Local-first API compatibility platform for detecting breaking OpenAPI changes, scoring client impact, and generating CI-ready reports.
API Contract Guardian compares two OpenAPI specifications—a baseline (production or main) and a candidate (PR or branch)—and produces a structured compatibility report.
It answers:
- What changed in the API contract?
- Is the change breaking, risky, or safe?
- Which clients may be affected?
- How severe is the deployment risk?
- Should CI pass or fail?
This project runs locally. The web UI is not hosted by default. Clone the repository, run the setup commands, start the server, and open the local URL in your browser.
Default local URL: http://127.0.0.1:8000
- Deterministic breaking-change detection (38+ rules)
- Indexed OpenAPI comparison for efficient analysis
- Client impact analysis from usage contracts
- Traffic-aware explainable risk scoring (0–100)
- JSON, Markdown, HTML, and PR comment reports
- CLI, REST API, and browser-based UI
- Evaluation suite with precision, recall, and F1 metrics
- GitHub Actions workflow example
flowchart LR
Old[Baseline Spec] --> Loader[Loader]
New[Candidate Spec] --> Loader
Loader --> Normalizer[Normalizer]
Normalizer --> Rules[Rule Engine]
Rules --> Impact[Client Impact]
Impact --> Risk[Risk Scorer]
Risk --> Reports[Reports]
Reports --> UI[Local Web UI]
Reports --> CLI[CLI]
CLI --> CI[GitHub Actions]
Breaking-change classification is rule-based and deterministic. Optional LLM integration (if configured) rewrites explanations only—it does not change severity or invent findings.
| Layer | Technology |
|---|---|
| Language | Python 3.12 |
| API / UI | FastAPI, Uvicorn, Jinja2 |
| Data | SQLite (SQLModel) |
| CLI | Typer |
| OpenAPI | PyYAML, openapi-schema-validator |
| Testing | pytest, ruff |
api-contract-guardian/
├── api_contract_guardian/ # Core package
│ ├── openapi/ # Loader, ref resolver, normalizer
│ ├── engine/ # Rules, risk scoring, client impact
│ ├── explainers/ # Report explanations
│ ├── reports/ # JSON / MD / HTML generators
│ ├── storage/ # SQLite persistence
│ ├── web/ # Jinja2 UI templates
│ └── cli.py # api-guardian CLI
├── examples/
│ ├── specs/ # Sample OpenAPI specs
│ ├── clients/ # Client usage contracts
│ ├── traffic/ # Endpoint traffic CSVs
│ ├── evaluation_cases/ # Labeled test cases
│ └── reports/ # Committed sample reports
├── docs/ # Architecture, CI, user guide
├── tests/
├── scripts/
└── .github/workflows/ # CI workflow
Requirements: Python 3.12, macOS/Linux/WSL
git clone https://github.com/Rusha304/api-contract-guardian.git
cd api-contract-guardian
make setupThis creates a virtual environment, installs dependencies, and generates sample data.
Start the web server:
make runOr with auto-reload during development:
make devAfter make run, open:
From the dashboard you can:
- View recent analyses
- Run a new analysis against sample specs
- Browse findings with severity badges
- Download JSON, Markdown, or HTML reports
- View evaluation metrics and the rule catalog
Port can be changed via .env (APP_PORT).
Run a breaking-change analysis without starting the server:
make demoThis compares ecommerce_v1.yaml vs ecommerce_v2_breaking.yaml and writes a report to reports/demo_report.md.
Other useful commands:
make cli-demo # Safe vs breaking CLI examples
make evaluate # Run evaluation suite (F1 metrics)
make test # Run pytest
make benchmark # Performance benchmarkCompare two specs:
api-guardian diff \
--old examples/specs/ecommerce_v1.yaml \
--new examples/specs/ecommerce_v2_breaking.yaml \
--clients examples/clients \
--traffic examples/traffic/ecommerce_usage.csv \
--format markdown \
--out reports/my_report.mdExit codes:
| Code | Meaning |
|---|---|
| 0 | No breaking/high-risk changes |
| 1 | Breaking or high-risk changes detected |
| 2 | Invalid input or spec error |
Other commands:
api-guardian serve # Start web UI
api-guardian evaluate # Run evaluation suite
api-guardian rules # Print rule catalog
api-guardian generate-examples # Regenerate sample dataapi-guardian diff \
--old /path/to/baseline.yaml \
--new /path/to/candidate.yaml \
--format markdown \
--out reports/real_api_report.mdCommitted demo artifacts (viewable on GitHub without running the app):
| File | Description |
|---|---|
| examples/reports/demo_breaking_report.md | Breaking-change Markdown report |
| examples/reports/demo_breaking_report.html | Browser-viewable HTML report |
| examples/reports/demo_breaking_report.json | Machine-readable JSON report |
| examples/reports/pr_comment_example.md | PR comment template |
| examples/reports/evaluation_report.md | Detection quality metrics |
See also docs/SAMPLE_REPORT.md.
GitHub Actions workflow: .github/workflows/api-contract-check.yml
On each push/PR the workflow:
- Installs the project
- Runs tests
- Runs the evaluation suite
- Runs a safe compatibility check (must pass)
- Generates a breaking-change demo report as an artifact
For your own repository, compare a PR spec against a baseline:
- name: API compatibility check
run: |
api-guardian diff \
--old openapi/baseline.yaml \
--new openapi/openapi.yaml \
--format markdown \
--out api-compat-report.mdConfigure failure thresholds in .env:
RISK_FAIL_THRESHOLD=70
BREAKING_CHANGE_FAIL=trueDetails: docs/CI_INTEGRATION.md
The evaluation suite measures detection quality against 10 labeled cases:
make evaluateMetrics include precision, recall, F1, and per-rule accuracy. Output: reports/evaluation_report.md
Details: docs/EVALUATION.md
make test
make lint| Issue | Fix |
|---|---|
| Spec validation error | Ensure OpenAPI 3.x; check YAML syntax |
| Port already in use | Set APP_PORT=8001 in .env |
| Database errors | Delete data/api_guardian.db and restart |
make setup fails |
Requires Python 3.12 |
MIT — see LICENSE