API Contract Validator
Validate API responses against OpenAPI/Swagger specifications, JSON Schema definitions, and consumer-driven contracts to prevent breaking changes
git clone --depth 1 https://github.com/PramodDutta/qaskills /tmp/api-contract-validator && cp -r /tmp/api-contract-validator/seed-skills/api-contract-validator ~/.claude/skills/api-contract-validatorSKILL.md
# API Contract Validator Skill
You are an expert QA engineer specializing in API contract validation. When the user asks you to write, review, or plan API contract tests, follow these detailed instructions to systematically verify that API responses conform to their published specifications, that backward compatibility is maintained across versions, and that consumer expectations are always met.
## Core Principles
1. **Contract as source of truth** -- The OpenAPI specification or JSON Schema definition is the authoritative contract between API provider and consumer. Every response field, status code, and header must match the spec exactly, not approximately.
2. **Backward compatibility by default** -- New API versions must not remove existing fields, change field types, or alter response structures without explicit versioning. Additive changes are safe; subtractive changes break consumers.
3. **Consumer-driven validation** -- Contracts should reflect what consumers actually use, not just what the provider documents. Consumer-driven contract testing ensures that provider changes do not break real consumer expectations.
4. **Schema-first development** -- Define the contract before writing implementation code. This ensures that tests validate intent rather than implementation, and that multiple teams can develop in parallel against a shared specification.
5. **Fail fast on drift** -- Contract validation must run in CI on every commit. The longer a contract violation goes undetected, the more consumers it affects and the harder it is to fix.
6. **Version everything** -- API versions, schema versions, and contract versions must be explicitly tracked. Tests should validate that the correct version is served and that version negotiation works correctly.
7. **Validate the complete response** -- Do not validate only the happy-path response body. Validate status codes, headers, content types, error response formats, pagination structures, and edge cases like empty collections.
## Project Structure
```
tests/
contracts/
openapi/
validate-responses.spec.ts # Validate responses against OpenAPI spec
validate-request.spec.ts # Validate request schemas
backward-compat.spec.ts # Backward compatibility checks
json-schema/
schema-validation.spec.ts # JSON Schema validation tests
schema-evolution.spec.ts # Schema change detection
consumer-driven/
consumer-contracts.spec.ts # Consumer-driven contract tests
pact-provider.spec.ts # Pact provider verification
graphql/
schema-validation.spec.ts # GraphQL schema validation
breaking-changes.spec.ts # GraphQL breaking change detection
fixtures/
api-client.ts # Typed API client helper
schema-loader.ts # Load and parse OpenAPI specs
contract-helpers.ts # Contract validation utilities
specs/
openapi.yaml # OpenAPI 3.x specification
schemas/ # JSON Schema definitions
user.schema.json
document.schema.json
error.schema.json
playwright.config.ts
```
## Configuration
```typescript
// tests/contracts/fixtures/schema-loader.ts
import * as fs from 'fs';
import * as path from 'path';
import * as yaml from 'js-yaml';
export interface OpenAPISpec {
openapi: string;
info: { title: string; version: string };
paths: Record<string, Record<string, PathOperation>>;
components: { schemas: Record<string, JSONSchema> };
}
export interface PathOperation {
operationId: string;
summary?: string;
parameters?: ParameterObject[];
requestBody?: RequestBodyObject;
responses: Record<string, ResponseObject>;
}
export interface JSONSchema {
type?: string;
properties?: Record<string, JSONSchema>;
required?: string[];
items?: JSONSchema;
enum?: unknown[];
format?: string;
minimum?: number;
maximum?: number;
minLength?: number;
maxLength?: number;
pattern?: string;
additionalProperties?: boolean | JSONSchema;
}
interface ParameterObject {
name: string;
in: string;
required?: boolean;
schema: JSONSchema;
}
interface RequestBodyObject {
required?: boolean;
content: Record<string, { schema: JSONSchema }>;
}
interface ResponseObject {
description: string;
content?: Record<string, { schema: JSONSchema }>;
headers?: Record<string, { schema: JSONSchema }>;
}
export function loadOpenAPISpec(specPath: string): OpenAPISpec {
const content = fs.readFileSync(specPath, 'utf-8');
if (specPath.endsWith('.yaml') || specPath.endsWith('.yml')) {
return yaml.load(content) as OpenAPISpec;
}
return JSON.parse(content);
}
export function loadJSONSchema(schemaPath: string): JSONSchema {
const content = fs.readFileSync(schemaPath, 'utf-8');
return JSON.parse(content);
}
export function getResponseSchema(
spec: OpenAPISpec,
path: string,
method: string,
statusCode: string
): JSONSchema | null {
const pathObj = spec.paths[path];
if (!pathObj) return null;
const operation = pathObj[method.toLowerCase()];
if (!operation) return null;
const response = operation.responses[statusCode] || operation.responses['default'];
if (!response?.content) return null;
const jsonContent = response.content['application/json'];
return jsonContent?.schema || null;
}
```
```typescript
// tests/contracts/fixtures/contract-helpers.ts
import Ajv, { ErrorObject } from 'ajv';
import addFormats from 'ajv-formats';
import { JSONSchema } from './schema-loader';
const ajv = new Ajv({ allErrors: true, strict: false });
addFormats(ajv);
export interface ValidationResult {
valid: boolean;
errors: ErrorObject[] | null;
summary: string;
}
export function validateAgainstSchema(
data: unknown,
schema: JSONSchema
): ValidationResult {
const validate = ajv.compile(schema);
const valid = validate(data) as boolean;
return {
valid,
errors: validate.errors || nullAutomated accessibility testing with axe-core integrated into CI pipelines, including custom rule configuration, issue prioritization, and remediation guidance.
Validating A/B test implementations including traffic splitting accuracy, statistical significance calculation, metric tracking, and experiment cleanup.
Comprehensive WCAG compliance and accessibility testing covering ARIA, keyboard navigation, screen readers, color contrast, and automated a11y validation.
Comprehensive WCAG 2.1 AA compliance testing combining automated axe-core scans with manual keyboard navigation, screen reader compatibility, and focus management verification
American Fuzzy Lop Plus Plus mutation-based fuzz testing for finding crashes, hangs, and security vulnerabilities in binary programs.
Fast Rust-based headless browser automation CLI with Node.js fallback for AI agents, featuring navigation, clicking, typing, snapshots, and structured commands optimized for agent workflows.
AI-first testing methodology where autonomous agents plan, generate, execute, and maintain test suites with minimal human intervention, covering agent orchestration, feedback loops, and intelligent test prioritization.
Comprehensive evaluation patterns for AI agents including multi-turn conversation testing, LLM-as-judge frameworks, benchmark suites, regression detection, and systematic eval pipelines for measuring agent quality and safety.