If you are not sure if the website you would like to visit is secure, you can verify it here. Enter the website address of the page and see parts of its content and the thumbnail images on this site. None (if any) dangerous scripts on the referenced page will be executed. Additionally, if the selected site contains subpages, you can verify it (review) in batches containing 5 pages.
favicon.ico: github.com/specshield26/specshield-cli - GitHub - specshield26/specshie.

site address: github.com/specshield26/specshield-cli

site title: GitHub - specshield26/specshield-cli: OpenAPI breaking change detection CLI API contract testing prevent API breaking changes in CI/CD · GitHub

Our opinion (on Sunday 12 July 2026 13:04:53 UTC):

GREEN status (no comments) - no comments
After content analysis of this website we propose the following hashtags:


page from cache: 2 hours ago
Meta tags:
description=OpenAPI breaking change detection CLI API contract testing prevent API breaking changes in CI/CD - specshield26/specshield-cli;

Headings (most frequently used words):

the, bdct, consumer, provider, spec, specshield, contract, to, step, publish, cli, har, your, ci, navigation, it, vs, run, all, options, best, for, uh, oh, code, pull, saved, searches, testing, from, turn, real, into, verify, does, live, actually, github, use, and, files, history, breaking, in, local, compare, comparison, checks, file, gate, this, before, init, license, footer, json, compatibility, deploy, contracts, service, load, what, on, search, repositories, users, issues, requests, provide, feedback, specshield26, commands, bi, directional, capture, traffic, match, its, cd, actions, menu, filter, results, more, quickly, folders, latest, commit, repository, contents, never, ship, change, api, consumers, problem, solution, see, action, quick, start, world, story, cases, cloud, remote, share, app, pr, record, operational, concerns, read, going, why, is, most, valuable, piece, of, alternatives, pricing, first, setup, wizard, login, authentication, config, exit, codes, support, about, releases, packages, contributors, languages, how, works, openapi, subset, or, pact, can, matrix, list, specs, verifications, full, workflow, output, mental, model, 1a, chrome, firefox, edge, devtools, zero, frontend, 1b, playwright, teams, with, ui, tests, 1c, cypress, 1d, mitmproxy, backend, 1e, postman, insomnia, bruno, 1f, k6, test, bonus, recording, while, engine, scrubbing, auth, tokens, cookies, pii, multi, host, filtering, talks, several, backends, keeping, fresh, common, pitfalls, safe, by, default, path, parameter, resolution, validator, per, response, request, catch, changes, merge, push, nightly, production, conformance, example, yml, non, interactive, scriptable, mode, flags, topics, resources, stars, watchers, forks,

