Skip to main content

Authenticated Testing

Many app flows require users to be logged in. Swarm supports authenticated testing by securely passing login credentials to the AI agents.

Basic usage

swarm test --url localhost:3000 \
  --goal "Edit profile settings" \
  --login-url localhost:3000/login \
  --username test@example.com
The CLI will interactively prompt for the password (not shown in the terminal).

How it works

  1. You provide credentials (username + password) and optionally a login URL
  2. The CLI encrypts the credentials with AES-256-GCM before sending them to the server
  3. Each AI agent navigates to the login page and fills in the credentials
  4. After logging in, the agent proceeds with the test goal
The agents interact with your login form like a real user would — finding the username and password fields, typing in the credentials, and clicking the submit button.

Options

OptionDescription
--login-url <url>URL of the login page (optional — agents will look for a login link if not provided)
--username <username>Username or email address
--password <password>Password (not recommended — visible in shell history)
--password-stdinRead password from stdin (recommended for CI/CD)

Interactive mode

If you don’t pass credentials as flags, the CLI asks interactively: 
  Does this test require login credentials? (y/N) y
  Login page URL (optional, press Enter to skip):
  Username/email: test@example.com
  Password: ••••••••

CI/CD usage

Use --password-stdin to pipe credentials securely: 
echo "$TEST_PASSWORD" | swarm test \
  --url https://staging.myapp.com \
  --goal "Edit profile settings" \
  --username test@example.com \
  --password-stdin \
  --yes

Security

  • Credentials are encrypted client-side with AES-256-GCM before being sent to the Swarm API
  • Encryption uses a shared key (CREDENTIAL_ENCRYPTION_KEY) — credentials are never stored in plaintext on the server
  • Credentials are decrypted only at the point of use by the testing agent
  • After the test completes, the encrypted credentials are not retained
Use dedicated test accounts, not production credentials. While credentials are encrypted in transit and at rest, test accounts are always the safer choice.

Tips

  • Use a test account — create a dedicated account for Swarm testing with realistic but non-sensitive data
  • Pre-seed test data — if the test goal requires existing data (e.g., “edit an existing project”), make sure the test account has that data
  • Specify the login URL — while agents can often find the login page on their own, providing --login-url makes the test faster and more reliable