@amitgaikwad37/api-contract-drift-detector 0.1.0-beta.18

package/README.md

@@ -0,0 +1,53 @@
+# API Contract Drift Detector
+
+## Overview
+
+Detect drift between OpenAPI specs and backend implementations before it reaches production.
+
+## Installation
+
+~~~bash
+npm install @public-sdk/api-contract-drift-detector
+~~~
+
+## Quick Start
+
+~~~bash
+npx drift-check --help
+~~~
+
+## Integration Example
+
+1. Add this SDK to your CI workflow or local tooling script.
+2. Run the command against your project inputs.
+3. Fail the pipeline on non-zero exit code to enforce quality gates.
+
+~~~bash
+npx drift-check --openapi ./examples/openapi.yaml --backend ./examples/backend.yaml --json
+~~~
+
+## Typical Output
+
+~~~json
+{
+  "command": "drift-check",
+  "summary": "2 warnings detected",
+  "stats": {
+    "totalEndpoints": 18,
+    "errors": 0,
+    "warnings": 2
+  }
+}
+~~~
+
+## Local Development
+
+~~~bash
+npm ci
+npm run build
+npm test
+~~~
+
+## License
+
+MIT

package/docs/implementation-plan.md

@@ -0,0 +1,44 @@
+# Implementation Plan - API Contract Drift Detector
+
+## Phase 0: Discovery and Scope (Week 1)
+
+- Validate user problem with 5-10 real-world examples.
+- Define MVP boundary and out-of-scope items.
+- Produce architecture sketch and data flow.
+
+## Phase 1: Foundation (Week 1-2)
+
+- Initialize project structure and coding standards.
+- Implement configuration loader and CLI parsing.
+- Add logging, error handling, and output formatter.
+
+## Phase 2: Core Engine (Week 2-4)
+
+- Implement the primary analysis/generation capability.
+- Add rule engine or model orchestration layer.
+- Build deterministic fixtures for regression safety.
+
+## Phase 3: Integrations (Week 4-5)
+
+- Add GitHub Action workflow support.
+- Add JSON/SARIF output when relevant.
+- Add optional webhook or notification adapters.
+
+## Phase 4: Quality and Hardening (Week 5-6)
+
+- Add unit, integration, and snapshot tests.
+- Benchmark performance on representative repositories.
+- Improve diagnostics and false-positive handling.
+
+## Phase 5: Documentation and Release (Week 6)
+
+- Publish getting-started guide and examples.
+- Add migration/upgrade notes for future versions.
+- Release v0.1.0 and collect feedback.
+
+## Deliverables
+
+- Runnable CLI/SDK/Action artifact.
+- CI-ready examples and sample configs.
+- Stable contract for outputs and exit codes.
+- Public roadmap for v0.2+ features.

package/docs/requirements.md

@@ -0,0 +1,60 @@
+# Requirements - Api Contract Drift Detector
+
+## 1. Product Requirements
+
+### 1.1 Problem Statement
+
+Define the core pain point this project solves and how teams currently suffer due to manual, error-prone, or fragmented workflows.
+
+### 1.2 Objectives
+
+- Reduce engineering effort for the target workflow.
+- Improve reliability and consistency of delivery.
+- Provide CI-friendly and developer-friendly outputs.
+
+### 1.3 Success Metrics
+
+- Adoption: stars, forks, downloads, active users.
+- Efficiency: measurable time saved for key workflows.
+- Quality: reduction in defects or drift incidents.
+
+### 1.4 Target Audience
+
+- Small to medium engineering teams
+- API-first companies
+- Enterprise engineering organizations
+
+## 2. Functional Requirements
+
+- Provide a primary command/API for the core workflow.
+- Support configuration via file and CLI flags.
+- Emit human-readable and machine-readable results (e.g., JSON).
+- Return deterministic exit codes for CI integration.
+- Provide a dry-run mode where applicable.
+
+## 3. Non-Functional Requirements
+
+- Performance: complete typical runs within acceptable CI time budgets.
+- Reliability: deterministic behavior for the same inputs.
+- Security: avoid leaking sensitive data in logs and outputs.
+- Extensibility: plugin/hooks design for custom rules or providers.
+- Usability: concise, actionable messaging and docs.
+
+## 4. Integrations
+
+- GitHub Actions support.
+- Optional integration with issue trackers and chat notifications.
+- Optional telemetry (opt-in) for usage insights.
+
+## 5. Constraints and Risks
+
+- Fast-changing frameworks and ecosystem compatibility.
+- Risk of false positives in AI-assisted analysis.
+- Need for clear explainability in automated decisions.
+
+## 6. Acceptance Criteria
+
+- Core workflow works end-to-end with sample fixtures.
+- CI integration example passes in a reference repository.
+- Documentation includes quickstart, config, and troubleshooting.
+- Baseline tests cover critical paths and edge cases.

