AZANIR/qa-api-contract-curator
.cursor/skills/qa-api-contract-curator/SKILL.md
Manage and formalize API contracts from existing endpoints, swagger/JSON, network traffic, or developer interviews into OpenAPI specifications.
$ install --global
skillsauthnpx skillsauth add AZANIR/qa-skills qa-api-contract-curatorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:58 PM2.3s1 file scanned
SKILL.md
- name:
- qa-api-contract-curator
- description:
- Manage and formalize API contracts from existing endpoints, swagger/JSON, network traffic, or developer interviews into OpenAPI specifications.
- output_dir:
- docs/api-contracts
QA API Contract Curator
Purpose
Manage and formalize API contracts. Detect breaking changes, generate OpenAPI (OAS) specifications, and produce versioning rules. Transform disparate API information into a single, validated, version-controlled contract.
Input Sources
| Source | Description | How to Use | | ------ | ----------- | ---------- | | Existing endpoints | Live API or network traffic capture | Capture requests/responses via HAR, Postman, browser DevTools; infer schema from payloads | | Swagger/OpenAPI JSON/YAML | Existing spec files | Parse, validate, normalize to OpenAPI 3.x, fill gaps | | Developer interviews/descriptions | Natural language API descriptions | Extract endpoints, methods, parameters, responses; formalize into OAS | | Codebase analysis | Express routes, FastAPI endpoints, Spring controllers, etc. | Scan route definitions, decorators, DTOs; derive contract from implementation |
Workflow
- Collect endpoint data — Gather from one or more input sources; merge and deduplicate.
- Normalize into OpenAPI 3.x — Convert all data into a single OpenAPI 3.x specification (YAML preferred).
- Validate schema completeness — Ensure paths, schemas, parameters, and responses are documented; flag gaps.
- Detect breaking changes — Compare against previous version (if available); produce breaking change report.
- Generate request/response examples — Add realistic examples for each operation.
Output
- OpenAPI 3.x specification (YAML) — Single source of truth for the API contract
- Request/response examples — Per-operation examples for documentation and testing
- Versioning rules — Semantic versioning guidance, deprecation notes
- Breaking change report — When comparing versions: list of breaking changes with severity and migration notes
Breaking Change Detection
| Change Type | Description | Severity | | ----------- | ----------- | -------- | | Removed endpoints | Path or method no longer exists | Breaking | | Changed response schemas | Added/removed fields, type changes | Breaking or additive | | Modified required fields | New required field in request/response | Breaking | | Authentication changes | New auth requirement, changed scheme | Breaking | | Parameter changes | Removed/renamed path/query/header params | Breaking | | Status code changes | Success/error codes removed or redefined | Breaking | | Additive changes | New optional fields, new endpoints | Non-breaking |
See references/breaking-changes.md for catalog and mitigation strategies.
Feeds Into
- qa-supertest-writer — TypeScript/Node API tests from contract
- qa-httpx-writer — Python API tests from contract
- qa-pact-writer — Consumer-driven contract tests from OAS
Scope
Can do (autonomous):
- Generate OpenAPI 3.x from any supported input source
- Merge multiple sources into one spec
- Validate schema completeness and flag gaps
- Detect breaking changes vs previous version
- Generate request/response examples
- Document authentication schemes
- Define versioning strategy
Cannot do (requires confirmation):
- Modify production API implementation
- Change business logic or endpoint behavior
- Override stakeholder decisions on versioning
Will not do (out of scope):
- Implement API endpoints
- Deploy or modify live services
- Make business decisions about API design
Quality Checklist
Before delivering an OpenAPI specification:
- [ ] All endpoints are documented (paths, methods, parameters)
- [ ] Request/response examples provided for each operation
- [ ] Error responses defined (4xx, 5xx) where applicable
- [ ] Authentication documented (security schemes, scopes)
- [ ] Versioning strategy defined (info.version, deprecation notes)
- [ ] Schemas are complete (no
{}or placeholder types) - [ ] Breaking change report included when comparing versions
Troubleshooting
| Symptom | Likely Cause | Fix |
| ------- | ------------ | --- |
| Missing request/response schemas | Source has no examples | Infer from code DTOs, add placeholder schemas, ask for samples |
| Duplicate paths from multiple sources | Same API documented in different formats | Merge by path+method, reconcile differences, prefer most complete |
| Breaking changes false positives | Optional vs required misinterpreted | Verify required arrays; additive optional changes are non-breaking |
| Auth not documented | Source lacks auth info | Check codebase for middleware, add security at spec or operation level |
| Invalid OpenAPI output | Schema syntax errors | Validate with openapi-generator validate or Swagger Editor |
| Incomplete codebase extraction | Framework not recognized | Add framework-specific patterns to extraction logic; fall back to manual |
References
references/openapi-structure.md— OpenAPI 3.x specification structure with examplesreferences/breaking-changes.md— Catalog of breaking changes and mitigation strategies
Related Skills
AZANIR/qa-playswag
tools
VerifiedTrustedCommunity
Analyze OpenAPI/Swagger spec (JSON or YAML) against existing test files and generate an HTML coverage report with QA automation tasks. Use when user provides an OpenAPI spec file and wants to know test coverage status.
2SKILL.mdUpdated Apr 16, 2026
AZANIR/qa-plan-creator
testing
VerifiedTrustedCommunity
Universal QA plan generator supporting 10 plan types including test plans, sprint plans, regression plans, release plans, UAT plans, performance plans, migration plans, onboarding plans, and custom plans.
2SKILL.mdUpdated Apr 16, 2026
AZANIR/qa-pact-writer
development
VerifiedTrustedCommunity
Generate consumer-driven contract tests using Pact for JavaScript and Python to verify microservice API compatibility between consumer and provider.
2SKILL.mdUpdated Apr 16, 2026
AZANIR/qa-orchestrator
development
VerifiedTrustedCommunity
Master skill coordinating all QA skills through pipeline modes (full-cycle, docs-only, testcases-only, write-tests, report), formalized handoff chains, scheduler rules, and framework/language selection based on project context.
2SKILL.mdUpdated Apr 16, 2026