← Back to Skills Marketplace
127
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install frontend-backend-flow-test
Description
Audit-first frontend-backend contract analyzer for static API compatibility checks. Compare frontend request behavior with backend endpoint contracts, DTO hi...
README (SKILL.md)
Frontend-Backend Flow Test
Use this skill as an audit-first contract checker.
Primary purpose:
- extract frontend API calls
- extract backend endpoint contracts
- compare method/path/query/body/auth hints
- generate actionable audit reports
Secondary purpose:
- generate limited experimental live-check helpers only when static audit is insufficient and the environment is explicitly safe
Default workflow
- Run static audit first with
scripts/audit_contracts.py - Read the generated Markdown and JSON reports
- Fix high-severity contract mismatches before considering live checks
- Use live verification only for narrow follow-up validation in dev/staging
Core command
python3 scripts/audit_contracts.py \
--frontend /path/to/frontend \
--backend /path/to/backend \
--output-dir ./out/audit \
--exclude .dart_tool,coverage \
--format both \
--fail-on high
What this skill is good at
- finding missing backend endpoints referenced by frontend code
- detecting HTTP method drift
- detecting path drift and base-path mismatches
- comparing query/body/auth hints between frontend and backend
- summarizing likely breakpoints before release or QA
- auditing multiple surfaces against the same backend
What this skill is not
- not a real API regression framework
- not a replacement for workspace QA tests
- not a full E2E test framework
- not a production-safe write tester
- not guaranteed rollback tooling
- not comprehensive support for arbitrary frameworks/languages
- not a replacement for manual QA or runtime observability
Current extraction coverage
Frontend
- Axios-style calls
fetch(...)- some Dart/Dio direct calls and wrapper patterns
- basic alias/baseURL/header inference
Backend
- Spring controller mappings
- Java/Kotlin DTO field hints
- selected Spring Security route hints
- Express app/router mappings
- same-file Express router mount prefix inference
- Laravel route file mappings
- Laravel resource/apiResource expansion
- basic request body / query / multipart inference
Reporting expectations
Expect findings such as:
missing-backend-endpointmethod-mismatchpath-mismatchquery-hint-mismatchbody-hint-mismatchresponse-hint-mismatchauth-hint-mismatchbackend-only-endpoint
Treat the report as a prioritized contract-audit output, not as runtime proof that a user flow succeeds.
References
Read these only when needed:
- references/MVP-SPEC.md for the audit-first product boundary
- references/AUDIT-SCOPE.md for supported extraction scope and interpretation guidance
- references/LIMITATIONS.md for known blind spots and confidence cautions
- references/EXAMPLES.md for audit command examples
- references/LIVE-MODE.md only when live verification is explicitly required
Usage Guidance
This skill appears to do what it says: static code scanning to surface API mismatches and a cautious, opt-in live-check helper. Before running: (1) run static audits only (scripts/audit_contracts.py) on local copies of your frontend/backend roots and examine the generated audit-report.json/md; (2) review scripts/generate_tests.py before using live mode and only run it against safe dev/staging endpoints with test credentials; (3) be aware the tool reads your codebase (the frontend/backend paths you pass) and writes report files to the provided output-dir; (4) do not run any live/write modes against production or sensitive systems without explicit safeguards and inspection. If you want higher assurance, paste the contents of scripts/generate_tests.py here for a quick review of its network and credential behavior before using live mode.
Capability Assessment
Purpose & Capability
Name/description match the included artifacts: the repo contains static-extraction and comparison code (frontend and backend extractors, compare, report) and a secondary test generator. No extraneous credentials, cloud APIs, or unrelated binaries are requested.
Instruction Scope
SKILL.md and README instruct an 'audit-first' static workflow (run scripts/audit_contracts.py) and explicitly restrict live verification to narrow dev/staging use. The runtime instructions only operate on user-supplied frontend/backend paths and write reports to the specified output-dir. Caution: there is a separate generate_tests.py live helper (experimental) — running it may perform network calls against target services when used; the docs clearly flag this as opt-in and risky for production.
Install Mechanism
No install spec is declared (instruction-only from a platform perspective) and the skill bundles Python scripts. There is no external download/install-from-URL. Executing the included Python scripts will read repo files and write reports; that's expected for this tool.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code sets a local AUDIT_EXCLUDE_PARTS env var only to pass exclude settings into file iteration logic. There are no requests for unrelated secrets or broad environment access.
Persistence & Privilege
The skill does not request permanent/always-on presence (always:false). It does not modify other skills or system-wide agent settings in the provided files. It writes output to the user-specified output directory only when run.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install frontend-backend-flow-test - After installation, invoke the skill by name or use
/frontend-backend-flow-test - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.1
Clarify product stance: audit-first, not a real API regression framework. Strengthen README/LIVE-MODE wording, add safer generate_tests.py messaging, require --allow-writes for write-capable helper generation, and improve output-dir creation.
v0.3.0
Add baseline PHP/Laravel backend extraction: Route get/post/put/patch/delete, match/any, prefix-group inference, resource/apiResource expansion, and basic controller request/query/body/auth multipart hints. Also enable PHP file scanning.
v0.2.1
Keep Express support added in 0.2.0, but remove local smoke-test files from the published package.
v0.2.0
Add baseline Node/Express backend extraction: app/router method routes, router.route chains, same-file app.use mount prefixes, and basic req params/query/body/auth multipart hints. Also reduce false positives from frontend axios calls.
v0.1.0
Initial public release: audit-first frontend/backend contract analyzer with static extraction, mismatch reporting, and limited live-mode guidance.
Metadata
Frequently Asked Questions
What is Frontend Backend Flow Test?
Audit-first frontend-backend contract analyzer for static API compatibility checks. Compare frontend request behavior with backend endpoint contracts, DTO hi... It is an AI Agent Skill for Claude Code / OpenClaw, with 127 downloads so far.
How do I install Frontend Backend Flow Test?
Run "/install frontend-backend-flow-test" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Frontend Backend Flow Test free?
Yes, Frontend Backend Flow Test is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Frontend Backend Flow Test support?
Frontend Backend Flow Test is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Frontend Backend Flow Test?
It is built and maintained by jalim (@dlawnsdk); the current version is v0.3.1.
More Skills