Text of the page (most frequently used words):
the (200), specshield (127), #provider (98), consumer (94), bdct (87), har (79), #contract (72), yaml (72), api (63), your (62), openapi (60), spec (60), and (55), service (53), json (50), from (48), run (46), for (42), name (40), github (39), env (38), version (37), deploy (37), with (37), payment (36), can (34), breaking (34), path (34), publish (34), acme (33), base (32), every (32), compare (32), org (29), url (28), checkout (28), you (27), code (27), file (27), verify (26), pact (25), key (25), format (24), capture (24), that (23), cli (23), staging (23), this (21), all (21), production (21), test (21), one (20), traffic (20), list (19), fail (19), error (18), changes (18), config (18), tests (18), status (17), change (17), required (17), step (17), get (17), store (17), testing (16), out (16), https (16), share (15), output (15), history (15), compatibility (15), only (15), payments (15), pass (14), yml (14), contracts (14), actions (14), team (14), gate (14), install (14), token (13), default (13), never (13), target (13), use (13), specshield_api_key (13), type (13), per (12), its (12), app (12), uses (12), what (12), conformance (12), com (12), field (12), playwright (12), not (11), into (11), request (11), remote (11), security (10), free (10), account (10), exit (10), consumers (10), flags (10), options (10), true (10), are (10), local (10), any (10), when (10), post (10), mitmproxy (10), cypress (10), compatible (10), comparison (10), 2026 (9), diff (9), users (9), view (9), npm (9), support (9), hosted (9), commands (9), keep (9), login (9), dashboard (9), enterprise (9), checks (9), dsl (9), before (9), response (9), string (9), see (9), same (9), time (8), page (8), published (8), open (8), branch (8), stored (8), flag (8), running (8), matches (8), project (8), init (8), they (8), command (8), endpoint (8), already (8), vars (8), paymentid (8), actually (8), browser (8), entries (8), integration (8), record (8), reload (7), license (7), detection (7), header (7), include (7), matrix (7), subcommand (7), check (7), specs (7), safe (7), number (7), main (7), environment (7), pay (7), write (7), against (7), works (7), workflow (7), once (7), broker (7), secrets (7), schema (7), 200 (7), engine (7), just (7), recorder (7), publishes (7), create (6), probes (6), repeatable (6), timeout (6), params (6), non (6), providers (6), ver (6), override (6), server (6), subset (6), failonbreaking (6), set (6), files (6), var (6), two (6), export (6), also (6), skip (6), kind (6), without (6), must (6), workflows (6), package (6), email (6), staging_token (6), node (6), pull (6), catch (6), via (6), amount (6), does (6), have (6), context (6), right (6), host (6), endpoints (6), full (6), saved (6), action (5), navigation (5), deployable (5), codes (5), title (5), read (5), turn (5), link (5), info (5), ignore (5), save (5), result (5), defaults (5), each (5), paths (5), match (5), generate (5), own (5), first (5), both (5), why (5), fields (5), example (5), git (5), public (5), partial (5), authorization (5), runs (5), sha (5), merge (5), examples (5), orders (5), teams (5), backend (5), npx (5), produces (5), load (5), click (5), content (5), tab (5), incompatible (5), issues (5), search (5), community (4), was (4), while (4), readme (4), devtools (4), missing (4), more (4), mutating (4), filters (4), filter (4), machine (4), readable (4), purpose (4), description (4), expires (4), option (4), mode (4), github_sha (4), delete (4), removed (4), values (4), names (4), need (4), customer (4), plan (4), sign (4), commit (4), talks (4), everything (4), interactive (4), optional (4), writes (4), specshield26 (4), asks (4), signed (4), detects (4), wizard (4), setup (4), registry (4), latest (4), specshield_org (4), uuid (4), date (4), object (4), 123 (4), them (4), userid (4), methods (4), live (4), trust (4), existing (4), their (4), close (4), recordhar (4), prefix (4), captured (4), scrub (4), zero (4), session (4), real (4), orderid (4), recording (4), then (4), http (4), another (4), start (4), exercised (4), new (4), platform (4), mcp (4), cookies (3), docs (3), there (3), loading (3), please (3), report (3), repository (3), stars (3), mit (3), resources (3), topics (3), admin (3), runtime (3), self (3), recorded (3), verification (3), across (3), days (3), comparisons (3), warning (3), severity (3), commentonpr (3), specpath (3), hand (3), root (3), directory (3), always (3), require (3), resolution (3), secret (3), written (3), starter (3), stdout (3), auto (3), toml (3), repo (3), cloud (3), advanced (3), rbac (3), audit (3), slack (3), pricing (3), oss (3), paid (3), requires (3), directional (3), bearer (3), steps (3), ubuntu (3), jobs (3), branches (3), exact (3), 4xx (3), documented (3), integer (3), automatically (3), like (3), parameter (3), off (3), but (3), most (3), source (3), accurate (3), loop (3), body (3), would (3), break (3), language (3), sdk (3), single (3), entry (3), want (3), fix (3), ops (3), inventory (3), calls (3), scrubbed (3), input (3), tool (3), quick (3), bodies (3), reference (3), html (3), return (3), postman (3), add (3), 8080 (3), available (3), best (3), generator (3), safari (3), menu (3), frontend (3), mobile (3), partner (3), application (3), 482 (3), user (3), last (3), changed (3), cases (3), incident (3), services (3), changelog (3), insights (3), requests (3), settings (3), window (3), refresh (3), documentation (3), feedback (3), grade (3), features (3), copilot (3), solutions (3), explore (3), manage (2), footer (2), releases (2), fork (2), governance (2), swagger (2), microservices (2), prevent (2), about (2), stop (2), star (2), issue (2), software (2), private (2), limited (2), failed (2), method (2), verbs (2), size (2), overrides (2), organization (2), common (2), manually (2), make (2), limit (2), specific (2), collapse (2), relative (2), used (2), false (2), schemaversion (2), invocation (2), reads (2), entirely (2), nothing (2), auth (2), built (2), order (2), ss_your_token_here (2), copy (2), seconds (2), authentication (2), fmt (2), print (2), come (2), resolved (2), optionally (2), using (2), whether (2), mod (2), pom (2), xml (2), pyproject (2), under (2), started (2), saml (2), sso (2), scim (2), prem (2), log (2), workspace (2), priority (2), included (2), dredd (2), native (2), ingest (2), gating (2), pactflow (2), alternatives (2), push (2), tmp (2), actual (2), coverage (2), null (2), parameters (2), declare (2), repeat (2), reason (2), parsing (2), resolve (2), side (2), health (2), thingid (2), data (2), opt (2), things (2), says (2), sometimes (2), returns (2), numeric (2), usually (2), validating (2), derived (2), tax (2), deployed (2), other (2), instrument (2), piece (2), cert (2), above (2), import (2), tls (2), explicitly (2), end (2), await (2), chromium (2), didn (2), templated (2), segment (2), literal (2), multiple (2), hosts (2), doesn (2), identical (2), pattern (2), circleci (2), syntax (2), service_name (2), whole (2), keeping (2), different (2), multi (2), backends (2), emits (2), types (2), sanitizer (2), patterns (2), headers (2), cookie (2), contain (2), pii (2), operational (2), concerns (2), blocked (2), git_sha (2), sample (2), alongside (2), shapes (2), samples (2), seen (2), passes (2), images (2), schemas (2), will (2), omitted (2), wrote (2), expected (2), regardless (2), which (2), runner (2), either (2), insomnia (2), bruno (2), jvm (2), environments (2), hardump (2), brew (2), mitmdump (2), https_proxy (2), localhost (2), done (2), pointing (2), proxy (2), point (2), through (2), e2e (2), exports (2), module (2), neuralegion (2), const (2), call (2), paste (2), during (2), network (2), note (2), clear (2), chrome (2), firefox (2), edge (2), jump (2), how (2), agnostic (2), between (2), something (2), feature (2), work (2), verifications (2), properties (2), currency (2), verifies (2), comment (2), gets (2), links (2), billing (2), useful (2), drift (2), over (2), cross (2), notifications (2), track (2), expect (2), pipeline (2), broken (2), build (2), 2am (2), paymentstatus (2), too (2), blocks (2), breaks (2), solution (2), review (2), find (2), apis (2), problem (2), agent (2), agents (2), ship (2), lock (2), npmignore (2), gitignore (2), src (2), scripts (2), fixtures (2), demo (2), bin (2), commits (2), message (2), quality (2), projects (2), appearance (2), cancel (2), searches (2), repositories (2), business (2), developer (2), devops (2), perform, personal, information, contact, privacy, terms, inc, 100, javascript, languages, contributors, packages, forks, watching, watchers, activity, finding, breakage, found, clean, meaning, accepts, these, pairs, trigger, pair, expire, after, reportid, level, allow, informational, tag, 