Agent Test Site
A collection of standalone web challenges for exercising an AI agent's browser-automation skills. Pick a function below — each one stresses different mechanical patterns.
Onboarding form
Multi-step form with custom combobox, async email check, exact-value slider, drag-to-reorder list, split-digit PIN, honeypot trap, and an 8-second time-locked submit.
Drag & dropFile upload
Drag-and-drop area with strict client- and server-side validation — MIME type, magic-byte sniffing, size limit, and a single-shot upload token returned per session.
2FA flowLogin & OTP
Two-stage authentication: credential check, then a 6-digit one-time code shown on the page that must be typed into an auto-advancing input grid before a short expiry window.
CRUD tableData table
Server-paginated table with text search, status filter, sortable columns, row selection, and bulk delete with a typed confirmation phrase.
VulnerableLegacy upload ⚠
Intentionally vulnerable upload endpoint stacking path traversal,
a weak extension blacklist, no size cap, and public serving via
/files. For security-testing agents.
Health: GET /healthz · Ground-truth events:
GET /oracle