test-site

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Test Power Pages Site

测试Power Pages站点

Test a deployed, activated Power Pages site at runtime. Navigate the site in a browser, crawl all discoverable links, verify pages load correctly, capture network traffic to test API requests, and generate a comprehensive test report.

Prerequisite: This skill expects a deployed and activated Power Pages site. Run
/deploy-site
and
/activate-site
first if the site is not yet live.

在运行时测试已部署、已激活的Power Pages站点。在浏览器中导航站点，爬取所有可发现的链接，验证页面是否正确加载，捕获网络流量以测试API请求，并生成全面的测试报告。

前提条件： 此技能要求站点已部署并激活。如果站点尚未上线，请先运行
/deploy-site
和
/activate-site
。

Core Principles

核心原则

Non-destructive: This skill is read-only — it does not create, modify, or delete any files or data. It only observes the site via the browser.
API-first testing: The primary goal beyond page loads is verifying that all
```
/_api/
```
(Web API / OData) requests return successful responses.
User-controlled authentication: Never attempt to log in automatically. Always ask the user to log in via the browser window when authentication is required.
Bounded crawling: Cap page crawling at 25 pages to prevent infinite loops on sites with dynamic or paginated URLs.

Initial request: $ARGUMENTS

非破坏性：此技能为只读模式——不会创建、修改或删除任何文件或数据。仅通过浏览器观察站点。
API优先测试：除页面加载外，主要目标是验证所有
```
/_api/
```
（Web API / OData）请求均返回成功响应。
用户控制的身份验证：绝不尝试自动登录。当需要身份验证时，始终要求用户通过浏览器窗口登录。
有限爬取：页面爬取上限为25页，以防止站点存在动态或分页URL时出现无限循环。

初始请求： $ARGUMENTS

Phase 1: Resolve Site URL

阶段1：解析站点URL

Goal: Determine the live URL of the Power Pages site to test.

目标： 确定要测试的Power Pages站点的在线URL。

Actions

操作

1.1 Create Task List

1.1 创建任务列表

Create the full task list with all 6 phases before starting any work (see Progress Tracking table).

在开始任何工作之前，创建包含所有6个阶段的完整任务列表（请参阅进度跟踪表格）。

1.2 Check User Input

1.2 检查用户输入

If the user provided a URL in

$ARGUMENTS

Validate it starts with
```
https://
```
.
Store it as
```
SITE_URL
```
and skip to Phase 2.

如果用户在

$ARGUMENTS

中提供了URL：

验证其以
```
https://
```
开头。
将其存储为
```
SITE_URL
```
，并跳至阶段2。

1.3 Auto-Detect from Activation Status

1.3 从激活状态自动检测

If no URL was provided, attempt auto-detection:

Locate the project root by searching for

powerpages.config.json

**/powerpages.config.json

Run the activation status check script:

powershell

node "${CLAUDE_PLUGIN_ROOT}/scripts/check-activation-status.js" --projectRoot "<PROJECT_ROOT>"

Evaluate the JSON result:
- If
  activated
  is
  true
  and
  websiteUrl
  is present: Use
```
websiteUrl
```
  as
```
SITE_URL
```
  . Inform the user: "Detected your site URL: <websiteUrl>"
- If
  activated
  is
  false
  : Inform the user: "Your site is not yet activated. Please run
```
/activate-site
```
  first, then re-run this skill." Stop the skill.
- If
  error
  is present: Fall through to step 1.4.

如果未提供URL，尝试自动检测：

通过搜索

powerpages.config.json

找到项目根目录：

**/powerpages.config.json

运行激活状态检查脚本：

powershell

node "${CLAUDE_PLUGIN_ROOT}/scripts/check-activation-status.js" --projectRoot "<PROJECT_ROOT>"

评估JSON结果：
- 如果
  activated
  为
  true
  且存在
  websiteUrl
  ：将
```
websiteUrl
```
  用作
```
SITE_URL
```
  。通知用户：“检测到您的站点URL：<websiteUrl>”
- 如果
  activated
  为
  false
  ：通知用户：“您的站点尚未激活。请先运行
```
/activate-site
```
  ，然后重新运行此技能。” 停止技能。
- 如果存在
  error
  ：进入步骤1.4。

1.4 Ask the User

1.4 询问用户

If auto-detection failed or was inconclusive, use

AskUserQuestion

Question	Header	Options
What is the URL of the deployed Power Pages site you want to test? (e.g., https://contoso.powerappsportals.com)	Site URL	I'll paste the URL (description: Select "Other" below and paste your site URL), I don't know my URL (description: Run `/activate-site` to get your site URL, or check the Power Platform admin center)

Store the user-provided URL as

SITE_URL

如果自动检测失败或结果不明确，使用

AskUserQuestion

：

问题	标题	选项
您要测试的已部署Power Pages站点的URL是什么？（例如：https://contoso.powerappsportals.com）	站点URL	我将粘贴URL（描述：选择下方的“其他”并粘贴您的站点URL），我不知道我的URL（描述：运行 `/activate-site` 获取您的站点URL，或查看Power Platform管理中心）

将用户提供的URL存储为

SITE_URL

。

Output

输出

```
SITE_URL
```
resolved and ready for testing

```
SITE_URL
```
已解析完成，可用于测试

Phase 2: Launch Browser & Initial Load

阶段2：启动浏览器并初始加载

Goal: Open the site in a browser, verify the homepage loads, and capture baseline errors.