10000, enabled, substring, parent, win, locally, uploaded, don, were, newer, reserved, concept, unifies, subcommands, variable, recommended, logged, successfully, authenticate, ss_, keys, google, committed, operations, overwrite, confirmation, exists, force, detect, proposed, prompts, scriptable, subdirectory, present, validates, stores, autocompletes, suggests, otherwise, master, cargo, looks, credit, card, sales, dedicated, onboarding, sla, talk, enforced, trail, alerts, annual, web, day, forever, price, tier, readyapi, microcks, specmatic, oasdiff, smartbear, workflow_dispatch, daily, utc, cron, schedule, nightly, show, origin, fetch, depth, pull_request, wildcard, undocumented, properly, allows, oas, isms, handled, nullable, outside, enum, enums, plus, ajv, formats, array, boolean, validator, neither, resolves, skipped, param, wins, templates, 8000, extra, send, kvlist, probe, put, patch, effects, ref, least, unconfigured, unresolved, head, effect, catches, contains, partially_refunded, pending, refunded, truth, closes, firing, active, style, removes, converts, turns, folder, merges, measurable, enforcement, product, market, adopt, should, doing, aren, valuable, jks, trusted, rejects, newcontext, launch, empty, segments, differ, stays, looked, got, succeeds, document, drop, cause, symptom, pitfalls, gitlab, jenkins, injection, provider_name, provider_base_url, mvnw, whatever, typical, fresh, doubles, filtering, several, carries, words, ssn, creditcard, supports, redaction, allowlists, etc, heavier, del, select, ascii_downcase, deps, raw, publishing, scrubbing, tokens, going, section, promoting, dropped, ends, 404, documents, handles, happy, uuids, rfc, 3339, times, addresses, three, slightly, emitted, stay, become, widens, conflict, falls, back, some, merger, merging, becomes, preceding, noun, generic, resulting, likely, accountid, abc, templating, binary, inferred, appear, comma, separated, keeps, matching, critical, below, summary, means, survived, exactly, total, produced, metrics, script, bonus, collection, separate, many, cacerts, curl_ca_bundle, requests_ca_bundle, node_extra_ca_certs, listen, port, http_proxy, ctrl, disk, terminal, tell, dump, macos, pip, apt, lands, outdir, savehar, aftereach, beforeeach, setupnodeevents, flushed, runnable, lives, clone, jsonplaceholder, sandbox, toolchain, made, noise, onlyjson, usual, embed, __dirname, baseurl, testdir, develop, entire, byte, anywhere, button, flows, cmd, f12, reading, recipes, follow, exploratory, caller, plugin, spa, driven, effort, pick, almost, yourself, happens, saving, inference, mental, model, drifts, moment, forget, reflects, difference, proved, called, learn, universal, framework, makes, normal, incompatiblecount, compatiblecount, consumerversion, consumername, deployment, update, release, unknown, verified, checked, response_field_missing, expects, type_mismatch, pacts, supported, 201, responses, requestbody, describing, stamped, correlate, came, compares, presence, sides, relies, satisfied, gates, overhead, configure, configurable, sticky, highlighted, visible, choose, repos, touches, automatic, 256, bit, random, unguessable, enumeration, revoke, ready, _ru8ovubxy3r9zhosylesaulphcqbyh5jtpyldsmu88, 16t12, 56z, usage, jira, ticket, anyone, recent, 481, updated, 480, shows, drill, down, tracking, members, machines, straight, saves, includes, still, isn, historyid, sends, heavy, basic, needed, text, leaves, infrastructure, class, urls, timeline, human, writing, line, sure, paper, know, whom, deliver, surprises, safety, stops, validation, returned, affected, missing_field, created, ran, mismatch, caught, immediately, reached, triggered, merged, renamed, wasn, notified, world, story, welcome, banner, skips, silence, workstation, specshield_no_banner, tf_build, travis, jenkins_url, gitlab_ci, buildkite, github_actions, quiet, docker, seeds, subsequent, again, drifting, detected, modifications, additions, surprise, 3am, anything, proves, satisfies, those, expectations, deploying, think, unit, manual, late, enforces, angry, integrations, logs, rename, crashes, 000, silently, feel, brings, claude, cursor, clients, ask, inside, job, points, coding, uploads, prove, block, four, reach, known, bidirectional, overview, contents, items, folders, tags, additional, notification, dismiss, alert, switched, accounts, resetting, focus, qualifiers, our, query, results, quickly, submit, address, contacted, take, very, seriously, provide, tips, premium, ons, powered, collections, trending, archive, program, accelerator, maintainer, lab, programs, fund, developers, sponsors, partners, center, forum, skills, ebooks, reports, events, webinars, stories, development, topic, industries, government, manufacturing, financial, healthcare, industry, devsecops, modernization, case, nonprofits, startups, small, medium, enterprises, company, marketplace, blog, leaks, protection, secure, vulnerabilities, instant, dev, codespaces, automate, integrate, external, tools, direct, better, creation, toggle,


