@intentsolutionsio/api-test-automation 1.0.0

package/.claude-plugin/plugin.json

@@ -0,0 +1,20 @@
+{
+  "name": "api-test-automation",
+  "version": "1.0.0",
+  "description": "Automated API endpoint testing with request generation, validation, and comprehensive test coverage",
+  "author": {
+    "name": "Claude Code Plugins",
+    "email": "[email protected]"
+  },
+  "repository": "https://github.com/jeremylongshore/claude-code-plugins",
+  "license": "MIT",
+  "keywords": [
+    "testing",
+    "api",
+    "rest",
+    "graphql",
+    "automation",
+    "endpoints",
+    "agent-skills"
+  ]
+}

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Claude Code Plugins
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,298 @@
+# API Test Automation Plugin
+
+Automated API endpoint testing with intelligent test generation, validation, and comprehensive coverage for REST and GraphQL APIs.
+
+## Features
+
+- **REST API testing** - Complete CRUD operation coverage
+- **GraphQL testing** - Queries, mutations, subscriptions
+- **Authentication** - Multiple auth methods (Bearer, OAuth, API keys)
+- **Contract testing** - Validate against OpenAPI/Swagger specs
+- **Automatic test generation** - Analyze endpoints and generate tests
+- **Comprehensive validation** - Status codes, headers, body structure
+- **Performance testing** - Response time assertions
+- **Security testing** - Auth bypass, injection attempts
+
+## Installation
+
+```bash
+/plugin install api-test-automation@claude-code-plugins-plus
+```
+
+## Usage
+
+The API testing agent activates automatically when you mention API testing needs. You can also invoke directly:
+
+### Generate tests for REST API
+
+```
+Generate API tests for the user management endpoints in src/routes/users.js
+```
+
+### Test GraphQL API
+
+```
+Create GraphQL API tests for the product queries and mutations
+```
+
+### Validate against OpenAPI spec
+
+```
+Generate contract tests validating against openapi.yaml
+```
+
+### Test authentication flows
+
+```
+Create tests for JWT authentication including login, refresh, and protected endpoints
+```
+
+## What Gets Generated
+
+### 1. Complete Test Suites
+
+```javascript
+// RESTful API test example
+describe('User API', () => {
+  // Authentication tests
+  describe('POST /api/auth/login', () => {
+    it('should return JWT token with valid credentials', async () => {
+      const response = await api.post('/api/auth/login', {
+        email: '[email protected]',
+        password: 'password123'
+      });
+
+      expect(response.status).toBe(200);
+      expect(response.data).toHaveProperty('token');
+      expect(response.data).toHaveProperty('user');
+      expect(response.data.user.email).toBe('[email protected]');
+    });
+
+    it('should return 401 with invalid credentials', async () => {
+      const response = await api.post('/api/auth/login', {
+        email: '[email protected]',
+        password: 'wrongpassword'
+      });
+
+      expect(response.status).toBe(401);
+      expect(response.data.error).toBe('Invalid credentials');
+    });
+  });
+
+  // CRUD operations
+  describe('GET /api/users', () => {
+    it('should require authentication', async () => {
+      const response = await api.get('/api/users');
+      expect(response.status).toBe(401);
+    });
+
+    it('should return user list with valid token', async () => {
+      const response = await api.get('/api/users', {
+        headers: { Authorization: `Bearer ${authToken}` }
+      });
+
+      expect(response.status).toBe(200);
+      expect(Array.isArray(response.data)).toBe(true);
+      expect(response.data[0]).toHaveProperty('id');
+      expect(response.data[0]).toHaveProperty('email');
+    });
+  });
+
+  describe('POST /api/users', () => {
+    it('should create user with valid data', async () => {
+      const newUser = {
+        email: '[email protected]',
+        name: 'John Doe',
+        role: 'user'
+      };
+
+      const response = await api.post('/api/users', newUser, {
+        headers: { Authorization: `Bearer ${adminToken}` }
+      });
+
+      expect(response.status).toBe(201);
+      expect(response.data.email).toBe(newUser.email);
+      expect(response.data).toHaveProperty('id');
+    });
+
+    it('should validate required fields', async () => {
+      const response = await api.post('/api/users', {}, {
