If you are not sure if the website you would like to visit is secure, you can verify it here. Enter the website address of the page and see parts of its content and the thumbnail images on this site. None (if any) dangerous scripts on the referenced page will be executed. Additionally, if the selected site contains subpages, you can verify it (review) in batches containing 5 pages.
favicon.ico: github.com/specshield26/specshield-cli - GitHub - specshield26/specshie.

site address: github.com/specshield26/specshield-cli

site title: GitHub - specshield26/specshield-cli: OpenAPI breaking change detection CLI API contract testing prevent API breaking changes in CI/CD · GitHub

Our opinion (on Tuesday 14 July 2026 16:28:41 UTC):

GREEN status (no comments) - no comments
After content analysis of this website we propose the following hashtags:


page from cache: 2 days ago
Meta tags:
description=OpenAPI breaking change detection CLI API contract testing prevent API breaking changes in CI/CD - specshield26/specshield-cli;

Headings (most frequently used words):

the, bdct, consumer, provider, spec, specshield, contract, to, step, publish, cli, har, your, ci, navigation, it, vs, run, all, options, best, for, uh, oh, code, pull, saved, searches, testing, from, turn, real, into, verify, does, live, actually, github, use, and, files, history, breaking, in, local, compare, comparison, checks, file, gate, this, before, init, license, footer, json, compatibility, deploy, contracts, service, load, what, on, search, repositories, users, issues, requests, provide, feedback, specshield26, commands, bi, directional, capture, traffic, match, its, cd, actions, menu, filter, results, more, quickly, folders, latest, commit, repository, contents, never, ship, change, api, consumers, problem, solution, see, action, quick, start, world, story, cases, cloud, remote, share, app, pr, record, operational, concerns, read, going, why, is, most, valuable, piece, of, alternatives, pricing, first, setup, wizard, login, authentication, config, exit, codes, support, about, releases, packages, contributors, languages, how, works, openapi, subset, or, pact, can, matrix, list, specs, verifications, full, workflow, output, mental, model, 1a, chrome, firefox, edge, devtools, zero, frontend, 1b, playwright, teams, with, ui, tests, 1c, cypress, 1d, mitmproxy, backend, 1e, postman, insomnia, bruno, 1f, k6, test, bonus, recording, while, engine, scrubbing, auth, tokens, cookies, pii, multi, host, filtering, talks, several, backends, keeping, fresh, common, pitfalls, safe, by, default, path, parameter, resolution, validator, per, response, request, catch, changes, merge, push, nightly, production, conformance, example, yml, non, interactive, scriptable, mode, flags, topics, resources, stars, watchers, forks,

