From production traffic
to enforced requirement.

Step-by-step process

1. 01

   Record production traffic

   Install the Stoney middleware in your API. It observes real requests and responses, mapping your entire API surface — without touching your source code or slowing down your pipeline.

   middleware.ts → Stoney recorder

   Recording production traffic4 routes observed

   GET/api/users/:id2002.4k/hr

   DELETE/api/admin/users/:id20412/hr

   POST/api/payments/charge201180/hr

   GET/api/reports200640/hr

   ⬡ Generating contract suggestions…
2. 02

   Generate contracts automatically

   Stoney analyzes traffic patterns, identifies business rules, and generates executable contracts. Each contract is auto-linked to the Jira ticket that created the requirement.

   Discover → AI contract generation

   Jira ticket auto-matched

   ENG-24794% confidence · PR #312

   GENERATED CONTRACT

   work_item: "ENG-247"

   rule: "Only admins may delete accounts"

   expect: status 403

   feature: "Permissions"
3. 03

   Enforce on every deploy

   When a PR is opened, Stoney runs all contracts against your staging environment. If a business rule stops being enforced, the merge is blocked — with a clear link to what broke and why.

   GitHub Actions · feat/auth-refactor → main

   ✕ 1 contract failed — merge blocked

   Admin access controlENG-247

   Payment idempotencyPAY-019

   PII data boundariesSEC-042

   Rate limitingENG-201
4. 04

   Export audit evidence

   Every verification is logged with the ticket, actor, and timestamp. When auditors ask for proof, you export a date range — not a weeks-long documentation sprint.

   Audit export · Q3 evidence pack

   SOC 2 evidence ready

   2025-03-15SEC-042Passdeploy-bot

   2025-03-14ENG-247Pass@jsmith

   2025-03-14PAY-019Passdeploy-bot

Key outcomes

Ready to close
the loop?

Install the recorder, watch contracts generate themselves, and run your first CI gate in under 20 minutes.