Skill

API Contract Testing

OpenAPI to Portman to Newman pipeline with auth injection for API contract testing. Use when building API tests from OpenAPI specs, injecting authentication into test collections, running contract tests, or when user mentions OpenAPI, Portman, API contract, Swagger, API testing pipeline, auth injection.

From testing

Install

Run in your terminal

npx claudepluginhub vanman2024/dev-lifecycle-marketplace --plugin testing

Tool Access

This skill uses the workspace's default tool permissions.

Supporting Assets

View in Repository

examples/auth-injection-clerk.md

examples/auth-injection-generic.md

examples/auth-injection-supabase.md

examples/openapi-pipeline.md

scripts/inject-auth.sh

scripts/openapi-to-collection.sh

scripts/run-api-contract-tests.sh

scripts/run-newman-ci.sh

scripts/sync-from-routes.sh

templates/collection-with-auth.json

templates/github-actions-api-tests.yml

templates/newman-environment.json

templates/portman-config.json

Skill Content

API Contract Testing

CRITICAL: The description field above controls when Claude auto-loads this skill.

Overview

Provides a complete pipeline for API contract testing: OpenAPI spec -> Portman config -> Postman collection -> Newman execution with auth injection. Replaces the legacy newman-testing and postman-collection-manager skills with a unified, production-ready approach.

Instructions

1. The Pipeline

OpenAPI Spec (openapi.yaml/json)
  -> Portman (transforms to Postman collection with tests)
    -> Auth Injection (adds authentication to requests)
      -> Newman (executes tests with reporting)

2. Quick Start

Generate collection from OpenAPI:

bash scripts/openapi-to-collection.sh openapi.yaml api-tests.postman_collection.json

Run tests with auth:

bash scripts/run-api-contract-tests.sh api-tests.postman_collection.json --auth supabase

Full pipeline:

bash scripts/openapi-to-collection.sh openapi.yaml collection.json
bash scripts/inject-auth.sh collection.json supabase_cookie
bash scripts/run-api-contract-tests.sh collection.json

3. Auth Strategy Injection

The pipeline supports multiple auth strategies:

Strategy	Auth Header	Token Source
`supabase_cookie`	Cookie-based	Supabase auth session
`clerk_jwt`	Authorization: Bearer	Clerk JWT token
`auth0_token`	Authorization: Bearer	Auth0 access token
`bearer_token`	Authorization: Bearer	Generic JWT
`api_key`	X-API-Key	API key from env
`none`	No auth	Public endpoints

Auth injection reads credentials from environment variables (never hardcoded):

# Supabase
SUPABASE_URL=your_supabase_url_here
SUPABASE_ANON_KEY=your_supabase_anon_key_here

# Clerk
CLERK_SECRET_KEY=your_clerk_secret_key_here

# Generic
API_KEY=your_api_key_here
AUTH_TOKEN=your_auth_token_here

4. Portman Configuration

Portman generates test assertions from OpenAPI specs:

Status code validation
Response schema validation
Required field checks
Content-type validation

See templates/portman-config.json for the default configuration.

5. Syncing Collections from Routes

For projects without OpenAPI specs, sync collections from route files:

bash scripts/sync-from-routes.sh src/app/api/ collection.json

This scans route files for HTTP handlers and creates a basic collection.

6. CI Integration

bash scripts/run-newman-ci.sh collection.json

CI-optimized runner with:

JUnit XML output for CI reporting
Non-zero exit code on failure
Summary report to stdout
Results artifact for upload

Available Scripts

openapi-to-collection.sh - Convert OpenAPI spec to Postman collection via Portman
run-api-contract-tests.sh - Execute Newman with auth injection and reporting
inject-auth.sh - Inject authentication strategy into collection
sync-from-routes.sh - Sync collection from route file directory
run-newman-ci.sh - CI-optimized Newman runner with JUnit output

Available Templates

portman-config.json - Default Portman configuration for test generation
newman-environment.json - Environment variable template for Newman
collection-with-auth.json - Example collection with auth pre-request scripts
github-actions-api-tests.yml - GitHub Actions workflow for API contract tests

Available Examples

openapi-pipeline.md - Full OpenAPI to Newman pipeline walkthrough
auth-injection-supabase.md - Supabase cookie auth injection example
auth-injection-clerk.md - Clerk JWT auth injection example
auth-injection-generic.md - Generic bearer token and API key examples

Requirements

Node.js for Newman and Portman
npm install -g newman for test execution
npm install -g @apideck/portman for OpenAPI conversion (optional)
jq for JSON manipulation
Environment variables for auth credentials

Progressive Disclosure

Read examples/openapi-pipeline.md for the full pipeline
Read examples/auth-injection-supabase.md for Supabase auth setup
Read templates/portman-config.json for Portman configuration options

- After deploying a feature to staging/preview

108.1k

blueprint

Turn a one-line objective into a step-by-step construction plan for multi-session, multi-agent engineering projects. Each step has a self-contained context brief so a fresh agent can execute it cold. Includes adversarial review gate, dependency graph, parallel step detection, anti-pattern catalog, and plan mutation protocol. TRIGGER when: user requests a plan, blueprint, or roadmap for a complex multi-PR task, or describes work that needs multiple sessions. DO NOT TRIGGER when: task is completable in a single PR or fewer than 3 tool calls, or user says "just do it".

108.1k

bun-runtime

Bun as runtime, package manager, bundler, and test runner. When to choose Bun vs Node, migration notes, and Vercel support.

108.1k

Stats

Parent Repo Stars1

Parent Repo Forks0

Last CommitFeb 23, 2026

Actions

View Source View Plugin View on GitHub View README