OpenAPI Drift Detection Skill
Compare the declared OpenAPI specification against actual handler implementations to detect drift, missing documentation, and contract violations.
Trigger Conditions
- •Handler or controller files change
- •OpenAPI/Swagger spec files change
- •New endpoints are added without spec updates
- •User invokes with "check API drift" or "openapi-drift-detection"
Input Contract
- •Required: Path to handler directory and OpenAPI spec file
- •Optional: Path to DTO/request/response definitions
Output Contract
- •List of endpoints in code but NOT in spec (undocumented)
- •List of endpoints in spec but NOT in code (stale spec)
- •Schema mismatches (request/response shape differences)
- •Missing authentication requirements in spec
- •Missing error response documentation
Tool Permissions
- •Read: Handler files, DTO files, OpenAPI/Swagger specs, route configuration
- •Write: None (read-only analysis)
- •Search: Grep for route registrations (
r.GET,r.POST, etc.), Swagger annotations
Execution Steps
- •Extract routes from code: Parse
main.goor router files for all registered routes (HTTP method + path) - •Extract routes from spec: Parse OpenAPI/Swagger YAML/JSON for all documented endpoints
- •Compare: Find routes in code but not in spec, and routes in spec but not in code
- •Schema comparison: For each shared route, compare request/response schemas between code DTOs and spec definitions
- •Auth check: Verify all authenticated routes have security requirements in spec
- •Report: Produce a drift report with specific file:line references
Success Criteria
- •Zero undocumented endpoints
- •Zero stale spec entries
- •All schemas match between code and spec
- •All authenticated routes documented as such
References
- •
.cursor/rules/121-route-auth-enforcement.mdc