MCP — AI Integration
Available in: QANode Enterprise
MCP connects AI tools to QANode so users can request actions from an IDE, corporate chat, or any compatible client.
With this integration, an AI client can operate QANode with the permissions of the authenticated user: create scenarios, adjust flows, inspect runs, read project documentation, create dashboards, investigate failures, work with bugs, and use the platform's visual nodes.
When To Use
Use MCP when you want to:
- ask an AI assistant to create or adjust QANode scenarios;
- automate flows that involve web, API, database, files, SSH, or mobile;
- investigate an existing scenario that is failing;
- turn project documentation into initial scenarios;
- create dashboards or ask questions about QANode metrics in natural language;
- open or analyze bugs while working in the code.
MCP does not replace the visual editor. Everything created through MCP still appears in QANode as a normal project, scenario, node, run, dashboard, suite, or bug.
How To Connect
- Generate a token in Settings → Access Tokens
- Configure the MCP client used by your AI tool
- Provide the QANode API URL
- Send the token in the
Authorizationheader
Endpoint:
https://qanode.company.com/api/mcp
Header:
Authorization: Bearer qnt_xxxxx
Generic example:
{
"mcpServers": {
"qanode": {
"url": "https://qanode.company.com/api/mcp",
"headers": {
"Authorization": "Bearer ${QANODE_TOKEN}"
}
}
}
}
The exact format depends on the AI client, but the URL and header are the same.
Security And Permissions
MCP follows the same QANode permissions.
| Area | Rule |
|---|---|
| Projects | Access is limited to projects allowed for the user |
| Scenarios | Creation, editing, and execution follow the user's permissions |
| Runs | Run lookup follows view permissions |
| Credentials | Secrets are never returned as plain text |
| Secret variables | Secret values are masked |
| Dashboards | Queries and widgets follow data permissions |
| Bugs | Workflow, required fields, and transitions still apply |
The token does not grant extra access. It only authenticates the AI client as that user or integration.
What You Can Request
| Area | Example uses |
|---|---|
| Projects | Search projects, create a project, and read attached documents |
| Scenarios | Create flows, add nodes, connect steps, validate, and execute |
| Smart Web | Record web navigation, validate screens, extract data, and reuse sessions when needed |
| Mobile | Record Android/iOS journeys with Appium and save them as Mobile Flow nodes |
| Database | Inspect schema and create database queries or validations |
| Files | Generate, extract, and reuse files in flows |
| Variables | Create global or project variables for reuse |
| Credentials | Create credentials when the user provides the required data |
| Suites | Create, edit, execute, schedule, and diagnose failures |
| Bugs | Open, comment, attach files, transition, and investigate bugs |
| Dashboards | Create panels, widgets, and quick queries over QANode data |
| Components | Create reusable components when the user explicitly asks for one |
How To Ask
Clearer requests produce better results. Include:
- the project where the scenario should be created;
- the target URL or system;
- credentials or the name of an existing credential;
- allowed test data;
- expected result;
- cleanup rules, such as deleting created test data at the end;
- whether the flow should only be created or also executed.
Example:
In the Task Manager project, create a scenario that opens localhost:3008,
logs in with the test user, creates a task, marks it as completed,
and validates in the database that the status is completed.
When important information is missing, confirm the data before creating records, changing real data, or executing destructive actions.
Smart Web And Target Reference
On pages with tables, cards, kanban boards, or repeated lists, the same button or status can appear several times on the screen.
In these cases, use the Smart Web Target Reference. It tells QANode which row, card, or item should be used as the reference before clicking, validating, or extracting a value.
Example:
Validate that the status is Paid on the order created in this run,
not on any old order shown on the page.
This helps QANode act on the correct record even when the data changes on every run.
Web And Mobile Sessions
When a scenario is split across more than one Smart Web or Mobile node, state whether the nodes need to continue in the same session.
Use this when:
- the first node logs in and the second continues authenticated;
- a purchase or registration starts on one screen and finishes on another;
- the mobile app needs to keep the same state across parts of the flow.
For already authenticated web sessions, such as enterprise systems with SSO, use named persisted sessions. For common flows that log in during the run itself, a temporary session per run is usually enough.
Project Documents
MCP lets AI clients read project documents as context for creating scenarios.
QANode can read:
- text-based PDFs;
- scanned PDFs or images with OCR;
- DOCX;
- TXT, JSON, and CSV;
- XLSX with spreadsheet preview;
- metadata from other files.
For large documents, ask the AI client to read specific pages or page ranges.
Dashboards
You can ask an AI client to create dashboards or answer one-off questions about QANode data.
Examples:
How many runs did we have in May?
Create a public dashboard with total runs this month,
success rate, recent failures, and daily evolution.
For simple widgets, QANode uses the visual query builder. For more complex queries, SQL mode can be used when the user has permission.
Bugs
With MCP, an AI client can help investigate and follow up on bugs.
Examples:
- open a bug from a failed run;
- analyze logs and evidence from the original run;
- download bug attachments;
- comment when the user asks;
- transition to a queue or user, when allowed;
- open a sandbox to investigate without affecting the official scenario.
The diagnosis returns in the chat. It does not automatically become a public bug comment.
Best Practices
- Use different tokens for CI/CD and MCP when you want separate audit trails.
- Revoke tokens that are no longer in use.
- Prefer saved credentials instead of pasting passwords into prompts.
- Request explicit validations when the goal is a test scenario.
- Review automation-created scenarios before using them in critical suites.
- Use role-based dashboards when the panel contains team-specific data.
- For bugs, ask for the diagnosis before transitioning or commenting.
Next Steps
- Integration Tokens — Generate and govern tokens used by CI/CD and MCP
- Smart Web Flow — Understand recording, locators, and target reference
- Mobile Flow — Understand mobile recording with Appium
- Dashboard - Enterprise — See panels, widgets, and SQL
- Bugs - Overview — See workflow, sandbox, and attachments