README
ΒΆ
Contract Validator Toolkit
A contract validation platform for OpenAPI v2/v3 specifications that validates API requests and responses against API contracts. Supports both consumer-side (client) and producer-side (server) validation.
Examples: For complete working examples with real-world usage patterns, see the CVT Demo Repository.
ποΈ Podcast
Listen to an AI-generated podcast of CVT, created with NotebookLM
Features
- OpenAPI v2/v3 Support - Validate against Swagger 2.0 and OpenAPI 3.0 specifications
- Consumer Validation - Validate outgoing API calls match the contract (client-side)
- Producer Validation - Validate incoming requests match the contract (server-side middleware)
- Consumer Registry - Track which consumers depend on which schemas
- Mock Server - Generate a running HTTP mock server from any OpenAPI schema with
cvt mock - Deployment Safety -
can-i-deploychecks prevent breaking changes from reaching production - High Performance - gRPC-based server with schema caching (1000 schemas, 24h TTL)
- Multiple SDKs - Node.js, Python, Go, and Java client libraries
- Security - TLS/mTLS support and API key authentication
- Observability - Prometheus metrics and Grafana dashboards built-in
Contract Testing Overview
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Contract Testing with CVT β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β CONSUMER TESTING PRODUCER TESTING β
β "Am I calling the API correctly?" "Does my API match my spec?" β
β β
β βββββββββββββββ HTTP βββββββββββββββ β
β β Your Serviceβ βββββββββββββββΊ β Upstream APIβ β
β β (Consumer) β β (Producer) β β
β ββββββββ¬βββββββ βββββββββββββββ β
β β β
β β Validate request/response β
β βΌ β
β βββββββββββββββ βββββββββββββββ HTTP ββββββββββ β
β β CVT Server β β Your API βββββββββββββββββββ Client β β
β β + Schema β β + Middlewareβ β β β
β βββββββββββββββ ββββββββ¬βββββββ ββββββββββ β
β β β
β β Validate request/response β
β βΌ β
β βββββββββββββββ β
β β CVT Server β β
β β + Schema β β
β βββββββββββββββ β
β β
β Use Cases: Use Cases: β
β β’ Test your API integrations β’ Runtime request validation β
β β’ Mock upstream APIs β’ Detect implementation drift β
β β’ Register as consumer β’ Deployment safety checks β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Quick Start
# 1. Start CVT server + PostgreSQL + Prometheus + Grafana
make up
# 2. Verify gRPC server is accepting connections
make health
# 3. Run Node.js SDK example to see validation in action
make run-example
# 4. Stop all containers
make down
Basic Usage
import { ContractValidator } from "@sahina/cvt-sdk";
const validator = new ContractValidator("localhost:9550");
await validator.registerSchema("my-api", "./openapi.json");
const result = await validator.validate(
{ method: "GET", path: "/users/123" },
{ statusCode: 200, body: { id: 123, name: "Alice" } },
);
console.log(result.valid ? "Valid" : "Invalid");
When to Use Each Approach
| Approach | You Are... | You Want To... | Guide |
|---|---|---|---|
| Consumer Validation | Calling another team's API | Validate your HTTP calls match their contract | Consumer Testing |
| Producer Middleware | Exposing an API | Reject invalid requests at runtime | Producer Testing |
| Deployment Safety | Changing your API | Ensure changes won't break consumers | Breaking Changes |
Key Commands
# Docker
make up # Start server + observability
make down # Stop all services
make health # Check server health
# Testing
make test # Run all tests
make test-server # Server unit tests only
# Development
make build # Build server and SDKs
make run-example # Run Node.js example
Run make help for all available commands.
CLI (Local Lite Mode)
Validate schemas locally without Docker.
Install
Download a pre-built binary from GitHub Releases:
# macOS (Apple Silicon)
curl -L https://github.com/sahina/cvt/releases/latest/download/cvt-darwin-arm64 -o cvt
# macOS (Intel)
curl -L https://github.com/sahina/cvt/releases/latest/download/cvt-darwin-amd64 -o cvt
# Linux (x86_64)
curl -L https://github.com/sahina/cvt/releases/latest/download/cvt-linux-amd64 -o cvt
# Linux (ARM64)
curl -L https://github.com/sahina/cvt/releases/latest/download/cvt-linux-arm64 -o cvt
chmod +x cvt
sudo mv cvt /usr/local/bin/
For Windows, download cvt-windows-amd64.exe or cvt-windows-arm64.exe from the releases page.