Text of the page (random words):
ublic jsonplaceholder sandbox so you can verify the toolchain works before pointing it at your own provider 1c cypress npm i d neuralegion cypress har generator cypress config js const install require neuralegion cypress har generator module exports e2e setupnodeevents on config install on return config cypress support e2e js beforeeach cy recordhar aftereach cy savehar outdir har out run npx cypress run and the har for each spec lands in har out 1d mitmproxy best for backend service to service when the consumer is a backend service no browser point it through mitmproxy in your integration test env no consumer code change install once brew install mitmproxy macos also available via pip and apt start the proxy and tell it to dump har mitmdump set hardump traffic har listen port 8080 in another terminal run your tests with https_proxy pointing at it https_proxy http localhost 8080 http_proxy http localhost 8080 run integration tests sh ctrl c mitmdump when done traffic har is on disk the hardump add on is built into mitmproxy 9 0 for tls hosts you ll need to trust mitmproxy s ca in your test jvm runtime see the mitmproxy ca docs in many test environments it s a single env var node_extra_ca_certs requests_ca_bundle curl_ca_bundle or a jvm cacerts import 1e postman insomnia bruno run the request or a whole collection runner right click the response save response as har repeat for each request you want included then either keep them as separate har files pass in once per file via a loop in ci or merge them with any har merge tool 1f k6 load test bonus recording while load testing k6 run out har traffic har script js k6 emits a har alongside its load metrics same file works with bdct capture from har step 2 turn the har into a consumer contract this is the one cli command the same command works regardless of which recorder produced the har specshield bdct capture from har in traffic har base url https api acme com out consumer contract yaml expected output wrote consumer contract yaml 4 endpoints 6 ops from 23 41 entries the 23 41 summary means 23 entries survived the filters right host json body out of 41 total the recorder captured open the yaml to see exactly what your code talks to endpoint by endpoint field by field all options flag purpose default in path required input har file har 1 2 out path output file if omitted writes to stdout stdout base url url keep only entries matching this url prefix critical when the consumer talks to multiple backends see multi host below no filter keeps every host method verbs comma separated methods to include e g get post all methods title title openapi info title captured consumer contract version ver openapi info version usually your git sha in ci 0 1 0 format fmt yaml or json yaml include non json keep entries with non json bodies html images binary schemas can t be inferred but the endpoints will appear off what the engine actually does for every har entry that passes the filters path templating users 123 orders abc 2026 becomes users userid orders orderid parameter names come from the preceding noun in the url not a generic id so the resulting openapi matches the parameter names your provider likely already uses userid orderid accountid per status schema merging if three get users userid samples return slightly different shapes the emitted schema is the merger fields seen in every sample stay required fields seen in some samples become optional integer number widens to number a type conflict falls back to string format detection uuids rfc 3339 date times and email addresses get format uuid format date time format email status code coverage a 404 sample produces its own response schema alongside the 200 so the contract documents the error shapes your code handles not just the happy path json only by default entries with non json bodies are dropped the html page load from a playwright test never ends up in the contract step 3 publish gate 1 publish the captured contract run on every consumer pr specshield bdct publish consumer org acme store consumer checkout ui provider payment service version git_sha format openapi contract consumer contract yaml 2 gate the deploy run before promoting the consumer specshield bdct can i deploy org acme store service checkout ui version git_sha env staging exit 0 safe exit 1 a verification says no and the deploy is blocked full bdct command reference is in the bi directional contract testing section above operational concerns read this before going live scrubbing auth tokens cookies and pii a raw har can contain authorization headers session cookies and real pii in request response bodies scrub before publishing two patterns quick scrub with jq zero deps if you already have jq jq del headers select name ascii_downcase in authorization cookie set cookie x api key traffic har scrubbed har heavier scrub via har sanitizer npm tool supports body redaction patterns allowlists etc npx har sanitizer input traffic har output scrubbed har scrub words email ssn creditcard the contract that bdct capture from har emits only carries field names and types not values so once the har is scrubbed of secrets the published contract is safe to share with the provider team multi host filtering consumer talks to several backends base url is a prefix match so it doubles as a host filter keep only calls to the payment service specshield bdct capture from har in traffic har base url https payment acme com out contracts checkout ui payment yaml same har different provider keep only calls to inventory specshield bdct capture from har in traffic har base url https inventory acme com out contracts checkout ui inventory yaml one test run one har n consumer contracts one per provider keeping contracts fresh in ci the whole pattern is record from your existing tests publish from ci a typical github workflows contract test yml name run integration tests produces traffic har run npx playwright test or mvnw verify or whatever you use name har consumer contract run specshield bdct capture from har in traffic har base url vars provider_base_url out consumer contract yaml name publish contract env specshield_api_key secrets specshield_api_key run specshield bdct publish consumer org vars specshield_org consumer vars service_name provider vars provider_name version github sha format openapi contract consumer contract yaml name gate the deploy env specshield_api_key secrets specshield_api_key run specshield bdct can i deploy org vars specshield_org service vars service_name version github sha env staging identical pattern on gitlab circleci jenkins only the secret injection syntax changes common pitfalls symptom cause fix 0 endpoints 0 ops from 0 n entries base url doesn t match any host in the har drop base url to see what hosts are in the har re run with the right prefix contract is missing your post recorder captured a 4xx for that post fix the test so the post succeeds or keep the 4xx it ll document the error path path got templated when you didn t want it to a literal path segment looked like a numeric uuid id path segments are templated when multiple entries share a prefix but differ on that segment a single entry stays literal playwright har file is empty not written context close didn t run create the context explicitly with chromium launch browser newcontext recordhar and await context close at the end of the test backend rejects post when mitmproxy is in the path tls cert not trusted by the consumer see the mitmproxy ca cert link above one env var or one jks import why this is the most valuable piece of the cli every other contract testing product on the market asks the consumer team to change their