+        headers: { Authorization: `Bearer ${adminToken}` }
+      });
+
+      expect(response.status).toBe(400);
+      expect(response.data.errors).toContain('email');
+    });
+  });
+});
+```
+
+### 2. Authentication Helpers
+
+```javascript
+// Authentication utility functions
+async function loginUser(email, password) {
+  const response = await api.post('/api/auth/login', { email, password });
+  return response.data.token;
+}
+
+async function createTestUser(role = 'user') {
+  const user = {
+    email: `test-${Date.now()}@example.com`,
+    password: 'test123',
+    role
+  };
+  await api.post('/api/users', user, { headers: { Authorization: adminToken } });
+  return loginUser(user.email, user.password);
+}
+```
+
+### 3. Test Data Factories
+
+```javascript
+// Factory functions for test data
+const userFactory = {
+  valid: () => ({
+    email: `user-${Date.now()}@example.com`,
+    name: 'Test User',
+    password: 'securePassword123'
+  }),
+
+  invalid: () => ({
+    email: 'invalid-email',
+    name: '',
+    password: '123' // Too short
+  })
+};
+```
+
+### 4. GraphQL Tests
+
+```javascript
+describe('GraphQL API', () => {
+  describe('Query: user', () => {
+    it('should fetch user by ID', async () => {
+      const query = `
+        query GetUser($id: ID!) {
+          user(id: $id) {
+            id
+            email
+            name
+          }
+        }
+      `;
+
+      const response = await graphql.query(query, { id: userId });
+
+      expect(response.errors).toBeUndefined();
+      expect(response.data.user.id).toBe(userId);
+    });
+  });
+
+  describe('Mutation: createUser', () => {
+    it('should create new user', async () => {
+      const mutation = `
+        mutation CreateUser($input: CreateUserInput!) {
+          createUser(input: $input) {
+            id
+            email
+          }
+        }
+      `;
+
+      const response = await graphql.mutate(mutation, {
+        input: { email: '[email protected]', name: 'New User' }
+      });
+
+      expect(response.errors).toBeUndefined();
+      expect(response.data.createUser).toHaveProperty('id');
+    });
+  });
+});
+```
+
+## Test Coverage
+
+The agent generates tests for:
+
+### Success Scenarios
+- Valid requests with proper authentication
+- Correct data formats and required fields
+- Expected response structures
+
+### Error Scenarios
+- Missing or invalid authentication
+- Validation errors (bad data formats)
+- Missing required fields
+- Unauthorized access (wrong permissions)
+- Resource not found (404)
+- Conflict errors (409, duplicates)
+
+### Edge Cases
+- Empty request bodies
+- Null/undefined values
+- Boundary values (min/max lengths)
+- Special characters in inputs
+- Large payloads
+
+### Performance
+- Response time thresholds
+- Payload size validation
+- Concurrent request handling
+
+## Best Practices Applied
+
+- **Descriptive test names** - Clear what is tested and expected
+- **Test isolation** - No dependencies between tests
+- **Proper cleanup** - Delete test data after tests
+- **Authentication management** - Reusable auth helpers
+- **Data factories** - Generate test data dynamically
+- **Comprehensive assertions** - Validate all critical fields
+- **Error testing** - Both success and failure paths
+- **Documentation** - Comments for complex scenarios
+
+## Requirements
+
+- Claude Code CLI
+- HTTP client library (axios, requests, etc.)
+- Testing framework (Jest, pytest, RSpec, etc.)
+- API access (local or test environment)
+
+## Configuration
+
+Create API test configuration:
+
+```json
+{
+  "baseURL": "http://localhost:3000/api",
+  "timeout": 5000,
+  "auth": {
+    "type": "bearer",
+    "tokenEndpoint": "/auth/login"
+  },
+  "testUsers": {
+    "admin": {
+      "email": "[email protected]",
+      "password": "admin123"
+    },
+    "user": {
+      "email": "[email protected]",
+      "password": "user123"
+    }
+  }
+}
+```
+
+## Tips
+
+1. **Start with happy paths** - Ensure basic functionality works
+2. **Test authentication first** - Auth issues block other tests
+3. **Use realistic test data** - Match production data patterns
+4. **Check response times** - Add performance assertions
+5. **Test error messages** - Verify helpful error responses
+6. **Validate data types** - Not just presence, but correct types
+7. **Clean up test data** - Prevent database pollution
+
+## License
+
+MIT

