Skill

api-surface-analyzer

REST, GraphQL, and gRPC contract analysis including versioning, consistency, and completeness. Trigger: "analyze API", "API surface", "endpoint audit", "contract analysis".

From sovereign-architect

Install

Run in your terminal

npx claudepluginhub javimontano/mao-sovereign-architect

Tool Access

This skill is limited to using the following tools:

ReadGlobGrepBashAgent

Supporting Assets

View in Repository

evals/evals.json

examples/sample-output.md

prompts/use-case-prompts.md

references/body-of-knowledge.md

Skill Content

API Surface Analyzer

Discover, catalog, and evaluate all API contracts exposed by the system — REST endpoints, GraphQL schemas, gRPC services — for consistency, completeness, and design quality.

Guiding Principle

"Your API is a promise. Break it, and you break trust with every consumer."

Procedure

Step 1 — Endpoint Discovery

Scan for route definitions: Express routers, Django urlpatterns, Spring @RequestMapping, FastAPI decorators.
Detect OpenAPI/Swagger specs (openapi.yaml, swagger.json) and compare against actual routes.
Find GraphQL schema files (.graphql, .gql) and resolver implementations.
Locate .proto files for gRPC service definitions.
Catalog each endpoint: method, path, handler, authentication requirement [HECHO].

Step 2 — Contract Analysis

Verify request/response schemas are defined (not any or untyped).
Check for consistent naming conventions (camelCase vs. snake_case, plural vs. singular).
Validate HTTP method semantics: GET is idempotent, POST creates, PUT replaces, PATCH updates.
Assess error response consistency: standard error envelope, HTTP status code correctness.
Check pagination patterns: cursor-based vs. offset, consistency across list endpoints.

Step 3 — Versioning & Compatibility

Identify versioning strategy: URL path (/v1/), header, query parameter, or none.
Check for breaking changes between versions if multiple exist.
Evaluate deprecation practices: sunset headers, documentation, migration guides.
Assess backward compatibility of recent changes [INFERENCIA].

Step 4 — Surface Report

Produce a complete API catalog with authentication, rate limits, and data contracts.
Score API design quality: consistency (30%), completeness (25%), documentation (25%), security (20%).
Flag undocumented endpoints, missing authentication, and inconsistent patterns.
Generate OpenAPI spec if none exists [SUPUESTO] for accuracy.

Quality Criteria

Every endpoint verified against actual code, not just specs [HECHO]
Spec-vs-reality drift explicitly documented
Authentication requirements verified per endpoint
Naming and convention consistency measured objectively

Anti-Patterns

Trusting OpenAPI specs without verifying against route handlers
Ignoring internal/admin endpoints in the analysis
Only analyzing REST when GraphQL or gRPC are also present
Treating 200 OK on errors as acceptable (it breaks client error handling)

Similar Skills

agent-harness-construction

Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.

everything-claude-code

138.0k

agent-payment-x402

Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.

everything-claude-code

138.0k

agent-eval

Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.

everything-claude-code

138.0k

Stats

Stars0

Forks0

Last CommitMar 28, 2026

Actions

View Source View Plugin View on GitHub View README

Procedure

Step 1 — Endpoint Discovery

Scan for route definitions: Express routers, Django urlpatterns, Spring @RequestMapping, FastAPI decorators.

Detect OpenAPI/Swagger specs (openapi.yaml, swagger.json) and compare against actual routes.

Find GraphQL schema files (.graphql, .gql) and resolver implementations.

Locate .proto files for gRPC service definitions.

Catalog each endpoint: method, path, handler, authentication requirement [HECHO].

Step 2 — Contract Analysis

Verify request/response schemas are defined (not any or untyped).

Check for consistent naming conventions (camelCase vs. snake_case, plural vs. singular).

Validate HTTP method semantics: GET is idempotent, POST creates, PUT replaces, PATCH updates.

Assess error response consistency: standard error envelope, HTTP status code correctness.

Check pagination patterns: cursor-based vs. offset, consistency across list endpoints.

Step 3 — Versioning & Compatibility

Identify versioning strategy: URL path (/v1/), header, query parameter, or none.

Check for breaking changes between versions if multiple exist.

Evaluate deprecation practices: sunset headers, documentation, migration guides.

Assess backward compatibility of recent changes [INFERENCIA].

Step 4 — Surface Report

Produce a complete API catalog with authentication, rate limits, and data contracts.

Score API design quality: consistency (30%), completeness (25%), documentation (25%), security (20%).

Flag undocumented endpoints, missing authentication, and inconsistent patterns.

Generate OpenAPI spec if none exists [SUPUESTO] for accuracy.