API Contract Review Gate

What this collection sets up

This collection gives API teams a contract-review gate before release. It is not a starter kit for building endpoints. It focuses on compatibility evidence: what changed in the contract, whether schemas still validate, whether GraphQL changes are breaking, whether OpenAPI lint results are release-blocking, whether consumer Pact expectations still pass, and whether generated clients or server stubs reflect the approved contract.

Layers

1. Local drift and schema checks

• api-schema-drift-detector warns when an edited OpenAPI or JSON Schema file removes paths or required fields compared with the committed version.
• json-schema-validator validates JSON files against discovered schemas and catches syntax, shape, and integrity problems during edits.
• graphql-schema-validator validates GraphQL schema files and flags possible breaking changes before they reach review.

2. Contract audit and consumer verification

• spectral-openapi-contract-audit-capability-pack reviews OpenAPI contracts, Spectral rulesets, lint output, schema drift, CI gates, and API release readiness.
• api-contract-check runs Pact consumer-driven provider verification so real recorded consumer expectations are checked before a provider change ships.

3. Generation after approval

• openapi-generator creates clients, server stubs, documentation, schemas, and configuration from OpenAPI specs after the source contract has passed review.

Suggested order

Install the local drift and schema hooks first so breaking changes surface while contracts are being edited. Add the Spectral audit skill to review OpenAPI rulesets, lint results, references, and release impact. Run the Pact contract check when consumers publish contracts or when a provider change might break recorded interactions. Use OpenAPI Generator last, after the source contract has been approved, and review the generated diff as application code.

Review checklist

• {"task": "Source of truth is named", "description": "The reviewed OpenAPI, JSON Schema, GraphQL, or Pact contract has an owner and compatibility policy"}
• {"task": "Breaking changes are classified", "description": "Removed paths, removed required fields, enum changes, type removals, and response-shape changes are reviewed"}
• {"task": "Validator output is reproducible", "description": "Spectral, AJV, GraphQL, Pact, and generator versions or commands are recorded"}
• {"task": "Examples are safe", "description": "Request, response, and provider-state examples do not expose secrets or customer data"}
• {"task": "Generated output is reviewed", "description": "Clients, stubs, docs, and schema artifacts are checked for auth, retries, validation, and destructive operations"}
• {"task": "Consumers are accounted for", "description": "Known clients, SDKs, downstream teams, and deprecation paths are covered before release"}

Source and references

• OpenAPI Specification: https://spec.openapis.org/oas/latest.html
• Stoplight Spectral source: https://github.com/stoplightio/spectral/blob/v6.15.0/README.md
• Pact documentation: https://docs.pact.io/
• OpenAPI Generator installation docs: https://openapi-generator.tech/docs/installation/
• JSON Schema core specification: https://json-schema.org/draft/2020-12/json-schema-core
• AJV documentation: https://ajv.js.org/
• GraphQL specification: https://spec.graphql.org/October2021/

Duplicate check

Checked existing collections, commands, hooks, skills, tools, open PRs, closed PRs, and issue history for api-contract-review-gate, API contract review, API contract gate, OpenAPI drift, Spectral, Pact, JSON Schema, GraphQL schema, OpenAPI Generator, and schema compatibility. api-development-starter-kit is a broad beginner-oriented API building and documentation collection. This entry is narrower and release-focused: it bundles contract validation, compatibility review, consumer verification, and generation from approved specs.

Disclosure

Editorial collection. No paid placement or affiliate link is used.