code adopt a dsl instrument their tests run a broker that tax is why most teams that should be doing contract testing aren t bdct capture from har removes the tax your team s existing test run is already the contract the cli just converts the format the har capture publish can i deploy loop is what turns we have openapi specs in a folder into no provider pr merges if it would break a deployed consumer with measurable enforcement in one ci step and no per language sdk bdct verify provider does your live provider actually match its spec active spec vs production conformance dredd style in ci most teams trust the provider s openapi as the source of truth and never check whether the running service actually matches it specshield s compatibility engine for bdct is only as accurate as that trust so verify provider closes the loop by firing probes derived from the spec at a running endpoint staging usually and validating every response body against the spec s schema for its status code catches things like the spec says status paid pending refunded but the live api sometimes returns partially_refunded or a field documented as required is sometimes missing or a format uuid field actually contains a numeric id safe by default by default verify provider only probes safe methods get head options it must never side effect your staging data mutating methods are opt in with include mutating run it specshield bdct verify provider spec api openapi yaml base url https staging payments acme com provider conformance spec vs https staging payments acme com pass get health 200 fail get payments paymentid 200 amount must be number pass get orders 200 skip get unconfigured thingid unresolved path params no path params or spec example thingid 2 pass 1 fail 0 error 1 skip 4 probes exit codes 0 all pass 1 at least one fail error 2 config spec error options flag purpose spec path required provider openapi spec yaml or json ref s are resolved base url url required base url of the running provider e g https staging payments acme com include mutating also probe post put patch delete off by default never side effects staging path params kvlist resolve path params paymentid pay 123 userid u 7 overrides spec examples repeatable header header extra request header to send e g header authorization bearer token repeatable timeout ms ms per request timeout default 8000 json machine readable json output for ci parsing path parameter resolution for path templates like payments paymentid the resolution priority is path params paymentid pay 123 on the cli always wins the spec s parameters example for that param skipped with a reason if neither resolves so you can declare examples in the spec once and never repeat them on the cli paths payments paymentid get parameters name paymentid in path required true schema type string example pay 123 verify provider uses this automatically what the validator checks per response type format string integer number boolean array object plus format uuid date time email via ajv formats required fields flags any required field that s missing enums flags values outside the documented enum set nullable true properly allows null values oas 3 0 isms handled status code coverage actual status must match an exact code a wildcard 4xx or the default response an undocumented status is a fail run it from ci name verify production matches spec env staging_token secrets staging_token run specshield bdct verify provider spec api openapi yaml base url https staging payments acme com header authorization bearer staging_token json conformance json ci cd github actions on pull request catch breaking spec changes before merge name api contract check on pull_request branches main jobs check api contract runs on ubuntu latest steps uses actions checkout v4 with fetch depth 0 uses actions setup node v4 with node version 20 run npm install g specshield run git show origin main api openapi yaml tmp base yaml run specshield compare tmp base yaml api openapi yaml fail on breaking on push publish provider spec gate the deploy name bdct publish deploy gate on push branches main paths api openapi yaml jobs publish bdct runs on ubuntu latest steps uses actions checkout v4 uses actions setup node v4 with node version 20 run npm install g specshield name publish provider spec env specshield_api_key secrets specshield_api_key run specshield bdct publish provider org vars specshield_org provider payment service version github sha spec api openapi yaml env production name gate the deploy env specshield_api_key secrets specshield_api_key run specshield bdct can i deploy org vars specshield_org service payment service version github sha env production nightly spec vs production conformance name provider conformance on schedule cron 0 7 daily 07 00 utc workflow_dispatch jobs conformance runs on ubuntu latest steps uses actions checkout v4 uses actions setup node v4 with node version 20 run npm install g specshield name verify production matches its spec env staging_token secrets staging_token run specshield bdct verify provider spec api openapi yaml base url https staging payments acme com header authorization bearer staging_token vs alternatives specshield pact pactflow smartbear oasdiff specmatic microcks oss openapi native partial pact dsl no broker required pact broker bi directional contract testing pactflow paid partial breaking change detection can i deploy gating broker pact json ingest native har consumer contract capture requires pact dsl in tests spec vs production conformance partial readyapi dredd github app pr checks hosted dashboard paid partial cli first partial free tier oss oss pricing plan price what s included free 0 forever local compare bdct capture from har bdct verify provider public web diff 7 day compare history 1 github app pr check team 89 mo 75 annual everything in free consumer registry enforced can i deploy gate audit trail bdct compatibility matrix slack alerts team workspace rbac priority email support enterprise talk to us everything in team saml sso scim on prem private cloud advanced rbac audit log export dedicated onboarding sla no credit card for the free plan get started free for enterprise sales specshield io specshield init first run setup wizard run once at the root of your project the wizard detects your openapi spec looks under api spec docs repo root detects your service name package json pyproject toml pom xml go mod cargo toml or directory name detects your git branch and suggests production for main master staging otherwise asks whether this project is a provider a consumer or both asks for your org key autocompletes from your account if signed in validates stores your api key writes specshield yml and optionally a starter github workflows specshield bdct yml using specshield26 bdct action v1 specshield init example specshield yml schemaversion 1 failonbreaking true severity error bdct org acme pay environment staging provider name payment service spec api openapi yaml consumer optional present when kind consumer or kind both consumer name checkout ui provider payment service contract contracts payment service yaml format openapi github specpath api openapi yaml failonbreaking true commentonpr true cli flags always override this file paths in the file are resolved relative to...
Images from subpage: "github.com/topics/api-breaking-changes" Verify
Images from subpage: "github.com/specshield26/specshield-cli/activity" Verify
Images from subpage: "github.com/specshield26/specshield-cli/forks" Verify
Images from subpage: "github.com/contact/report-content?content_url=https://github... " Verify
Images from subpage: "github.com/specshield26/specshield-cli/releases" Verify