Text of the page (most frequently used words):
the (200), #specshield (127), provider (98), consumer (94), bdct (87), har (79), contract (72), yaml (72), api (63), your (62), openapi (60), spec (60), and (55), service (53), json (50), from (48), run (46), for (42), name (40), github (39), env (38), version (37), deploy (37), with (37), payment (36), can (34), breaking (34), path (34), publish (34), acme (33), base (32), every (32), compare (32), org (29), url (28), checkout (28), you (27), code (27), file (27), verify (26), pact (25), key (25), format (24), capture (24), that (23), cli (23), staging (23), this (21), all (21), production (21), test (21), one (20), traffic (20), list (19), fail (19), error (18), changes (18), config (18), tests (18), status (17), change (17), required (17), step (17), get (17), store (17), testing (16), out (16), https (16), share (15), output (15), history (15), compatibility (15), only (15), payments (15), pass (14), yml (14), contracts (14), actions (14), team (14), gate (14), install (14), token (13), default (13), never (13), target (13), use (13), specshield_api_key (13), type (13), per (12), its (12), app (12), uses (12), what (12), conformance (12), com (12), field (12), playwright (12), not (11), into (11), request (11), remote (11), security (10), free (10), account (10), exit (10), consumers (10), flags (10), options (10), true (10), are (10), local (10), any (10), when (10), post (10), mitmproxy (10), cypress (10), compatible (10), comparison (10), 2026 (9), diff (9), users (9), view (9), npm (9), support (9), hosted (9), commands (9), keep (9), login (9), dashboard (9), enterprise (9), checks (9), dsl (9), before (9), response (9), string (9), see (9), same (9), time (8), page (8), published (8), open (8), branch (8), stored (8), flag (8), running (8), matches (8), project (8), init (8), they (8), command (8), endpoint (8), already (8), vars (8), paymentid (8), actually (8), browser (8), entries (8), integration (8), record (8), reload (7), license (7), detection (7), header (7), include (7), matrix (7), subcommand (7), check (7), specs (7), safe (7), number (7), main (7), environment (7), pay (7), write (7), against (7), works (7), workflow (7), once (7), broker (7), secrets (7), schema (7), 200 (7), engine (7), just (7), recorder (7), publishes (7), create (6), probes (6), repeatable (6), timeout (6), params (6), non (6), providers (6), ver (6), override (6), server (6), subset (6), failonbreaking (6), set (6), files (6), var (6), two (6), export (6), also (6), skip (6), kind (6), without (6), must (6), workflows (6), package (6), email (6), staging_token (6), node (6), pull (6), catch (6), via (6), amount (6), does (6), have (6), context (6), right (6), host (6), endpoints (6), full (6), saved (6), action (5), navigation (5), deployable (5), codes (5), title (5), read (5), turn (5), link (5), info (5), ignore (5), save (5), result (5), defaults (5), each (5), paths (5), match (5), generate (5), own (5), first (5), both (5), why (5), fields (5), example (5), git (5), public (5), partial (5), authorization (5), runs (5), sha (5), merge (5), examples (5), orders (5), teams (5), backend (5), npx (5), produces (5), load (5), click (5), content (5), tab (5), incompatible (5), issues (5), search (5), community (4), was (4), while (4), readme (4), devtools (4), missing (4), more (4), mutating (4), filters (4), filter (4), machine (4), readable (4), purpose (4), description (4), expires (4), option (4), mode (4), github_sha (4), delete (4), removed (4), values (4), names (4), need (4), customer (4), plan (4), sign (4), commit (4), talks (4), everything (4), interactive (4), optional (4), writes (4), specshield26 (4), asks (4), signed (4), detects (4), wizard (4), setup (4), registry (4), latest (4), specshield_org (4), uuid (4), date (4), object (4), 123 (4), them (4), userid (4), methods (4), live (4), trust (4), existing (4), their (4), close (4), recordhar (4), prefix (4), captured (4), scrub (4), zero (4), session (4), real (4), orderid (4), recording (4), then (4), http (4), another (4), start (4), exercised (4), new (4), platform (4), mcp (4), cookies (3), docs (3), there (3), loading (3), please (3), report (3), repository (3), stars (3), mit (3), resources (3), topics (3), admin (3), runtime (3), self (3), recorded (3), verification (3), across (3), days (3), comparisons (3), warning (3), severity (3), commentonpr (3), specpath (3), hand (3), root (3), directory (3), always (3), require (3), resolution (3), secret (3), written (3), starter (3), stdout (3), auto (3), toml (3), repo (3), cloud (3), advanced (3), rbac (3), audit (3), slack (3), pricing (3), oss (3), paid (3), requires (3), directional (3), bearer (3), steps (3), ubuntu (3), jobs (3), branches (3), exact (3), 4xx (3), documented (3), integer (3), automatically (3), like (3), parameter (3), off (3), but (3), most (3), source (3), accurate (3), loop (3), body (3), would (3), break (3), language (3), sdk (3), single (3), entry (3), want (3), fix (3), ops (3), inventory (3), calls (3), scrubbed (3), input (3), tool (3), quick (3), bodies (3), reference (3), html (3), return (3), postman (3), add (3), 8080 (3), available (3), best (3), generator (3), safari (3), menu (3), frontend (3), mobile (3), partner (3), application (3), 482 (3), user (3), last (3), changed (3), cases (3), incident (3), services (3), changelog (3), insights (3), requests (3), settings (3), window (3), refresh (3), documentation (3), feedback (3), grade (3), features (3), copilot (3), solutions (3), explore (3), manage (2), footer (2), releases (2), fork (2), governance (2), swagger (2), microservices (2), prevent (2), about (2), stop (2), star (2), issue (2), software (2), private (2), limited (2), failed (2), method (2), verbs (2), size (2), overrides (2), organization (2), common (2), manually (2), make (2), limit (2), specific (2), collapse (2), relative (2), used (2), false (2), schemaversion (2), invocation (2), reads (2), entirely (2), nothing (2), auth (2), built (2), order (2), ss_your_token_here (2), copy (2), seconds (2), authentication (2), fmt (2), print (2), come (2), resolved (2), optionally (2), using (2), whether (2), mod (2), pom (2), xml (2), pyproject (2), under (2), started (2), saml (2), sso (2), scim (2), prem (2), log (2), workspace (2), priority (2), included (2), dredd (2), native (2), ingest (2), gating (2), pactflow (2), alternatives (2), push (2), tmp (2), actual (2), coverage (2), null (2), parameters (2), declare (2), repeat (2), reason (2), parsing (2), resolve (2), side (2), health (2), thingid (2), data (2), opt (2), things (2), says (2), sometimes (2), returns (2), numeric (2), usually (2), validating (2), derived (2), tax (2), deployed (2), other (2), instrument (2), piece (2), cert (2), above (2), import (2), tls (2), explicitly (2), end (2), await (2), chromium (2), didn (2), templated (2), segment (2), literal (2), multiple (2), hosts (2), doesn (2), identical (2), pattern (2), circleci (2), syntax (2), service_name (2), whole (2), keeping (2), different (2), multi (2), backends (2), emits (2), types (2), sanitizer (2), patterns (2), headers (2), cookie (2), contain (2), pii (2), operational (2), concerns (2), blocked (2), git_sha (2), sample (2), alongside (2), shapes (2), samples (2), seen (2), passes (2), images (2), schemas (2), will (2), omitted (2), wrote (2), expected (2), regardless (2), which (2), runner (2), either (2), insomnia (2), bruno (2), jvm (2), environments (2), hardump (2), brew (2), mitmdump (2), https_proxy (2), localhost (2), done (2), pointing (2), proxy (2), point (2), through (2), e2e (2), exports (2), module (2), neuralegion (2), const (2), call (2), paste (2), during (2), network (2), note (2), clear (2), chrome (2), firefox (2), edge (2), jump (2), how (2), agnostic (2), between (2), something (2), feature (2), work (2), verifications (2), properties (2), currency (2), verifies (2), comment (2), gets (2), links (2), billing (2), useful (2), drift (2), over (2), cross (2), notifications (2), track (2), expect (2), pipeline (2), broken (2), build (2), 2am (2), paymentstatus (2), too (2), blocks (2), breaks (2), solution (2), review (2), find (2), apis (2), problem (2), agent (2), agents (2), ship (2), lock (2), npmignore (2), gitignore (2), src (2), scripts (2), fixtures (2), demo (2), bin (2), commits (2), message (2), quality (2), projects (2), appearance (2), cancel (2), searches (2), repositories (2), business (2), developer (2), devops (2), perform, personal, information, contact, privacy, terms, inc, 100, javascript, languages, contributors, packages, forks, watching, watchers, activity, finding, breakage, found, clean, meaning, accepts, these, pairs, trigger, pair, expire, after, reportid, level, allow, informational, tag, 