package/docs/v0.1-engineering-backlog.md

@@ -0,0 +1,118 @@
+# v0.1 Engineering Backlog - API Contract Drift Detector
+
+## 1. Release Objective
+
+- Product Type: CLI
+- Primary Command/API: drift-check
+- v0.1 Goal: Detect drift between OpenAPI, backend routes, generated SDKs, and docs examples.
+
+## 2. v0.1 Scope
+
+### In Scope
+
+- Implement one reliable end-to-end workflow for the primary command/API.
+- Support local CLI usage and CI-ready machine-readable output.
+- Provide deterministic fixtures and baseline test coverage.
+
+### Out of Scope
+
+- Multi-tenant cloud control planes and hosted dashboards.
+- Broad ecosystem plugin marketplace.
+- Advanced enterprise SSO/billing lifecycle automation.
+
+## 3. CLI/API Contract
+
+### Inputs
+
+openapi.yaml, backend route metadata, sdk surface metadata, markdown docs
+
+### Outputs
+
+terminal report, json report, CI exit code
+
+### Exit Code Policy
+
+- 0: successful run with no blocking findings.
+- 1: blocking findings, failed policies, or generation validation errors.
+- 2: invalid arguments/configuration.
+- 3: unexpected internal runtime error.
+
+## 4. Proposed Folder Structure
+
+```text
+project/
+  src/
+    cli/
+    core/
+    adapters/
+    formatters/
+  tests/
+    fixtures/
+    integration/
+    unit/
+  examples/
+  docs/
+    requirements.md
+    implementation-plan.md
+    v0.1-engineering-backlog.md
+```
+
+## 5. Epics and Tasks
+
+### Epic 1 - Foundations
+
+- Setup language/runtime, linting, formatting, and test harness.
+- Implement config loader and schema validation.
+- Implement logging and output formatter (human + JSON).
+- Define typed domain models for inputs and findings.
+
+### Epic 2 - Core Engine
+
+- Implement parser/collector pipeline for source inputs.
+- Implement rule/evaluation engine with deterministic ordering.
+- Implement result normalization and deduplication.
+- Add clear diagnostic messages with file/entity pointers.
+
+### Epic 3 - Integrations
+
+- Add CI usage examples and default command presets.
+- Add GitHub workflow/action integration sample.
+- Add JSON artifact emission for downstream automation.
+
+### Epic 4 - Quality and Release
+
+- Build fixture-based integration tests for happy/edge/error paths.
+- Add performance baseline test for representative input size.
+- Add release notes template and semantic version tagging process.
+
+## 6. Acceptance Tests
+
+- Core Acceptance Test: Given mismatched OpenAPI and SDK fixtures, command reports missing endpoints and schema mismatches with non-zero exit.
+- Invalid Config Test: malformed config returns exit code 2 and actionable error.
+- Output Contract Test: json output schema remains stable across fixture runs.
+- Regression Test: known fixture continues to produce expected findings/generation.
+
+## 7. Two-Week Execution Plan
+
+### Week 1
+
+- Day 1: Finalize v0.1 interface and fixture list.
+- Day 2-3: Implement foundations and parser/collector layer.
+- Day 4-5: Implement first end-to-end core workflow.
+
+### Week 2
+
+- Day 6-7: Add remaining critical rules/features for MVP.
+- Day 8: Add integration examples and CI contract checks.
+- Day 9: Harden tests, snapshots, and error handling.
+- Day 10: Ship v0.1.0 release candidate with docs.
+
+## 8. Definition of Done for v0.1
+
+- Command/API is usable in local and CI contexts.
+- Output contract is documented and tested.
+- At least 1 reference example is included and reproducible.
+- Known high-priority edge cases are covered by tests.
+- Release notes include limitations and v0.2 roadmap themes.
+
+