目标： 在浏览器中打开站点，验证主页是否加载，并捕获基线错误。

Actions

操作

2.1 Resize Browser

2.1 调整浏览器大小

Set the browser to a standard desktop viewport:

Use
```
browser_resize
```
with width: 1280, height: 720.

将浏览器设置为标准桌面视口：

使用
```
browser_resize
```
，参数为width: 1280, height: 720。

2.2 Navigate to Site

2.2 导航到站点

Use
```
browser_navigate
```
to open
```
SITE_URL
```
.

使用
```
browser_navigate
```
打开
```
SITE_URL
```
。

2.3 Wait for Page Load

2.3 等待页面加载

Use
```
browser_wait_for
```
with time: 5 seconds to allow the page to fully render (SPAs may need time for client-side routing and API calls).

使用
```
browser_wait_for
```
，参数为time: 5秒，允许页面完全渲染（单页应用可能需要时间进行客户端路由和API调用）。

2.4 Verify Homepage

2.4 验证主页

Use
```
browser_snapshot
```
to take an accessibility snapshot.
Check the snapshot for signs of a working page:
- Page has meaningful content (not blank, not a generic error page).
- Look for common error indicators: "404", "Page not found", "500", "Internal Server Error", "This site can't be reached".
If the page shows an error, report it to the user and ask whether to continue or stop.

使用
```
browser_snapshot
```
拍摄可访问性快照。
检查快照以确认页面是否正常工作：
- 页面包含有意义的内容（非空白页、非通用错误页）。
- 查找常见错误标识：“404”、“页面未找到”、“500”、“内部服务器错误”、“无法访问此站点”。
如果页面显示错误，向用户报告并询问是否继续或停止。

2.5 Capture Console Errors

2.5 捕获控制台错误

Use
```
browser_console_messages
```
with level: "error" to check for JavaScript errors on initial load.
Record any errors found — these will be included in the final report.

使用
```
browser_console_messages
```
，参数为level: "error"，检查初始加载时的JavaScript错误。
记录发现的任何错误——这些将包含在最终报告中。

2.6 Capture Initial Network Requests

2.6 捕获初始网络请求

Use
```
browser_network_requests
```
with includeStatic: false to capture the initial page load API calls.
Record any
```
/_api/
```
or OData requests and their status codes for Phase 5 analysis.

使用
```
browser_network_requests
```
，参数为includeStatic: false，捕获初始页面加载的API调用。
记录所有
```
/_api/
```
或OData请求及其状态码，供阶段5分析使用。

Output

输出

Browser launched at correct viewport size
Homepage loaded and verified via snapshot
Initial console errors and network requests recorded
If the homepage shows a login screen, noted for Phase 3

浏览器已启动并设置为正确的视口大小
主页已加载并通过快照验证
已记录初始控制台错误和网络请求
如果主页显示登录界面，已为阶段3做好标记

Phase 3: Authentication Check

阶段3：身份验证检查

Goal: Detect if the site requires authentication and handle login if needed. Power Pages sites can have two layers of authentication:

Private site gate — The entire site is private. Navigating to the site redirects to an identity provider (Azure AD B2C, etc.) before any site content is visible. The browser URL will typically change to a different domain (e.g.,
```
login.microsoftonline.com
```
,
```
*.b2clogin.com
```
).
Site-level authentication — The site is publicly accessible (homepage loads), but certain pages or features require a logged-in user with a specific web role. Indicated by "Sign in" / "Log in" links in the navigation, or pages that show restricted-access messages.

目标： 检测站点是否需要身份验证，并在需要时处理登录。Power Pages站点可能有两层身份验证：

私有站点网关 — 整个站点为私有。导航到站点会重定向到身份提供商（Azure AD B2C等），之后才能看到站点内容。浏览器URL通常会更改为不同的域（例如
```
login.microsoftonline.com
```
、
```
*.b2clogin.com
```
）。
站点级身份验证 — 站点可公开访问（主页可加载），但某些页面或功能需要具有特定Web角色的已登录用户。标识包括导航中的“登录”/“登入”链接，或显示受限访问消息的页面。

Actions

操作

3.1 Analyze Homepage Snapshot for Private Site Gate

3.1 分析主页快照以检查私有站点网关

Review the browser snapshot from Phase 2.4 and the current browser URL for signs of a private site redirect:

The page content shows an identity provider login form (Azure AD B2C, Azure AD, etc.)
The browser URL has changed to a different domain than
```
SITE_URL
```
(e.g.,
```
login.microsoftonline.com
```
,
```
*.b2clogin.com
```
, or a custom identity provider domain)
A 401/403 response was returned before any site content loaded
The page is blank or shows "Access denied" / "You do not have access" with no site navigation visible

查看阶段2.4中的浏览器快照和当前浏览器URL，寻找私有站点重定向的迹象：

页面内容显示身份提供商登录表单（Azure AD B2C、Azure AD等）
浏览器URL已更改为与
```
SITE_URL
```
不同的域（例如
```
login.microsoftonline.com
```
、
```
*.b2clogin.com
```
或自定义身份提供商域）
在加载任何站点内容之前返回了401/403响应
页面为空白或显示“拒绝访问”/“您没有访问权限”且无站点导航可见

3.2 Handle Private Site Gate

3.2 处理私有站点网关

If a private site gate is detected, use

AskUserQuestion

Question	Header	Options
This site is private — it redirected to an identity provider login page before any content could load. A browser window should be open showing the login page. Please log in there using credentials that have access to this site. Once you have successfully logged in and can see the site homepage, select "I have logged in" below.	Private Site Login	I have logged in (Recommended) — I've completed the login and can see the site, Cancel testing — Stop the test

If "I have logged in":

Use
```
browser_snapshot
```
to verify the user is now on the actual site (site content visible, navigation present, URL is back on the
```
SITE_URL
```
domain).
If still on the identity provider login page:
- Use
```
AskUserQuestion
```
  again: "It looks like the login hasn't completed yet. The browser should still be open — please complete the login and try again."
- Repeat until login is confirmed or user cancels.
Once confirmed, re-run Phase 2.5 and 2.6 (capture console errors and network requests on the now-loaded homepage).
Continue to step 3.3 to check for site-level authentication.