10000, enabled, substring, parent, win, locally, uploaded, don, were, newer, reserved, concept, unifies, subcommands, variable, recommended, logged, successfully, authenticate, ss_, keys, google, committed, operations, overwrite, confirmation, exists, force, detect, proposed, prompts, scriptable, subdirectory, present, validates, stores, autocompletes, suggests, otherwise, master, cargo, looks, credit, card, sales, dedicated, onboarding, sla, talk, enforced, trail, alerts, annual, web, day, forever, price, tier, readyapi, microcks, specmatic, oasdiff, smartbear, workflow_dispatch, daily, utc, cron, schedule, nightly, show, origin, fetch, depth, pull_request, wildcard, undocumented, properly, allows, oas, isms, handled, nullable, outside, enum, enums, plus, ajv, formats, array, boolean, validator, neither, resolves, skipped, param, wins, templates, 8000, extra, send, kvlist, probe, put, patch, effects, ref, least, unconfigured, unresolved, head, effect, catches, contains, partially_refunded, pending, refunded, truth, closes, firing, active, style, removes, converts, turns, folder, merges, measurable, enforcement, product, market, adopt, should, doing, aren, valuable, jks, trusted, rejects, newcontext, launch, empty, segments, differ, stays, looked, got, succeeds, document, drop, cause, symptom, pitfalls, gitlab, jenkins, injection, provider_name, provider_base_url, mvnw, whatever, typical, fresh, doubles, filtering, several, carries, words, ssn, creditcard, supports, redaction, allowlists, etc, heavier, del, select, ascii_downcase, deps, raw, publishing, scrubbing, tokens, going, section, promoting, dropped, ends, 404, documents, handles, happy, uuids, rfc, 3339, times, addresses, three, slightly, emitted, stay, become, widens, conflict, falls, back, some, merger, merging, becomes, preceding, noun, generic, resulting, likely, accountid, abc, templating, binary, inferred, appear, comma, separated, keeps, matching, critical, below, summary, means, survived, exactly, total, produced, metrics, script, bonus, collection, separate, many, cacerts, curl_ca_bundle, requests_ca_bundle, node_extra_ca_certs, listen, port, http_proxy, ctrl, disk, terminal, tell, dump, macos, pip, apt, lands, outdir, savehar, aftereach, beforeeach, setupnodeevents, flushed, runnable, lives, clone, jsonplaceholder, sandbox, toolchain, made, noise, onlyjson, usual, embed, __dirname, baseurl, testdir, develop, entire, byte, anywhere, button, flows, cmd, f12, reading, recipes, follow, exploratory, caller, plugin, spa, driven, effort, pick, almost, yourself, happens, saving, inference, mental, model, drifts, moment, forget, reflects, difference, proved, called, learn, universal, framework, makes, normal, incompatiblecount, compatiblecount, consumerversion, consumername, deployment, update, release, unknown, verified, checked, response_field_missing, expects, type_mismatch, pacts, supported, 201, responses, requestbody, describing, stamped, correlate, came, compares, presence, sides, relies, satisfied, gates, overhead, configure, configurable, sticky, highlighted, visible, choose, repos, touches, automatic, 256, bit, random, unguessable, enumeration, revoke, ready, _ru8ovubxy3r9zhosylesaulphcqbyh5jtpyldsmu88, 16t12, 56z, usage, jira, ticket, anyone, recent, 481, updated, 480, shows, drill, down, tracking, members, machines, straight, saves, includes, still, isn, historyid, sends, heavy, basic, needed, text, leaves, infrastructure, class, urls, timeline, human, writing, line, sure, paper, know, whom, deliver, surprises, safety, stops, validation, returned, affected, missing_field, created, ran, mismatch, caught, immediately, reached, triggered, merged, renamed, wasn, notified, world, story, welcome, banner, skips, silence, workstation, specshield_no_banner, tf_build, travis, jenkins_url, gitlab_ci, buildkite, github_actions, quiet, docker, seeds, subsequent, again, drifting, detected, modifications, additions, surprise, 3am, anything, proves, satisfies, those, expectations, deploying, think, unit, manual, late, enforces, angry, integrations, logs, rename, crashes, 000, silently, feel, brings, claude, cursor, clients, ask, inside, job, points, coding, uploads, prove, block, four, reach, known, bidirectional, overview, contents, items, folders, tags, additional, notification, dismiss, alert, switched, accounts, resetting, focus, qualifiers, our, query, results, quickly, submit, address, contacted, take, very, seriously, provide, tips, premium, ons, powered, collections, trending, archive, program, accelerator, maintainer, lab, programs, fund, developers, sponsors, partners, center, forum, skills, ebooks, reports, events, webinars, stories, development, topic, industries, government, manufacturing, financial, healthcare, industry, devsecops, modernization, case, nonprofits, startups, small, medium, enterprises, company, marketplace, blog, leaks, protection, secure, vulnerabilities, instant, dev, codespaces, automate, integrate, external, tools, direct, better, creation, toggle,