Verified site has: 100 subpage(s). Do you want to verify them? Verify pages:

1-5 6-10 11-15 16-20 21-25 26-30 31-35 36-40 41-45 46-50
51-55 56-60 61-65 66-70 71-75 76-80 81-85 86-90 91-95 96-100


Top 50 hastags from of all verified websites.

Supplementary Information (add-on for SEO geeks)*- See more on header.verify-www.com

Header

HTTP/2 200
date Sun, 12 Jul 2026 10:06:01 GMT
content-type text/html; charset=utf-8
vary X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With, Sec-Fetch-Site,Accept-Encoding, Accept, X-Requested-With
etag W/ a309de441862f4c66bdb4b4e35adb719
cache-control max-age=0, private, must-revalidate
strict-transport-security max-age=31536000; includeSubdomains; preload
x-frame-options deny
x-content-type-options nosniff
x-xss-protection 0
referrer-policy no-referrer-when-downgrade
content-security-policy default-src none ; base-uri self ; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src self uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net productionresultssa1.blob.core.windows.net productionresultssa2.blob.core.windows.net productionresultssa3.blob.core.windows.net productionresultssa4.blob.core.windows.net productionresultssa5.blob.core.windows.net productionresultssa6.blob.core.windows.net productionresultssa7.blob.core.windows.net productionresultssa8.blob.core.windows.net productionresultssa9.blob.core.windows.net productionresultssa10.blob.core.windows.net productionresultssa11.blob.core.windows.net productionresultssa12.blob.core.windows.net productionresultssa13.blob.core.windows.net productionresultssa14.blob.core.windows.net productionresultssa15.blob.core.windows.net productionresultssa16.blob.core.windows.net productionresultssa17.blob.core.windows.net productionresultssa18.blob.core.windows.net productionresultssa19.blob.core.windows.net github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com wss://production-copilot-host.webpubsub.azure.com; font-src github.githubassets.com; form-action self github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors none ; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src self data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com user-images.githubusercontent.com private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com explore-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src self ; media-src github.com user-images.githubusercontent.com secured-user-images.githubusercontent.com private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src unsafe-inline github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server github.com
content-encoding gzip
accept-ranges bytes
set-cookie _gh_sess=wkB14%2F%2BhK0TCmdz%2B44jZADNDXJhx27Si7PnSZKUhla1DPAZ4c4oem0cRASvzNnM8mrRwzLRsTfeIHcFa5W7FlK%2Bz8D63SfC5E%2BB%2B203tUiwaD0rKosRPSnZS1bKCMYIb%2FeKxUsLcmLSZexWgMmoGjiA12UpyJcTikguFdGgbXY3ONutvqqe2xkyv41RV12mnbp1aLdE3PqIu6Unep%2F%2BeQrfrmGtc5KY%2BFAGsYyjQLigkXB7p2%2FzxSWVMxf%2BGuDtO4UHsCkQb20cU%2BOYfcWKpWQ%3D%3D--JIihxL1ILZyZUgIC--PtJQh5iJQXp3mwaWl9JZJw%3D%3D; path=/; HttpOnly; secure; SameSite=Lax
set-cookie _octo=GH1.1.934882711.1783850760; expires=Mon, 12 Jul 2027 10:06:00 GMT; domain=.github.com; path=/; secure; SameSite=Lax
set-cookie logged_in=no; expires=Mon, 12 Jul 2027 10:06:00 GMT; domain=.github.com; path=/; HttpOnly; secure; SameSite=Lax
x-github-request-id A89A:305564:11ED0C6:D89E85:6A536708

