first step

src/server/pyproject.toml

@@ -0,0 +1,6 @@
+[project.optional-dependencies]
+test = [
+    "pytest>=7.0",
+    "schemathesis>=3.0",
+    "requests>=2.31",
+]

src/server/requirements.txt

@@ -20,4 +20,4 @@ pytest
 pytest-cov
 coverage
 
-../server/.
+

src/server/tests/conftest.py

@@ -0,0 +1,37 @@
+import os
+import pytest
+import requests
+
+@pytest.fixture(scope="session")
+def base_url() -> str:
+    # Example: https://dev.api.mycompany.com
+    url = os.environ.get("API_BASE_URL")
+    if not url:
+        raise RuntimeError("Set API_BASE_URL")
+    return url.rstrip("/")
+
+@pytest.fixture(scope="session")
+def jwt_token(base_url: str) -> str:
+    username = os.environ.get("API_USERNAME")
+    password = os.environ.get("API_PASSWORD")
+    if not username or not password:
+        raise RuntimeError("Set API_USERNAME and API_PASSWORD")
+
+    # Adapt these to your auth endpoint + response shape:
+    login_path = os.environ.get("API_LOGIN_PATH", "/auth/login")
+    resp = requests.post(
+        f"{base_url}{login_path}",
+        json={"username": username, "password": password},
+        timeout=30,
+    )
+    resp.raise_for_status()
+
+    data = resp.json()
+    token = data.get("access_token") or data.get("token")
+    if not token:
+        raise RuntimeError("Could not find JWT token in login response JSON")
+    return token
+
+@pytest.fixture(scope="session")
+def auth_headers(jwt_token: str) -> dict[str, str]:
+    return {"Authorization": f"Bearer {jwt_token}"}

src/server/tests/contract/test_openapi_fuzz.py

@@ -0,0 +1,10 @@
+import schemathesis
+
+schema = schemathesis.from_path("../../misc/BreCalApi.yaml")
+
+@schema.parametrize()
+def test_api_conformance(case, base_url: str, auth_headers: dict[str, str]) -> None:
+    # Calls your real service:
+    response = case.call(base_url=base_url, headers=auth_headers)
+    # Validates status code, headers, and body against the OpenAPI schema:
+    case.validate_response(response)