Text of the page (random words):
th non json bodies html images binary schemas can t be inferred but the endpoints will appear off what the engine actually does for every har entry that passes the filters path templating users 123 orders abc 2026 becomes users userid orders orderid parameter names come from the preceding noun in the url not a generic id so the resulting openapi matches the parameter names your provider likely already uses userid orderid accountid per status schema merging if three get users userid samples return slightly different shapes the emitted schema is the merger fields seen in every sample stay required fields seen in some samples become optional integer number widens to number a type conflict falls back to string format detection uuids rfc 3339 date times and email addresses get format uuid format date time format email status code coverage a 404 sample produces its own response schema alongside the 200 so the contract documents the error shapes your code handles not just the happy path json only by default entries with non json bodies are dropped the html page load from a playwright test never ends up in the contract step 3 publish gate 1 publish the captured contract run on every consumer pr specshield bdct publish consumer org acme store consumer checkout ui provider payment service version git_sha format openapi contract consumer contract yaml 2 gate the deploy run before promoting the consumer specshield bdct can i deploy org acme store service checkout ui version git_sha env staging exit 0 safe exit 1 a verification says no and the deploy is blocked full bdct command reference is in the bi directional contract testing section above operational concerns read this before going live scrubbing auth tokens cookies and pii a raw har can contain authorization headers session cookies and real pii in request response bodies scrub before publishing two patterns quick scrub with jq zero deps if you already have jq jq del headers select name ascii_downcase in authorization cookie set cookie x api key traffic har scrubbed har heavier scrub via har sanitizer npm tool supports body redaction patterns allowlists etc npx har sanitizer input traffic har output scrubbed har scrub words email ssn creditcard the contract that bdct capture from har emits only carries field names and types not values so once the har is scrubbed of secrets the published contract is safe to share with the provider team multi host filtering consumer talks to several backends base url is a prefix match so it doubles as a host filter keep only calls to the payment service specshield bdct capture from har in traffic har base url https payment acme com out contracts checkout ui payment yaml same har different provider keep only calls to inventory specshield bdct capture from har in traffic har base url https inventory acme com out contracts checkout ui inventory yaml one test run one har n consumer contracts one per provider keeping contracts fresh in ci the whole pattern is record from your existing tests publish from ci a typical github workflows contract test yml name run integration tests produces traffic har run npx playwright test or mvnw verify or whatever you use name har consumer contract run specshield bdct capture from har in traffic har base url vars provider_base_url out consumer contract yaml name publish contract env specshield_api_key secrets specshield_api_key run specshield bdct publish consumer org vars specshield_org consumer vars service_name provider vars provider_name version github sha format openapi contract consumer contract yaml name gate the deploy env specshield_api_key secrets specshield_api_key run specshield bdct can i deploy org vars specshield_org service vars service_name version github sha env staging identical pattern on gitlab circleci jenkins only the secret injection syntax changes common pitfalls symptom cause fix 0 endpoints 0 ops from 0 n entries base url doesn t match any host in the har drop base url to see what hosts are in the har re run with the right prefix contract is missing your post recorder captured a 4xx for that post fix the test so the post succeeds or keep the 4xx it ll document the error path path got templated when you didn t want it to a literal path segment looked like a numeric uuid id path segments are templated when multiple entries share a prefix but differ on that segment a single entry stays literal playwright har file is empty not written context close didn t run create the context explicitly with chromium launch browser newcontext recordhar and await context close at the end of the test backend rejects post when mitmproxy is in the path tls cert not trusted by the consumer see the mitmproxy ca cert link above one env var or one jks import why this is the most valuable piece of the cli every other contract testing product on the market asks the consumer team to change their code adopt a dsl instrument their tests run a broker that tax is why most teams that should be doing contract testing aren t bdct capture from har removes the tax your team s existing test run is already the contract the cli just converts the format the har capture publish can i deploy loop is what turns we have openapi specs in a folder into no provider pr merges if it would break a deployed consumer with measurable enforcement in one ci step and no per language sdk bdct verify provider does your live provider actually match its spec active spec vs production conformance dredd style in ci most teams trust the provider s openapi as the source of truth and never check whether the running service actually matches it specshield s compatibility engine for bdct is only as accurate as that trust so verify provider closes the loop by firing probes derived from the spec at a running endpoint staging usually and validating every response body against the spec s schema for its status code catches things like the spec says status paid pending refunded but the live api sometimes returns partially_refunded or a field documented as required is sometimes missing or a format uuid field actually contains a numeric id safe by default by default verify provider only probes safe methods get head options it must never side effect your staging data mutating methods are opt in with include mutating run it specshield bdct verify provider spec api openapi yaml base url https staging payments acme com provider conformance spec vs https staging payments acme com pass get health 200 fail get payments paymentid 200 amount must be number pass get orders 200 skip get unconfigured thingid unresolved path params no path params or spec example thingid 2 pass 1 fail 0 error 1 skip 4 probes exit codes 0 all pass 1 at least one fail error 2 config spec error options flag purpose spec path required provider openapi spec yaml or json ref s are resolved base url url required base url of the running provider e g https staging payments acme com include mutating also probe post put patch delete off by default never side effects staging path params kvlist resolve path params paymentid pay 123 userid u 7 overrides spec examples repeatable header header extra request header to send e g header authorization bearer token repeatable timeout ms ms per request timeout default 8000 json machine readable json output for ci parsing path parameter resolution for path templates like payments paymentid the resolution priority is path params paymentid pay 123 on the cli always wins the spec s parameters example for that param skipped with a reason if neither resolves so you can declare examples in the spec once and never repeat them on the cli paths payments paymentid get