api-contract-auditlisted

Static OpenAPI contract audit - endpoint drift (spec vs code), schema drift, status-code mismatch, breaking-change detection vs previous spec version, versioning consistency, security scheme alignment, deprecation markers, Richardson Maturity L0-L3 scoring. Framework auto-gen for FastAPI, NestJS, Express+swagger-jsdoc, Next.js route handlers, Django REST.
marcoguillermaz/claude-dev-kit · ★ 3 · API & Backend · score 75

Install: claude install-skill marcoguillermaz/claude-dev-kit

## Scope for v1 - **Static analysis only.** Parses OpenAPI spec files on disk or auto-generated output captured from the running dev server. Does not execute request traffic against endpoints, does not diff runtime responses, does not validate live SLAs. - **Richardson Maturity Model L0-L3.** L0 (RPC over HTTP), L1 (resource URLs), L2 (correct HTTP verbs), L3 (HATEOAS). L3 detection is best-effort via response-schema inspection for `_links`, `rel`, `href`, JSON:API, or HAL patterns. - **Spec diff requires git history.** Breaking-change detection compares the current spec vs the previous committed version via `git show HEAD~1:<spec-path>`. Falls back to no-diff mode when git history is unavailable. --- ## Configuration (adapt before first run) > Replace these placeholders: > - `[OPENAPI_SPEC_PATH]` - location of the OpenAPI spec if committed on disk (e.g. `openapi.yaml`, `api/openapi.json`, `docs/openapi.yaml`). Leave empty to rely on framework auto-gen. > - `[API_SOURCE_PATH]` - path to API route handlers (e.g. `src/routes/`, `app/api/`, `src/controllers/`). > - `[DEV_SERVER_URL]` - optional, for framework auto-gen fallback (e.g. `http://localhost:3000`). Leave empty to skip runtime spec fetch. --- ## Step 0 - Target and mode resolution Parse `$ARGUMENTS` for `target:` and `mode:` tokens. | Pattern | Meaning | |---|---| | `target:spec:<path>` | Audit a specific spec file (`target:spec:api/v2.yaml`) | | `target:endpoint:<path>` | Audit a single endpoint path (`target:e