If "Cancel testing":

Stop the skill and inform the user they can re-run it after resolving access.

如果检测到私有站点网关，使用

AskUserQuestion

：

问题	标题	选项
此站点为私有——在加载任何内容之前已重定向到身份提供商登录页面。浏览器窗口应已打开并显示登录页面。请使用有权访问此站点的凭据在该处登录。成功登录并能看到站点主页后，选择下方的“我已登录”。	私有站点登录	我已登录（推荐）——我已完成登录并能看到站点, 取消测试——停止测试

如果选择“我已登录”：

使用
```
browser_snapshot
```
验证用户现在是否已进入实际站点（可见站点内容、导航，URL回到
```
SITE_URL
```
域）。
如果仍在身份提供商登录页面：
- 再次使用
```
AskUserQuestion
```
  ：“看起来登录尚未完成。浏览器窗口应仍处于打开状态——请完成登录后重试。”
- 重复此步骤，直到确认登录成功或用户取消。
重新运行阶段2.5和2.6（捕获现已加载的主页的控制台错误和网络请求）。
继续执行步骤3.3，检查站点级身份验证。

如果选择“取消测试”：

停止技能并通知用户，解决访问问题后可重新运行。

3.3 Analyze for Site-Level Authentication

3.3 分析站点级身份验证

After the homepage is loaded (either directly for public sites, or after passing the private site gate), review the snapshot for signs of site-level authentication:

"Sign in" / "Log in" / "Register" links or buttons in the site navigation
Pages that show "You must be signed in to view this page" or similar messages
Content that indicates some areas are restricted to authenticated users

主页加载完成后（对于公共站点直接加载，或通过私有站点网关后加载），查看快照以寻找站点级身份验证的迹象：

站点导航中的“登录”/“登入”/“注册”链接或按钮
显示“您必须登录才能查看此页面”或类似消息的页面
表明某些区域仅限已验证用户访问的内容

3.4 Handle Public Site (No Authentication Needed)

3.4 处理公共站点（无需身份验证）

If neither a private site gate nor site-level authentication indicators are found:

Inform the user: "Site is publicly accessible. Proceeding with page and API testing."
Skip to Phase 4.

如果未检测到私有站点网关或站点级身份验证迹象：

通知用户：“站点可公开访问。继续进行页面和API测试。”
跳至阶段4。

3.5 Handle Site-Level Authentication

3.5 处理站点级身份验证

If site-level authentication indicators are detected (login links in navigation, etc.), use

AskUserQuestion

Question	Header	Options
The site has a Sign in option, which means some pages or API calls may require authentication. A browser window should be open — you can click "Sign in" and log in with a user account that has the appropriate web role. Once you have successfully logged in, select "I have logged in" below.	Site Authentication	I have logged in (Recommended) — I've signed in through the site's login flow, Skip authenticated pages — Only test publicly accessible pages and APIs, Cancel testing — Stop the test

If "I have logged in":

Use
```
browser_snapshot
```
to verify the user is now logged in (login link replaced with user name/profile, or authenticated content is visible).
If the login form is still showing:
- Use
```
AskUserQuestion
```
  again: "It looks like the login hasn't completed yet. The browser should still be open — please complete the login and try again."
- Repeat until login is confirmed or user cancels.
Create an additional task for testing authenticated scenarios using
```
TaskCreate
```
:
Task subject activeForm Description
Test authenticated pages and APIs Testing authenticated scenarios Re-crawl site as logged-in user, verify auth-gated pages load and authenticated API calls succeed

Task subject	activeForm	Description
Test authenticated pages and APIs	Testing authenticated scenarios	Re-crawl site as logged-in user, verify auth-gated pages load and authenticated API calls succeed

If "Skip authenticated pages":

Note that only public pages will be tested. Some API calls may return 401/403 — these will be flagged but not treated as failures.
Do not create the authenticated testing task.
Continue to Phase 4.

If "Cancel testing":

Stop the skill and inform the user they can re-run it after resolving authentication.

