Creative Use Cases

Karate Agent is a browser automation platform with an AI brain. Testing is just the beginning.

Zero LLM cost Flow-powered

Auto-Generate User Guides

Point Karate Agent at your web app and let it walk through every screen, capturing annotated screenshots along the way. The LLM describes what it sees, names each step, and assembles everything into a structured user guide — complete with navigation paths, form instructions, and visual references.

Always up to date — re-run the flow after every deploy. The guide regenerates itself.
Multi-language — the same screenshots work in any language. Just change the LLM prompt to write descriptions in French, Japanese, or Spanish.
Stakeholder-ready — HTML report with embedded screenshots. Share a link or export as PDF.

curl -X POST localhost:4444/api/jobs \
  -d '{"prompt": "Navigate every page of the app. For each screen, take a screenshot and describe what a user can do here. Generate a user guide.",
       "flowFiles": ["app/login.js"]}'

Generated Output

1. Dashboard

The main dashboard shows active projects and recent activity. Use the sidebar to navigate between sections.

[screenshot-001-dashboard.png]

2. Create New Project

Click "New Project" in the top-right corner. Fill in the project name and description, then click "Create".

[screenshot-002-new-project.png]

Multi-session Parallel execution

Simulate Real User Load

Spin up dozens of concurrent browser sessions, each running its own user journey. Unlike synthetic HTTP load tests, these are real browsers executing real JavaScript, rendering real pages, and triggering real client-side events — exactly like your users.

True browser load — each session runs full Chrome. WebSocket connections, service workers, SSR hydration — all exercised.
Mixed user journeys — one session browses the catalog, another checks out, a third edits their profile. Realistic traffic patterns.
Spot client-side bottlenecks — memory leaks, slow renders, and race conditions that HTTP-only load tools miss entirely.
Visual evidence — every session records video. When session 47 hits a blank page under load, you have the recording.

# Launch 20 concurrent user sessions
for i in $(seq 1 20); do
  curl -s -X POST localhost:4444/api/jobs \
    -H "Content-Type: application/json" \
    -d "{
      \"prompt\": \"Browse the store, add 2-3 items to cart, proceed to checkout. Complete with page load times.\",
      \"flowFiles\": [\"app/login.js\"],
      \"maxIterations\": 15
    }" &
done
wait
echo "All 20 sessions submitted"

High volume Distributed

Distributed API Performance Testing

Karate already has world-class API performance testing with Gatling integration. Combined with the dashboard's container orchestration, you can distribute load generation across multiple workers — saturating APIs that a single machine can't stress on its own.

Horizontal scale — each container runs an independent Gatling simulation. 10 workers × 1,000 virtual users = 10,000 concurrent connections.
No JMeter — Karate's .feature files double as performance scripts. Write once, run as tests or as load.
Real API validation under load — assertions run during the load test, not after. A 500 error on request 8,432 is caught immediately.
Cloud-burstable — run the dashboard on your CI server, point workers at cloud VMs when you need extreme load.

# Karate performance test as a .feature file
Feature: API load test
  Scenario: Get products
    Given url 'https://api.myapp.com/products'
    When method get
    Then status 200
    And match response.items == '#[_ > 0]'

# Run with Gatling: 500 users, 60 seconds
java -jar karate-agent.jar perf \
  --users 500 --duration 60s features/products.feature

Load Test Results

10,000

concurrent users

42ms

p95 latency

0.02%

error rate

worker containers

Security Automated

API Security Audits with OWASP Playbooks

Turn OWASP testing guides into executable flow scripts. The LLM reads your API spec, generates attack payloads from the OWASP Top 10 playbook, fires them at every endpoint, and produces a security findings report — with reproduction steps for every vulnerability found.

Injection testing — SQL injection, XSS, command injection payloads generated per-endpoint from your OpenAPI spec
Auth bypass probing — test every endpoint without credentials, with expired tokens, with another user's token
Rate limiting verification — automated burst requests to confirm rate limits are enforced
Reproducible findings — every vulnerability comes with the exact curl command and response. Hand directly to the dev team.

# Security audit flow
curl -X POST localhost:4444/api/jobs \
  -d '{"prompt": "Read the OpenAPI spec at /api/docs. For each endpoint, test OWASP Top 10 categories: injection, broken auth, excessive data exposure. Report findings with severity and reproduction steps.",
       "flowFiles": ["security/owasp-playbook.md"],
       "maxIterations": 50}'

# The LLM:
# 1. Reads your API spec
# 2. Generates attack payloads per endpoint
# 3. Tests each OWASP category
# 4. Reports with severity + exact repro

Visual CI/CD ready

Visual Regression Monitoring

Schedule periodic jobs that navigate your app's critical pages, capture screenshots, and compare them against baselines. The LLM doesn't just do pixel-diff — it understands the page, so it can distinguish a meaningful layout change from an irrelevant ad rotation.