package/agents/api-tester.md

@@ -0,0 +1,192 @@
+---
+name: api-tester
+description: >
+  Specialized agent for automated API endpoint testing and validation
+---
+# API Test Automation Agent
+
+You are a specialized API testing agent that automates endpoint testing with comprehensive validation and reporting.
+
+## Your Capabilities
+
+### 1. REST API Testing
+- **CRUD operations** - GET, POST, PUT, PATCH, DELETE
+- **Request validation** - Headers, body, query parameters
+- **Response validation** - Status codes, headers, body structure
+- **Authentication** - Bearer tokens, API keys, OAuth, Basic Auth
+- **Error scenarios** - 4xx/5xx responses, invalid inputs
+
+### 2. GraphQL Testing
+- **Query testing** - Read operations with various selectors
+- **Mutation testing** - Create, update, delete operations
+- **Subscription testing** - Real-time data streams
+- **Error handling** - GraphQL error responses
+- **Schema validation** - Type checking, required fields
+
+### 3. API Contract Testing
+- **OpenAPI/Swagger** - Validate against spec
+- **Schema validation** - JSON Schema, Joi, Yup
+- **Breaking change detection** - Compare API versions
+- **Documentation sync** - Ensure docs match implementation
+
+### 4. Test Scenario Generation
+- **Happy path tests** - Successful operations
+- **Edge cases** - Boundary values, empty data
+- **Error cases** - Invalid inputs, unauthorized access
+- **Performance tests** - Response time validation
+- **Security tests** - Injection attempts, auth bypass
+
+## When to Activate
+
+Activate when the user needs to:
+- Test REST or GraphQL API endpoints
+- Validate API responses against schemas
+- Generate API test suites
+- Automate endpoint regression testing
+- Verify authentication and authorization
+- Check API performance and reliability
+
+## Approach
+
+### For Test Generation
+
+1. **Analyze API specification** (if available)
+   - OpenAPI/Swagger docs
+   - GraphQL schema
+   - Postman collections
+   - Existing API code
+
+2. **Identify endpoints to test**
+   - List all HTTP methods per route
+   - Note authentication requirements
+   - Identify related endpoints
+
+3. **Generate test cases**
+   - Valid requests (happy path)
+   - Invalid requests (error handling)
+   - Edge cases (boundaries, nulls)
+   - Authentication scenarios
+   - Authorization checks (different roles)
+
+4. **Create test file**
+   - Framework-specific syntax (Jest, pytest, RSpec)
+   - Request builders
+   - Response assertions
+   - Mock data factories
+   - Setup/teardown hooks
+
+### For Test Execution
+
+1. **Setup phase**
+   - Load environment variables
+   - Initialize HTTP client
+   - Authenticate (if needed)
+   - Prepare test data
+
+2. **Execute tests**
+   - Send HTTP requests
+   - Capture responses
+   - Validate status codes
+   - Check response structure
+   - Verify response data
+
+3. **Report results**
+   - Passed/failed tests
+   - Response times
+   - Error details
+   - Coverage metrics
+
+4. **Cleanup**
+   - Delete test data
+   - Clear authentication
+   - Reset state
+
+## Test Structure
+
+Generate tests following this pattern:
+
+```javascript
+describe('API Endpoint: POST /api/users', () => {
+  describe('Authentication', () => {
+    it('should return 401 without auth token', async () => {
+      const response = await api.post('/api/users', userData);
+      expect(response.status).toBe(401);
+    });
+  });
+
+  describe('Success scenarios', () => {
+    it('should create user with valid data', async () => {
+      const response = await api.post('/api/users', validUser, { auth: token });
+      expect(response.status).toBe(201);
+      expect(response.data).toHaveProperty('id');
+      expect(response.data.email).toBe(validUser.email);
+    });
+  });
+
+  describe('Validation errors', () => {
+    it('should return 400 for invalid email', async () => {
+      const response = await api.post('/api/users', { email: 'invalid' }, { auth: token });
+      expect(response.status).toBe(400);
+      expect(response.data.errors).toContain('email');
+    });
+  });
+
+  describe('Edge cases', () => {
+    it('should handle duplicate email gracefully', async () => {
+      await api.post('/api/users', existingUser, { auth: token });
+      const response = await api.post('/api/users', existingUser, { auth: token });
+      expect(response.status).toBe(409);
+    });
+  });
+});
+```
+
+## Validation Rules
+
+Always validate:
+- **Status codes** - Correct HTTP status
+- **Response structure** - Expected JSON shape
+- **Data types** - String, number, boolean, array, object
+- **Required fields** - All mandatory fields present
+- **Data formats** - Email, URL, date, UUID formats
+- **Response headers** - Content-Type, Cache-Control, etc.
+- **Response time** - Performance thresholds
+- **Error messages** - Clear, helpful error responses
+
+## Authentication Patterns
+
+Handle common auth patterns:
+- **Bearer tokens** - `Authorization: Bearer <token>`
+- **API keys** - Header or query parameter
+- **OAuth 2.0** - Token exchange flow
+- **Basic Auth** - Username:password encoding
+- **Session cookies** - Cookie-based authentication
+- **JWT tokens** - Validate and refresh tokens
+
+## Tools and Libraries
+
+Use appropriate tools for the language:
+- **JavaScript/TypeScript**: axios, supertest, node-fetch
+- **Python**: requests, httpx, pytest-httpx
+- **Java**: RestAssured, OkHttp
+- **Go**: net/http, httptest
+- **Ruby**: Faraday, HTTParty
+
+## Output Format
+
+Provide:
+1. **Complete test file** with all necessary imports
+2. **Test data fixtures** or factories
+3. **Authentication helpers** (if needed)
+4. **README** with setup instructions
+5. **Environment variables** needed
+
+## Best Practices
+
+- **Test isolation** - Each test is independent
+- **Clear descriptions** - Descriptive test names
+- **Proper assertions** - Validate all critical fields
+- **Error handling** - Test both success and failure
+- **Performance checks** - Include response time assertions
+- **Documentation** - Comment complex test scenarios
+- **Maintainability** - DRY principle, reusable helpers

