@kirrosh/zond 0.21.0 → 0.23.0

package/src/core/anti-fp/rules/schemathesis/string_type_mutation_becomes_valid.ts

@@ -0,0 +1,53 @@
+/**
+ * ARV-124: migrated from `src/core/checks/checks/_anti_fp.ts` (guard #2).
+ *
+ * The classic "stringified primitive" trap: schema says `integer`, our
+ * mutation flips to `"42"` (string), but servers using Express,
+ * FastAPI, Rails coerce the string back to int. The mutation is a
+ * no-op on the wire, so a 2xx isn't a real silent-accept.
+ *
+ * Sources: schemathesis #2312, #2978.
+ */
+import type { CheckCase } from "../../../checks/types.ts";
+import type { MutationMeta } from "../../../checks/checks/_negative_mutator.ts";
+import type { FpRule } from "../../types.ts";
+
+function getMutation(c: CheckCase): MutationMeta | undefined {
+  const m = c.meta as { mutation?: MutationMeta["mutation"] } | undefined;
+  if (!m || typeof m.mutation !== "string") return undefined;
+  return c.meta as unknown as MutationMeta;
+}
+
+export const stringTypeMutationBecomesValidRule: FpRule<CheckCase> = {
+  id: "_string_type_mutation_becomes_valid_after_serialization",
+  scope: "check:negative_data_rejection",
+  references: ["#2312", "#2978"],
+  applies(c) {
+    const m = getMutation(c);
+    if (!m || m.mutation !== "type_mutation") return null;
+    const fromNumeric = m.from_type === "integer" || m.from_type === "number";
+    const fromBoolean = m.from_type === "boolean";
+    const toString = m.to_type === "string" || typeof m.to_value === "string";
+    if (!toString) return null;
+    if (fromNumeric || fromBoolean) {
+      const v = String(m.to_value);
+      if (fromNumeric && /^-?\d+(\.\d+)?$/.test(v)) {
+        return {
+          ruleId: "_string_type_mutation_becomes_valid_after_serialization",
+          scope: "check:negative_data_rejection",
+          reason: `value "${v}" is numerically coerceable — server may auto-cast`,
+          references: ["#2312", "#2978"],
+        };
+      }
+      if (fromBoolean && (v === "true" || v === "false")) {
+        return {
+          ruleId: "_string_type_mutation_becomes_valid_after_serialization",
+          scope: "check:negative_data_rejection",
+          reason: `value "${v}" is boolean-coerceable — server may auto-cast`,
+          references: ["#2312"],
+        };
+      }
+    }
+    return null;
+  },
+};

package/src/core/anti-fp/rules/subscription-gated/index.ts

@@ -0,0 +1,11 @@
+/**
+ * ARV-125 / ARV-126: subscription/scope-gated anti-FP rule bundle.
+ * Same pattern as `rules/schemathesis/index.ts` — each rule is
+ * exported individually for tests, the side-effect-free list is
+ * consumed by `bootstrapAntiFp`.
+ */
+import { PAID_PLAN_403_RULE } from "./paid-plan-403.ts";
+
+export { PAID_PLAN_403_RULE };
+
+export const SUBSCRIPTION_GATED_RULES = [PAID_PLAN_403_RULE] as const;

package/src/core/anti-fp/rules/subscription-gated/paid-plan-403.ts

@@ -0,0 +1,75 @@
+/**
+ * ARV-125: migrated from `core/probe/mass-assignment-probe.ts` —
+ * inline pattern match for subscription/scope-gated 403 responses.
+ *
+ * Background (ARV-104 / F9): mass-assignment probing against a
+ * paid-plan-gated API slice produced an INCONCLUSIVE baseline on
+ * every gated endpoint. The default `inconclusiveBaselineSummary`
+ * tail tells the triage agent to "fix fixture / FK / path-params
+ * and re-probe" — but there's nothing to fix: the endpoint is gated
+ * by subscription/scope, and the agent will crank-turn fixture edits
+ * forever. The pattern match swaps the tail to a wontfix banner.
+ *
+ * Lives in the anti-FP registry as `subscription-gated/paid-plan-403`.
+ * Scope is `probe:mass-assignment` (with `probe:security` listed too —
+ * the live security probe hits the same surface and surfaces the same
+ * gated bodies through ARV-126's migration of its baseline-echo check).
+ *
+ * Context payload: `{ status, message }`. The mass-assignment probe
+ * already extracts the hint string from the response body; passing
+ * the extracted string keeps the rule body-format-agnostic so future
+ * callers (security probe) can reuse it without replicating the
+ * extractor.
+ */
+import type { FpRule } from "../../types.ts";
+
+export interface PaidPlan403Ctx {
+  /** HTTP status of the baseline response. Rule applies only at 403. */
+  status: number;
+  /** Server-supplied message extracted from the response body. The
+   *  rule does not parse JSON — callers extract their preferred field
+   *  (commonly `detail` / `message`) and pass the string. */
+  message?: string;
+}
+
+/** Lower-cased anchored fragments for the SaaS-flavoured wordings we
+ *  encounter in the wild. Each entry is one independent signal — a
+ *  body matching any one of them is treated as subscription-gated. */
+export const SUBSCRIPTION_GATED_PATTERNS: RegExp[] = [
+  /\bpaid plan\b/i,
+  /\bsubscription (?:required|needed)\b/i,
+  /\bnot (?:available|enabled) (?:on|for) your\b/i,
+  /\bplan (?:does not include|doesn['']?t include)\b/i,
+  /\brequires? (?:the )?[\w:-]+ scope\b/i,
+  /\bmissing (?:the )?[\w:-]+ scope\b/i,
+  /\bfeature (?:is )?(?:not enabled|disabled|not available)\b/i,
+  /\binsufficient (?:permissions?|scope)\b/i,
+];
+
+/** Exported predicate for callers that want a quick yes/no without
+ *  composing an `applyAntiFp` call (the probe still exposes its own
+ *  re-export of this for back-compat with pre-ARV-125 tests). */
+export function matchesSubscriptionGated(message: string): boolean {
+  for (const re of SUBSCRIPTION_GATED_PATTERNS) {
+    if (re.test(message)) return true;
+  }
+  return false;
+}
+
+export const PAID_PLAN_403_RULE: FpRule<PaidPlan403Ctx> = {
+  id: "subscription-gated/paid-plan-403",
+  scope: ["probe:mass-assignment", "probe:security"],
+  references: ["ARV-104"],
+  applies(ctx) {
+    if (ctx.status !== 403) return null;
+    if (!ctx.message || !matchesSubscriptionGated(ctx.message)) return null;
+    return {
+      ruleId: "subscription-gated/paid-plan-403",
+      scope: "probe:mass-assignment",
+      reason:
+        "endpoint is env/subscription-gated (paid plan, role/scope, feature flag); " +
+        "not a fixture issue — wontfix unless scope changes",
+      references: ["ARV-104"],
+    };
+  },
+};