parameters name paymentid in path required true schema type string example pay 123 verify provider uses this automatically what the validator checks per response type format string integer number boolean array object plus format uuid date time email via ajv formats required fields flags any required field that s missing enums flags values outside the documented enum set nullable true properly allows null values oas 3 0 isms handled status code coverage actual status must match an exact code a wildcard 4xx or the default response an undocumented status is a fail run it from ci name verify production matches spec env staging_token secrets staging_token run specshield bdct verify provider spec api openapi yaml base url https staging payments acme com header authorization bearer staging_token json conformance json ci cd github actions on pull request catch breaking spec changes before merge name api contract check on pull_request branches main jobs check api contract runs on ubuntu latest steps uses actions checkout v4 with fetch depth 0 uses actions setup node v4 with node version 20 run npm install g specshield run git show origin main api openapi yaml tmp base yaml run specshield compare tmp base yaml api openapi yaml fail on breaking on push publish provider spec gate the deploy name bdct publish deploy gate on push branches main paths api openapi yaml jobs publish bdct runs on ubuntu latest steps uses actions checkout v4 uses actions setup node v4 with node version 20 run npm install g specshield name publish provider spec env specshield_api_key secrets specshield_api_key run specshield bdct publish provider org vars specshield_org provider payment service version github sha spec api openapi yaml env production name gate the deploy env specshield_api_key secrets specshield_api_key run specshield bdct can i deploy org vars specshield_org service payment service version github sha env production nightly spec vs production conformance name provider conformance on schedule cron 0 7 daily 07 00 utc workflow_dispatch jobs conformance runs on ubuntu latest steps uses actions checkout v4 uses actions setup node v4 with node version 20 run npm install g specshield name verify production matches its spec env staging_token secrets staging_token run specshield bdct verify provider spec api openapi yaml base url https staging payments acme com header authorization bearer staging_token vs alternatives specshield pact pactflow smartbear oasdiff specmatic microcks oss openapi native partial pact dsl no broker required pact broker bi directional contract testing pactflow paid partial breaking change detection can i deploy gating broker pact json ingest native har consumer contract capture requires pact dsl in tests spec vs production conformance partial readyapi dredd github app pr checks hosted dashboard paid partial cli first partial free tier oss oss pricing plan price what s included free 0 forever local compare bdct capture from har bdct verify provider public web diff 7 day compare history 1 github app pr check team 89 mo 75 annual everything in free consumer registry enforced can i deploy gate audit trail bdct compatibility matrix slack alerts team workspace rbac priority email support enterprise talk to us everything in team saml sso scim on prem private cloud advanced rbac audit log export dedicated onboarding sla no credit card for the free plan get started free for enterprise sales specshield io specshield init first run setup wizard run once at the root of your project the wizard detects your openapi spec looks under api spec docs repo root detects your service name package json pyproject toml pom xml go mod cargo toml or directory name detects your git branch and suggests production for main master staging otherwise asks whether this project is a provider a consumer or both asks for your org key autocompletes from your account if signed in validates stores your api key writes specshield yml and optionally a starter github workflows specshield bdct yml using specshield26 bdct action v1 specshield init example specshield yml schemaversion 1 failonbreaking true severity error bdct org acme pay environment staging provider name payment service spec api openapi yaml consumer optional present when kind consumer or kind both consumer name checkout ui provider payment service contract contracts payment service yaml format openapi github specpath api openapi yaml failonbreaking true commentonpr true cli flags always override this file paths in the file are resolved relative to the file s own directory so you can run specshield bdct from any subdirectory non interactive scriptable mode provider only project specshield init no interactive kind provider org acme pay provider payment service spec api openapi yaml env staging write workflow consumer only project specshield init no interactive kind consumer org acme pay consumer checkout ui consumer provider payment service contract contracts payment service yaml format openapi env staging all init flags flag purpose no interactive run without prompts required fields must come from flags or auto detection print detect everything print the proposed yaml to stdout write nothing force skip the overwrite confirmation if specshield yml already exists server url use a non default specshield endpoint self hosted staging kind kind provider consumer both or skip org key organization key provider name provider service name spec path path to the provider openapi spec consumer name consumer service name consumer provider name the provider this consumer talks to contract path path to the consumer contract openapi or pact json format fmt consumer contract format openapi default or pact env environment default environment for bdct operations write workflow also write a starter github actions workflow what is not written into specshield yml your api key it s stored in specshield config json set by specshield login or read from specshield_api_key in ci the project file is committed never commit a secret into it login authentication step 1 create your account go to https specshield io and sign in with github or google 30 seconds step 2 generate an api key dashboard api keys generate key copy the ss_ token step 3 authenticate the cli specshield login api key ss_your_token_here logged in successfully customer your name plan free the token is stored in specshield config json no need to pass it on every command or use an environment variable recommended for ci export specshield_api_key ss_your_token_here this one env var works for every command compare login and every bdct subcommand all read it token resolution order compare login api key flag specshield_api_key env var stored config specshield yml bdct subcommands api token flag specshield_api_key env var stored config why two flag names compare and login were built first and used api key the newer bdct commands use api token to keep key reserved for the stored config concept the env var unifies both bdct capture from har and bdct verify provider don t require auth they run entirely locally against files your own staging url and nothing is uploaded config file run specshield init to generate specshield yml or hand write it every specshield invocation reads it from the project root or any parent directory and uses its values as defaults cli flags a...
Images from subpage: "github.com/features/codespaces" Verify
Images from subpage: "github.com/features/issues" Verify
Images from subpage: "github.com/features/code-review" Verify
Images from subpage: "github.com/security/advanced-security" Verify
Images from subpage: "github.com/security/advanced-security/code-security" Verify

