# QC Pro - llms.txt > QC Pro is the autonomous product quality layer for vibe-coded apps. It runs a > real browser against your live web app, exercises every flow like a human > tester would, and ships findings as code diffs you can paste into Claude Code. Source: https://qcpro.ai/llms.txt Docs: https://qcpro.ai/docs Methodology: https://qcpro.ai/docs/methodology ## What QC Pro does QC Pro points a headful Chromium at a URL, profiles it as a first-time user, and runs through twelve quality categories end-to-end. Every finding carries a category, severity (critical / high / medium / low), reproduction steps, and a proposed fix as a code diff. ## The twelve categories 1. Core flows - every advertised CTA ("Get started", "Try free") completes or dead-ends. Started from the homepage. 2. Auth - signup, login, logout, login again, and password reset end-to-end, including clicking the email link. Social providers included where configured. 3. Email - welcome/verify/reset emails arrive within a reasonable window; every link inside leads somewhere that is not a 404. 4. Responsive - layouts render correctly at iPhone SE (375px), iPhone 15 (390px), iPad (820px), and 1440px desktop without overflow or clipped elements. 5. Visual integrity - screenshot diff against a baseline; flags missing images, overlapping text, and CLS above 0.1. 6. Performance - real-user-weighted INP and LCP, including drift after 30 seconds of sustained use (memory leaks). 7. Payments - full checkout with test cards from US, EU, UK, IN, BR on Stripe, Paddle, and Lemon Squeezy; subscription webhook must fire. 8. Third-parties - Google Sign-In, analytics, fonts, embeds, chat widgets; flags scripts that 404, cause layout shift, or block render over 500ms. 9. Security hygiene - exposed API keys in client bundles, missing CSP / X-Frame- Options / HSTS headers, unsanitized markdown/HTML, bypassable rate limiters. 10. Accessibility - keyboard navigation, contrast against WCAG AA, alt text, screen reader compatibility for core flows. 11. Regression - diff against the last baseline scan; new findings flagged as regressions, resolved findings logged. 12. Truth-in-advertising - claims on the marketing site verified against the actual product. ## Severity thresholds - critical: a core flow is broken for >10% of users, or a security boundary is violated. Deducts 100% within the affected category. - high: a flow is degraded or a significant segment is blocked (one mobile size, one region). Deducts 60%. - medium: a visible defect that does not block but users will notice. Deducts 25%. - low: polish. Deducts 10%. ## How the score is computed The 0-100 quality score is a weighted average across the twelve categories: - 50% from core flows, auth, email, payments (the money-is-moving categories) - 25% from responsive, visual, and performance - 15% from security and accessibility - 10% from third-parties, regression, and truth-in-advertising Fresh greenfield apps typically land in the 65-75 range on first scan. ## How to run a scan ``` # one-shot, no install npx qcpro scan https://your-app.com # with auth, viewport, and a starting route npx qcpro scan https://your-app.com \ --login "qa@yourco.com" \ --viewport mobile \ --start /signup ``` ## Claude Code integration (MCP) QC Pro exposes an MCP server at https://mcp.qcpro.ai. Once connected, Claude can run scans, fetch findings, and apply fixes in place. ``` claude mcp add qcpro https://mcp.qcpro.ai # then, in Claude: > run qcpro against staging and apply criticals ``` ## HTTP API ``` POST https://api.qcpro.ai/v1/scans Authorization: Bearer $QCPRO_TOKEN { "url": "https://staging.yourco.com", "viewports": ["mobile", "desktop"], "webhook": "https://yourco.com/hooks/qcpro" } ``` ## Glossary - Run - a single scan against one URL at a point in time. - Finding - one reproducible issue with repro steps and a proposed fix. - Category - one of the twelve dimensions QC Pro checks. - Baseline - the last scored run on a URL, used to compute regressions. - Policy - a hard rule that applies across every scan in a workspace.