Api Contract Tester

Turn OpenAPI specs into exhaustive, framework-ready test suites covering happy paths, edge cases, and security gaps.

Install
cmdop skills install agensi-api-contract-tester

Api Contract Tester is a skill that takes OpenAPI/Swagger specs, Postman collections, or raw code as input and generates comprehensive, runnable API test suites. It extracts endpoints, schemas, and constraints from those inputs, then produces tests that go beyond basic status-code checks. Constraint testing covers min/max value boundaries, regex patterns, and enum edge cases. Security-oriented tests are generated automatically, targeting missing authentication tokens, malformed JWTs, and unauthorized cross-user access scenarios. The skill also checks for breaking changes between API versions, flagging field removals and type shifts that would affect consumers.

Output targets include JavaScript and TypeScript frameworks — Jest, Vitest, Supertest, and Playwright — as well as Python test suites using Pytest with requests or httpx, and shell scripts using curl with inline assertions for DevOps pipelines. Each generated suite is accompanied by a Markdown-based coverage report spanning ten categories, including happy paths, authentication, and edge cases.

The skill is suited to teams who want to catch issues such as rate-limit header omissions, pagination boundary failures, SQL injection exposure, and internal stack trace leakage before code reaches production. It is not a live API execution engine; it generates test code for developers to run in their own environments. It does not replace a running test infrastructure or CI pipeline — it produces the code that feeds into one.

Use cases

  • Generate a Jest or Vitest test suite from an existing OpenAPI spec
  • Produce Pytest tests from a Postman collection for a Python backend
  • Create curl-based shell scripts for API smoke testing in a CI pipeline
  • Identify breaking changes between two versions of an API contract
  • Automatically generate auth edge-case tests for JWT and token validation
  • Get a Markdown coverage report across happy paths, auth, and boundary conditions

When to use it

  • When starting from an OpenAPI, Swagger, or Postman collection and needing runnable tests fast
  • When the goal is to cover security edge cases like missing tokens or cross-user access without writing them by hand
  • When targeting multiple test frameworks across JavaScript, Python, or shell environments
  • When validating that a new API version does not introduce breaking schema changes

When not to use it

  • When no API spec or Postman collection is available as input
  • When live test execution, result reporting, or CI orchestration is needed — this skill generates code, it does not run it
  • When the target framework is outside Jest, Vitest, Supertest, Playwright, Pytest, or curl
  • When working with non-HTTP protocols such as gRPC or GraphQL, which are not mentioned in the facts