Generating Test Cases and Scripts with Alibaba Baichuan Workflow – A Step‑by‑Step Guide

The article demonstrates how to use Alibaba Baichuan (百炼) workflow to create an intelligent agent that automatically generates test cases and corresponding test scripts for a web application.

1. Workflow Nodes

The workflow consists of several nodes:

Start/End Node : The start node defines the default variable query as the user‑provided prompt.

Knowledge‑Base Node : Retrieves product requirements from 测试需求文档.txt and learns the test case format from 测试用例书写指南.docx. The LLM knowledge is stored as vectors, which performs worse than embedding the data directly in the prompt.

Agent Node : Generates test cases, test data, API test scripts, and Playwright test scripts based on the retrieved knowledge.

2. System Prompts

你是一个专业的软件测试工程师。请根据以下提供的【获取需求】获取产品需求、按照${Retrieval_WeKy.result}生成各种情况下的测试用例。

**Role: 高级测试架构师**
**Profile**
- 专业从事复杂系统测试设计的质量保障专家
- 严谨细致，逻辑性强，风险敏感
- 精通多种测试设计方法，能够系统性构建完整的测试用例集
**任务目标** 为${Retrieval_55IM.result}功能生成完整的测试用例集。
**一、测试方法**
#### 基于传统的测试方法
- 等价类/边界值：针对输入域划分有效等价类和无效等价类，测试边界值
- 因果图：分析输入条件之间的逻辑关系，推导测试用例
- 决策表：处理复杂的业务规则和条件组合
- 用况：基于用户真实使用场景设计测试用例
- 状态树/状态表：测试系统状态转换的正确性
- 正交法：优化多因素组合测试用例数量
#### 基于质量的测试方法
- 功能性、可靠性、易用性、效率、安全性、可移植性、可维护性等维度的测试

3. User Prompts

**Role: 高级软件测试开发工程师**
**Profile**
- 基于测试用例和测试数据，智能筛选可使用 Python requests 类库实现的 API 自动化测试脚本
- 精通 Python requests、测试技术，擅长处理接口鉴权、参数化、数据驱动等场景
- 能将公共操作（如数据库清理、CSRF Token 获取、密码哈希、请求封装）封装为可复用子函数
**输入信息**
- 测试用例、测试数据
**任务目标** 生成基于 <code>requests</code> + <code>unittest</code> 的 API 自动化测试脚本，包含数据库清理、CSRF 处理、密码 SHA256 散列等要求。

**Role: 高级软件测试开发工程师**
**Profile**
- 基于测试用例和测试数据，智能筛选可使用 Playwright 框架实现的前端自动化测试脚本
- 精通 Playwright，擅长页面交互、表单验证、元素定位等场景
- 能将公共操作（如数据库清理、页面导航、表单填写、验证码获取）封装为可复用子函数
**输入信息**
- 测试用例、测试数据
**任务目标** 生成基于 <code>Playwright</code> + <code>pytest</code> 的前端自动化测试脚本，包含页面标题断言、错误信息校验等要求。

4. Test Data Design

The article provides a comprehensive CSV‑style test data specification covering registration, login, and password‑recovery scenarios. Each entry lists the input values (username, password, phone, email, etc.) and the expected outcome (success page title or specific error message). The data design follows MECE principles, boundary‑value analysis, equivalence partitioning, and combinatorial testing.

5. Python unittest + requests API Test Script

import unittest
import requests
import re
import hashlib
import pymysql
from parameterized import parameterized

REGISTER_URL = "http://127.0.0.1:8080/ChatGPTEbusiness/jsp/RegisterPage.jsp"
LOGIN_URL = "http://127.0.0.1:8080/ChatGPTEbusiness/jsp/LoginPage.jsp"
VERICODE_URL = "http://127.0.0.1:8080/ChatGPTEbusiness/jsp/VeriCodePage.jsp"
RECOVER_URL = "http://127.0.0.1:8080/ChatGPTEbusiness/jsp/RecoverPage.jsp"

class UserAuthTest(unittest.TestCase):
    @classmethod
    def setUpClass(cls):
        """Initialize DB connection and clear tables"""
        cls.db = pymysql.connect(host='localhost', user='root', password='123456', database='chatgptebusiness', charset='utf8mb4')
        cls.cursor = cls.db.cursor()
        cls.clear_database()

    @classmethod
    def tearDownClass(cls):
        cls.cursor.close()
        cls.db.close()

