Frontend Backend Flow Test

v0.3.1

Audit-first frontend-backend contract analyzer for static API compatibility checks. Compare frontend request behavior with backend endpoint contracts, DTO hi...

⭐ 0· 121·0 current·0 all-time

byjalim@dlawnsdk

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dlawnsdk/frontend-backend-flow-test.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Frontend Backend Flow Test" (dlawnsdk/frontend-backend-flow-test) from ClawHub.
Skill page: https://clawhub.ai/dlawnsdk/frontend-backend-flow-test
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install frontend-backend-flow-test

ClawHub CLI

Package manager switcher

npx clawhub@latest install frontend-backend-flow-test

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the included artifacts: the repo contains static-extraction and comparison code (frontend and backend extractors, compare, report) and a secondary test generator. No extraneous credentials, cloud APIs, or unrelated binaries are requested.

ℹ

Instruction Scope

SKILL.md and README instruct an 'audit-first' static workflow (run scripts/audit_contracts.py) and explicitly restrict live verification to narrow dev/staging use. The runtime instructions only operate on user-supplied frontend/backend paths and write reports to the specified output-dir. Caution: there is a separate generate_tests.py live helper (experimental) — running it may perform network calls against target services when used; the docs clearly flag this as opt-in and risky for production.

✓

Install Mechanism

No install spec is declared (instruction-only from a platform perspective) and the skill bundles Python scripts. There is no external download/install-from-URL. Executing the included Python scripts will read repo files and write reports; that's expected for this tool.

✓

Credentials

The skill declares no required environment variables, credentials, or config paths. The code sets a local AUDIT_EXCLUDE_PARTS env var only to pass exclude settings into file iteration logic. There are no requests for unrelated secrets or broad environment access.

✓

Persistence & Privilege

The skill does not request permanent/always-on presence (always:false). It does not modify other skills or system-wide agent settings in the provided files. It writes output to the user-specified output directory only when run.

Assessment

This skill appears to do what it says: static code scanning to surface API mismatches and a cautious, opt-in live-check helper. Before running: (1) run static audits only (scripts/audit_contracts.py) on local copies of your frontend/backend roots and examine the generated audit-report.json/md; (2) review scripts/generate_tests.py before using live mode and only run it against safe dev/staging endpoints with test credentials; (3) be aware the tool reads your codebase (the frontend/backend paths you pass) and writes report files to the provided output-dir; (4) do not run any live/write modes against production or sensitive systems without explicit safeguards and inspection. If you want higher assurance, paste the contents of scripts/generate_tests.py here for a quick review of its network and credential behavior before using live mode.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dtpw2prsq6h5r0qzg0v3v9583qeen

121downloads

0stars

5versions

Updated 1mo ago

v0.3.1

MIT-0

Frontend-Backend Flow Test

Use this skill as an audit-first contract checker.

Primary purpose:

extract frontend API calls
extract backend endpoint contracts
compare method/path/query/body/auth hints
generate actionable audit reports

Secondary purpose:

generate limited experimental live-check helpers only when static audit is insufficient and the environment is explicitly safe

Default workflow

Run static audit first with scripts/audit_contracts.py
Read the generated Markdown and JSON reports
Fix high-severity contract mismatches before considering live checks
Use live verification only for narrow follow-up validation in dev/staging

Core command

python3 scripts/audit_contracts.py \
  --frontend /path/to/frontend \
  --backend /path/to/backend \
  --output-dir ./out/audit \
  --exclude .dart_tool,coverage \
  --format both \
  --fail-on high

What this skill is good at

finding missing backend endpoints referenced by frontend code
detecting HTTP method drift
detecting path drift and base-path mismatches
comparing query/body/auth hints between frontend and backend
summarizing likely breakpoints before release or QA
auditing multiple surfaces against the same backend

What this skill is not

not a real API regression framework
not a replacement for workspace QA tests
not a full E2E test framework
not a production-safe write tester
not guaranteed rollback tooling
not comprehensive support for arbitrary frameworks/languages
not a replacement for manual QA or runtime observability

Current extraction coverage

Frontend

Axios-style calls
fetch(...)
some Dart/Dio direct calls and wrapper patterns
basic alias/baseURL/header inference

Backend

Spring controller mappings
Java/Kotlin DTO field hints
selected Spring Security route hints
Express app/router mappings
same-file Express router mount prefix inference
Laravel route file mappings
Laravel resource/apiResource expansion
basic request body / query / multipart inference

Reporting expectations

Expect findings such as:

missing-backend-endpoint
method-mismatch
path-mismatch
query-hint-mismatch
body-hint-mismatch
response-hint-mismatch
auth-hint-mismatch
backend-only-endpoint

Treat the report as a prioritized contract-audit output, not as runtime proof that a user flow succeeds.

References

Read these only when needed:

references/MVP-SPEC.md for the audit-first product boundary
references/AUDIT-SCOPE.md for supported extraction scope and interpretation guidance
references/LIMITATIONS.md for known blind spots and confidence cautions
references/EXAMPLES.md for audit command examples
references/LIVE-MODE.md only when live verification is explicitly required

Comments

Loading comments...