如果检测到站点级身份验证迹象（导航中的登录链接等），使用

AskUserQuestion

：

问题	标题	选项
此站点有登录选项，这意味着某些页面或API调用可能需要身份验证。浏览器窗口应已打开——您可以点击“登录”并使用具有适当Web角色的用户账户登录。成功登录后，选择下方的“我已登录”。	站点身份验证	我已登录（推荐）——我已通过站点登录流程完成登录, 跳过已验证页面——仅测试可公开访问的页面和API, 取消测试——停止测试

如果选择“我已登录”：

使用
```
browser_snapshot
```
验证用户现在是否已登录（登录链接替换为用户名/个人资料，或可见已验证内容）。
如果仍显示登录表单：
- 再次使用
```
AskUserQuestion
```
  ：“看起来登录尚未完成。浏览器窗口应仍处于打开状态——请完成登录后重试。”
- 重复此步骤，直到确认登录成功或用户取消。

使用

TaskCreate

创建一个用于测试已验证场景的额外任务：

任务主题	activeForm	描述
测试已验证页面和API	测试已验证场景	以已登录用户身份重新爬取站点，验证受身份验证保护的页面是否加载，已验证的API调用是否成功

如果选择“跳过已验证页面”：

记录仅测试公共页面。某些API调用可能返回401/403——这些将被标记但不视为失败。
不创建已验证测试任务。
继续执行阶段4。

如果选择“取消测试”：

停止技能并通知用户，解决身份验证问题后可重新运行。

Output

输出

Authentication status resolved for both layers:
- Private site gate: passed, not needed, or cancelled
- Site-level auth: logged in, skipped, or not needed
If authenticated: additional task created for authenticated testing in Phase 5.6

已解决两层身份验证状态：
- 私有站点网关：已通过、不需要或已取消
- 站点级身份验证：已登录、已跳过或不需要
如果已验证：已为阶段5.6中的已验证测试创建额外任务

Phase 4: Crawl & Test Pages

阶段4：爬取并测试页面

Goal: Discover all navigable links on the site and verify each page loads correctly.

目标： 发现站点上所有可导航的链接，并验证每个页面是否正确加载。

Actions

操作

4.1 Discover Links from Current Page

4.1 从当前页面发现链接

Use

browser_evaluate

to extract all internal links:

javascript

() => {
  const links = Array.from(document.querySelectorAll('a[href]'));
  return links
    .map(a => a.href)
    .filter(href => href.startsWith(window.location.origin))
    .filter(href => !href.includes('#') || href.split('#')[0] !== window.location.href.split('#')[0])
    .map(href => href.split('#')[0])
    .filter((href, i, arr) => arr.indexOf(href) === i);
}

Present the discovered links to the user:

"Found X internal links on the homepage. Testing each page..."

使用

browser_evaluate

提取所有内部链接：

javascript

() => {
  const links = Array.from(document.querySelectorAll('a[href]'));
  return links
    .map(a => a.href)
    .filter(href => href.startsWith(window.location.origin))
    .filter(href => !href.includes('#') || href.split('#')[0] !== window.location.href.split('#')[0])
    .map(href => href.split('#')[0])
    .filter((href, i, arr) => arr.indexOf(href) === i);
}

向用户展示发现的链接：

“在主页上发现X个内部链接。正在测试每个页面...”

4.2 Test Each Page

4.2 测试每个页面

For each discovered URL, in sequence:

Navigate: Use
```
browser_navigate
```
to go to the URL.
Wait: Use
```
browser_wait_for
```
with time: 3 seconds for the page to render.
Snapshot: Use
```
browser_snapshot
```
to verify the page rendered content.
Check for errors: Look for error indicators in the snapshot (404, 500, blank page, error messages).
Console errors: Use
```
browser_console_messages
```
with level: "error" to check for JavaScript errors.
Discover new links: Use
```
browser_evaluate
```
(same script as 4.1) to find any new internal links not already in the queue.
Record result: URL, status (Pass/Fail), error count, notes.

对于每个发现的URL，依次执行：

导航：使用
```
browser_navigate
```
访问该URL。
等待：使用
```
browser_wait_for
```
，参数为time: 3秒，等待页面渲染。
快照：使用
```
browser_snapshot
```
验证页面是否渲染内容。
检查错误：在快照中查找错误标识（404、500、空白页、错误消息）。
控制台错误：使用
```
browser_console_messages
```
，参数为level: "error"，检查JavaScript错误。
发现新链接：使用
```
browser_evaluate
```
（与4.1相同的脚本）查找队列中未包含的新内部链接。
记录结果：URL、状态（通过/失败）、错误数量、备注。

4.3 Crawl Newly Discovered Links

4.3 爬取新发现的链接

Add any newly discovered links from step 4.2.6 to the test queue.
Continue testing until all links are visited or the 25-page cap is reached.
If the cap is hit, inform the user: "Reached the 25-page testing limit. Y additional links were discovered but not tested."

将步骤4.2.6中发现的新链接添加到测试队列。
继续测试，直到所有链接都已访问或达到25页上限。
如果达到上限，通知用户：“已达到25页测试限制。已发现Y个额外链接但未进行测试。”

4.4 Record Page Test Results

4.4 记录页面测试结果

Build a results list tracking:

URL tested
Load status (Pass / Fail)
Number of console errors
Notes (error messages, blank page, redirect, etc.)

构建结果列表，跟踪：

已测试的URL
加载状态（通过/失败）
控制台错误数量
备注（错误消息、空白页、重定向等）

Output

输出

All discoverable pages crawled (up to 25)
Pass/fail status recorded for each page
New links discovered during crawl added to results

所有可发现的页面已爬取（最多25页）
已记录每个页面的通过/失败状态
爬取过程中发现的新链接已添加到结果中

Phase 5: Test API Requests

阶段5：测试API请求

Goal: Capture and analyze all API requests made by the site to verify they are working.

目标： 捕获并分析站点发出的所有API请求，验证其是否正常工作。

Actions

操作

5.1 Revisit Data-Driven Pages

5.1 重新访问数据驱动页面

Navigate back to pages that are likely to make API calls — pages with dynamic content such as data tables, lists, forms, or dashboards. Prioritize pages where

/_api/

requests were observed in Phase 2.6 or Phase 4.

