🧪 gotrasoft-api-testing

The Ultimate MCP Server for Laravel API Testing

Empower your AI assistant to test Laravel APIs like a senior developer

🚀 Why gotrasoft-api-testing?

Building Laravel APIs with AI assistance? How confident are you that the generated code is secure and robust?

This MCP (Model Context Protocol) server transforms your AI into a thorough API testing expert that:

• 🔍 Scans your Laravel project to understand routes, validation rules, and model configurations
• 🛡️ Generates security tests for SQL injection, XSS, IDOR, and more
• ✅ Validates responses against your ApiResponse trait format
• 🔧 Tests Query Builder features like includes, filters, sorts, and search
• 📋 Provides testing guidance with best practices and checklists

"Stop hoping your API is secure. Start knowing it."

✨ Features at a Glance

| Feature | What It Does | |---------|--------------| | 🗺️ Route Scanning | Uses php artisan route:list --json for accurate route detection | | 📝 Form Request Analysis | Extracts validation rules from your Request classes | | 🏗️ Model Inspection | Reads Queryable trait config (searchable, includes, filters) | | 🧪 Test Case Generation | Creates 70+ test cases per endpoint automatically | | 🛡️ Security Payloads | SQL injection, XSS, path traversal attack vectors | | ✅ Response Validation | Ensures responses follow ApiResponse trait format | | 🔗 Postman Integration | Generates ready-to-execute requests for Postman MCP |

Smart Fallback: If php artisan is not available, the tool automatically falls back to parsing route files directly.

📦 Installation

Step 1: Install the Package

npm install -g gotrasoft-api-testing

Step 2: Configure VS Code

Open your VS Code settings and configure the MCP server.

For Antigravity Client:

Create or edit antigravity_mcp.json in your project root:

{
  "mcpServers": {
    "api-testing": {
      "command": "npx",
      "args": ["-y", "gotrasoft-api-testing"]
    }
  }
}

For Other MCP Clients:

Add to your MCP configuration file:

{
  "mcpServers": {
    "api-testing": {
      "command": "npx",
      "args": ["-y", "gotrasoft-api-testing"]
    }
  }
}

Step 3: Restart VS Code

After saving the configuration, restart VS Code or reload the window to activate the MCP server.

Step 4: Verify Installation

Ask your AI assistant:

"Use the scan_project_full tool on my Laravel project"

If everything is set up correctly, you'll see a comprehensive scan of your routes, form requests, and models! 🎉

🛠️ Available Tools (13 Total)

🎯 Start Here

| Tool | Description | |------|-------------| | get_testing_workflow | START HERE - Get step-by-step testing workflow |

📍 Project Scanning

| Tool | Description | |------|-------------| | scan_laravel_routes | Scan routes using php artisan route:list | | scan_form_requests | Parse Form Request validation rules | | scan_models | Extract Model Queryable configuration | | scan_project_full | Comprehensive scan with automatic mappings |

🧪 Test Generation

| Tool | Description | |------|-------------| | generate_test_cases | Generate 70+ test cases per endpoint | | generate_query_builder_tests | Tests for includes, filters, sorts, search | | get_security_payloads | SQL injection, XSS, path traversal payloads |

✅ Validation & Analysis

| Tool | Description | |------|-------------| | evaluate_test_result | ⭐ NEW - Determine PASS/FAIL for each test | | validate_api_response | Check response against ApiResponse format | | analyze_test_results | Analyze results with recommendations | | get_testing_guidance | Testing checklist and best practices |

🔗 Integration

| Tool | Description | |------|-------------| | generate_postman_request | Convert test case for Postman MCP |

💡 Usage Examples

Scan Your Entire Project

AI, use scan_project_full on /path/to/my/laravel-project

Result:

• 📊 81 routes discovered
• 📝 36 Form Request classes parsed
• 🏗️ 12 Models with Queryable configuration
• 🔗 Automatic resource-to-model mappings

Generate Test Cases

AI, generate test cases for POST /api/v1/members using the validation rules from MemberStoreRequest

Result:

• ✅ 1 valid case
• 🔍 21 validation tests
• 🛡️ 31 security tests
• ⚠️ 3 error handling tests
• 📐 14 edge cases

Validate API Response

AI, validate this API response against the ApiResponse format:
{
  "success": true,
  "message": "Data retrieved successfully",
  "code": 200,
  "data": [...],
  "pagination": {...}
}

Result:

• ✅ Valid paginated response
• All required fields present
• Pagination structure verified

🔒 Security Tests Included

Our security payloads are battle-tested and comprehensive:

| Attack Type | Payloads | Severity | |-------------|----------|----------| | SQL Injection | 10+ variations | 🔴 Critical | | XSS (Cross-Site Scripting) | 10+ payloads | 🟠 High | | Path Traversal | 10+ attempts | 🔴 Critical | | Command Injection | 10+ vectors | 🔴 Critical | | IDOR | Dynamic tests | 🔴 Critical | | Mass Assignment | Admin flag tests | 🔴 Critical |

🔄 Integration Flow

This diagram shows how api-testing MCP integrates with other MCP servers for complete API testing:

flowchart LR
    subgraph api-testing MCP
        A[api-testing MCP]
    end
    
    subgraph Step 1
        A -->|1. Scan| B[Laravel Project]
    end
    
    subgraph Step 2
        A -->|2. Generate Tests| C[Test Suite]
    end
    
    subgraph Step 3 - Execute
        C -->|3. Execute| D[postman MCP]
        D -->|Request| E[Laravel API]
        E -->|Response| D
    end
    
    subgraph Step 4 - Verify
        D -->|Results| A
        A -->|4. Verify| F[mysql MCP]
        F -->|Query| G[Database]
    end
    
    subgraph Step 5 - Report
        A -->|5. Report| H[Recommendations]
    end

Integration Partners

| MCP Server | Purpose | npm | |------------|---------|-----| | gotrasoft-postman | Execute HTTP requests | | | gotrasoft-mysql | Verify database state | |

Complete Testing Workflow

┌─────────────────────────────────────────────────────────────────┐
│                     AI Testing Workflow                         │
├─────────────────────────────────────────────────────────────────┤
│  1. get_testing_workflow    → Get step-by-step guide            │
│  2. scan_project_full       → Discover routes, requests, models │
│  3. generate_test_cases     → Create 70+ test cases             │
│  4. generate_postman_request → Format for Postman MCP           │
│  5. [postman] make_request  → Execute HTTP request              │
│  6. validate_api_response   → Check response format             │
│  7. [mysql] execute_query   → Verify database changes           │
│  8. analyze_test_results    → Get recommendations               │
└─────────────────────────────────────────────────────────────────┘

📋 Supported Laravel Patterns

This MCP server understands and supports:

• ✅ ApiResponse Trait - Standard JSON response format
• ✅ Queryable Trait - Spatie Query Builder integration
• ✅ Form Request Classes - Validation rules parsing
• ✅ Route Definitions - Standard and resource routes
• ✅ Model Relationships - belongsTo, hasMany, etc.

🤔 FAQ

Q: Does this actually execute API requests?

No! This MCP server only generates test cases and analyzes your code structure. To execute requests, pair it with the Postman MCP.

Q: Will this work with my custom Laravel setup?

Yes! As long as you follow standard Laravel conventions for routes, requests, and models.

Q: Is this safe to use in production?

This tool only reads your code files. It never modifies anything or connects to your database/API directly.

📄 License

MIT License - Created by I Komang Gede Yuliana

Made with ❤️ by Gotrasoft

Helping developers build secure, tested APIs with confidence