Frontend-Backend Flow Test
Use this skill as an audit-first contract checker.
Primary purpose:
- - extract frontend API calls
- extract backend endpoint contracts
- compare method/path/query/body/auth hints
- generate actionable audit reports
Secondary purpose:
- - generate limited experimental live-check helpers only when static audit is insufficient and the environment is explicitly safe
Default workflow
- 1. Run static audit first with �INLINECODE0
- Read the generated Markdown and JSON reports
- Fix high-severity contract mismatches before considering live checks
- Use live verification only for narrow follow-up validation in dev/staging
Core command
CODEBLOCK0
What this skill is good at
- - finding missing backend endpoints referenced by frontend code
- detecting HTTP method drift
- detecting path drift and base-path mismatches
- comparing query/body/auth hints between frontend and backend
- summarizing likely breakpoints before release or QA
- auditing multiple surfaces against the same backend
What this skill is not
- - not a real API regression framework
- not a replacement for workspace QA tests
- not a full E2E test framework
- not a production-safe write tester
- not guaranteed rollback tooling
- not comprehensive support for arbitrary frameworks/languages
- not a replacement for manual QA or runtime observability
Current extraction coverage
Frontend
- - Axios-style calls
- INLINECODE1
- some Dart/Dio direct calls and wrapper patterns
- basic alias/baseURL/header inference
Backend
- - Spring controller mappings
- Java/Kotlin DTO field hints
- selected Spring Security route hints
- Express app/router mappings
- same-file Express router mount prefix inference
- Laravel route file mappings
- Laravel resource/apiResource expansion
- basic request body / query / multipart inference
Reporting expectations
Expect findings such as:
- - �INLINECODE2
- INLINECODE3
- INLINECODE4
- INLINECODE5
- INLINECODE6
- INLINECODE7
- INLINECODE8
- INLINECODE9
Treat the report as a prioritized contract-audit output, not as runtime proof that a user flow succeeds.
References
Read these only when needed:
技能名称: frontend-backend-flow-test
详细描述:
前后端流程测试
使用此技能作为审计优先的契约检查器。
主要目的:
- - 提取前端API调用
- 提取后端端点契约
- 比较方法/路径/查询/请求体/认证提示
- 生成可操作的审计报告
次要目的:
- - 仅在静态审计不足且环境明确安全时,生成有限的实验性实时检查辅助工具
默认工作流程
- 1. 首先使用 scripts/audit_contracts.py 运行静态审计
- 阅读生成的Markdown和JSON报告
- 在考虑实时检查之前,修复高严重性的契约不匹配
- 仅在开发/预发布环境中进行有针对性的后续验证时使用实时验证
核心命令
bash
python3 scripts/audit_contracts.py \
--frontend /path/to/frontend \
--backend /path/to/backend \
--output-dir ./out/audit \
--exclude .dart_tool,coverage \
--format both \
--fail-on high
此技能的擅长领域
- - 查找前端代码引用的缺失后端端点
- 检测HTTP方法偏差
- 检测路径偏差和基础路径不匹配
- 比较前端和后端之间的查询/请求体/认证提示
- 在发布或QA之前总结可能的断点
- 针对同一后端审计多个前端界面
此技能不涵盖的内容
- - 不是真正的API回归框架
- 不能替代工作区QA测试
- 不是完整的端到端测试框架
- 不是生产安全的写入测试工具
- 不保证回滚工具
- 不完全支持任意框架/语言
- 不能替代手动QA或运行时可观测性
当前提取覆盖范围
前端
- - Axios风格的调用
- fetch(...)
- 部分Dart/Dio直接调用和包装模式
- 基本的别名/baseURL/请求头推断
后端
- - Spring控制器映射
- Java/Kotlin DTO字段提示
- 选定的Spring Security路由提示
- Express应用/路由器映射
- 同文件Express路由器挂载前缀推断
- Laravel路由文件映射
- Laravel resource/apiResource扩展
- 基本的请求体/查询/多部分推断
报告预期
预期发现如下:
- - missing-backend-endpoint(缺失后端端点)
- method-mismatch(方法不匹配)
- path-mismatch(路径不匹配)
- query-hint-mismatch(查询提示不匹配)
- body-hint-mismatch(请求体提示不匹配)
- response-hint-mismatch(响应提示不匹配)
- auth-hint-mismatch(认证提示不匹配)
- backend-only-endpoint(仅后端端点)
将报告视为优先级的契约审计输出,而不是用户流程成功的运行时证明。
参考资料
仅在需要时阅读以下内容:
