Contracts
Stoney verifies different types of API behavior.
HTTP Contracts
The most common type. Verifies status codes:
says: "GET /api/users returns 200"
steps:
- http:
method: GET
path: /api/users
headers:
Authorization: "Bearer ${STONEY_TOKEN}"
expect:
status: 200Contract Tiers
Stateless
No authentication needed:
tier: stateless
says: "Login requires credentials"
steps:
- http:
method: POST
path: /api/auth/login
expect:
status: 401Auth Only
Requires a token:
tier: auth_only
says: "List orders succeeds"
steps:
- http:
method: GET
path: /api/orders
headers:
Authorization: "Bearer ${STONEY_TOKEN}"
expect:
status: 200Reviewing Suggestions
The Discover page shows Stoney’s suggestions. Each shows:
| Field | Meaning |
|---|---|
| Method | HTTP method |
| Path | Normalized endpoint |
| Status | Observed response code |
| Confidence | 0-100 certainty |
Click Activate to enforce, or Dismiss to hide.
Editing Contracts
From the Contracts page:
- Deactivate: Pause enforcement without deleting
- Delete: Remove permanently with history
- Edit: Change description, domain, or linked ticket
Failure Modes
| Type | Meaning |
|---|---|
| Status mismatch | Expected 200, got 500 |
| Shape mismatch | Missing required field |
| Timeout | Request took too long |
Last updated on