package/eslint.config.mjs

@@ -0,0 +1,18 @@
+import js from "@eslint/js";
+import tseslint from "typescript-eslint";
+
+export default [
+  js.configs.recommended,
+  ...tseslint.configs.recommended,
+  {
+    files: ["**/*.ts"],
+    languageOptions: {
+      parserOptions: {
+        project: false
+      }
+    },
+    rules: {
+      "no-console": "off"
+    }
+  }
+];

package/examples/README.md

@@ -0,0 +1,21 @@
+# API Contract Drift Detector Examples
+
+## CLI Example
+
+Run this command from your project root:
+
+~~~bash
+npx drift-check --openapi ./examples/openapi.yaml --backend ./examples/backend.yaml --json
+~~~
+
+## CI Example (GitHub Actions)
+
+~~~yaml
+- name: Run API Contract Drift Detector
+  run: npx drift-check --openapi ./examples/openapi.yaml --backend ./examples/backend.yaml --json
+~~~
+
+## Notes
+
+- Keep example inputs small and deterministic.
+- Commit expected outputs when you want regression visibility in pull requests.

package/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "@amitgaikwad37/api-contract-drift-detector",
+  "version": "0.1.0-beta.18",
+  "type": "module",
+  "description": "Api Contract Drift Detector starter implementation scaffold",
+  "bin": {
+    "drift-check": "dist/cli/index.js"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "typecheck": "tsc -p tsconfig.json --noEmit",
+    "start": "node dist/cli/index.js",
+    "dev": "tsx src/cli/index.ts",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "lint": "eslint ."
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.16.0",
+    "@types/node": "^22.10.1",
+    "eslint": "^9.16.0",
+    "tsx": "^4.19.2",
+    "typescript": "^5.7.2",
+    "typescript-eslint": "^8.18.0",
+    "vitest": "^2.1.8"
+  },
+  "dependencies": {
+    "yaml": "^2.4.1"
+  }
+}

package/src/adapters/backend-parser.ts

@@ -0,0 +1,18 @@
+import type { BackendRoute } from "../types.js";
+import { readFileSync } from "fs";
+import { parse } from "yaml";
+
+export function parseBackendRoutes(filePath: string): BackendRoute[] {
+  const content = readFileSync(filePath, "utf-8");
+  const spec = parse(content) as any;
+
+  if (!Array.isArray(spec.routes)) {
+    throw new Error("Invalid backend metadata: routes must be an array");
+  }
+
+  return spec.routes.map((route: any) => ({
+    path: route.path,
+    method: (route.method || "GET").toUpperCase(),
+    handler: route.handler || "unknown"
+  }));
+}

package/src/adapters/openapi-parser.ts

@@ -0,0 +1,39 @@
+import type { OpenAPISpec, Endpoint } from "../types.js";
+import { readFileSync } from "fs";
+import { parse } from "yaml";
+
+export function parseOpenAPI(filePath: string): OpenAPISpec {
+  const content = readFileSync(filePath, "utf-8");
+  const spec = parse(content) as any;
+
+  if (!spec.openapi && !spec.swagger) {
+    throw new Error("Invalid OpenAPI spec: missing openapi or swagger field");
+  }
+
+  const endpoints: Endpoint[] = [];
+  const paths = spec.paths || {};
+
+  for (const [path, pathItem] of Object.entries(paths)) {
+    const item = pathItem as any;
+    for (const method of ["get", "post", "put", "delete", "patch", "head"]) {
+      if (method in item) {
+        const operation = item[method];
+        endpoints.push({
+          path,
+          method: method.toUpperCase(),
+          summary: operation.summary,
+          parameters: operation.parameters || [],
+          requestBody: operation.requestBody,
+          responses: operation.responses || {}
+        });
+      }
+    }
+  }
+
+  return {
+    version: spec.openapi || spec.swagger,
+    title: spec.info?.title || "Unknown",
+    endpoints,
+    schemas: spec.components?.schemas || spec.definitions || {}
+  };
+}

