Runtime

CI/CD Contract Gate

Turn your contract suite into a pipeline artefact that fails pull requests on a scenario mismatch or a breaking spec diff — runs in your CI, against your infrastructure.

Pro
Source
API under gate
Slug
order-mgmt
Version
2.4.1
Endpoints
4
Scenarios
2
Schemas
0
Rules
4
Gate
Contract baseline
Fail on breaking diffFail on mismatch
Fingerprint2.4.1|4|GET /orders/{id},PATCH /orders/{id},POST /orders,POST /orders/{id}/fulfill

The runner compares the live spec against this fingerprint. Any removed endpoint, tightened parameter or dropped 2xx response trips a breaking diff and fails the pipeline.

Artefacts
Pipeline files
Pro

Everything is generated locally — no network calls, no data leaves this browser.

{
  "formatVersion": 1,
  "app": "api-workbench-pro",
  "generatedAt": "2026-06-14T20:01:26.598Z",
  "generator": {
    "product": "API Workbench Pro",
    "url": "api-workbench-pro.lovable.app"
  },
  "api": {
    "name": "Order Management API",
    "slug": "order-mgmt",
    "version": "2.4.1"
  },
  "scenarios": [
    {
      "endpoint": "POST /orders",
      "method": "POST",
      "path": "/orders",
      "name": "Create order — happy path",
      "kind": "happy_path",
      "expects": {
        "status": 201,
        "schema": false,
        "latencyBudgetMs": 2000
      }
    },
    {
      "endpoint": "PATCH /orders/{id}",
      "method": "PATCH",
      "path": "/orders/{id}",
      "name": "Patch order — locked by WMS",
      "kind": "downstream_failure",
      "expects": {
        "status": 409,
        "schema": false,
        "latencyBudgetMs": 2000
      }
    }
  ],
  "schemas": {
    "byEndpoint": {}
  },
  "prevalidation": [
    {
      "id": "pv_schema",
      "name": "Request body schema match",
      "kind": "schema"
    },
    {
      "id": "pv_auth",
      "name": "Auth header present",
      "kind": "auth"
    },
    {
      "id": "pv_headers",
      "name": "Required fixed headers",
      "kind": "headers"
    },
    {
      "id": "pv_moderation",
      "name": "Prompt moderation",
      "kind": "moderation"
    }
  ],
  "gate": {
    "fingerprint": "2.4.1|4|GET /orders/{id},PATCH /orders/{id},POST /orders,POST /orders/{id}/fulfill",
    "endpoints": 4,
    "failOnBreakingDiff": true,
    "failOnScenarioMismatch": true
  }
}
Setup
How the PR gate works

The contract gate turns your designed scenarios into a check that runs on every pull request — roughly a ten-minute, one-time setup. The runner executes in your CI, against your infrastructure; no data leaves your pipeline.

  1. 1
    Export the contract bundle

    Download apibox-ci.json for the chosen API and commit it to your repository (e.g. ci/apibox-ci.json). It captures scenarios, endpoint schemas, prevalidation rules and the contract fingerprint.

  2. 2
    Add the pipeline file

    Copy the GitHub Actions or GitLab CI YAML into .github/workflows/ or your repo root. Each pull request now runs the contract gate automatically.

  3. 3
    Set the API_URL secret

    Add API_URL (the deployed base URL of the API under test) as a repository or environment secret. Nothing else needs configuring.

  4. 4
    Merge with confidence

    On every PR the runner replays the bundled scenarios and fails the build on a status/schema mismatch or a breaking diff from the recorded fingerprint.

1 · Export bundle
2 · Add pipeline
3 · Set API_URL
4 · Gate on PRs
Companion runner

The pipeline invokes @apiworkbench/ci-runner, a small Node CLI that replays the bundle with fetch and validates responses against the bundled schemas. It is on the public roadmap and documented here; the exported artefact and workflow are stable today and version-pinned via formatVersion.