For each data-driven page:

Use
```
browser_navigate
```
to go to the page.
Use
```
browser_wait_for
```
with time: 5 seconds to allow API calls to complete.

导航回可能会发出API调用的页面——包含动态内容的页面，如表、列表、表单或仪表板。优先选择阶段2.6或阶段4中观察到

/_api/

请求的页面。

对于每个数据驱动页面：

使用
```
browser_navigate
```
访问该页面。
使用
```
browser_wait_for
```
，参数为time: 5秒，等待API调用完成。

5.2 Capture Network Requests

5.2 捕获网络请求

Use
```
browser_network_requests
```
with includeStatic: false to get all network requests.
Filter for API requests matching these patterns:
- ```
/_api/
```
  — Power Pages Web API / OData endpoints
- ```
/api/
```
  — Custom API endpoints
- URLs containing
```
odata
```
  or
```
$filter
```
  ,
```
$select
```
  ,
```
$expand
```
  query parameters

使用
```
browser_network_requests
```
，参数为includeStatic: false，获取所有网络请求。
筛选符合以下模式的API请求：
- ```
/_api/
```
  — Power Pages Web API / OData端点
- ```
/api/
```
  — 自定义API端点
- 包含
```
odata
```
  或
```
$filter
```
  、
```
$select
```
  、
```
$expand
```
  查询参数的URL

5.3 Analyze API Responses

5.3 分析API响应

For each captured API request, evaluate:

Status Code	Category	Action
200, 201, 204	Pass	Valid successful response
304	Warning	Cached response — acceptable but note it
401	Fail	Unauthorized — missing or expired auth token
403	Fail	Forbidden — table permissions or site settings issue
404	Fail	Not found — incorrect entity set name or endpoint
500	Fail	Server error — internal Dataverse or plugin error
Other 4xx/5xx	Fail	Unexpected error

对于每个捕获的API请求，进行评估：

状态码	类别	操作
200, 201, 204	通过	有效的成功响应
304	警告	缓存响应——可接受但需记录
401	失败	未授权——缺少或过期的身份验证令牌
403	失败	禁止访问——表权限或站点设置问题
404	失败	未找到——实体集名称或端点不正确
500	失败	服务器错误——Dataverse内部错误或插件错误
其他4xx/5xx	失败	意外错误

5.4 Provide Actionable Guidance for Failures

5.4 为失败请求提供可行的指导

For each failed API request, provide specific remediation:

401 Unauthorized: "This endpoint requires authentication. If you skipped login in Phase 3, try re-running with authentication. Otherwise, check that the auth token is being passed correctly."
403 Forbidden on
/_api/
calls: "Check the following:\n 1. Table permissions — Ensure a table permission exists for this table with the correct scope and privileges (Read, Write, etc.) assigned to the appropriate web role.\n 2. Site settings — Verify
```
Webapi/<tablename>/enabled
```
is set to
```
true
```
and
```
Webapi/<tablename>/fields
```
lists the required columns (exact Dataverse LogicalNames, all lowercase, comma-separated). If the failing request uses aggregate OData (
```
$apply
```
,
```
aggregate
```
, grouped totals), set
```
Webapi/<tablename>/fields
```
to
```
*
```
.\n 3. Web role assignment — Confirm the authenticated user has the correct web role assigned."
404 Not Found: "Verify the entity set name (should be the plural form of the table logical name). Check that the table exists in Dataverse and is published."
500 Internal Server Error: "Enable the
```
Webapi/error/innererror
```
site setting (set to
```
true
```
) to get detailed error messages. Redeploy and retest to see the inner error details."

对于每个失败的API请求，提供具体的修复建议：

401未授权：“此端点需要身份验证。如果您在阶段3中跳过了登录，请尝试重新运行并进行身份验证。否则，请检查是否正确传递了身份验证令牌。”
403禁止访问（针对
/_api/
调用）：“请检查以下内容：\n 1. 表权限——确保为此表存在表权限，并为适当的Web角色分配了正确的范围和权限（读取、写入等）。\n 2. 站点设置——验证
```
Webapi/<tablename>/enabled
```
是否设置为
```
true
```
，以及
```
Webapi/<tablename>/fields
```
是否列出了所需列（准确的Dataverse逻辑名称，全小写，逗号分隔）。如果失败的请求使用了聚合OData（
```
$apply
```
、
```
aggregate
```
、分组总计），请将
```
Webapi/<tablename>/fields
```
设置为
```
*
```
。\n 3. Web角色分配——确认已验证用户已分配正确的Web角色。”
404未找到：“验证实体集名称（应为表逻辑名称的复数形式）。检查Dataverse中是否存在该表并已发布。”
500内部服务器错误：“启用
```
Webapi/error/innererror
```
站点设置（设置为
```
true
```
）以获取详细错误消息。重新部署并重新测试以查看内部错误详细信息。”

5.5 Test Form Submissions (Optional)

5.5 测试表单提交（可选）

If forms are detected on any page (via

browser_snapshot

showing form elements), ask the user before interacting:

Question	Header	Options
I found forms on the site that may trigger API calls when submitted. Should I attempt to interact with these forms to test the POST/PATCH API endpoints? Note: this may create or modify data in your Dataverse environment.	Form Testing	Yes, test form submissions — I understand this may create test data, Skip form testing (Recommended) — Only test read-only API calls

If "Yes":

Use
```
browser_click
```
to interact with form submit buttons.
Use
```
browser_wait_for
```
to wait for the form response.
Use
```
browser_network_requests
```
to capture the resulting POST/PATCH requests.
Analyze responses using the same criteria as 5.3.