Verified site has: 100 subpage(s). Do you want to verify them? Verify pages:

1-5 6-10 11-15 16-20 21-25 26-30 31-35 36-40 41-45 46-50
51-55 56-60 61-65 66-70 71-75 76-80 81-85 86-90 91-95 96-100


Top 50 hastags from of all verified websites.

Supplementary Information (add-on for SEO geeks)*- See more on header.verify-www.com

Header

HTTP/2 200
date Sun, 12 Jul 2026 10:06:01 GMT
content-type text/html; charset=utf-8
vary X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With, Sec-Fetch-Site,Accept-Encoding, Accept, X-Requested-With
etag W/ a309de441862f4c66bdb4b4e35adb719
cache-control max-age=0, private, must-revalidate
strict-transport-security max-age=31536000; includeSubdomains; preload
x-frame-options deny
x-content-type-options nosniff
x-xss-protection 0
referrer-policy no-referrer-when-downgrade
content-security-policy default-src none ; base-uri self ; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src self uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net productionresultssa1.blob.core.windows.net productionresultssa2.blob.core.windows.net productionresultssa3.blob.core.windows.net productionresultssa4.blob.core.windows.net productionresultssa5.blob.core.windows.net productionresultssa6.blob.core.windows.net productionresultssa7.blob.core.windows.net productionresultssa8.blob.core.windows.net productionresultssa9.blob.core.windows.net productionresultssa10.blob.core.windows.net productionresultssa11.blob.core.windows.net productionresultssa12.blob.core.windows.net productionresultssa13.blob.core.windows.net productionresultssa14.blob.core.windows.net productionresultssa15.blob.core.windows.net productionresultssa16.blob.core.windows.net productionresultssa17.blob.core.windows.net productionresultssa18.blob.core.windows.net productionresultssa19.blob.core.windows.net github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com wss://production-copilot-host.webpubsub.azure.com; font-src github.githubassets.com; form-action self github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors none ; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src self data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com user-images.githubusercontent.com private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com explore-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src self ; media-src github.com user-images.githubusercontent.com secured-user-images.githubusercontent.com private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src unsafe-inline github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server github.com
content-encoding gzip
accept-ranges bytes
set-cookie _gh_sess=wkB14%2F%2BhK0TCmdz%2B44jZADNDXJhx27Si7PnSZKUhla1DPAZ4c4oem0cRASvzNnM8mrRwzLRsTfeIHcFa5W7FlK%2Bz8D63SfC5E%2BB%2B203tUiwaD0rKosRPSnZS1bKCMYIb%2FeKxUsLcmLSZexWgMmoGjiA12UpyJcTikguFdGgbXY3ONutvqqe2xkyv41RV12mnbp1aLdE3PqIu6Unep%2F%2BeQrfrmGtc5KY%2BFAGsYyjQLigkXB7p2%2FzxSWVMxf%2BGuDtO4UHsCkQb20cU%2BOYfcWKpWQ%3D%3D--JIihxL1ILZyZUgIC--PtJQh5iJQXp3mwaWl9JZJw%3D%3D; path=/; HttpOnly; secure; SameSite=Lax
set-cookie _octo=GH1.1.934882711.1783850760; expires=Mon, 12 Jul 2027 10:06:00 GMT; domain=.github.com; path=/; secure; SameSite=Lax
set-cookie logged_in=no; expires=Mon, 12 Jul 2027 10:06:00 GMT; domain=.github.com; path=/; HttpOnly; secure; SameSite=Lax
x-github-request-id A89A:305564:11ED0C6:D89E85:6A536708

