🧪 gotrasoft-api-testing

The Ultimate MCP Server for Laravel API Testing

Empower your AI assistant to test Laravel APIs like a senior developer

![npm version](https://www.npmjs.com/package/gotrasoft-api-testing)
![License: MIT](https://opensource.org/licenses/MIT)

---

🚀 Why gotrasoft-api-testing?

Building Laravel APIs with AI assistance? How confident are you that the generated code is secure and robust?

This MCP (Model Context Protocol) server transforms your AI into a thorough API testing expert that:

- 🔍 Scans your Laravel project to understand routes, validation rules, and model configurations
- 🛡️ Generates security tests for SQL injection, XSS, IDOR, and more
- ✅ Validates responses against your ApiResponse trait format
- 🔧 Tests Query Builder features like includes, filters, sorts, and search
- 📋 Provides testing guidance with best practices and checklists

> "Stop hoping your API is secure. Start knowing it."

---

✨ Features at a Glance

| Feature | What It Does |
|---------|--------------|
| 🗺️ Route Scanning | Uses php artisan route:list --json for accurate route detection |
| 📝 Form Request Analysis | Extracts validation rules from your Request classes |
| 🏗️ Model Inspection | Reads Queryable trait config (searchable, includes, filters) |
| 🧪 Test Case Generation | Creates 70+ test cases per endpoint automatically |
| 🛡️ Security Payloads | SQL injection, XSS, path traversal attack vectors |
| ✅ Response Validation | Ensures responses follow ApiResponse trait format |
| 🔗 Postman Integration | Generates ready-to-execute requests for Postman MCP |

> Smart Fallback: If php artisan is not available, the tool automatically falls back to parsing route files directly.

---

📦 Installation

$3

``bash npm install -g gotrasoft-api-testing`

`$3`

Open your VS Code settings and configure the MCP server.

#### For Antigravity Client:

Create or edit antigravity_mcp.json in your project root:

`json { "mcpServers": { "api-testing": { "command": "npx", "args": ["-y", "gotrasoft-api-testing"] } } }`

#### For Other MCP Clients:

Add to your MCP configuration file:

`json { "mcpServers": { "api-testing": { "command": "npx", "args": ["-y", "gotrasoft-api-testing"] } } }`

`$3`

After saving the configuration, restart VS Code or reload the window to activate the MCP server.

`$3`

Ask your AI assistant: > "Use the scan_project_full tool on my Laravel project"

If everything is set up correctly, you'll see a comprehensive scan of your routes, form requests, and models! 🎉

---

`🛠️ Available Tools (13 Total)`

`$3`

| Tool | Description | |------|-------------| |get_testing_workflow | START HERE - Get step-by-step testing workflow |

`$3`

| Tool | Description | |------|-------------| |scan_laravel_routes | Scan routes using php artisan route:list| |scan_form_requests| Parse Form Request validation rules | |scan_models| Extract Model Queryable configuration | |scan_project_full | Comprehensive scan with automatic mappings |

`$3`

| Tool | Description | |------|-------------| |generate_test_cases| Generate 70+ test cases per endpoint | |generate_query_builder_tests| Tests for includes, filters, sorts, search | |get_security_payloads | SQL injection, XSS, path traversal payloads |

`$3`

| Tool | Description | |------|-------------| |evaluate_test_result| ⭐ NEW - Determine PASS/FAIL for each test | |validate_api_response| Check response against ApiResponse format | |analyze_test_results| Analyze results with recommendations | |get_testing_guidance | Testing checklist and best practices |

`$3`

| Tool | Description | |------|-------------| |generate_postman_request | Convert test case for Postman MCP |

---

`💡 Usage Examples`

`$3`

`AI, use scan_project_full on /path/to/my/laravel-project`

Result: - 📊 81 routes discovered - 📝 36 Form Request classes parsed - 🏗️ 12 Models with Queryable configuration - 🔗 Automatic resource-to-model mappings

`$3`

`AI, generate test cases for POST /api/v1/members using the validation rules from MemberStoreRequest`

Result: - ✅ 1 valid case - 🔍 21 validation tests - 🛡️ 31 security tests - ⚠️ 3 error handling tests - 📐 14 edge cases

`$3`

`AI, validate this API response against the ApiResponse format: { "success": true, "message": "Data retrieved successfully", "code": 200, "data": [...], "pagination": {...} }`

Result: - ✅ Valid paginated response - All required fields present - Pagination structure verified

---

`🔒 Security Tests Included`

Our security payloads are battle-tested and comprehensive:

| Attack Type | Payloads | Severity | |-------------|----------|----------| | SQL Injection | 10+ variations | 🔴 Critical | | XSS (Cross-Site Scripting) | 10+ payloads | 🟠 High | | Path Traversal | 10+ attempts | 🔴 Critical | | Command Injection | 10+ vectors | 🔴 Critical | | IDOR | Dynamic tests | 🔴 Critical | | Mass Assignment | Admin flag tests | 🔴 Critical |

---

`🔄 Integration Flow`

This diagram shows how api-testing MCP integrates with other MCP servers for complete API testing:

