Keploy...what is it ? Who's behind it ?

About

"Shadowing" : the QA or the client can play themselves their scenarii. The developer can also record the API's endpoints (to build smoke tests)

Keploy captures networking traffic of the output calls towards external tools like Postgres, MySQL, Redis, Elastic-search etc

Keploy uses YAML encoding to check and read records

Functional testing tool acting as "Record & Test"

⚠️ Please note that Keploy v2 is currently in development, with the best experience on Linux. Docker support is experimental and may have some limitations for certain use cases.

Docker is integrated for network analysis

Supported sources for "Record & Test" feature

LLM to generate lines of code for unit test

Php is not supported for this feature

How to install, configure and use

curl --silent -O -L https://keploy.io/install.sh && source install.sh

Installation & configuration

Step 1 : traffic recording

1. # make start

2. # keploy record

3. We play our scenario in our app

Step 1: network traffic record

Rename the generated tests directory (001-homepage)

Many tests files with captures of the Request / Response

`mock.yaml` : record of external calls made during our tests, associated to Request / Response

Test snapshot

Snapshot of a Postgres mock

1. App start without data, only with services (PHP, DB...)
2. Keploy plays the Request from tests, by using mocks
3. Keploy make a Diff from each Response : Body, Header are compared
4. Each test has a date stamp to keep them in order

Step 2: play tests

# make stop

# keploy test

"Denoise": Keploy term to ignore variable content

Request use all of their Header, and "denoise" is applied only during testing, for the DIFFS

Step 2: play tests

Denoise configuration

Step 2: play tests

Why doing tests ?!

Ensuring quality & comfort

Publish new line of codes more frequently, with confidence

(non -regression tests)

Changes verified (in CI) before being merged.

Ease the edition tracking : are these changes useful ?

Documentation that shows how an application works.

Demo

Stack

Nelmio

Keploy

https://github.com/chadyred/keploy-php-symfony

Source code

Subject: Books & Library

Test 1: API Read - Simple Write

Test 2: HTML Login - Logout

Test 3: Book Creation Form

Test 4: Book Creation via SPA through API platform

Think Stateless

Sateless everywhere

To validate a Request/Response test:

1. Stateless CSRF: validate a test without a "variable" (HASH) token in the Request.

2. Statelass session: validate access from a Request keploy screenshot (aka record), using a known Token (aka "Authentication: Bearer TOKEN").

3. Stateless API (Platform): No sessions, use of token.

4. Assets without HASH / non-versioned: Possible but with consequences on browser cache.

api_platform:
  # ..
    defaults:
        stateless: true

framework:
    csrf_protection:
        stateless_token_ids:
            - authenticate
            - book-item

firewalls:
    main:
        provider: app_user_provider
        lazy: true
        stateless: true
        custom_authenticators:
            - App\Authenticator\SimpleStatelessAuthenticator

Stateless session & CSRF token

API content

VS

HTML content under test

HTML test with Keploy - Key strengths

• Regression quickly visible

• Re-record if new elements are added to the page: requests are replayed automatically on the application to create new Test & Mock snapshots.

• Tests are easy to perform: simply follow a post-feature / post-fix scenario.

HTML & Keploy - Drawbacks

• We check the entire page, not just a business element in the page, which could be sufficient to validate a test (e.g., "data-qa")
• TDD / SpecBDD is not possible; everything is done after writing code
• JS is not tested (SPA, PWA cannot be tested), we do not use a browser...but all their networking calls are tested
• Code review: lack of clarity between previous and present Responses with large HTML content, we can't immediately see what has changed
• We need to ensure that the scenario is properly executed during step record, without omissions by anyone

API & Keploy: key strengths

• Test our endpoints as a developer by using a tool such as ApiPlatform Admin, without writing code, and demonstrate that it works (Smoke test)

• OpenAPI format + Keploy = <3 can generate tests, which automatically track API changes without manual recording (Enterprise version, paid)

API & Keploy: Drawbacks

Testing only the API and its endpoints means we don't test the functionality (integration tests), hence the importance of automating it, just like using OpenAPI format (Enterprise version).

Limits

Documentation

On a case-by-case basis via Slack... Slack... Slack...

CI integration

Integrated PHP server ONLY

    command: "php -S 0.0.0.0:8000 -t public public/index.php -c docker/php/php.ini" 

Keploy is based on compiled binaries, executed directly, without a reverse proxy to manage Request / Response.

It listens only to a single Docker container, PHP must act "as a binary"

Gen test with AI...but not with PHP

Frontend - Hash variable

 {"/assets/packages/admin/app.js": "/assets/packages/admin/app-6l1pzHh.js"}

<script src="/build/runtime.5aacd888.js" defer></script>
<script src="/build/app.2eaee54d.js" defer></script>

.cleanupOutputBeforeBuild()

.enableVersioning(false)

AssetMapper

Webpack Encore

<script src="/build/runtime.js" defer></script>
<script src="/build/app.js" defer></script>

...`encore dev` ? `encore prod` ? No one !

Going further

Keploy Cloud - Early Access

http://localhost:8000/api/docs.jsonopenapi

# keploy-cloud generate-tests -c "path"

POST

PUT

GET

DELETE

PATCH

Generate tests + mocks from our JSON Schema, with Keploy CLOUD

Contribute

And why not...Make Symfony the first PHP tool compatible with Keploy #bundle ?

With an open-minded community easy to connect to with via Slack, we can quickly contribute in Go Lang.

• More OOP (for the Docker aspect, for example)
• Propose test generation via "keploy gen" for languages like Go, JS, Java, Python, RUST

Thanks for your attention

Any questions ?