheduled mobile automation run on real devices. Requiresautomation_id,cron_expression, anddevicesarraydelete_mobile_scheduleโ Delete a scheduled mobile automation runoptimize_automation_scriptโ Send a Playwright script to Sonnet 4 for AI-powered optimization. Applies a 12-point checklist that fixes selectors, wait strategies, assertions, error handling, auth patterns, mobile compatibility, and strict mode. Requiresautomation_id. The current script version is saved before optimization. Returns the optimized script and a changes summary.undo_automation_scriptโ Revert an automation script to its previous version. Up to 10 previous versions are retained. Requiresautomation_id. Returns the restored script and the number of versions remaining.
create_automationโ create a test with a custom scriptlist_automationsโ browse available testsget_automationโ inspect the Playwright scriptrun_automationโ trigger the testlist_automation_runsโ check results and duration
โฑ๏ธ
Time Tracking
list_time_entriesโ List time entries for the team. Filter byperiod(today,week,month,all),project_id,category, andsort(newest,oldest,most_time,least_time). Team plan only.create_time_entryโ Log time spent on QA tasks. Requiresdescription,category, andduration_minutes. Optionally setproject_idandentry_date(defaults to today). Team plan only.update_time_entryโ Update an existing time entry. Requiresid. Can updatedescription,category,duration_minutes,project_id, orentry_date. Team plan only.delete_time_entryโ Permanently delete a time entry. Requiresid. Team plan only.
create_time_entryโ log 45 minutes of regression testinglist_time_entriesโ view this week's time entriesupdate_time_entryโ adjust duration or categorydelete_time_entryโ remove an incorrect entry
โ๏ธ
Test Cases
Full test management with hierarchical folders, nested suites (up to 3 levels deep with sub-suite auto-expansion on runs), drag-drop reorder, AI-assisted case generation, and an analytics Reports tab with KPI trends, failure analysis, suite health, coverage, and tester productivity. All tools call Supabase directly โ no HTTP roundtrip, same latency as the dashboard.
Hands-free execution: the run review page is a carousel with one case visible at a time, keyboard shortcuts (P Pass ยท F Fail ยท B Block ยท S Skip), and voice control. Click the mic, then say "Pass", "Fail", "Block", "Skip", "Next", "Previous", "Add notes" (transcribes into the notes field), "Save notes", or "Voice off". Auto-advances to the next untested case on success results; stays put on Fail so testers can dictate details and spawn a bug. Works in Chrome, Edge, and Safari.
Cases & Folders
list_test_casesโ List test cases with optionalsearch,priority(critical,high,medium,low),type(functional,regression,smoke,integration,performance,security,usability,exploratory),status(active,draft,deprecated), andsort(newest,oldest,name,priority).create_test_caseโ Create a test case. Two template variants:steps(default) โ per-step{ action, expected }grid via thestepsarray;textโ single free-form description viatext_content. Both fields can be sent in the same call (the platform stores them independently so a tester switchingtemplate_typelater doesn't lose either side's data). Optionalurlsarray (max 10 http/https URLs) attaches reference links. Requiresname. Optional:description,preconditions,template_type,steps,text_content,urls,priority,type,tags,estimated_time(seconds). File attachments are uploaded via the dashboard'sPOST /api/test-cases/:id/attachmentsendpoint (multipart) โ not yet exposed as an MCP tool.get_test_caseโ Get full test case details including steps and execution history.list_test_case_foldersโ List the team's folders (one folder per case viafolder_id; distinct from suites, which are many-to-many test-plan groupings). Capped at 500; honorsproject_idandparent_folder_idfilters (use"root"for top-level only).create_test_case_folderโ Create a folder (nests up to 3 levels viaparent_folder_id). Usebulk_update_test_casesto move cases into it.bulk_update_test_casesโ Apply one action to up to 500 cases at once:set_priority,set_status,set_type,add_tags,remove_tags,add_to_suite,pin,unpin.link_test_case_to_bugโ Establish traceability between a test case and a bug report (verified_by,covers, orrelates).list_test_case_linksโ List all traceability links for a test case.list_test_case_review_candidatesโ Dead-test flags:never_run(90+ days since creation),always_passes(5+ consecutive passes in 90d),always_skipped(3+ consecutive skips).mark_test_case_review_flagsโ Persist current archive-candidate flags ontotest_cases.review_flag. Runs automatically every Monday 09:00 UTC via pg_cron.
Imports
- Figma import (dashboard UI + REST): upload a zip export of Figma frames (up to 100 MB), Claude analyzes each screen and drafts test cases into a folder you pick or create. Multi-pass pipeline (classify โ per-screen cases โ flow-level cases across shared-prefix screens โ self-critique) with prompt caching, 429 retry, and per-frame error isolation so one bad frame doesn't fail the batch. Cases land as
status=active, taggedai_generated=true, withsource='figma'andsource_frame_namepreserving a link to the original frame. Uses the platform Anthropic key โ no per-team Claude connection required. Endpoints:POST /api/test-cases/import/figma/request,POST /api/test-cases/import/figma/start,GET /api/test-cases/import/figma/:id.