package/src/cli/index.ts

@@ -0,0 +1,82 @@
+import { runCore } from "../core/run-core.js";
+import type { RunOptions } from "../types.js";
+
+function printHelp(): void {
+  console.log("drift-check - Detect drift between OpenAPI, backend, SDK, and documentation");
+  console.log("");
+  console.log("Usage:");
+  console.log("  drift-check --openapi <path> --backend <path> [--json] [--help]");
+  console.log("");
+  console.log("Options:");
+  console.log("  --openapi <path>   Path to OpenAPI YAML file (required)");
+  console.log("  --backend <path>   Path to backend metadata YAML file (required)");
+  console.log("  --json             Print JSON output");
+  console.log("  --help             Show this help message");
+}
+
+function parseArgs(args: string[]): RunOptions | null {
+  const opts: RunOptions = { json: false };
+  let i = 0;
+
+  while (i < args.length) {
+    const arg = args[i];
+    if (arg === "--json") {
+      opts.json = true;
+      i++;
+    } else if (arg === "--openapi" && i + 1 < args.length) {
+      opts.openapi = args[i + 1];
+      i += 2;
+    } else if (arg === "--backend" && i + 1 < args.length) {
+      opts.backend = args[i + 1];
+      i += 2;
+    } else {
+      i++;
+    }
+  }
+
+  if (!opts.openapi || !opts.backend) {
+    return null;
+  }
+
+  return opts;
+}
+
+function main(): void {
+  const args = process.argv.slice(2);
+
+  if (args.length === 0 || args.includes("--help")) {
+    printHelp();
+    process.exit(args.length === 0 ? 2 : 0);
+  }
+
+  const opts = parseArgs(args);
+  if (!opts) {
+    console.error("Error: --openapi and --backend are required");
+    printHelp();
+    process.exit(2);
+  }
+
+  const result = runCore(opts);
+
+  if (opts.json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    console.log(`[${result.command}] ${result.summary}`);
+    console.log(`\nStats: ${result.stats.totalEndpoints} endpoints, ${result.stats.errors} errors, ${result.stats.warnings} warnings\n`);
+
+    if (result.findings.length > 0) {
+      for (const finding of result.findings) {
+        const icon = finding.severity === "error" ? "❌" : "⚠️";
+        console.log(`${icon} [${finding.type}] ${finding.message}`);
+      }
+    } else {
+      console.log("✅ No drift detected!");
+    }
+  }
+
+  const exitCode = result.stats.errors > 0 ? 1 : 0;
+  process.exit(exitCode);
+}
+
+main();
+

package/src/core/drift-engine.ts

@@ -0,0 +1,45 @@
+import type { Endpoint, BackendRoute, DriftFinding } from "../types.js";
+
+export function compareEndpoints(openapi: Endpoint[], backend: BackendRoute[]): DriftFinding[] {
+  const findings: DriftFinding[] = [];
+  const backendMap = new Map<string, BackendRoute>();
+
+  // Build backend route map for fast lookup
+  for (const route of backend) {
+    backendMap.set(`${route.method}:${route.path}`, route);
+  }
+
+  // Check for missing or mismatched endpoints in backend
+  for (const endpoint of openapi) {
+    const key = `${endpoint.method}:${endpoint.path}`;
+    const backendRoute = backendMap.get(key);
+
+    if (!backendRoute) {
+      findings.push({
+        type: "missing_in_backend",
+        severity: "error",
+        endpoint: endpoint.path,
+        method: endpoint.method,
+        message: `OpenAPI endpoint not found in backend: ${endpoint.method} ${endpoint.path}`,
+        source: "backend"
+      });
+    }
+  }
+
+  // Check for extra endpoints in backend (not in OpenAPI)
+  for (const [key, route] of backendMap.entries()) {
+    const found = openapi.some(e => `${e.method}:${e.path}` === key);
+    if (!found) {
+      findings.push({
+        type: "extra_in_sdk",
+        severity: "warning",
+        endpoint: route.path,
+        method: route.method,
+        message: `Backend route not documented in OpenAPI: ${route.method} ${route.path}`,
+        source: "backend"
+      });
+    }
+  }
+
+  return findings;
+}