Semantic comparison — the LLM reports "the navigation bar lost its search icon" not "37 pixels differ at (240, 12)"
Cross-browser — run the same flow on different viewport sizes or Chrome versions
Scheduled via CI — trigger after every deploy, get a Slack notification if something looks wrong

# Visual regression check
curl -X POST localhost:4444/api/jobs \
  -d '{"prompt": "Navigate to each page in the app. Take screenshots. Compare against the last run and report any visual changes that look unintentional."}'

Compliance WCAG

Accessibility Audits

The agent navigates your app with the same look() API that discovers elements — and it can spot what's missing. Missing alt text, unlabeled form fields, insufficient color contrast, keyboard traps. Feed it WCAG 2.1 guidelines as a flow file and get a structured compliance report.

Beyond automated scanners — the LLM understands context. "This image is decorative" vs "This image conveys information but has no alt text"
Keyboard navigation testing — the agent can tab through the entire page, verifying focus order and visible focus indicators
Report per WCAG criterion — organized by guideline number with pass/fail/warning per page

# Accessibility audit
curl -X POST localhost:4444/api/jobs \
  -d '{"prompt": "Audit this app for WCAG 2.1 AA compliance. Check every page for: missing alt text, unlabeled inputs, color contrast, keyboard navigation, focus management. Report organized by WCAG criterion.",
       "flowFiles": ["a11y/wcag-checklist.md"]}'

Research Multi-site

Competitive Intelligence & Web Research

Deploy agents to visit multiple websites in parallel, extract structured data, and compile comparative reports. Product features, pricing tables, changelog entries, technology stacks — anything visible in a browser, the agent can read, screenshot, and summarize.

Pricing comparison — visit 10 competitor pricing pages, extract plans and features into a spreadsheet-ready format
Feature tracking — weekly scheduled jobs that check competitor sites for new features or UI changes
Content monitoring — track blog posts, documentation updates, or job listings across multiple sites

# Compare competitor pricing
curl -X POST localhost:4444/api/jobs \
  -d '{"prompt": "Visit each of these pricing pages. Extract plan names, prices, and key features into a comparison table: https://competitor1.com/pricing, https://competitor2.com/pricing, https://competitor3.com/pricing"}'

Scheduled Cron-ready

Scheduled Tasks & Data Collection

The dashboard's REST API is designed for automation. Trigger jobs from cron, CI pipelines, or webhooks. Run recurring browser tasks on a schedule — no human in the loop.

Check for updates — daily job visits vendor portals, checks for new software versions, emails the team if something changed
Data scraping pipelines — scheduled extraction from web portals that don't have APIs. Export structured data to CSV or JSON.
Compliance monitoring — weekly audit of your public-facing pages: SSL certificate expiry, broken links, outdated copyright notices, privacy policy changes
Price tracking — hourly jobs that scrape product prices, detect changes, and log history for analytics

# Crontab: check for vendor updates daily at 8am
0 8 * * * curl -s -X POST localhost:4444/api/jobs \
  -d '{"prompt": "Check https://vendor.com/releases for new versions since yesterday. If found, complete with the version number and changelog URL."}'

# GitHub Actions: weekly compliance check
- name: Compliance audit
  run: |
    JOB=$(curl -s -X POST $GRID_URL/api/jobs \
      -d '{"prompt": "Verify SSL, check all links, confirm privacy policy is current."}')
    # Poll and collect report...

Proven Automation Bulk operations

Bulk Data Entry & Legacy System Migration

Enterprise apps without APIs force manual data entry. Karate Agent navigates the UI, fills forms, clicks through wizards, and handles validation errors — at machine speed. Migrate data between systems that were never designed to talk to each other.

CSV-driven batch entry — feed a spreadsheet to a flow, watch it fill 500 forms in an hour
Legacy ERP migration — screen-scrape from the old system, enter into the new one, verify each record
Handle validation errors — the agent reads error messages and adapts (wrong date format, missing field, duplicate entry)

# Batch data entry from CSV
curl -X POST localhost:4444/api/jobs \
  -d '{"prompt": "Read employees.csv. For each row, navigate to the HR portal, click New Employee, fill in all fields, submit. Report any validation errors with the row number.",
       "flowFiles": ["hr/add-employee.js"]}'

Proven CI/CD Multi-env

Post-Deploy Smoke Tests Across Environments

After every deployment, fire parallel agents at staging, pre-prod, and production. Each runs the same critical path flow — login, navigate, submit a form, verify the result. Get a pass/fail per environment in under 60 seconds, with screenshots of any failures.

Same flow, multiple targets — parameterize the base URL. One flow works everywhere.
Parallel execution — all environments tested simultaneously, not sequentially
Instant failure alerts — browser notifications + webhook integration for Slack/Teams

# Smoke test 3 environments in parallel
for ENV in staging preprod production; do
  curl -s -X POST localhost:4444/api/jobs \
    -d "{\"prompt\": \"Go to https://$ENV.myapp.com. Run the critical path: login, create order, verify confirmation.\",
         \"flowFiles\": [\"smoke/critical-path.js\"]}" &
done
wait

What Will You Build?

These are just starting points. Any workflow that involves a browser or an API is a candidate.

Book a Demo Read the Docs