If "Skip": Continue to Phase 5.6 (or Phase 6 if no authenticated testing task was created).

如果在任何页面上检测到表单（通过

browser_snapshot

显示表单元素），在交互前询问用户：

问题	标题	选项
我在站点上发现了表单，提交时可能会触发API调用。我是否应尝试与这些表单交互以测试POST/PATCH API端点？注意：这可能会在您的Dataverse环境中创建或修改数据。	表单测试	是，测试表单提交——我了解这可能会创建测试数据, 跳过表单测试（推荐）——仅测试只读API调用

如果选择“是”：

使用
```
browser_click
```
与表单提交按钮交互。
使用
```
browser_wait_for
```
等待表单响应。
使用
```
browser_network_requests
```
捕获生成的POST/PATCH请求。
使用与5.3相同的标准分析响应。

如果选择“跳过”：继续执行阶段5.6（如果未创建已验证测试任务，则执行阶段6）。

Output

输出

All API endpoints discovered and tested
Pass/fail status with HTTP status codes recorded
Actionable remediation guidance provided for each failure

所有API端点已发现并测试
已记录通过/失败状态及HTTP状态码
为每个失败提供了可行的修复指导

5.6 Test Authenticated Scenarios (Only If User Logged In)

5.6 测试已验证场景（仅当用户已登录时）

Skip this step entirely if the user chose "Skip authenticated pages" in Phase 3.5, or if no site-level authentication was detected in Phase 3.3.

Goal: Re-crawl the site as an authenticated user to discover and test pages and API calls that are only available after login.

Mark the "Test authenticated pages and APIs" task as

in_progress

如果用户在阶段3.5中选择“跳过已验证页面”，或在阶段3.3中未检测到站点级身份验证，请完全跳过此步骤。

目标： 以已登录用户身份重新爬取站点，发现并测试仅在登录后可用的页面和API调用。

将“测试已验证页面和API”任务标记为

in_progress

。

5.6.1 Discover Authenticated Pages

5.6.1 发现已验证页面

After login, the site navigation may show additional links that were hidden or restricted for anonymous users (e.g., profile pages, dashboards, admin panels, account management).

Navigate back to
```
SITE_URL
```
(homepage).
Use
```
browser_snapshot
```
to capture the authenticated navigation.
Use
```
browser_evaluate
```
(same link extraction script as Phase 4.1) to discover internal links.
Compare against the links already tested in Phase 4. Identify any new links that were not visible before authentication.

If new links are found, inform the user:

"Found X additional pages visible after login that were not accessible anonymously. Testing each page..."

登录后，站点导航可能会显示其他对匿名用户隐藏或受限的链接（例如个人资料页面、仪表板、管理面板、账户管理）。

导航回
```
SITE_URL
```
（主页）。
使用
```
browser_snapshot
```
捕获已验证的导航。
使用
```
browser_evaluate
```
（与阶段4.1相同的链接提取脚本）发现内部链接。
与阶段4中已测试的链接进行比较。识别任何在身份验证前不可见的新链接。

如果发现新链接，通知用户：

“登录后发现X个额外页面，这些页面在匿名状态下无法访问。正在测试每个页面...”

5.6.2 Test Authenticated Pages

5.6.2 测试已验证页面

For each newly discovered link, follow the same test procedure as Phase 4.2:

Navigate, wait, snapshot, check for errors, capture console errors.
Record results separately as authenticated page tests.
Respect the same 25-page cap (counting pages already tested in Phase 4).

对于每个新发现的链接，遵循与阶段4.2相同的测试流程：

导航、等待、快照、检查错误、捕获控制台错误。
将结果单独记录为已验证页面测试。
遵循相同的25页上限（计入阶段4中已测试的页面）。

5.6.3 Test Authenticated API Calls

5.6.3 测试已验证API调用

For each authenticated page that makes

/_api/

requests:

Use
```
browser_network_requests
```
with includeStatic: false to capture API calls.
Compare against API calls captured in Phase 5 — identify any new endpoints or endpoints that previously returned 401/403 and now succeed.
Analyze responses using the same criteria as Phase 5.3.

对于每个发出

/_api/

请求的已验证页面：

使用
```
browser_network_requests
```
，参数为includeStatic: false，捕获API调用。
与阶段5中捕获的API调用进行比较——识别任何新端点或之前返回401/403现在已成功的端点。
使用与阶段5.3相同的标准分析响应。

5.6.4 Record Results

5.6.4 记录结果

Record authenticated test results separately so Phase 6 can report them in a distinct section:

Authenticated pages discovered and tested (count, pass/fail)
Authenticated API calls (count, pass/fail, any endpoints that changed from fail to pass after login)

Mark the "Test authenticated pages and APIs" task as

completed

单独记录已验证测试结果，以便阶段6可以在单独的部分中报告：

已发现并测试的已验证页面（数量、通过/失败）
已验证API调用（数量、通过/失败、登录后从失败变为成功的任何端点）

将“测试已验证页面和API”任务标记为

completed

。

Output

输出

Authenticated pages crawled and tested
Authenticated API endpoints captured and analyzed
Results recorded separately for the test report

已爬取并测试已验证页面
已捕获并分析已验证API端点
已单独记录结果用于测试报告

Phase 6: Generate Test Report

阶段6：生成测试报告

Goal: Present a comprehensive summary of all test results and suggest next steps.