package/src/core/run-core.ts

@@ -0,0 +1,78 @@
+import type { RunOptions, RunResult, DriftFinding, OpenAPISpec, BackendRoute } from "../types.js";
+import { parseOpenAPI } from "../adapters/openapi-parser.js";
+import { parseBackendRoutes } from "../adapters/backend-parser.js";
+import { compareEndpoints } from "../core/drift-engine.js";
+
+export function runCore(options: RunOptions): RunResult {
+  try {
+    let findings: DriftFinding[] = [];
+    let totalEndpoints = 0;
+
+    // Parse inputs
+    let openapi: OpenAPISpec | null = null;
+    let backend: BackendRoute[] = [];
+
+    if (options.openapi) {
+      try {
+        openapi = parseOpenAPI(options.openapi);
+        totalEndpoints = openapi.endpoints.length;
+      } catch (e) {
+        findings.push({
+          type: "missing_in_backend",
+          severity: "error",
+          endpoint: "(global)",
+          message: `Failed to parse OpenAPI: ${e instanceof Error ? e.message : String(e)}`,
+          source: "openapi"
+        });
+      }
+    }
+
+    if (options.backend) {
+      try {
+        backend = parseBackendRoutes(options.backend);
+      } catch (e) {
+        findings.push({
+          type: "missing_in_backend",
+          severity: "error",
+          endpoint: "(global)",
+          message: `Failed to parse backend metadata: ${e instanceof Error ? e.message : String(e)}`,
+          source: "backend"
+        });
+      }
+    }
+
+    // Run drift detection
+    if (openapi && backend.length > 0) {
+      const driftResults = compareEndpoints(openapi.endpoints, backend);
+      findings.push(...driftResults);
+    }
+
+    const stats = {
+      totalEndpoints,
+      drifted: findings.filter(f => f.severity === "error").length,
+      errors: findings.filter(f => f.severity === "error").length,
+      warnings: findings.filter(f => f.severity === "warning").length
+    };
+
+    const hasErrors = stats.errors > 0;
+    const summary = hasErrors
+      ? `Found ${stats.drifted} drift issues across ${totalEndpoints} endpoints.`
+      : `All ${totalEndpoints} endpoints match specifications.`;
+
+    return {
+      project: "api-contract-drift-detector",
+      command: "drift-check",
+      summary,
+      findings,
+      stats
+    };
+  } catch (e) {
+    return {
+      project: "api-contract-drift-detector",
+      command: "drift-check",
+      summary: `Internal error: ${e instanceof Error ? e.message : String(e)}`,
+      findings: [],
+      stats: { totalEndpoints: 0, drifted: 0, errors: 1, warnings: 0 }
+    };
+  }
+}

package/src/index.ts

@@ -0,0 +1,5 @@
+export { runCore } from "./core/run-core.js";
+export type { RunOptions, RunResult, DriftFinding, Endpoint } from "./types.js";
+export { parseOpenAPI } from "./adapters/openapi-parser.js";
+export { parseBackendRoutes } from "./adapters/backend-parser.js";
+export { compareEndpoints } from "./core/drift-engine.js";

package/src/types.ts

@@ -0,0 +1,87 @@
+// ============ INPUT MODELS ============
+
+export type Endpoint = {
+  path: string;
+  method: string;
+  summary?: string;
+  parameters?: Parameter[];
+  requestBody?: RequestBody;
+  responses: Record<string, Response>;
+};
+
+export type Parameter = {
+  name: string;
+  in: "query" | "path" | "header" | "cookie";
+  required: boolean;
+  schema: any;
+};
+
+export type RequestBody = {
+  required: boolean;
+  content: Record<string, { schema: any }>;
+};
+
+export type Response = {
+  description: string;
+  content?: Record<string, { schema: any }>;
+};
+
+export type OpenAPISpec = {
+  version: string;
+  title: string;
+  endpoints: Endpoint[];
+  schemas: Record<string, any>;
+};
+
+export type BackendRoute = {
+  path: string;
+  method: string;
+  handler: string;
+};
+
+export type SDKMethod = {
+  name: string;
+  endpoint: string;
+  signature: string;
+};
+
+export type DocExample = {
+  endpoint: string;
+  method: string;
+  example: string;
+};
+
+// ============ FINDINGS ============
+
+export type DriftFinding = {
+  type: "missing_in_sdk" | "missing_in_backend" | "schema_mismatch" | "doc_stale" | "extra_in_sdk";
+  severity: "error" | "warning";
+  endpoint: string;
+  method?: string;
+  message: string;
+  details?: string;
+  source: "openapi" | "backend" | "sdk" | "docs";
+};
+
+// ============ OUTPUT MODELS ============
+
+export type RunResult = {
+  project: string;
+  command: string;
+  summary: string;
+  findings: DriftFinding[];
+  stats: {
+    totalEndpoints: number;
+    drifted: number;
+    errors: number;
+    warnings: number;
+  };
+};
+
+export type RunOptions = {
+  json: boolean;
+  openapi?: string;
+  backend?: string;
+  sdk?: string;
+  docs?: string;
+};

package/tests/fixtures/README.md

@@ -0,0 +1,3 @@
+# Fixtures
+
+Add deterministic fixtures for acceptance tests.