    @classmethod
    def clear_database(cls):
        """Truncate user, code and password tables"""
        cls.cursor.execute("TRUNCATE TABLE user")
        cls.cursor.execute("TRUNCATE TABLE code")
        cls.cursor.execute("TRUNCATE TABLE password")
        cls.db.commit()

    def get_csrf_token(self, url):
        """Extract CSRF token from the page HTML"""
        response = requests.get(url)
        match = re.search(r'<input type="hidden" id="csrftoken" name="csrftoken" value="([^"]+)"', response.text)
        if match:
            return match.group(1)
        raise Exception("CSRF Token not found in the page")

    def hash_password(self, password):
        return hashlib.sha256(password.encode('utf-8')).hexdigest()

    def post_request(self, url, data):
        data['csrftoken'] = self.get_csrf_token(url)
        return requests.post(url, data=data)

    def test_register_normal(self):
        self.__class__.clear_database()
        hashed = self.hash_password("Abc@12345")
        data = {'username':'user123','password':hashed,'confirmPassword':hashed,'phone':'13800138000','email':'[email protected]'}
        resp = self.post_request(REGISTER_URL, data)
        self.assertIn("注册成功，跳转至登录页面，标题为\"登录页面\"", resp.text)

    # Additional test methods for duplicate username/phone/email, login scenarios, and password‑recovery are defined similarly, each clearing the DB, preparing hashed data, sending POST requests, and asserting the expected backend messages.

6. Playwright + pytest UI Test Script

# -*- coding: utf-8 -*-
"""Playwright + pytest test suite for registration, login and password recovery"""
import pytest
from playwright.sync_api import sync_playwright, expect
import pymysql
import csv
import os

DB_CONFIG = {'host':'localhost','user':'root','password':'123456','database':'chatgptebusiness'}
TEST_DATA_DIR = 'test_data'
REG_DATA = os.path.join(TEST_DATA_DIR, 'registration_data.csv')
LOGIN_DATA = os.path.join(TEST_DATA_DIR, 'login_data.csv')
REC_CONTACT = os.path.join(TEST_DATA_DIR, 'recovery_contact_data.csv')
REC_DATA = os.path.join(TEST_DATA_DIR, 'recovery_data.csv')

class TestUserRegistration:
    @classmethod
    def setup_class(cls):
        cls.playwright = sync_playwright().start()
        cls.browser = cls.playwright.chromium.launch(headless=True)
        cls.context = cls.browser.new_context()
        cls.page = cls.context.new_page()
        cls.clear_database()
        cls.page.goto("http://localhost:3000/register")

    @classmethod
    def teardown_class(cls):
        cls.page.close()
        cls.context.close()
        cls.browser.close()
        cls.playwright.stop()

    @classmethod
    def clear_database(cls):
        conn = pymysql.connect(**DB_CONFIG)
        cur = conn.cursor()
        cur.execute("DELETE FROM user")
        cur.execute("DELETE FROM code")
        cur.execute("DELETE FROM password")
        conn.commit()
        conn.close()

    def fill_form(self, username, password, repassword, phone, email):
        self.page.fill('#username', username)
        self.page.fill('#password', password)
        self.page.fill('#confirmPassword', repassword)
        self.page.fill('#phone', phone)
        self.page.fill('#email', email)

    def submit(self):
        self.page.click('button[type="submit"]')
        self.page.wait_for_load_state('networkidle')

    def verify_success(self):
        expect(self.page).to_have_title("登录页面")

    def verify_failure(self, msg):
        errors = ['#usernameError','#passwordError','#confirmPasswordError','#phoneError','#emailError']
        for sel in errors:
            try:
                if msg in self.page.locator(sel).text_content():
                    return
            except:
                pass
        assert False, f"Expected error '{msg}' not found"

    def load_data(self):
        rows = []
        with open(REG_DATA, newline='', encoding='utf-8') as f:
            reader = csv.reader(f)
            next(reader)
            for r in reader:
                rows.append(r[:7])
        return rows

    @pytest.mark.parametrize('row', load_data.__func__())
    def test_registration(self, row):
        no, username, password, repassword, phone, email, expected = row
        self.fill_form(username, password, repassword, phone, email)
        self.submit()
        if "成功" in expected:
            self.verify_success()
        else:
            self.verify_failure(expected)

# Similar classes TestUserLogin and TestUserPasswordRecovery implement login and recovery flows, including CSRF token handling, SHA256 password hashing, database cleanup before each test, and assertions on page titles or error messages.

7. Cases Not Automatable via Backend API

The article lists numerous test cases that rely on front‑end validation (e.g., username length, password format, special‑character checks). Because these validations are performed by JavaScript before the request reaches the server, the backend cannot return the corresponding error messages. The author recommends manual testing or front‑end automation (Playwright) for these scenarios.

8. Code Quality and Best Practices

Use of parameterized / pytest.mark.parametrize for data‑driven testing.

Database cleanup before each test to ensure isolation.

Automatic CSRF token extraction and inclusion in POST data.

SHA256 hashing of passwords to match the application’s security model.

Clear separation of concerns: helper methods for navigation, form filling, request sending, and verification.

Comprehensive comments and logging for maintainability.

Overall, the guide provides a reproducible pipeline: define test requirements, let the Baichuan agent generate test cases and data, then translate them into executable API and UI test scripts while respecting security and data‑integrity constraints.