readProjectFile('docs/openapi.yaml'); $this->assertMatchesRegularExpression('/\/auth\/login:\s+post:.*?security:\s*\[\]/s', $content); $this->assertStringContainsString('no Authorization header required', $content); } public function testOpenApiIncludesNewCriticalFrontendEndpoints(): void { $content = $this->readProjectFile('docs/openapi.yaml'); $this->assertStringContainsString('/permissions:', $content); $this->assertStringContainsString('/me/password:', $content); $this->assertStringContainsString('/me/avatar:', $content); $this->assertStringContainsString('/users/avatar/{uuid}:', $content); $this->assertStringContainsString('/tenants/avatar/{uuid}:', $content); $this->assertStringContainsString('/settings:', $content); $this->assertStringContainsString('/settings/public:', $content); } public function testOpenApiUsesUuidBasedMasterDataContracts(): void { $content = $this->readProjectFile('docs/openapi.yaml'); $this->assertStringContainsString('required: [description, tenant_uuid]', $content); $this->assertStringContainsString('tenant_uuids:', $content); $this->assertStringContainsString('primary_tenant_uuid:', $content); $this->assertStringContainsString('role_uuids:', $content); $this->assertStringContainsString('department_uuids:', $content); $this->assertStringContainsString('permission_keys:', $content); $this->assertStringContainsString('tenant_uuid:', $content); } public function testTenantShowOpenApiStaysInSyncWithResponseContract(): void { $openApiContent = $this->readProjectFile('docs/openapi.yaml'); $this->assertStringContainsString('TenantShowResponse:', $openApiContent); $this->assertStringContainsString('primary_color_use_default:', $openApiContent); $this->assertStringContainsString('allow_user_theme_mode:', $openApiContent); $this->assertStringContainsString('support_email:', $openApiContent); } public function testApiErrorEnvelopeIsCentralizedAndRequestIdAware(): void { $apiResponse = $this->readProjectFile('core/Http/ApiResponse.php'); $this->assertStringContainsString("'ok' => false", $apiResponse); $this->assertStringContainsString("'error_code' => \$normalizedErrorCode", $apiResponse); $this->assertStringContainsString("'details' => \$normalizedDetails", $apiResponse); $this->assertStringContainsString("header('X-Request-Id: ' . \$requestId);", $apiResponse); $this->assertStringNotContainsString("'error' => \$normalizedErrorCode", $apiResponse); $this->assertStringNotContainsString("\$body['errors']", $apiResponse); $openApi = $this->readProjectFile('docs/openapi.yaml'); $this->assertStringContainsString('required: [ok, request_id, error_code, details]', $openApi); $this->assertStringNotContainsString('Legacy alias of `error_code`', $openApi); $this->assertStringNotContainsString('Legacy alias of `details.errors`', $openApi); } }