package/src/core/anti-fp/types.ts

@@ -0,0 +1,68 @@
+/**
+ * ARV-123 (m-19): typed registry for anti-FP guards.
+ *
+ * Background: anti-FP logic is scattered across the codebase —
+ *   - `core/checks/checks/_anti_fp.ts` ships 4 schemathesis-attributed
+ *     guards for the data-rejection family;
+ *   - `core/probe/mass-assignment-probe.ts` carries inline regex
+ *     suppressions (paid-plan / subscription / scope-gating);
+ *   - `core/probe/security-probe.ts` does a baseline-echo / boundary
+ *     check inline.
+ *
+ * They share the same shape — "given a finding plus its context, return
+ * a structured suppression with attribution" — but each has its own
+ * ad-hoc API, which makes it hard to (a) discover the full set, (b)
+ * attribute a suppression to its source (schemathesis #N, vendor
+ * plan-limit doc, etc.), and (c) test rules in isolation.
+ *
+ * This module gives them a common contract. Migration of existing rules
+ * lives in ARV-124/125/126 — this task only ships the registry.
+ */
+
+/**
+ * Scope identifies the family of checks/probes a rule applies to.
+ * Convention: `<kind>:<name>`. Examples:
+ *   - `check:negative_data_rejection` / `check:positive_data_acceptance`
+ *   - `probe:mass-assignment`
+ *   - `probe:security` (baseline-echo / boundary)
+ *
+ * A rule may declare a single scope or an array of scopes. `applyAntiFp`
+ * filters the registry by the caller's scope before running rules, so
+ * a mass-assignment-only rule never gets evaluated against a data
+ * rejection finding.
+ */
+export type FpScope = string;
+
+export interface FpRule<Ctx = unknown> {
+  /** Stable identifier — used for dedup, logs, and downstream
+   *  attribution. Convention mirrors schemathesis: snake_case prefixed
+   *  with the family (`_body_negation_becomes_valid_after_serialization`).
+   *  Last-writer wins on re-register, so test setups can swap rules. */
+  id: string;
+  /** Single scope or set of scopes this rule covers. */
+  scope: FpScope | FpScope[];
+  /** Decide whether the rule fires for a given context. Return a
+   *  populated suppression to claim the finding, or null to pass. */
+  applies(ctx: Ctx): FpSuppression | null;
+  /** Static reason used when the rule's logic just wants to flag the
+   *  context without composing a runtime string. Optional — most rules
+   *  prefer to build a context-specific reason inside `applies`. */
+  reason?: string;
+  /** Backing evidence — schemathesis issue numbers, vendor docs, etc.
+   *  Surfaced verbatim in the suppression so an agent reading the
+   *  output can locate the upstream debate. */
+  references?: string[];
+}
+
+export interface FpSuppression {
+  /** The rule that fired. */
+  ruleId: string;
+  /** The scope under which the rule fired (resolved scope, not the
+   *  rule's declared scope set). */
+  scope: FpScope;
+  /** Human-readable reason. Built by the rule's `applies` function. */
+  reason: string;
+  /** Copied through from the rule definition unless the rule overrode
+   *  it inside `applies`. */
+  references?: string[];
+}

package/src/core/checks/checks/_crud-helpers.ts

@@ -0,0 +1,133 @@
+/**
+ * Shared id-extraction helpers for stateful CRUD checks (m-15 ARV-3).
+ * Kept under `_` prefix so it doesn't get auto-registered.
+ */
+import { encodeFormBody } from "../../runner/form-encode.ts";
+import { substituteDeep } from "../../parser/variables.ts";
+import { generateFromSchema } from "../../generator/data-factory.ts";
+import type { EndpointInfo } from "../../generator/types.ts";
+import type { SeedBodyConfig } from "../../generator/resources-builder.ts";
+
+/**
+ * ARV-187: pick the create body for a stateful CRUD step. Prefers an
+ * LLM-authored `seed_body` block (from `.api-resources.local.yaml`)
+ * because random scalars from `generateFromSchema` consistently get
+ * rejected by strict-validating APIs (Stripe's `expand[]`, Stripe
+ * required-field XORs, FK-bearing creates). When no seed_body is set,
+ * falls back to generation — preserves the pre-ARV-187 behaviour for
+ * APIs we haven't annotated yet.
+ *
+ * Returns `null` when neither path can produce an object (no schema +
+ * no seed). Caller should skip with a broken-baseline reason.
+ */
+export function resolveCreateBody(
+  create: EndpointInfo,
+  seedBody: SeedBodyConfig | undefined,
+): Record<string, unknown> | null {
+  if (seedBody && seedBody.body && typeof seedBody.body === "object") {
+    return seedBody.body;
+  }
+  if (!create.requestBodySchema) return null;
+  const generated = generateFromSchema(create.requestBodySchema);
+  if (generated == null || typeof generated !== "object") return null;
+  return generated as Record<string, unknown>;
+}
+
+/**
+ * ARV-191: serialise a generated body using whichever wire format the
+ * create endpoint declares, and resolve the `{{$randomString}}` /
+ * `{{$randomInt}}` / `{{$randomEmail}}` markers that
+ * `generateFromSchema` embeds. Two failure modes this addresses:
+ *
+ *   1. Content-type — Stripe-style APIs declare only
+ *      `application/x-www-form-urlencoded`; JSON.stringify yields a
+ *      400 "missing required param" the broken-baseline guard swallows.
+ *      Mirrors `serializeProbeBody` (ARV-150) for probes.
+ *   2. Placeholder resolution — `data-factory` emits literal markers
+ *      that downstream callers (the YAML runner, the probe-harness)
+ *      resolve via `substituteDeep`. Stateful checks bypassed this and
+ *      sent `balance={{$randomInt}}` to Stripe → 400. Sending JSON
+ *      previously masked the bug because Stripe ignored the body
+ *      entirely on form-encoded endpoints.
+ *
+ * Pass `vars` when the caller has live env values (path-fixtures); the
+ * helper otherwise relies on the built-in `GENERATORS` table inside
+ * `substituteDeep` to fabricate values for the random markers.
+ */
+export function serializeCheckBody(
+  create: { requestBodyContentType?: string },
+  body: Record<string, unknown>,
+  vars: Record<string, unknown> = {},
+  contentTypeOverride?: string,
+): { body: string; contentType: string } {
+  const resolved = substituteDeep(body, vars);
+  const obj = (resolved && typeof resolved === "object" && !Array.isArray(resolved))
+    ? (resolved as Record<string, unknown>)
+    : {};
+  const ct = contentTypeOverride ?? create.requestBodyContentType ?? "application/json";
+  if (ct === "application/x-www-form-urlencoded") {
+    return { body: encodeFormBody(obj), contentType: "application/x-www-form-urlencoded" };
+  }
+  return { body: JSON.stringify(obj), contentType: ct };
+}
+
+export function fillPathWithId(path: string, idParam: string, id: string | number): string {
+  const v = encodeURIComponent(String(id));
+  return path
+    .replace(new RegExp(`\\{${idParam}\\}`), v)
+    // Fallback: any single placeholder gets replaced.
+    .replace(/\{[^}]+\}/g, v);
+}
+
+/** ARV-169: substitute parent-scope path-params on a create endpoint
+ *  using harness.pathVars. Resource-scoped APIs (Sentry's
+ *  `/api/0/organizations/{organization_id_or_slug}/projects/`) need
+ *  the parent id resolved before the create call lands — without it
+ *  the create 404s and the broken-baseline guard skips the whole
+ *  CRUD chain. Vars not present in `pathVars` are left as literal
+ *  placeholders so the caller can spot the gap in skip diagnostics.
+ *  Idempotent for paths with no placeholders (most flat-CRUD APIs). */
+export function fillPathParams(path: string, pathVars?: Record<string, string>): string {
+  if (!pathVars) return path;
+  return path.replace(/\{([^}]+)\}/g, (_, name) => {
+    const v = pathVars[name];
+    return v && v.length > 0 ? encodeURIComponent(v) : `{${name}}`;
+  });
+}
+
+/**
+ * Pull a usable id out of a create-response body. Honours the spec's
+ * declared `idParam` first (so `userId` matches `user_id` / `userId`),
+ * then falls back to a list of common keys. Returns null if nothing
+ * looks like a usable id.
+ */
+export function extractIdFromCreateResponse(body: unknown, idParam: string): string | number | null {
+  if (body == null || typeof body !== "object") {
+    if (typeof body === "string" || typeof body === "number") return body;
+    return null;
+  }
+  // Strings often arrive as parsed JSON via http-client; treat both.
+  const obj = body as Record<string, unknown>;
+  const candidates = [
+    idParam,
+    idParam.replace(/[_-]/g, ""),
+    "id",
+    "uuid",
+    "slug",
+    "name",
+    "key",
+  ];
+  for (const k of candidates) {
+    const v = obj[k];
+    if (typeof v === "string" || typeof v === "number") return v;
+  }
+  // common SaaS-style { data: { id } } envelope.
+  const data = obj.data as Record<string, unknown> | undefined;
+  if (data && typeof data === "object") {
+    for (const k of candidates) {
+      const v = data[k];
+      if (typeof v === "string" || typeof v === "number") return v;
+    }
+  }
+  return null;
+}

package/src/core/checks/checks/_negative_mutator.ts

@@ -0,0 +1,133 @@
+/**
+ * Single-site negative-body mutator (m-15 ARV-4). Applies exactly one
+ * mutation to a valid body so the data-rejection check can attribute
+ * accept/reject decisions to a known cause. Three strategies, picked
+ * in priority order:
+ *
+ *   1. drop_required        — remove the first required field.
+ *   2. type_mutation        — flip the first scalar field's type.
+ *   3. constraint_violation — violate the first declared constraint
+ *                              (minLength/maximum/pattern/enum).
+ *
+ * The first applicable strategy wins — keeps mutations deterministic
+ * across runs (matches schemathesis' "isolate the failure site" goal).
+ * `meta` carries the strategy + field path so anti-FP guards and
+ * findings can describe what was changed without reparsing the body.
+ */
+import type { OpenAPIV3 } from "openapi-types";
+import { generateFromSchema } from "../../generator/data-factory.ts";
+
+export interface MutationMeta {
+  mutation: "drop_required" | "type_mutation" | "constraint_violation";
+  field_path: string;
+  /** For type_mutation. */
+  from_type?: string;
+  to_type?: string;
+  to_value?: unknown;
+  /** For constraint_violation. */
+  constraint?: string;
+}
+
+export interface MutationResult {
+  body: unknown;
+  meta: MutationMeta;
+}
+
+function isObject(v: unknown): v is Record<string, unknown> {
+  return typeof v === "object" && v !== null && !Array.isArray(v);
+}
+
+function pickWrongValue(t: string): { type: string; value: unknown } {
+  // Pick a value that is *clearly* the wrong type — and not a string
+  // that the server might coerce. Anti-FP guard #2 takes care of the
+  // "stringified primitive" case separately, but we avoid emitting it
+  // in the first place where we can.
+  switch (t) {
+    case "integer":
+    case "number":
+      return { type: "boolean", value: true };
+    case "boolean":
+      return { type: "integer", value: 7 };
+    case "string":
+      return { type: "object", value: { unexpected: "shape" } };
+    case "array":
+      return { type: "object", value: {} };
+    case "object":
+      return { type: "array", value: [] };
+    default:
+      return { type: "boolean", value: true };
+  }
+}
+
+function tryDropRequired(schema: OpenAPIV3.SchemaObject, body: unknown): MutationResult | null {
+  if (!isObject(body)) return null;
+  const required = schema.required ?? [];
+  for (const f of required) {
+    if (f in body) {
+      const next = { ...body };
+      delete next[f];
+      return { body: next, meta: { mutation: "drop_required", field_path: f, dropped_field: f } as MutationMeta };
+    }
+  }
+  return null;
+}
+
+function tryTypeMutation(schema: OpenAPIV3.SchemaObject, body: unknown): MutationResult | null {
+  if (!isObject(body)) return null;
+  const props = (schema.properties ?? {}) as Record<string, OpenAPIV3.SchemaObject>;
+  for (const [name, propSchema] of Object.entries(props)) {
+    const t = propSchema.type;
+    if (typeof t !== "string") continue;
+    if (!(name in body)) continue;
+    const wrong = pickWrongValue(t);
+    return {
+      body: { ...body, [name]: wrong.value },
+      meta: {
+        mutation: "type_mutation",
+        field_path: name,
+        from_type: t,
+        to_type: wrong.type,
+        to_value: wrong.value,
+      },
+    };
+  }
+  return null;
+}
+
+function tryConstraintViolation(schema: OpenAPIV3.SchemaObject, body: unknown): MutationResult | null {
+  if (!isObject(body)) return null;
+  const props = (schema.properties ?? {}) as Record<string, OpenAPIV3.SchemaObject>;
+  for (const [name, propSchema] of Object.entries(props)) {
+    if (!(name in body)) continue;
+    if (propSchema.enum && propSchema.enum.length > 0) {
+      return { body: { ...body, [name]: "__not_in_enum__" }, meta: { mutation: "constraint_violation", field_path: name, constraint: "enum" } };
+    }
+    if (typeof propSchema.minLength === "number" && propSchema.minLength > 0) {
+      return { body: { ...body, [name]: "" }, meta: { mutation: "constraint_violation", field_path: name, constraint: "minLength" } };
+    }
+    if (typeof propSchema.maxLength === "number") {
+      return {
+        body: { ...body, [name]: "x".repeat(propSchema.maxLength + 1) },
+        meta: { mutation: "constraint_violation", field_path: name, constraint: "maxLength" },
+      };
+    }
+    if (typeof propSchema.minimum === "number") {
+      return { body: { ...body, [name]: propSchema.minimum - 1 }, meta: { mutation: "constraint_violation", field_path: name, constraint: "minimum" } };
+    }
+    if (typeof propSchema.maximum === "number") {
+      return { body: { ...body, [name]: propSchema.maximum + 1 }, meta: { mutation: "constraint_violation", field_path: name, constraint: "maximum" } };
+    }
+  }
+  return null;
+}
+
+/**
+ * Build a single-site negative case from a request-body schema.
+ * Returns `null` when the schema offers no exploit surface (no
+ * required fields, no typed properties, no constraints) — the caller
+ * should skip emitting a probe rather than send a meaningless one.
+ */
+export function buildNegativeBody(schema: OpenAPIV3.SchemaObject): MutationResult | null {
+  const valid = generateFromSchema(schema);
+  return tryDropRequired(schema, valid) ?? tryTypeMutation(schema, valid) ?? tryConstraintViolation(schema, valid);
+}