package/tests/fixtures/backend.yaml

@@ -0,0 +1,10 @@
+routes:
+  - path: /pets
+    method: GET
+    handler: ListPets
+  - path: /pets/{id}
+    method: GET
+    handler: GetPetById
+  - path: /users
+    method: GET
+    handler: ListUsers

package/tests/fixtures/openapi.yaml

@@ -0,0 +1,46 @@
+openapi: 3.0.0
+info:
+  version: 1.0.0
+  title: Pet Store API
+paths:
+  /pets:
+    get:
+      summary: List all pets
+      responses:
+        '200':
+          description: A list of pets
+    post:
+      summary: Create a pet
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                name:
+                  type: string
+      responses:
+        '201':
+          description: Pet created
+  /pets/{id}:
+    get:
+      summary: Get a pet by ID
+      parameters:
+        - name: id
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        '200':
+          description: A pet
+components:
+  schemas:
+    Pet:
+      type: object
+      properties:
+        id:
+          type: string
+        name:
+          type: string

package/tests/integration/README.md

@@ -0,0 +1,3 @@
+# Integration Tests
+
+Add end-to-end command tests here as project logic is implemented.

package/tests/unit/scaffold.test.ts

@@ -0,0 +1,58 @@
+import { describe, expect, it } from "vitest";
+import { runCore } from "../../src/core/run-core.js";
+import { resolve } from "path";
+import { fileURLToPath } from "url";
+
+const __dirname = fileURLToPath(new URL(".", import.meta.url));
+const fixturesDir = resolve(__dirname, "../fixtures");
+
+describe("drift-check core", () => {
+  it("returns a basic scaffold result", () => {
+    // Verify SDK returns correct structure with command, project name, and stats
+    const result = runCore({ json: false });
+    expect(result.command).toBe("drift-check");
+    expect(result.stats).toBeDefined();
+  });
+
+  it("detects drift between OpenAPI and backend", () => {
+    // Verify SDK identifies discrepancies between API spec and actual backend implementation
+    // Fixture has 3 defined endpoints; should detect missing/extra implementations
+    const result = runCore({
+      json: false,
+      openapi: `${fixturesDir}/openapi.yaml`,
+      backend: `${fixturesDir}/backend.yaml`
+    });
+
+    expect(result.stats.totalEndpoints).toBe(3); // GET /pets, POST /pets, GET /pets/{id}
+    expect(result.findings.length).toBeGreaterThan(0);
+    expect(result.stats.errors).toBeGreaterThan(0);
+  });
+
+  it("includes missing endpoint in findings", () => {
+    // Verify SDK detects POST /pets endpoint in spec but missing in backend implementation
+    const result = runCore({
+      json: false,
+      openapi: `${fixturesDir}/openapi.yaml`,
+      backend: `${fixturesDir}/backend.yaml`
+    });
+
+    const missingPost = result.findings.some(
+      f => f.type === "missing_in_backend" && f.method === "POST"
+    );
+    expect(missingPost).toBe(true);
+  });
+
+  it("includes extra endpoint in findings", () => {
+    // Verify SDK detects /users endpoint in backend that's not in OpenAPI spec (potential security risk)
+    const result = runCore({
+      json: false,
+      openapi: `${fixturesDir}/openapi.yaml`,
+      backend: `${fixturesDir}/backend.yaml`
+    });
+
+    const extraUsers = result.findings.some(
+      f => f.endpoint === "/users" && f.severity === "warning"
+    );
+    expect(extraUsers).toBe(true);
+  });
+});

package/tsconfig.json

@@ -0,0 +1,6 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "include": [
+    "src/**/*.ts"
+  ]
+}

package/vitest.config.ts

@@ -0,0 +1,8 @@
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  test: {
+    environment: "node",
+    include: ["tests/**/*.test.ts"]
+  }
+});