package/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "@intentsolutionsio/api-test-automation",
+  "version": "1.0.0",
+  "description": "Automated API endpoint testing with request generation, validation, and comprehensive test coverage",
+  "keywords": [
+    "testing",
+    "api",
+    "rest",
+    "graphql",
+    "automation",
+    "endpoints",
+    "agent-skills",
+    "claude-code",
+    "claude-plugin",
+    "tonsofskills"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/jeremylongshore/claude-code-plugins-plus-skills.git",
+    "directory": "plugins/testing/api-test-automation"
+  },
+  "homepage": "https://tonsofskills.com/plugins/api-test-automation",
+  "bugs": "https://github.com/jeremylongshore/claude-code-plugins-plus-skills/issues",
+  "license": "MIT",
+  "author": {
+    "name": "Claude Code Plugins",
+    "email": "[email protected]"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "README.md",
+    ".claude-plugin",
+    "skills",
+    "agents"
+  ],
+  "scripts": {
+    "postinstall": "node -e \"console.log(\\\"\\\\n→ This npm package is a tracking/proof artifact. Install the plugin via:\\\\n  ccpi install api-test-automation\\\\n  or /plugin install api-test-automation@claude-code-plugins-plus in Claude Code\\\\n\\\")\""
+  }
+}

package/skills/automating-api-testing/SKILL.md

@@ -0,0 +1,149 @@
+---
+name: automating-api-testing
+description: |
+  Test automate API endpoint testing including request generation, validation, and comprehensive test coverage for REST and GraphQL APIs.
+  Use when testing API contracts, validating OpenAPI specifications, or ensuring endpoint reliability.
+  Trigger with phrases like "test the API", "generate API tests", or "validate API contracts".
+
+allowed-tools: Read, Write, Edit, Grep, Glob, Bash(test:api-*)
+version: 1.0.0
+author: Jeremy Longshore <jeremy@intentsolutions.io>
+license: MIT
+compatible-with: claude-code, codex, openclaw
+tags: [testing, api, graphql]
+---
+# API Test Automation
+
+## Overview
+
+Automate comprehensive API endpoint testing for REST and GraphQL APIs including request generation, response validation, schema compliance, authentication flows, and error handling. Supports Supertest (Node.js), REST-assured (Java), httpx/pytest (Python), Postman/Newman collections, and Pact for consumer-driven contract testing.
+
+## Prerequisites
+
+- API testing library installed (Supertest, REST-assured, httpx, or Postman/Newman)
+- API specification file (OpenAPI/Swagger YAML/JSON or GraphQL SDL)
+- Target API running in a test environment with seeded data
+- Authentication credentials or API keys for protected endpoints
+- JSON Schema validator (Ajv, jsonschema, or built-in framework assertions)
+
+## Instructions
+
+1. Read the API specification and extract all endpoints:
+   - Parse OpenAPI spec to catalog every path, HTTP method, request schema, and response schema.
+   - For GraphQL APIs, introspect the schema to list queries, mutations, and subscriptions.
+   - Document authentication requirements per endpoint (API key, Bearer token, OAuth, none).
+2. Generate test cases for each endpoint:
+   - **Success cases**: Send valid requests matching the schema and assert 200/201 responses.
+   - **Validation errors**: Send requests with missing required fields, wrong types, and out-of-range values; assert 400 responses.
+   - **Authentication**: Test with valid, expired, and missing credentials; assert 200, 401, and 403 respectively.
+   - **Not found**: Request non-existent resources; assert 404 responses.
+   - **Idempotency**: Send the same PUT/DELETE request twice and verify consistent behavior.
+3. Validate response structure against schemas:
+   - Assert response Content-Type matches expected (application/json, etc.).
+   - Validate response body against the OpenAPI response schema using JSON Schema validation.
+   - Check response headers (Cache-Control, Rate-Limit headers, CORS headers).
+   - Verify pagination metadata (total count, page number, next/previous links).
+4. Test CRUD lifecycle for resource endpoints:
+   - Create a resource (POST) and capture the ID.
+   - Read it back (GET) and verify all fields match.
+   - Update it (PUT/PATCH) and verify changes persisted.
+   - Delete it (DELETE) and verify subsequent GET returns 404.
+5. Test error handling and edge cases:
+   - Send excessively large payloads and verify 413 or graceful rejection.
+   - Send requests with unsupported Content-Types and verify 415.
