api-contract-testing
API Contract Testing
Scope Boundaries
- Use when API compatibility must be continuously validated between producers and consumers.
- Use proactively when schema/endpoint/protocol diffs exist but executable compatibility evidence is missing.
- Use when compatibility judgment is currently human-only and needs codified CI gates.
- Do not use for API schema design from scratch; use
api-design-*. - Do not use for end-to-end UI validation.
Goal
Catch contract drift before deployment impacts consumers.
Shared API Contract (Canonical)
- Use
../api-design-rest/references/api-governance-contract.mdas the canonical contract. - Optional consistency checks (only if your repository enforces manifest validation):
python3 ../api-design-rest/scripts/validate_api_contract.py --manifest <path/to/manifest.json>
- Use API contract-testing templates in
../api-design-rest/assets/. - Use transport decision reference:
../api-design-rest/references/transport-selection-matrix.md
- Keep compatibility states and approval gates aligned with the canonical contract.
Implementation Templates
- Contract test matrix template:
../api-design-rest/assets/api-contract-test-matrix-template.yaml
Inputs
- Provider API specification and implementation
- Consumer expectations and critical integration cases
- Versioning and deprecation policy constraints
- Transport mix and interaction modes under test (
sync,async,streaming,bidirectional_realtime)
Outputs
- Executable contract test suite definition
- Compatibility matrix by version and consumer
- Release gate criteria for contract compliance
Workflow
- Select high-risk consumer-provider interactions and define version scope.
- Encode executable contracts for success and failure semantics.
- Build compatibility matrix coverage across supported producer versions and transport modes.
- Include internal and external consumer classes when both are supported.
- Enforce CI blocking for incompatible changes on protected branches.
- Publish failing contracts with impacted consumers, owner, and rollback advice.
- Validate artifact compliance against the canonical API contract.
Quality Gates
- Critical contracts are executable and version-scoped.
- CI blocks on incompatible contract changes.
- Failure reports identify impacted consumers clearly.
- Deprecation paths include migration guidance and consumer ownership.
- Consumer matrix remains current as new integrations are added.
Failure Handling
- Stop integration/deployment gates when compatibility-breaking changes are unapproved.
- Stop integration/deployment gates when required consumer coverage is missing for supported versions.
- Escalate when contract ownership is ambiguous.
More from kentoshimizu/sw-agent-skills
graph-algorithms
Graph algorithm workflow for modeling entities/relations and selecting traversal, path, ordering, or flow strategies. Use when correctness or performance depends on graph representation and algorithm choice; do not use for schema-only modeling or deployment topology planning.
14bash-style-guide
Style, review, and refactoring standards for Bash shell scripting. Trigger when `.sh` files, files with `#!/usr/bin/env bash` or `#!/bin/bash`, or CI workflow blocks with `shell: bash` are created, modified, or reviewed and Bash-specific quality controls (quoting safety, error handling, portability, readability) must be enforced. Do not use for generic POSIX `sh`, PowerShell, or language-specific application style rules. In multi-language pull requests, run together with other applicable `*-style-guide` skills.
11architecture-clean-architecture
Clean Architecture workflow for enforcing dependency direction, stable domain boundaries, and use-case-centered application design. Use when teams must separate business rules from frameworks and delivery mechanisms; do not use for isolated module cleanup without boundary implications.
11powershell-style-guide
Style, review, and refactoring standards for PowerShell scripting. Trigger when `.ps1`, `.psm1`, `.psd1` files, or CI workflow blocks with `shell: pwsh` or `shell: powershell` are created, modified, or reviewed and PowerShell-specific quality controls (error handling, parameter validation, readability, operational safety) must be enforced. Do not use for Bash, generic POSIX `sh`, or language-specific application style rules. In multi-language pull requests, run together with other applicable `*-style-guide` skills.
10github-codeowners-management
Govern CODEOWNERS rules so review routing reflects real ownership and risk boundaries on GitHub. Use when repository ownership mapping or mandatory reviewer rules must be defined, updated, or audited; do not use for non-GitHub runtime architecture or data-layer design.
9security-authentication
Security workflow for authentication architecture, credential lifecycle, and session/token assurance. Use when login, identity proofing, MFA, or session security decisions are required; do not use for authorization policy design or non-security quality tuning.
9