Meta Tags

title="GitHub - specshield26/specshield-cli: OpenAPI breaking change detection CLI | API contract testing | prevent API breaking changes in CI/CD · GitHub"
charset="utf-8"
name="route-pattern" content="/:user_id/:repository" data-turbo-transient
name="route-controller" content="files" data-turbo-transient
name="route-action" content="disambiguate" data-turbo-transient
name="fetch-nonce" content="v2:9167adfd-3b4a-6558-2c6b-78b5fcd7b939"
name="current-catalog-service-hash" content="f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb"
name="request-id" content="A89A:305564:11ED0C6:D89E85:6A536708" data-pjax-transient="true"
name="html-safe-nonce" content="7e478cb3e55f8e560e75910903d467a5a7608eb6a67678a1859c18c1bb9eb1a2" data-pjax-transient="true"
name="visitor-payload" content="eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBODlBOjMwNTU2NDoxMUVEMEM2OkQ4OUU4NTo2QTUzNjcwOCIsInZpc2l0b3JfaWQiOiI0MDE1MjkwNjcxMTI0NjcwMjE2IiwicmVnaW9uX2VkZ2UiOiJmcmEiLCJyZWdpb25fcmVuZGVyIjoiZnJhIn0=" data-pjax-transient="true"
name="visitor-hmac" content="4d2fcfa1fe94b8312b4dda5803fde7893524d2dbf70b631a90bcafb8f77bff4c" data-pjax-transient="true"
name="hovercard-subject-tag" content="repository:1188906206" data-turbo-transient
name="github-keyboard-shortcuts" content="repository,copilot" data-turbo-transient="true"
name="selected-link" value="repo_source" data-turbo-transient
name="google-site-verification" content="Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I"
name="octolytics-url" content="htt????/collector.github.com/github/collect"
name="analytics-location" content="/<user-name>/<repo-name>" data-turbo-transient="true"
name="user-login" content=""
name="viewport" content="width=device-width"
name="description" content="OpenAPI breaking change detection CLI | API contract testing | prevent API breaking changes in CI/CD - specshield26/specshield-cli"
property="fb:app_id" content="1401488693436528"
name="apple-itunes-app" content="app-id=1477376905, app-argument=htt????/github.com/specshield26/specshield-cli"
name="twitter:image" content="htt????/opengraph.githubassets.com/69951f4ce8e73418e81b59d22cd874fdf78c6e8b62999c361c6b26b82c4516f9/specshield26/specshield-cli"
name="twitter:site" content="@github"
name="twitter:card" content="summary_large_image"
name="twitter:title" content="GitHub - specshield26/specshield-cli: OpenAPI breaking change detection CLI | API contract testing | prevent API breaking changes in CI/CD"
name="twitter:description" content="OpenAPI breaking change detection CLI | API contract testing | prevent API breaking changes in CI/CD - specshield26/specshield-cli"
property="og:image" content="htt????/opengraph.githubassets.com/69951f4ce8e73418e81b59d22cd874fdf78c6e8b62999c361c6b26b82c4516f9/specshield26/specshield-cli"
property="og:image:alt" content="OpenAPI breaking change detection CLI | API contract testing | prevent API breaking changes in CI/CD - specshield26/specshield-cli"
property="og:image:width" content="1200"
property="og:image:height" content="600"
property="og:site_name" content="GitHub"
property="og:type" content="object"
property="og:title" content="GitHub - specshield26/specshield-cli: OpenAPI breaking change detection CLI | API contract testing | prevent API breaking changes in CI/CD"
property="og:url" content="htt????/github.com/specshield26/specshield-cli"
property="og:description" content="OpenAPI breaking change detection CLI | API contract testing | prevent API breaking changes in CI/CD - specshield26/specshield-cli"
name="hostname" content="github.com"
name="expected-hostname" content="github.com"
http-equiv="x-pjax-version" content="5097f45762a82a24b7e37d5cb7ec73793a2a04ca8aa1843e5f9b382a73cad82d" data-turbo-track="reload"
http-equiv="x-pjax-csp-version" content="cb4cffb7c023f774818cf728eb860debf1fc8ecf88a20487b238da276df1eb7d" data-turbo-track="reload"
http-equiv="x-pjax-css-version" content="71bf311b21b340807e61b916e191da35a3635764429500c0b85923590280098b" data-turbo-track="reload"
http-equiv="x-pjax-js-version" content="b9a586c06a05a7a86fc7e3f4dbd03e42f6869085879aa184aa6369456dbd50fb" data-turbo-track="reload"
name="turbo-cache-control" content="no-preview" data-turbo-transient=""
name="turbo-cache-control" content="no-cache" data-turbo-transient
data-hydrostats="publish"
name="go-import" content="github.com/specshield26/specshield-cli git htt????/github.com/specshield26/specshield-cli.git"
name="octolytics-dimension-user_id" content="270180568"
name="octolytics-dimension-user_login" content="specshield26"
name="octolytics-dimension-repository_id" content="1188906206"
name="octolytics-dimension-repository_nwo" content="specshield26/specshield-cli"
name="octolytics-dimension-repository_public" content="true"
name="octolytics-dimension-repository_is_fork" content="false"
name="octolytics-dimension-repository_network_root_id" content="1188906206"
name="octolytics-dimension-repository_network_root_nwo" content="specshield26/specshield-cli"
name="turbo-body-classes" content="logged-out env-production page-responsive"
name="disable-turbo" content="false"
name="browser-stats-url" content="htt????/api.github.com/_private/browser/stats"
name="browser-errors-url" content="htt????/api.github.com/_private/browser/errors"
name="release" content="07a982c1d40157c619b364352b704c3ce66bb332" data-turbo-track="reload"
name="ui-target" content="full"
name="theme-color" content="#1e2327"
name="color-scheme" content="light dark"
name="github-code-view-meta-stats" id="github-code-view-meta-stats" data-hydrostats="publish"

Load Info

page size684273
load time (s)1.010212
redirect count0
speed download106777
server IP 140.82.121.3
* all occurrences of the string "http://" have been changed to "htt???/"