`$3`

| MCP Server | Purpose | npm | |------------|---------|-----| | gotrasoft-postman | Execute HTTP requests | ![npm](https://www.npmjs.com/package/gotrasoft-postman) | | gotrasoft-mysql | Verify database state | ![npm](https://www.npmjs.com/package/gotrasoft-mysql) |

`$3`

`┌─────────────────────────────────────────────────────────────────┐ │ AI Testing Workflow │ ├─────────────────────────────────────────────────────────────────┤ │ 1. get_testing_workflow → Get step-by-step guide │ │ 2. scan_project_full → Discover routes, requests, models │ │ 3. generate_test_cases → Create 70+ test cases │ │ 4. generate_postman_request → Format for Postman MCP │ │ 5. [postman] make_request → Execute HTTP request │ │ 6. validate_api_response → Check response format │ │ 7. [mysql] execute_query → Verify database changes │ │ 8. analyze_test_results → Get recommendations │ └─────────────────────────────────────────────────────────────────┘``

📋 Supported Laravel Patterns

This MCP server understands and supports:

- ✅ ApiResponse Trait - Standard JSON response format
- ✅ Queryable Trait - Spatie Query Builder integration
- ✅ Form Request Classes - Validation rules parsing
- ✅ Route Definitions - Standard and resource routes
- ✅ Model Relationships - belongsTo, hasMany, etc.

---

🤔 FAQ

Q: Does this actually execute API requests?

No! This MCP server only generates test cases and analyzes your code structure. To execute requests, pair it with the Postman MCP.

Q: Will this work with my custom Laravel setup?

Yes! As long as you follow standard Laravel conventions for routes, requests, and models.

Q: Is this safe to use in production?

This tool only reads your code files. It never modifies anything or connects to your database/API directly.

---

📄 License

MIT License - Created by I Komang Gede Yuliana

---

Made with ❤️ by Gotrasoft

Helping developers build secure, tested APIs with confidence

🧪 gotrasoft-api-testing

The Ultimate MCP Server for Laravel API Testing

Empower your AI assistant to test Laravel APIs like a senior developer

![npm version](https://www.npmjs.com/package/gotrasoft-api-testing)
![License: MIT](https://opensource.org/licenses/MIT)

---

🚀 Why gotrasoft-api-testing?

Building Laravel APIs with AI assistance? How confident are you that the generated code is secure and robust?

This MCP (Model Context Protocol) server transforms your AI into a thorough API testing expert that:

> "Stop hoping your API is secure. Start knowing it."

---

✨ Features at a Glance

> Smart Fallback: If php artisan is not available, the tool automatically falls back to parsing route files directly.

---

📦 Installation

$3

``bash npm install -g gotrasoft-api-testing`

`$3`

Open your VS Code settings and configure the MCP server.

#### For Antigravity Client:

Create or edit antigravity_mcp.json in your project root:

`json { "mcpServers": { "api-testing": { "command": "npx", "args": ["-y", "gotrasoft-api-testing"] } } }`

#### For Other MCP Clients:

Add to your MCP configuration file:

`json { "mcpServers": { "api-testing": { "command": "npx", "args": ["-y", "gotrasoft-api-testing"] } } }`

`$3`

After saving the configuration, restart VS Code or reload the window to activate the MCP server.

`$3`

Ask your AI assistant: > "Use the scan_project_full tool on my Laravel project"

If everything is set up correctly, you'll see a comprehensive scan of your routes, form requests, and models! 🎉

---

`🛠️ Available Tools (13 Total)`

`$3`

| Tool | Description | |------|-------------| |get_testing_workflow | START HERE - Get step-by-step testing workflow |

`$3`

| Tool | Description | |------|-------------| |generate_postman_request | Convert test case for Postman MCP |

---

`💡 Usage Examples`

`$3`

`AI, use scan_project_full on /path/to/my/laravel-project`

Result: - 📊 81 routes discovered - 📝 36 Form Request classes parsed - 🏗️ 12 Models with Queryable configuration - 🔗 Automatic resource-to-model mappings

`$3`

`AI, generate test cases for POST /api/v1/members using the validation rules from MemberStoreRequest`

Result: - ✅ 1 valid case - 🔍 21 validation tests - 🛡️ 31 security tests - ⚠️ 3 error handling tests - 📐 14 edge cases

`$3`

`AI, validate this API response against the ApiResponse format: { "success": true, "message": "Data retrieved successfully", "code": 200, "data": [...], "pagination": {...} }`

Result: - ✅ Valid paginated response - All required fields present - Pagination structure verified

---

`🔒 Security Tests Included`

Our security payloads are battle-tested and comprehensive:

---

`🔄 Integration Flow`

This diagram shows how api-testing MCP integrates with other MCP servers for complete API testing:

`$3`

📋 Supported Laravel Patterns

This MCP server understands and supports:

---

🤔 FAQ

Q: Does this actually execute API requests?

No! This MCP server only generates test cases and analyzes your code structure. To execute requests, pair it with the Postman MCP.

Q: Will this work with my custom Laravel setup?

Yes! As long as you follow standard Laravel conventions for routes, requests, and models.

Q: Is this safe to use in production?

This tool only reads your code files. It never modifies anything or connects to your database/API directly.

---

📄 License

MIT License - Created by I Komang Gede Yuliana

---

Made with ❤️ by Gotrasoft

Helping developers build secure, tested APIs with confidence