目标： 呈现所有测试结果的综合摘要，并建议后续步骤。

Actions

操作

6.1 Record Skill Usage

6.1 记录技能使用情况

Reference:

${CLAUDE_PLUGIN_ROOT}/references/skill-tracking-reference.md

Follow the skill tracking instructions in the reference to record this skill's usage. Use

--skillName "TestSite"

参考：

${CLAUDE_PLUGIN_ROOT}/references/skill-tracking-reference.md

按照参考中的技能跟踪说明记录此技能的使用情况。使用

--skillName "TestSite"

。

6.2 Present Page Test Results

6.2 呈现页面测试结果

Present results in a clear table:

undefined

以清晰的表格呈现结果：

undefined

Page Test Results

页面测试结果

#	URL	Status	Console Errors	Notes
1	/	Pass	0	Homepage loaded successfully
2	/about	Pass	0
3	/products	Pass	2	Minor JS warnings
4	/admin	Fail	1	403 Forbidden

Pages tested: 4/4 | Passed: 3 | Failed: 1

undefined

#	URL	状态	控制台错误	备注
1	/	通过	0	主页加载成功
2	/about	通过	0
3	/products	通过	2	轻微JS警告
4	/admin	失败	1	403禁止访问

已测试页面：4/4 | 通过：3 | 失败：1

undefined

6.3 Present API Test Results

6.3 呈现API测试结果

undefined

undefined

API Test Results

API测试结果

#	Endpoint	Method	Status	Notes
1	/_api/cr4fc_products	GET	200 OK	12 records returned
2	/_api/cr4fc_categories	GET	200 OK	3 records returned
3	/_api/cr4fc_orders	GET	403 Forbidden	Missing table permissions

API endpoints tested: 3 | Passed: 2 | Failed: 1


If no API requests were captured, note: "No API requests (`/_api/` or OData) were detected during testing. This site may not use the Web API, or API calls may require specific user interactions to trigger."

#	端点	方法	状态	备注
1	/_api/cr4fc_products	GET	200 OK	返回12条记录
2	/_api/cr4fc_categories	GET	200 OK	返回3条记录
3	/_api/cr4fc_orders	GET	403禁止访问	缺少表权限

已测试API端点：3 | 通过：2 | 失败：1


如果未捕获到API请求，记录：“测试期间未检测到API请求（`/_api/`或OData）。此站点可能未使用Web API，或API调用可能需要特定的用户交互才能触发。”

6.4 Present Authenticated Test Results (If Applicable)

6.4 呈现已验证测试结果（如适用）

If Phase 5.6 was executed, present results in separate tables:

undefined

如果执行了阶段5.6，在单独的表格中呈现结果：

undefined

Authenticated Page Test Results

已验证页面测试结果

#	URL	Status	Console Errors	Notes
1	/profile	Pass	0	User profile loaded
2	/dashboard	Pass	1	Minor JS warning
3	/admin/settings	Fail	0	403 Forbidden — insufficient web role

Authenticated pages tested: 3 | Passed: 2 | Failed: 1

undefined

#	URL	状态	控制台错误	备注
1	/profile	通过	0	用户个人资料已加载
2	/dashboard	通过	1	轻微JS警告
3	/admin/settings	失败	0	403禁止访问——Web角色权限不足

已测试已验证页面：3 | 通过：2 | 失败：1

undefined

Authenticated API Test Results

已验证API测试结果

#	Endpoint	Method	Status	Notes
1	/_api/cr4fc_orders	GET	200 OK	Previously 403 — now accessible after login
2	/_api/cr4fc_userprofiles	GET	200 OK	Only visible after auth

Authenticated API endpoints tested: 2 | Passed: 2 | Failed: 0


If no additional pages or APIs were discovered after login, note: "No additional pages or API endpoints were found after authentication. The authenticated user sees the same content as an anonymous visitor."

#	端点	方法	状态	备注
1	/_api/cr4fc_orders	GET	200 OK	之前为403——登录后现在可访问
2	/_api/cr4fc_userprofiles	GET	200 OK	仅在身份验证后可见

已测试已验证API端点：2 | 通过：2 | 失败：0


如果登录后未发现其他页面或API，记录：“身份验证后未发现其他页面或API端点。已验证用户看到的内容与匿名访问者相同。”

6.5 Present Overall Summary

6.5 呈现总体摘要

undefined

undefined

Overall Test Summary

总体测试摘要

Category	Tested	Passed	Failed	Warnings
Pages (public)	4	3	1	0
Pages (authenticated)	3	2	1	0
API Endpoints (public)	3	2	1	0
API Endpoints (auth)	2	2	0	0
Console Errors	—	—	—	2

Overall: X/Y checks passed


If authenticated testing was skipped, omit the authenticated rows from the table.