+   - Test rate limiting by sending rapid sequential requests.
+   - Verify error response format is consistent (standard error schema).
+6. For GraphQL APIs, test specifically:
+   - Valid queries return expected data shapes.
+   - Invalid queries return descriptive error messages.
+   - Query depth limiting prevents deeply nested abuse queries.
+   - Mutation input validation matches schema constraints.
+7. Generate a test coverage report mapping endpoints to test cases.
+
+## Output
+
+- API test files organized by resource in `tests/api/`
+- Request/response examples for API documentation
+- Schema compliance report for each endpoint
+- Endpoint coverage matrix showing tested vs. untested endpoints and methods
+- CI pipeline step running API tests against staging environment
+
+## Error Handling
+
+| Error | Cause | Solution |
+|-------|-------|---------|
+| Connection refused | API server not running or wrong base URL | Verify server is up with a health check before test suite starts; check `BASE_URL` config |
+| 401 on all requests | Authentication token expired or misconfigured | Refresh token in test setup; verify `Authorization` header format; check token scopes |
+| Schema validation fails unexpectedly | API response includes extra fields not in spec | Update OpenAPI spec to include new fields; use `additionalProperties: true` if expected |
+| Test data conflicts | Another test modified or deleted the resource | Use unique test data per test; create resources in `beforeEach`; avoid shared fixtures |
+| Rate limit hit during test run | Too many requests in quick succession | Add delays between requests or use authenticated sessions with higher limits; run tests serially |
+
+## Examples
+
+**Supertest REST API test suite:**
+```typescript
+import request from 'supertest';
+import { app } from '../src/app';
+
+describe('GET /api/products', () => {
+  it('returns a paginated product list', async () => {
+    const res = await request(app)
+      .get('/api/products?page=1&limit=10')
+      .set('Authorization', `Bearer ${token}`)
+      .expect(200)  # HTTP 200 OK
+      .expect('Content-Type', /json/);
+
+    expect(res.body.data).toBeInstanceOf(Array);
+    expect(res.body.data.length).toBeLessThanOrEqual(10);
+    expect(res.body.meta).toMatchObject({ page: 1, limit: 10 });
+  });
+
+  it('returns 401 without authentication', async () => {  # HTTP 401 Unauthorized
+    await request(app).get('/api/products').expect(401);  # HTTP 401 Unauthorized
+  });
+});
+
+describe('POST /api/products', () => {
+  it('creates a product with valid data', async () => {
+    const res = await request(app)
+      .post('/api/products')
+      .set('Authorization', `Bearer ${token}`)
+      .send({ name: 'Widget', price: 9.99, category: 'tools' })
+      .expect(201);  # HTTP 201 Created
+
+    expect(res.body).toMatchObject({ name: 'Widget', price: 9.99 });
+    expect(res.body.id).toBeDefined();
+  });
+
+  it('returns 400 for missing required fields', async () => {  # HTTP 400 Bad Request
+    await request(app)
+      .post('/api/products')
+      .set('Authorization', `Bearer ${token}`)
+      .send({ name: 'Widget' }) // missing price
+      .expect(400);  # HTTP 400 Bad Request
+  });
+});
+```
+
+**GraphQL API test:**
+```typescript
+it('fetches user by ID', async () => {
+  const query = `query { user(id: "1") { id name email } }`;
+  const res = await request(app)
+    .post('/graphql')
+    .send({ query })
+    .expect(200);  # HTTP 200 OK
+
+  expect(res.body.data.user).toMatchObject({ id: '1', name: 'Alice' });
+  expect(res.body.errors).toBeUndefined();
+});
+```
+
+## Resources
+
+- Supertest: https://github.com/ladjs/supertest
+- REST-assured (Java): https://rest-assured.io/
+- httpx (Python): https://www.python-httpx.org/
+- Newman (Postman CLI): https://learning.postman.com/docs/collections/using-newman-cli/
+- OpenAPI specification: https://spec.openapis.org/oas/v3.1.0
+- Ajv JSON Schema validator: https://ajv.js.org/

package/skills/automating-api-testing/assets/README.md

@@ -0,0 +1,7 @@
+# Assets
+
+Bundled resources for api-test-automation skill
+
+- [ ] test_suite_template.js: Template for generating API test suites, including placeholders for different test cases and assertions.
+- [ ] example_openapi.yaml: Example OpenAPI specification file for demonstration and testing purposes.
+- [ ] example_graphql_schema.graphql: Example GraphQL schema file for testing GraphQL APIs.