Suites & Runs
list_test_suitesโ List test suites with case count and last run status.create_test_suiteโ Create a suite. Nests up to 3 levels viaparent_suite_id.list_test_runsโ List test runs with suite name, assignee, and pass/fail summary.create_test_runโ Snapshot a suite into a new run. Running a parent suite automatically includes every case in every descendant sub-suite (a case linked to both is added exactly once). Eachtest_run_resultsrow records which originating sub-suite the case came from, so result pages can group by origin.
Reports (Tier 1 + Tier 4 analytics)
get_test_reports_overviewโ Headline KPIs for a window (pass rate, runs completed, cases executed) with deltas vs the prior equivalent window. Same numbers the Reports tab KPI strip shows.get_test_reports_failuresโ Four "what to fix?" lists:failing_cases(โฅ50% fail, min 3 runs),flaky_cases(most pass/fail flips),failing_suites(โฅ30% fail, min 5 runs),regressed_cases(most-recent fail with an earlier pass in the window).
create_test_case_folderโ make a folder tree (e.g. Smoke โ Auth)create_test_caseโ define cases; move them into folders withbulk_update_test_casescreate_test_suiteโ build a test plan (sub-suites optional, up to 3 levels deep)create_test_runโ snapshot a run from a parent suite โ sub-suites auto-includedget_test_reports_failuresโ ask "what to fix this week?" once the run completesget_test_reports_overviewโ track the pass-rate trend week over week
โก
Team Booster
scale_teamโ Instantly scale your QA team with booster testers. Accounts are provisioned automatically with tester access. Specifyteam_size(1โ10),location,duration,budget, and optionallyproduct_url,product_types, andtech_levels. Available on the Team plan. You will not be charged until approval has been given.
scale_teamโ provision 5 senior testers in the US for 1 monthlist_team_membersโ verify new testers appear in your teamlist_reportsโ review reports filed by booster testers
๐ฑ
Mobile Testing
upload_mobile_appโ Upload an APK (Android) or IPA (iOS) app for testing on real devices. Requiresname,platform(android/ios), andfile_url. For iOS: upload the IPA for real-device runs, then upload a simulator.appbuild on the app detail page to enable recording.update_mobile_appโ Replace an app binary with a new version. Clears cached URLs and simulator builds so all automations use the new version on next run. Requiresapp_idandfile_url. Optional:version.create_mobile_automationโ Create a test script. Requiresname,app_id,script_type(maestrofor YAML,appiumfor Appium Python,appium_jsfor Appium JavaScript), andscript(the test script content).list_mobile_runsโ Get results for mobile test runs (status, device, video, BrowserStack session, and any auto-created bug). Mobile runs are triggered from the dashboard or on a schedule. Optional filters:automation_id,status(queued,running,passed,failed,error,archived),limit. Archived runs excluded from default listing.
Example Workflow โ Android
upload_mobile_appโ upload your APK- Record test in browser โ actions captured automatically
- Trigger the run on a real device (e.g. Google Pixel 8) from the dashboard or a schedule
list_mobile_runsโ check results with video and logs- Failures auto-create bug reports with failure snapshot and step breakdown
Example Workflow โ iOS
upload_mobile_appโ upload your IPA (for real-device runs)- Upload simulator
.appbuild on app detail page (for recording) - Record test in browser โ actions captured from simulator
- Trigger the run on a real device (e.g. iPhone 15 Pro, uses the IPA) from the dashboard or a schedule
update_mobile_appโ replace IPA with new version when ready
โ
Compliance & Evidence (Enterprise)
collect_compliance_evidenceโ Trigger automated evidence collection from connected services (Cloudflare, GitHub, Sentry, Supabase, Railway). Returns run ID. Collects SSL/TLS settings, WAF status, Dependabot alerts, error trends, deploy history, and more.check_config_driftโ Check all connected services for security configuration drift from baselines (SSL mode, TLS version, HSTS, WAF rules, security headers).generate_access_reviewโ Create a quarterly access review report. Audits team members, roles, MFA status, API key usage, and generates recommendations (e.g., revoke inactive keys).get_security_eventsโ Query the cross-service security event timeline. Filter by source (cloudflare, sentry, github) and severity (critical, high, medium, low, info). Events are auto-correlated across services.
Compliance Coverage
These tools help with SOC2 (CC4.1, CC6.1, CC7.2, CC8.1), ISO 27001 (A.5.18, A.8.8, A.8.9, A.8.15-16, A.8.29), and GDPR (Art. 5, 25, 32, 33) compliance requirements.
Compatible Clients
bug_Agent_ works with any client that supports the Model Context Protocol. Here are setup guides for popular clients:
๐ค
Claude Desktop
Open Settings โ Developer โ Edit Config, then add:
claude_desktop_config.json
Restart Claude Desktop after saving.