Meta Tags

title="GitHub - specshield26/specshield-cli: OpenAPI breaking change detection CLI | API contract testing | prevent API breaking changes in CI/CD · GitHub"
charset="utf-8"
name="route-pattern" content="/:user_id/:repository" data-turbo-transient
name="route-controller" content="files" data-turbo-transient
name="route-action" content="disambiguate" data-turbo-transient
name="fetch-nonce" content="v2:9167adfd-3b4a-6558-2c6b-78b5fcd7b939"
name="current-catalog-service-hash" content="f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb"
name="request-id" content="A89A:305564:11ED0C6:D89E85:6A536708" data-pjax-transient="true"
name="html-safe-nonce" content="7e478cb3e55f8e560e75910903d467a5a7608eb6a67678a1859c18c1bb9eb1a2" data-pjax-transient="true"
name="visitor-payload" content="eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBODlBOjMwNTU2NDoxMUVEMEM2OkQ4OUU4NTo2QTUzNjcwOCIsInZpc2l0b3JfaWQiOiI0MDE1MjkwNjcxMTI0NjcwMjE2IiwicmVnaW9uX2VkZ2UiOiJmcmEiLCJyZWdpb25fcmVuZGVyIjoiZnJhIn0=" data-pjax-transient="true"
name="visitor-hmac" content="4d2fcfa1fe94b8312b4dda5803fde7893524d2dbf70b631a90bcafb8f77bff4c" data-pjax-transient="true"
name="hovercard-subject-tag" content="repository:1188906206" data-turbo-transient
name="github-keyboard-shortcuts" content="repository,copilot" data-turbo-transient="true"
name="selected-link" value="repo_source" data-turbo-transient
name="google-site-verification" content="Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I"
name="octolytics-url" content="htt????/collector.github.com/github/collect"
name="analytics-location" content="/<user-name>/<repo-name>" data-turbo-transient="true"
name="user-login" content=""
name="viewport" content="width=device-width"
name="description" content="OpenAPI breaking change detection CLI | API contract testing | prevent API breaking changes in CI/CD - specshield26/specshield-cli"
property="fb:app_id" content="1401488693436528"
name="apple-itunes-app" content="app-id=1477376905, app-argument=htt????/github.com/specshield26/specshield-cli"
name="twitter:image" content="htt????/opengraph.githubassets.com/69951f4ce8e73418e81b59d22cd874fdf78c6e8b62999c361c6b26b82c4516f9/specshield26/specshield-cli"
name="twitter:site" content="@github"
name="twitter:card" content="summary_large_image"
name="twitter:title" content="GitHub - specshield26/specshield-cli: OpenAPI breaking change detection CLI | API contract testing | prevent API breaking changes in CI/CD"
name="twitter:description" content="OpenAPI breaking change detection CLI | API contract testing | prevent API breaking changes in CI/CD - specshield26/specshield-cli"
property="og:image" content="htt????/opengraph.githubassets.com/69951f4ce8e73418e81b59d22cd874fdf78c6e8b62999c361c6b26b82c4516f9/specshield26/specshield-cli"
property="og:image:alt" content="OpenAPI breaking change detection CLI | API contract testing | prevent API breaking changes in CI/CD - specshield26/specshield-cli"
property="og:image:width" content="1200"
property="og:image:height" content="600"
property="og:site_name" content="GitHub"
property="og:type" content="object"
property="og:title" content="GitHub - specshield26/specshield-cli: OpenAPI breaking change detection CLI | API contract testing | prevent API breaking changes in CI/CD"
property="og:url" content="htt????/github.com/specshield26/specshield-cli"
property="og:description" content="OpenAPI breaking change detection CLI | API contract testing | prevent API breaking changes in CI/CD - specshield26/specshield-cli"
name="hostname" content="github.com"
name="expected-hostname" content="github.com"
http-equiv="x-pjax-version" content="5097f45762a82a24b7e37d5cb7ec73793a2a04ca8aa1843e5f9b382a73cad82d" data-turbo-track="reload"
http-equiv="x-pjax-csp-version" content="cb4cffb7c023f774818cf728eb860debf1fc8ecf88a20487b238da276df1eb7d" data-turbo-track="reload"
http-equiv="x-pjax-css-version" content="71bf311b21b340807e61b916e191da35a3635764429500c0b85923590280098b" data-turbo-track="reload"
http-equiv="x-pjax-js-version" content="b9a586c06a05a7a86fc7e3f4dbd03e42f6869085879aa184aa6369456dbd50fb" data-turbo-track="reload"
name="turbo-cache-control" content="no-preview" data-turbo-transient=""
name="turbo-cache-control" content="no-cache" data-turbo-transient
data-hydrostats="publish"
name="go-import" content="github.com/specshield26/specshield-cli git htt????/github.com/specshield26/specshield-cli.git"
name="octolytics-dimension-user_id" content="270180568"
name="octolytics-dimension-user_login" content="specshield26"
name="octolytics-dimension-repository_id" content="1188906206"
name="octolytics-dimension-repository_nwo" content="specshield26/specshield-cli"
name="octolytics-dimension-repository_public" content="true"
name="octolytics-dimension-repository_is_fork" content="false"
name="octolytics-dimension-repository_network_root_id" content="1188906206"
name="octolytics-dimension-repository_network_root_nwo" content="specshield26/specshield-cli"
name="turbo-body-classes" content="logged-out env-production page-responsive"
name="disable-turbo" content="false"
name="browser-stats-url" content="htt????/api.github.com/_private/browser/stats"
name="browser-errors-url" content="htt????/api.github.com/_private/browser/errors"
name="release" content="07a982c1d40157c619b364352b704c3ce66bb332" data-turbo-track="reload"
name="ui-target" content="full"
name="theme-color" content="#1e2327"
name="color-scheme" content="light dark"
name="github-code-view-meta-stats" id="github-code-view-meta-stats" data-hydrostats="publish"

Load Info

page size684273
load time (s)1.010212
redirect count0
speed download106777
server IP 140.82.121.3
* all occurrences of the string "http://" have been changed to "htt???/"