package/skills/automating-api-testing/assets/example_graphql_schema.graphql

@@ -0,0 +1,98 @@
+# Example GraphQL schema file for testing GraphQL APIs.
+# This schema defines a simple book catalog with authors.
+
+# Types
+type Book {
+  id: ID!
+  title: String!
+  author: Author!
+  publicationYear: Int
+  genre: String
+}
+
+type Author {
+  id: ID!
+  name: String!
+  books: [Book!]!
+}
+
+# Queries
+type Query {
+  # Get a book by its ID
+  book(id: ID!): Book
+
+  # Get all books
+  books: [Book!]!
+
+  # Get an author by their ID
+  author(id: ID!): Author
+
+  # Get all authors
+  authors: [Author!]!
+
+  # Search for books by title or author name
+  search(query: String!): [Book!]!
+}
+
+# Mutations
+type Mutation {
+  # Create a new book
+  createBook(
+    title: String!
+    authorId: ID!
+    publicationYear: Int
+    genre: String
+  ): Book
+
+  # Update an existing book
+  updateBook(
+    id: ID!
+    title: String
+    authorId: ID
+    publicationYear: Int
+    genre: String
+  ): Book
+
+  # Delete a book by its ID
+  deleteBook(id: ID!): ID
+
+  # Create a new author
+  createAuthor(name: String!): Author
+}
+
+# Input types (optional, for more complex mutations)
+# input CreateBookInput {
+#   title: String!
+#   authorId: ID!
+#   publicationYear: Int
+#   genre: String
+# }
+
+# Placeholder for subscriptions (if needed)
+# type Subscription {
+#   newBook: Book
+# }
+
+# Further instructions:
+# 1.  This is a basic example.  Extend it with more complex types, fields, and relationships as needed.
+# 2.  Consider adding input types for mutations to improve clarity and validation.
+# 3.  Implement resolvers for each query and mutation to connect to your data source.
+# 4.  Use directives for authorization, caching, and other features.
+# 5.  Use scalars for custom data types (e.g., Date, URL).
+# 6.  Example query to get a specific book:
+#    query {
+#      book(id: "123") {
+#        id
+#        title
+#        author {
+#          name
+#        }
+#      }
+#    }
+# 7.  Example mutation to create a book:
+#    mutation {
+#      createBook(title: "New Book", authorId: "456", publicationYear: 2023, genre: "Fiction") {
+#        id
+#        title
+#      }
+#    }

package/skills/automating-api-testing/assets/example_openapi.yaml

@@ -0,0 +1,216 @@
+# OpenAPI Specification for Example API
+
+openapi: 3.0.0
+info:
+  title: Example API
+  version: 1.0.0
+  description: A sample API for demonstration purposes.
+  termsOfService: example-value # Add your terms of service URL here
+  contact:
+    name: API Support
+    url: example-value # Add your support URL here
+    email: support@example.com
+  license:
+    name: Apache 2.0
+    url: https://www.apache.org/licenses/000-docs/001-BL-LICN-license.txt-2.0.html
+
+servers:
+  - url: https://api.example.com/v1
+    description: Production server
+
+paths:
+  /users:
+    get:
+      summary: Get all users
+      description: Retrieves a list of all users.
+      operationId: getUsers
+      tags:
+        - users
+      responses:
+        '200':
+          description: Successful operation
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/User'
+        '500':
+          description: Internal server error
+    post:
+      summary: Create a new user
+      description: Creates a new user in the system.
+      operationId: createUser
+      tags:
+        - users
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserCreate'
+      responses:
+        '201':
+          description: User created successfully
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+        '400':
+          description: Bad request
+        '500':
+          description: Internal server error
+
+  /users/{userId}:
+    get:
+      summary: Get user by ID
+      description: Retrieves a user by their ID.
+      operationId: getUserById
+      tags:
+        - users
+      parameters:
+        - name: userId
+          in: path
+          description: ID of the user to retrieve.
+          required: true
+          schema:
+            type: integer
+            format: int64
+      responses:
+        '200':
+          description: Successful operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+        '404':
+          description: User not found
+        '500':
+          description: Internal server error
+    put:
+      summary: Update user by ID
+      description: Updates an existing user.
+      operationId: updateUser
+      tags:
+        - users
+      parameters:
+        - name: userId
+          in: path
+          description: ID of the user to update.
+          required: true
+          schema:
+            type: integer
+            format: int64
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserUpdate'
+      responses:
+        '200':
+          description: Successful operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+        '400':
+          description: Bad request
+        '404':
+          description: User not found
+        '500':
+          description: Internal server error
+    delete:
+      summary: Delete user by ID
+      description: Deletes a user by their ID.
+      operationId: deleteUser
+      tags:
+        - users
+      parameters:
+        - name: userId
+          in: path
+          description: ID of the user to delete.
+          required: true
+          schema:
+            type: integer
+            format: int64
+      responses:
+        '204':
+          description: User deleted successfully (No Content)
+        '404':
+          description: User not found
+        '500':
+          description: Internal server error
+
+components:
+  schemas:
+    User:
+      type: object
+      properties:
+        id:
+          type: integer
+          format: int64
+          description: Unique identifier for the user
+        username:
+          type: string
+          description: User's username
+        email:
+          type: string
+          format: email
+          description: User's email address
+        firstName:
+          type: string
+          description: User's first name
+        lastName:
+          type: string
+          description: User's last name
+      required:
+        - id
+        - username
+        - email
+
+    UserCreate:
+      type: object
+      properties:
+        username:
+          type: string
+          description: User's username
+        email:
+          type: string
+          format: email
+          description: User's email address
+        firstName:
+          type: string
+          description: User's first name
+        lastName:
+          type: string
+          description: User's last name
+      required:
+        - username
+        - email
+
+    UserUpdate:
+      type: object
+      properties:
+        username:
+          type: string
+          description: User's username
+        email:
+          type: string
+          format: email
+          description: User's email address
+        firstName:
+          type: string
+          description: User's first name
+        lastName:
+          type: string
+          description: User's last name
+
+  securitySchemes:
+    bearerAuth:            # Define security scheme name
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
+
+security:
+  - bearerAuth: []       # Apply the security scheme to all endpoints (globally)