Verify the installation:
cvt version
Build from source (requires Go 1.25+):
go build -o cvt ./cmd/cvt
Usage
# Validate request/response against schema
cvt validate --schema ./openapi.json --request req.json --response resp.json
# Detect breaking changes between schema versions
cvt compare --old ./v1/openapi.json --new ./v2/openapi.json
# Start a mock HTTP server from a schema
cvt mock --schema ./openapi.json
# Check deployment safety
cvt can-i-deploy --schema my-api --version 2.0.0 --env prod
See CLI Reference for all commands.
Project Structure
/
βββ api/protos/ # gRPC proto definitions
βββ cmd/cvt/ # CLI entry point
βββ server/ # Go gRPC server
βββ sdks/ # Client SDKs (Node.js, Python, Go, Java)
βββ docs/ # Documentation
βββ observability/ # Prometheus & Grafana configs
Prerequisites
- Docker & Docker Compose (required)
- Node.js 20+ (for Node.js SDK)
- Optional: Go 1.25+, Python 3.11+, Java 21+
Documentation
Getting Started
| Document | Description |
|---|---|
| Installation | Server and SDK setup |
| Quick Start | Your first contract test |
Guides
| Guide | Description |
|---|---|
| Consumer Testing | Validate your API integrations |
| Producer Testing | Validate your API implementation |
| Breaking Changes | Detect schema incompatibilities |
| Validation Modes | Strict, warn, and shadow modes |
Reference
| Reference | Description |
|---|---|
| Architecture | System design and components |
| API Reference | gRPC API documentation |
| CLI Reference | Command-line interface |
| Configuration | Environment variables |
| SDK Documentation | Language-specific SDK guides |
Operations
| Document | Description |
|---|---|
| Observability | Metrics and monitoring |
| Development | Local development setup |
For AI Agents / LLMs
- llms.txt - Index file with documentation links
- llms-full.txt - Complete API reference with examples
Comparison with Alternatives
| Approach | Examples | Problem | How CVT Differs |
|---|---|---|---|
| In-Process Libraries | Ajv, swagger-parser | Inconsistent validation across languages | Unified Go-based validator for all languages |
| Consumer-Driven Contracts | Pact | Requires separate pact files and broker | Uses existing OpenAPI specs directly |
| Runtime Gateways | Kong, Apigee | Validation happens too late | Shift-left: validates during development |
Troubleshooting
| Issue | Solution |
|---|---|
| "Connection refused" | Ensure CVT server is running: make up |
| "Schema not found" | Check schema ID matches between register and validate |
| "Path not found in schema" | Verify the path exists in your OpenAPI spec |
See Development Guide for more troubleshooting tips.
License
MIT License - see LICENSE file for details
Built with: gRPC, kin-openapi, Ristretto, Zap
Directories
ΒΆ
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
cvt
command
Package main provides the CVT command-line interface.
|
Package main provides the CVT command-line interface. |
|
internal
|
|
|
pluginclient
Package pluginclient is CVT's core-side glue between pkg/cvt.Hooks and internal/pluginmgr.
|
Package pluginclient is CVT's core-side glue between pkg/cvt.Hooks and internal/pluginmgr. |
|
pluginmgr
Package pluginmgr is CVT's plugin lifecycle + pipeline manager.
|
Package pluginmgr is CVT's plugin lifecycle + pipeline manager. |
|
pkg
|
|
|
cvt
Package cvt provides an embedded library for contract validation without gRPC.
|
Package cvt provides an embedded library for contract validation without gRPC. |
|
cvtplugin
Package cvtplugin is the Go SDK for authoring CVT plugins.
|
Package cvtplugin is the Go SDK for authoring CVT plugins. |
|
cvtplugin/plugintest
Package plugintest provides an in-process test harness for CVT plugin authors.
|
Package plugintest provides an in-process test harness for CVT plugin authors. |
|
mock
Package mock provides an HTTP handler that serves mock responses from OpenAPI schemas.
|
Package mock provides an HTTP handler that serves mock responses from OpenAPI schemas. |
|
sdks
|
|
|
go
module
|
|
|
server
module
|
|
|
cvtservice
Package cvtservice provides audit logging functionality for the CVT server.
|
Package cvtservice provides audit logging functionality for the CVT server. |
|
storage
Package storage provides the persistence layer abstraction for CVT.
|
Package storage provides the persistence layer abstraction for CVT. |
|
storage/postgres
Package postgres provides PostgreSQL storage implementation for CVT.
|
Package postgres provides PostgreSQL storage implementation for CVT. |
|
storage/sqlite
Package sqlite provides SQLite storage implementation for CVT.
|
Package sqlite provides SQLite storage implementation for CVT. |
Click to show internal directories.
Click to hide internal directories.