package/src/core/checks/checks/_readback-helpers.ts

@@ -0,0 +1,133 @@
+/**
+ * ARV-169 (m-20): POST→GET cross-call drift diff logic.
+ *
+ * The check creates a resource, reads it back, and compares the
+ * write-shape (what the client sent + what the create response echoed)
+ * against the read-shape (what GET returned). Three flavours of drift:
+ *
+ *   • write-only — POST accepted the field, GET never returned it.
+ *     Often a secret/write-once design; can also be a silent data drop.
+ *     Suppressible via `ignore_fields` per resource.
+ *   • state-not-persisted — POST *echoed* the field in its 2xx response
+ *     but GET dropped it. This is the high-signal class: server lied
+ *     about persisting state. Always HIGH unless explicitly ignored.
+ *   • undeclared-on-read — GET returned a field the spec doesn't
+ *     document. Surfaced by response_schema_conformance already; this
+ *     check is the cross-call analogue and stays out of the way.
+ *
+ * Anti-FP: a baseline `DEFAULT_READBACK_IGNORE` filters timestamp/etag
+ * envelope fields shared across every SaaS API, so a probe on a stock
+ * spec without yaml overrides doesn't drown in noise. Per-API quirks
+ * (Stripe `metadata` stripping, `livemode`) are layered on top via
+ * `.api-resources.local.yaml` (authored by `zond api annotate` or by
+ * hand — see backlog/notes/m-20-validation.md §«Review boundary»).
+ */
+import type { ReadbackDiffConfig } from "../../generator/resources-builder.ts";
+
+/** Fields excluded from drift detection on every resource, regardless
+ *  of yaml config. These are universally non-comparable across the
+ *  POST→GET hop. */
+export const DEFAULT_READBACK_IGNORE: ReadonlySet<string> = new Set([
+  "id",
+  "object",
+  "created",
+  "created_at",
+  "createdAt",
+  "updated",
+  "updated_at",
+  "updatedAt",
+  "deleted_at",
+  "etag",
+  "_etag",
+  "version",
+  "livemode",
+  "_links",
+  "self",
+  "url",
+]);
+
+export interface DriftField {
+  field: string;
+  kind: "write_only" | "state_not_persisted" | "undeclared_on_read";
+  /** For state_not_persisted: the value the create response echoed. */
+  writtenValue?: unknown;
+}
+
+export interface DriftReport {
+  writeOnly: DriftField[];
+  stateNotPersisted: DriftField[];
+  undeclaredOnRead: DriftField[];
+}
+
+function shallowFields(v: unknown): Set<string> {
+  if (v == null || typeof v !== "object" || Array.isArray(v)) return new Set();
+  return new Set(Object.keys(v as Record<string, unknown>));
+}
+
+/**
+ * Compute drift between write-shape and read-shape.
+ *
+ * @param writeBody   what the client POSTed (parsed JSON)
+ * @param createEcho  the 2xx response body of the POST
+ * @param readBody    the 2xx response body of the subsequent GET
+ * @param specDeclared field names declared in spec.responses for the GET
+ *                     (used to suppress write-only fields that the spec
+ *                     marks as write-only — `password`-style secrets).
+ *                     Empty Set ⇒ no suppression by spec.
+ * @param cfg         per-resource readback overrides
+ */
+export function computeDrift(
+  writeBody: unknown,
+  createEcho: unknown,
+  readBody: unknown,
+  specDeclared: ReadonlySet<string>,
+  cfg: ReadbackDiffConfig | undefined,
+): DriftReport {
+  const writeFields = shallowFields(writeBody);
+  const echoFields = shallowFields(createEcho);
+  const readFields = shallowFields(readBody);
+
+  const ignore = new Set<string>(DEFAULT_READBACK_IGNORE);
+  for (const f of cfg?.ignoreFields ?? []) ignore.add(f);
+  const renameMap = cfg?.writeToReadMap ?? {};
+
+  // Apply rename: a write-side field maps to a different read-side name.
+  const writeAfterRename = new Set<string>();
+  for (const f of writeFields) writeAfterRename.add(renameMap[f] ?? f);
+  const echoAfterRename = new Set<string>();
+  for (const f of echoFields) echoAfterRename.add(renameMap[f] ?? f);
+
+  const writeOnly: DriftField[] = [];
+  for (const f of writeAfterRename) {
+    if (ignore.has(f)) continue;
+    if (readFields.has(f)) continue;
+    // If the field isn't declared on the GET response schema at all,
+    // it's a write-only-by-spec contract — not a drift. (Secrets, etc.)
+    if (specDeclared.size > 0 && !specDeclared.has(f)) continue;
+    writeOnly.push({ field: f, kind: "write_only" });
+  }
+
+  const stateNotPersisted: DriftField[] = [];
+  const echoBody = (createEcho ?? {}) as Record<string, unknown>;
+  for (const f of echoAfterRename) {
+    if (ignore.has(f)) continue;
+    if (readFields.has(f)) continue;
+    // Only report fields the echo actually carried with a non-null value —
+    // a null echo is the server signalling "not set", not a persistence bug.
+    const originalKey = Object.keys(renameMap).find((k) => renameMap[k] === f) ?? f;
+    const v = echoBody[originalKey];
+    if (v === undefined || v === null) continue;
+    stateNotPersisted.push({ field: f, kind: "state_not_persisted", writtenValue: v });
+  }
+
+  const undeclaredOnRead: DriftField[] = [];
+  if (specDeclared.size > 0) {
+    for (const f of readFields) {
+      if (ignore.has(f)) continue;
+      if (specDeclared.has(f)) continue;
+      undeclaredOnRead.push({ field: f, kind: "undeclared_on_read" });
+    }
+  }
+
+  return { writeOnly, stateNotPersisted, undeclaredOnRead };
+}