package/skills/automating-api-testing/assets/test_suite_template.js

@@ -0,0 +1,99 @@
+/**
+ * test_suite_template.js
+ *
+ * Template for generating API test suites.  This template provides a structure
+ * for creating comprehensive test cases for various API endpoints.
+ *
+ * @example
+ * // Example usage (after replacing placeholders):
+ * const testSuite = require('./test_suite_template');
+ *
+ * const config = {
+ *   baseURL: 'https://api.example.com',
+ *   endpoint: '/users',
+ *   method: 'GET',
+ *   description: 'Retrieve all users'
+ * };
+ *
+ * const testCase = testSuite(config);
+ *
+ * describe(config.description, () => {
+ *   it('should return a 200 OK status', async () => {
+ *     const response = await testCase.request();
+ *     expect(response.status).toBe(200);
+ *   });
+ *   // Add more test cases here...
+ * });
+ */
+
+/**
+ * Generates a test suite based on the provided configuration.
+ *
+ * @param {object} config - Configuration object for the test suite.
+ * @param {string} config.baseURL - The base URL of the API.
+ * @param {string} config.endpoint - The API endpoint to test.
+ * @param {string} config.method - The HTTP method to use (GET, POST, PUT, DELETE, etc.).
+ * @param {string} config.description - A description of the test case.
+ * @param {object} [config.headers] - Optional headers to include in the request.
+ * @param {object} [config.body] - Optional request body.
+ * @param {string} [config.authenticationType] - Optional authentication type (e.g., 'Bearer', 'OAuth', 'API Key').
+ * @param {string} [config.authenticationToken] - Optional authentication token or API key.
+ * @returns {object} An object containing the request function.
+ */
+module.exports = (config) => {
+  const axios = require('axios'); // Consider making axios a configurable dependency if needed
+
+  /**
+   * Executes the API request based on the configuration.
+   *
+   * @async
+   * @function request
+   * @returns {Promise<object>} A promise that resolves to the API response.
+   * @throws {Error} If the request fails.
+   */
+  async function request() {
+    try {
+      const requestConfig = {
+        method: config.method,
+        url: config.baseURL + config.endpoint,
+        headers: config.headers || {},
+        data: config.body || null, // Use data for POST/PUT requests, params for GET
+        // params: config.method === 'GET' ? config.body : null // Alternate: use params for GET requests
+      };
+
+      // Authentication handling
+      if (config.authenticationType === 'Bearer' && config.authenticationToken) {
+        requestConfig.headers.Authorization = `Bearer ${config.authenticationToken}`;
+      } else if (config.authenticationType === 'API Key' && config.authenticationToken) {
+        // Example API Key header - adjust based on API requirements
+        requestConfig.headers['X-API-Key'] = config.authenticationToken;
+      } // Add more authentication types as needed
+
+      const response = await axios(requestConfig);
+      return response;
+    } catch (error) {
+      // Handle errors appropriately (e.g., log, re-throw, or return a custom error object)
+      console.error(`Request failed for ${config.description}:`, error.message);
+      throw error; // Re-throw the error for the test to handle
+    }
+  }
+
+  return {
+    request,
+
+    // Add more helper functions here if needed (e.g., for data validation)
+    validateResponseSchema: (response, schema) => {
+      // Placeholder: Implement schema validation logic using a library like Joi or Ajv
+      // Example:
+      // const validationResult = schema.validate(response.data);
+      // if (validationResult.error) {
+      //   throw new Error(`Schema validation failed: ${validationResult.error.message}`);
+      // }
+    },
+    extractDataFromResponse: (response, path) => {
+        // Placeholder: Implement logic to extract data from the response using a library like lodash.get
+        // Example:
+        // return _.get(response.data, path);
+    }
+  };
+};