โณ๏ธ
Cursor
Open Settings โ MCP Servers โ Add Server, or edit .cursor/mcp.json in your project root:
.cursor/mcp.json
๐
Windsurf
Open Settings โ MCP โ Add Server, or edit your MCP config file:
mcp_config.json
๐ป
Claude Code (CLI)
Add bug_Agent_ directly from the terminal:
claude mcp add bugagent -- npx -y @bugagent/mcp-server
Set your API key with export BUGAGENT_API_KEY=ba_live_... before launching.
๐ง
Other MCP Clients
Any client supporting MCP stdio transport works with bug_Agent_. Use the standard configuration:
- Command:
npx - Args:
["-y", "@bugagent/mcp-server"] - Env:
BUGAGENT_API_KEY
CLI
Getting Started with CLI
The bug_Agent_ CLI gives you full control over bug reports, feature requests, projects, and integrations from your terminal. Use it to:
- Automate workflows โ Integrate bug reporting into CI/CD pipelines, scripts, and cron jobs
- Bulk operations โ List, filter, and manage reports without leaving your terminal
- Pipe-friendly output โ JSON, YAML, and raw formats for composing with
jq,yq, and other tools - Fast iteration โ No browser needed โ create and update reports in seconds
Installation
npm install -g @bugagent/cli
Verify the installation:
bugagent --version
Authentication
Set your API key as an environment variable:
Or pass it directly with the --api-key flag:
bugagent reports list --api-key ba_live_your_key_here
๐
Get your API key from the bug_Agent_ console. Keys start with ba_live_.
For persistent auth, add the export to your shell profile (~/.bashrc, ~/.zshrc, etc.).
Usage
Commands follow the pattern:
bugagent <resource> <action> [flags]
Resources can also use colon syntax for subresources:
bugagent reports comments add --report-id WRKID-545 --body "Reproduced on v2.1"
Use --help on any command for details:
bugagent reports --help
bugagent reports create --help
Example Session
Terminal
# List your projects
bugagent projects list
# Create a bug report in your default project
bugagent reports create \
--title "Checkout 500 on discount code" \
--description "Applying SAVE20 returns HTTP 500" \
--severity critical \
--type logic
# View recent reports
bugagent reports list --limit 5 --format pretty
# Get full details on a report (use the short ID or UUID)
bugagent reports get WRKID-545
# Sync a report to Jira
bugagent jira sync --report-id WRKID-545
# Check your usage
bugagent usage get --format json
CLI Features
The CLI provides commands for:
reports Create, list, get, update, and flush bug reports
projects Create, list, update, and delete projects
keys Generate, list, regenerate, and revoke API keys
jira Connect, sync reports, and configure Jira settings
usage Check current usage against plan limits
stats View analytics and breakdowns
profile View and update your profile and settings
auth Login, register, and manage credentials
Global Flags
Flag Description
--api-key <key> Override the API key for this command
--format <fmt> Output format: json, yaml, pretty, raw
--debug Show request/response details for troubleshooting
--help Show help for any command
--version Print the CLI version
Output Formats
The CLI supports multiple output formats for different use cases:
json
Machine-readable JSON. Ideal for piping to jq or other tools.
yaml
Human-friendly YAML output for config files and readability.
pretty
Default. Colorized, formatted output designed for the terminal.
raw
Unformatted output. Useful for scripting and automation.
Filtering with --transform
Use --transform with GJSON syntax to query and filter output data:
# Default pretty output
bugagent reports list
# JSON for piping to other tools
bugagent reports list --format json
# YAML
bugagent reports list --format yaml
# Raw (no formatting)
bugagent reports get rpt_abc123 --format raw
# Filter with GJSON syntax
bugagent reports list --format json \
--transform "items.#(severity==critical).title"
AI Skill
The CLI is also available as an AgentSkill, allowing AI coding assistants to use bug_Agent_ on your behalf.
โจ
What is an AgentSkill?
AgentSkills let AI coding assistants (Claude Code, Cursor, etc.) invoke CLI tools contextually. The bug_Agent_ skill gives your AI assistant the ability to file bugs, check project status, and sync to Jira โ all without you typing a command.
Install the Skill
claude skills install bugagent --from @bugagent/mcp-server
Once installed, the context-aware AI Assistant can use bug_Agent_ commands naturally โ with full knowledge of your product, testing guidelines, and uploaded documentation:
AI Assistant Prompt
"File a critical bug: the payment webhook is returning
a 403 after the latest deploy. It affects all Stripe
events. Assign it to the payments project."
The skill translates the natural language into the appropriate CLI commands and executes them.
๐ฌ
Session Replay + AI Assistant: When Session Replay is enabled (Team plan), the AI Assistant can reference the captured user session โ clicks, navigation, errors, and network failures from the last 60 seconds โ to auto-draft richer, more accurate bug reports with full reproduction context.
Get Help
Need assistance? We're here to help.
Discord Community
Join our Discord for real-time support and community discussions.
Email Support
[email protected] โ We typically respond within 24 hours.