← 返回 Skills 市场

Frontend Backend Flow Test

Name: Frontend Backend Flow Test
Author: dlawnsdk

作者 jalim · GitHub ↗ · v0.3.1 · MIT-0

cross-platform ✓ 安全检测通过

127

总下载

当前安装

版本数

在 OpenClaw 中安装

/install frontend-backend-flow-test

功能描述

Audit-first frontend-backend contract analyzer for static API compatibility checks. Compare frontend request behavior with backend endpoint contracts, DTO hi...

使用说明 (SKILL.md)

Frontend-Backend Flow Test

Use this skill as an audit-first contract checker.

Primary purpose:

extract frontend API calls
extract backend endpoint contracts
compare method/path/query/body/auth hints
generate actionable audit reports

Secondary purpose:

generate limited experimental live-check helpers only when static audit is insufficient and the environment is explicitly safe

Default workflow

Run static audit first with scripts/audit_contracts.py
Read the generated Markdown and JSON reports
Fix high-severity contract mismatches before considering live checks
Use live verification only for narrow follow-up validation in dev/staging

Core command

python3 scripts/audit_contracts.py \
  --frontend /path/to/frontend \
  --backend /path/to/backend \
  --output-dir ./out/audit \
  --exclude .dart_tool,coverage \
  --format both \
  --fail-on high

What this skill is good at

finding missing backend endpoints referenced by frontend code
detecting HTTP method drift
detecting path drift and base-path mismatches
comparing query/body/auth hints between frontend and backend
summarizing likely breakpoints before release or QA
auditing multiple surfaces against the same backend

What this skill is not

not a real API regression framework
not a replacement for workspace QA tests
not a full E2E test framework
not a production-safe write tester
not guaranteed rollback tooling
not comprehensive support for arbitrary frameworks/languages
not a replacement for manual QA or runtime observability

Current extraction coverage

Frontend

Axios-style calls
fetch(...)
some Dart/Dio direct calls and wrapper patterns
basic alias/baseURL/header inference

Backend

Spring controller mappings
Java/Kotlin DTO field hints
selected Spring Security route hints
Express app/router mappings
same-file Express router mount prefix inference
Laravel route file mappings
Laravel resource/apiResource expansion
basic request body / query / multipart inference

Reporting expectations

Expect findings such as:

missing-backend-endpoint
method-mismatch
path-mismatch
query-hint-mismatch
body-hint-mismatch
response-hint-mismatch
auth-hint-mismatch
backend-only-endpoint

Treat the report as a prioritized contract-audit output, not as runtime proof that a user flow succeeds.

References

Read these only when needed:

references/MVP-SPEC.md for the audit-first product boundary
references/AUDIT-SCOPE.md for supported extraction scope and interpretation guidance
references/LIMITATIONS.md for known blind spots and confidence cautions
references/EXAMPLES.md for audit command examples
references/LIVE-MODE.md only when live verification is explicitly required

安全使用建议

This skill appears to do what it says: static code scanning to surface API mismatches and a cautious, opt-in live-check helper. Before running: (1) run static audits only (scripts/audit_contracts.py) on local copies of your frontend/backend roots and examine the generated audit-report.json/md; (2) review scripts/generate_tests.py before using live mode and only run it against safe dev/staging endpoints with test credentials; (3) be aware the tool reads your codebase (the frontend/backend paths you pass) and writes report files to the provided output-dir; (4) do not run any live/write modes against production or sensitive systems without explicit safeguards and inspection. If you want higher assurance, paste the contents of scripts/generate_tests.py here for a quick review of its network and credential behavior before using live mode.

能力评估

✓ Purpose & Capability

Name/description match the included artifacts: the repo contains static-extraction and comparison code (frontend and backend extractors, compare, report) and a secondary test generator. No extraneous credentials, cloud APIs, or unrelated binaries are requested.

ℹ Instruction Scope

SKILL.md and README instruct an 'audit-first' static workflow (run scripts/audit_contracts.py) and explicitly restrict live verification to narrow dev/staging use. The runtime instructions only operate on user-supplied frontend/backend paths and write reports to the specified output-dir. Caution: there is a separate generate_tests.py live helper (experimental) — running it may perform network calls against target services when used; the docs clearly flag this as opt-in and risky for production.

✓ Install Mechanism

No install spec is declared (instruction-only from a platform perspective) and the skill bundles Python scripts. There is no external download/install-from-URL. Executing the included Python scripts will read repo files and write reports; that's expected for this tool.

✓ Credentials

The skill declares no required environment variables, credentials, or config paths. The code sets a local AUDIT_EXCLUDE_PARTS env var only to pass exclude settings into file iteration logic. There are no requests for unrelated secrets or broad environment access.

✓ Persistence & Privilege

The skill does not request permanent/always-on presence (always:false). It does not modify other skills or system-wide agent settings in the provided files. It writes output to the user-specified output directory only when run.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install frontend-backend-flow-test
安装完成后，直接呼叫该 Skill 的名称或使用 /frontend-backend-flow-test 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.3.1

Clarify product stance: audit-first, not a real API regression framework. Strengthen README/LIVE-MODE wording, add safer generate_tests.py messaging, require --allow-writes for write-capable helper generation, and improve output-dir creation.

v0.3.0

Add baseline PHP/Laravel backend extraction: Route get/post/put/patch/delete, match/any, prefix-group inference, resource/apiResource expansion, and basic controller request/query/body/auth multipart hints. Also enable PHP file scanning.

v0.2.1

Keep Express support added in 0.2.0, but remove local smoke-test files from the published package.

v0.2.0

Add baseline Node/Express backend extraction: app/router method routes, router.route chains, same-file app.use mount prefixes, and basic req params/query/body/auth multipart hints. Also reduce false positives from frontend axios calls.

v0.1.0

Initial public release: audit-first frontend/backend contract analyzer with static extraction, mismatch reporting, and limited live-mode guidance.

元数据

Slug frontend-backend-flow-test

版本 0.3.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 5

常见问题