package/src/core/checks/checks/content_type_conformance.ts

@@ -0,0 +1,39 @@
+/**
+ * `content_type_conformance` — Content-Type returned by the server
+ * isn't among those declared in `op.responses[*].content`. Mirrors
+ * schemathesis. We only fail when a body is present and Content-Type
+ * is meaningful — empty 204 responses don't carry a type and pass.
+ */
+import type { Check } from "../types.ts";
+
+function baseType(ct: string): string {
+  return ct.split(";")[0]!.trim().toLowerCase();
+}
+
+export const contentTypeConformance: Check = {
+  id: "content_type_conformance",
+  severity: "medium",
+  defaultExpected: "Response Content-Type must be one of those declared on the OpenAPI response",
+  references: [{ id: "OAS3-mediaType", url: "https://spec.openapis.org/oas/v3.0.3#media-type-object" }],
+  applies: (op) => op.responseContentTypes.length > 0,
+  run({ case: c, response }) {
+    // 204 / 304 by definition have no body — Content-Type irrelevant.
+    if (response.status === 204 || response.status === 304) return { kind: "pass" };
+    const got = response.headers["content-type"] ?? response.headers["Content-Type"];
+    if (!got) {
+      return {
+        kind: "fail",
+        message: `Missing Content-Type header on ${c.operation.method} ${c.operation.path}`,
+        evidence: { declared: c.operation.responseContentTypes },
+      };
+    }
+    const declared = c.operation.responseContentTypes.map(baseType);
+    if (declared.length === 0) return { kind: "skip", reason: "no declared content types" };
+    if (declared.includes(baseType(got))) return { kind: "pass" };
+    return {
+      kind: "fail",
+      message: `Content-Type "${got}" not declared in OpenAPI for ${c.operation.method} ${c.operation.path}`,
+      evidence: { actual: got, declared },
+    };
+  },
+};