api-contract-enforcement

Validates REST API implementations against OpenAPI 3.x specifications. Use when (1) Implementing or reviewing API endpoints, (2) Before deploying API changes to production, (3) Ensuring contract compliance between spec and implementation, or (4) Debugging API integration issues caused by contract mismatches. Works with Python (FastAPI/Flask) backends.

16 stars

bydiegosouzapw

View on GitHub Installation ↓

Best use case

api-contract-enforcement is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Teams using api-contract-enforcement should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/api-contract-enforcement/SKILL.md --create-dirs "https://raw.githubusercontent.com/diegosouzapw/awesome-omni-skill/main/skills/backend/api-contract-enforcement/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/api-contract-enforcement/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How api-contract-enforcement Compares

Feature / Agent	api-contract-enforcement	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

AI Agents for Coding

Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.

SKILL.md Source

# API Contract Enforcement Skill

Ensures REST API implementations strictly match OpenAPI 3.x specifications for routes, methods, payloads, and responses.

## Quick Start

Validate API implementation against spec:
```bash
python .claude/skills/api-contract-enforcement/scripts/validate_api_contract.py <openapi-spec.yaml> <backend-module>
```

Example:
```bash
python .claude/skills/api-contract-enforcement/scripts/validate_api_contract.py openapi.yaml myapp.main
```

## When to Use This Skill

Trigger this skill when:
- Implementing new REST endpoints (validate against spec before PR)
- Reviewing API changes or pull requests
- Before deploying to production (contract compliance gate)
- Debugging API integration failures (check for mismatches)
- Refactoring API endpoints (ensure contract unchanged)
- Updating OpenAPI spec (verify all endpoints match)

## Validation Process

### Step 1: Locate Artifacts

Ensure you have:
- **OpenAPI spec**: `openapi.yaml` or `openapi.json`
- **Backend module**: Python module containing the API app (e.g., `myapp.main`)

Common locations:
- OpenAPI spec: `api/openapi.yaml`, `docs/openapi.yaml`, or root
- Backend module: `main.py`, `app/main.py`, or similar entry point

### Step 2: Run Validation

Execute the validation script:
```bash
python .claude/skills/api-contract-enforcement/scripts/validate_api_contract.py <openapi-spec> <backend-module>
```

The script performs these validations:
- **Route/method/path validation**: Each OpenAPI path+method exists in implementation
- **Request payload validation**: Request body fields, types, and required constraints match
- **Response payload validation**: Response structure, types, and status codes match
- **Parameter validation**: Query/path/header parameters are correctly implemented

### Step 3: Review Results

Validation outputs:
```
PASS/FAIL: <overall status>
✓ GET /api/users - routes match
✗ POST /api/users - request body missing field 'email'
✓ GET /api/users/{id} - responses match

Contract Violations:
[Details of each mismatch]

Recommendations:
[Actionable fixes]
```

### Step 4: Fix Contract Violations

For each violation:

**Missing endpoint**: Implement the missing route/method in your backend
```python
@app.post("/api/users")  # Missing in implementation
def create_user(user: UserCreate):
    return user
```

**Request body mismatch**: Update implementation to match spec
```python
# Spec requires: email (required), name (optional)
class UserCreate(BaseModel):
    email: str  # This was missing
    name: Optional[str]
```

**Response mismatch**: Fix response structure or update spec
```python
# Spec expects {id, email, name}, implementation returns {id, email}
def get_user(user_id: int):
    return {"id": user_id, "email": "...", "name": "..."}  # Added 'name'
```

**Parameter mismatch**: Add or correct parameters in route definition
```python
@app.get("/api/users/{id}")  # Spec has required path parameter 'id'
def get_user(id: int):
    ...
```

### Step 5: Revalidate

Run validation again after fixes until all checks pass.

## Validation Rules

### Route/Method/Path Validation

Checks that every endpoint defined in OpenAPI spec is implemented:
- HTTP methods match (GET, POST, PUT, DELETE, etc.)
- URL paths match exactly (including parameters like `{id}`)
- Path parameters are properly declared in function signatures

**Example violation:**
- Spec: `GET /api/users/{id}`
- Impl: `GET /api/users/{user_id}`
- Issue: Path parameter name mismatch

### Request Payload Validation

Compares request body schemas with implementation:
- All required fields present in request model
- Field types match (string, integer, boolean, array, object)
- Nested structures correctly defined
- Validation rules (min/max length, patterns) considered warnings

**Example violation:**
- Spec requires: `email: string (required)`
- Impl: `email: string (optional)`
- Issue: Required field not enforced in implementation

### Response Payload Validation

Verifies response structure matches OpenAPI definitions:
- Response status codes documented
- Response body structure matches schema
- Field types consistent
- Nested objects correctly structured

**Example violation:**
- Spec returns: `{id, email, name, created_at}`
- Impl returns: `{id, email}`
- Issue: Missing fields in response

### Parameter Validation

Ensures query, path, and header parameters are correct:
- Required parameters present
- Optional parameters have defaults or nullable types
- Parameter types match

**Example violation:**
- Spec: `GET /api/items?limit=10&offset=0`
- Impl: `GET /api/items`
- Issue: Query parameters not implemented

## Common Issues and Solutions

### Missing Endpoint
**Error**: `Endpoint GET /api/missing not found in implementation`
**Fix**: Implement the endpoint or remove from spec

### Path Parameter Mismatch
**Error**: `Path parameter 'id' in spec vs 'user_id' in implementation`
**Fix**: Rename parameter to match spec or update spec