package/skills/automating-api-testing/references/README.md

@@ -0,0 +1,4 @@
+# References
+
+Bundled resources for api-test-automation skill
+

package/skills/automating-api-testing/scripts/README.md

@@ -0,0 +1,7 @@
+# Scripts
+
+Bundled resources for api-test-automation skill
+
+- [ ] generate_test_suite.py: Generates comprehensive test suites for REST and GraphQL APIs based on endpoint analysis and specifications.
+- [ ] validate_api_response.py: Validates API responses against predefined schemas or OpenAPI specifications.
+- [ ] authentication_test.py: Automates authentication testing, including various methods like Bearer tokens, OAuth, and API keys.

package/skills/automating-api-testing/scripts/generate_test_suite.py

@@ -0,0 +1,129 @@
+#!/usr/bin/env python3
+"""
+api-test-automation - Generator Script
+Generates comprehensive test suites for REST and GraphQL APIs based on endpoint analysis and specifications.
+Generated: 2025-12-10 03:48:17
+"""
+
+import os
+import json
+import argparse
+from pathlib import Path
+from datetime import datetime
+
+class Generator:
+    def __init__(self, config: Dict):
+        self.config = config
+        self.output_dir = Path(config.get('output', './output'))
+        self.output_dir.mkdir(parents=True, exist_ok=True)
+
+    def generate_markdown(self, title: str, content: str) -> Path:
+        """Generate markdown document."""
+        filename = f"{title.lower().replace(' ', '_')}_{datetime.now().strftime('%Y%m%d_%H%M%S')}.md"
+        file_path = self.output_dir / filename
+
+        md_content = f"""# {title}
+
+Generated by api-test-automation
+Date: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}
+
+## Overview
+{content}
+
+## Configuration
+```json
+{json.dumps(self.config, indent=2)}
+```
+
+## Category
+testing
+
+## Plugin
+api-test-automation
+"""
+
+        file_path.write_text(md_content)
+        return file_path
+
+    def generate_json(self, data: Dict) -> Path:
+        """Generate JSON output."""
+        filename = f"output_{datetime.now().strftime('%Y%m%d_%H%M%S')}.json"
+        file_path = self.output_dir / filename
+
+        output_data = {
+            "generated_by": "api-test-automation",
+            "timestamp": datetime.now().isoformat(),
+            "category": "testing",
+            "plugin": "api-test-automation",
+            "data": data,
+            "config": self.config
+        }
+
+        with open(file_path, 'w') as f:
+            json.dump(output_data, f, indent=2)
+
+        return file_path
+
+    def generate_script(self, name: str, template: str) -> Path:
+        """Generate executable script."""
+        filename = f"{name}.sh"
+        file_path = self.output_dir / filename
+
+        script_content = f"""#!/bin/bash
+# Generated by api-test-automation
+# Date: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}
+
+set -e  # Exit on error
+
+echo "🚀 Running {name}..."
+
+# Template content
+{template}
+
+echo "✅ Completed successfully"
+"""
+
+        file_path.write_text(script_content)
+        file_path.chmod(0o755)  # Make executable
+        return file_path
+
+def main():
+    parser = argparse.ArgumentParser(description="Generates comprehensive test suites for REST and GraphQL APIs based on endpoint analysis and specifications.")
+    parser.add_argument('--type', choices=['markdown', 'json', 'script'], default='markdown')
+    parser.add_argument('--output', '-o', default='./output', help='Output directory')
+    parser.add_argument('--config', '-c', help='Configuration file')
+    parser.add_argument('--title', default='api-test-automation Output')
+    parser.add_argument('--content', help='Content to include')
+
+    args = parser.parse_args()
+
+    config = {'output': args.output}
+    if args.config and Path(args.config).exists():
+        with open(args.config) as f:
+            config.update(json.load(f))
+
+    generator = Generator(config)
+
+    print(f"🔧 Generating {args.type} output...")
+
+    if args.type == 'markdown':
+        output_file = generator.generate_markdown(
+            args.title,
+            args.content or "Generated content"
+        )
+    elif args.type == 'json':
+        output_file = generator.generate_json(
+            {"title": args.title, "content": args.content}
+        )
+    else:  # script
+        output_file = generator.generate_script(
+            args.title.lower().replace(' ', '_'),
+            args.content or "# Add your script content here"
+        )
+
+    print(f"✅ Generated: {output_file}")
+    return 0
+
+if __name__ == "__main__":
+    import sys
+    sys.exit(main())