类别	已测试	通过	失败	警告
页面（公共）	4	3	1	0
页面（已验证）	3	2	1	0
API端点（公共）	3	2	1	0
API端点（已验证）	2	2	0	0
控制台错误	—	—	—	2

总体：X/Y项检查通过


如果跳过了已验证测试，从表格中省略已验证行。

6.6 Present Recommendations

6.6 呈现建议

For each failure, reiterate the specific remediation guidance from Phase 5.4. Group recommendations by category:

Table permissions issues →
```
/create-webroles
```
or manually configure table permissions

Site settings issues → Check

Webapi/<table>/enabled

and

Webapi/<table>/fields

settings

Authentication issues →
```
/setup-auth
```
Missing endpoints → Verify table exists in Dataverse via
```
/setup-datamodel
```
Server errors → Enable
```
Webapi/error/innererror
```
site setting for diagnostics

对于每个失败，重申阶段5.4中的具体修复指导。按类别分组建议：

表权限问题 →
```
/create-webroles
```
或手动配置表权限

站点设置问题 → 检查

Webapi/<table>/enabled

和

Webapi/<table>/fields

设置

身份验证问题 →
```
/setup-auth
```
缺少端点 → 通过
```
/setup-datamodel
```
验证Dataverse中是否存在该表
服务器错误 → 启用
```
Webapi/error/innererror
```
站点设置以进行诊断

6.7 Close Browser

6.7 关闭浏览器

Use
```
browser_close
```
to clean up the browser session.

使用
```
browser_close
```
清理浏览器会话。

6.8 Suggest Next Steps

6.8 建议后续步骤

Based on the test results, suggest relevant skills:

If API failures were found:
```
/integrate-webapi
```
— Fix Web API site settings and table permissions
If authentication issues:
```
/setup-auth
```
— Configure authentication providers
If pages had errors: Review the site code and redeploy with
```
/deploy-site
```
If all tests passed: Site is working correctly! Consider
```
/add-seo
```
for search engine optimization

根据测试结果，建议相关技能：

如果发现API失败：
```
/integrate-webapi
```
— 修复Web API站点设置和表权限
如果存在身份验证问题：
```
/setup-auth
```
— 配置身份验证提供商
如果页面存在错误：查看站点代码并使用
```
/deploy-site
```
重新部署
如果所有测试通过：站点运行正常！考虑使用
```
/add-seo
```
进行搜索引擎优化

Output

输出

Comprehensive test report presented with pass/fail for pages and APIs
Actionable recommendations for each failure
Browser session closed
Next steps suggested

已呈现综合测试报告，包含页面和API的通过/失败状态
已为每个失败提供可行的建议
浏览器会话已关闭
已建议后续步骤

Important Notes

重要说明

Throughout All Phases

所有阶段通用

Use TaskCreate/TaskUpdate to track progress at every phase
This skill is read-only — it does not modify any files or data
Never attempt to log in on behalf of the user — always ask them to log in via the browser window
Present errors clearly — when a page or API fails, include the specific URL and error details

使用TaskCreate/TaskUpdate在每个阶段跟踪进度
此技能为只读——不会修改任何文件或数据
绝不代表用户登录——始终要求用户通过浏览器窗口登录
清晰呈现错误——当页面或API失败时，包含具体的URL和错误详细信息

Key Decision Points

关键决策点

Phase 1.3: If the site is not activated, stop and redirect to
```
/activate-site
```
Phase 1.4: If no URL can be auto-detected, must ask the user
Phase 3.2: If the site is private (redirects to identity provider), must ask the user to log in — cannot bypass
Phase 3.5: If site-level authentication is available, must ask the user whether to log in or skip — cannot auto-login
Phase 4.3: Stop crawling at 25 pages to prevent infinite loops
Phase 5.5: Before interacting with forms (which may create/modify data), must get explicit user permission

阶段1.3：如果站点未激活，停止并重定向到
```
/activate-site
```
阶段1.4：如果无法自动检测到URL，必须询问用户
阶段3.2：如果站点为私有（重定向到身份提供商），必须要求用户登录——无法绕过
阶段3.5：如果提供站点级身份验证，必须询问用户是否登录或跳过——无法自动登录
阶段4.3：爬取到25页时停止，以防止无限循环
阶段5.5：在与表单交互（可能创建/修改数据）之前，必须获得用户明确许可

Progress Tracking

进度跟踪

Before starting Phase 1, create a task list with all phases using

TaskCreate

Task subject	activeForm	Description
Resolve site URL	Resolving site URL	Get URL from user input, activation status check, or context
Launch browser and verify initial load	Loading site in browser	Navigate to site, verify homepage loads, capture baseline errors
Check authentication requirements	Checking authentication	Detect if site requires auth, handle login if needed
Crawl and test all pages	Crawling site pages	Discover links, navigate each page, verify loads, check console errors
Test API requests	Testing API endpoints	Capture network requests, verify API responses, analyze errors
Generate test report	Generating test report	Present summary of all pages and APIs tested, suggest next steps

Mark each task

in_progress

when starting it and

completed

when done via

TaskUpdate

Begin with Phase 1: Resolve Site URL

在开始阶段1之前，使用

TaskCreate

创建包含所有阶段的任务列表：

任务主题	activeForm	描述
解析站点URL	解析站点URL	从用户输入、激活状态检查或上下文获取URL
启动浏览器并验证初始加载	在浏览器中加载站点	导航到站点，验证主页加载，捕获基线错误
检查身份验证要求	检查身份验证	检测站点是否需要身份验证，在需要时处理登录
爬取并测试所有页面	爬取站点页面	发现链接，导航每个页面，验证加载，检查控制台错误
测试API请求	测试API端点	捕获网络请求，验证API响应，分析错误
生成测试报告	生成测试报告	呈现所有已测试页面和API的摘要，建议后续步骤

在开始阶段时将每个任务标记为

in_progress

，完成后通过

TaskUpdate

标记为

completed

。

从阶段1：解析站点URL开始