### Required Field Missing
**Error**: `Request body missing required field 'email'`
**Fix**: Add field to request model with required type

### Response Structure Mismatch
**Error**: `Response missing field 'created_at'`
**Fix**: Add field to response or update spec if field not needed

### Status Code Not Documented
**Error**: `Endpoint returns 401 but not in OpenAPI spec`
**Fix**: Add response for 401 status code in spec or fix auth

## Integration with Development Workflow

### Before PR Submission
```bash
# Run validation in CI/CD
python .claude/skills/api-contract-enforcement/scripts/validate_api_contract.py openapi.yaml myapp.main
# Exit code 0 on success, 1 on contract violation
```

### During Implementation
```bash
# Validate frequently to catch issues early
python .claude/skills/api-contract-enforcement/scripts/validate_api_contract.py openapi.yaml myapp.main
```

### After Spec Updates
```bash
# When OpenAPI spec changes, verify all endpoints still match
python .claude/skills/api-contract-enforcement/scripts/validate_api_contract.py openapi.yaml myapp.main
```

## Advanced Usage

### Specific Endpoints Only
Validate specific endpoint groups:
```python
# Modify script to filter by path prefix
python .claude/skills/api-contract-enforcement/scripts/validate_api_contract.py openapi.yaml myapp.main --path-prefix "/api/v2"
```

### Strict Mode
Fail on warnings (e.g., validation rules not implemented):
```bash
python .claude/skills/api-contract-enforcement/scripts/validate_api_contract.py openapi.yaml myapp.main --strict
```

### Output Format
Generate JSON for CI/CD integration:
```bash
python .claude/skills/api-contract-enforcement/scripts/validate_api_contract.py openapi.yaml myapp.main --format json
```

## Reference Materials

- [OPENAPI_BEST_PRACTICES.md](references/OPENAPI_BEST_PRACTICES.md): Guidelines for writing clear OpenAPI specs
- [FASTAPI_CONTRACT_PATTERNS.md](references/FASTAPI_CONTRACT_PATTERNS.md): Common patterns for contract-compliant FastAPI endpoints
- [VALIDATION_RULES.md](references/VALIDATION_RULES.md): Detailed explanation of all validation rules

## Framework Support

Currently supports:
- **FastAPI**: Automatic schema extraction from Pydantic models
- **Flask**: Manual route inspection (limited automatic validation)

For other frameworks, see [VALIDATION_RULES.md](references/VALIDATION_RULES.md) for manual validation guidance.

Related Skills

contract-review-pro

from diegosouzapw/awesome-omni-skill

专业合同审核 Skill，基于《合同审核方法论体系》提供合同类型指引和详细审核服务

add-bc-contract

from diegosouzapw/awesome-omni-skill

Add Contract for inter-BC communication using Provider pattern. Use when one Bounded Context needs to access data from another BC (e.g., Inventory needs Articles from Admin). Creates Contract interface, Provider implementation, and configuration.

u01874-handoff-contracting-for-marketing-and-storytelling

from diegosouzapw/awesome-omni-skill

Operate the "Handoff Contracting for marketing and storytelling" capability in production for marketing and storytelling workflows. Use when mission execution explicitly requires this capability and outcomes must be reproducible, policy-gated, and handoff-ready.

Smart Contracts

from diegosouzapw/awesome-omni-skill

Smart contracts are self-executing programs on blockchain. This guide covers Solidity basics, contract deployment, interaction, and frontend integration for building decentralized applications with au

Data Contracts

from diegosouzapw/awesome-omni-skill

A Data Contract is a formal agreement between a data producer (e.g., a microservice) and a data consumer (e.g., a data platform) that defines the structure, semantics, and quality of data being shared

Contract Testing Pact

from diegosouzapw/awesome-omni-skill

Contract testing validates that service consumers and providers agree on request/response expectations. Pact implements consumer-driven contracts (CDC) with shareable pact files and provider verificat

API Contracts Generator

from diegosouzapw/awesome-omni-skill

Génère des contrats API cohérents entre Frontend (Next.js) et Backend (NestJS) avec types synchronisés, validation standardisée et error handling uniforme. À utiliser lors de la création d'APIs, DTOs, types frontend/backend, ou quand l'utilisateur mentionne "API", "DTO", "types", "contract", "validation", "frontend-backend", "synchronisation".

api-contracts-and-zod-validation

from diegosouzapw/awesome-omni-skill

Generate Zod schemas and TypeScript types for forms, API routes, and Server Actions with runtime validation. Use this skill when creating API contracts, validating request/response payloads, generating form schemas, adding input validation to Server Actions or route handlers, or ensuring type safety across client-server boundaries. Trigger terms include zod, schema, validation, API contract, form validation, type inference, runtime validation, parse, safeParse, input validation, request validation, Server Action validation.

api-contracts-and-validation

from diegosouzapw/awesome-omni-skill

Define and validate API contracts using Zod

api-contract-validator

from diegosouzapw/awesome-omni-skill

Validates type contracts between TypeScript interfaces and Pydantic models. Detects field mismatches and type inconsistencies. Related: frontend-backend-mapper for endpoint discovery.

api-contract-validation

from diegosouzapw/awesome-omni-skill

Detect breaking changes in API contracts (OpenAPI/Swagger specs)

api-contract-testing

from diegosouzapw/awesome-omni-skill

Verifies API contracts between services using consumer-driven contracts, schema validation, and tools like Pact. Use when testing microservices communication, preventing breaking changes, or validating OpenAPI specifications.