Protect the RestaurantPOS backend contract as consumed by customer-web (Next.js + TypeScript) and staff-web (React + TypeScript + Vite), including frozen OpenAPI, generated TypeScript SDK, mutation contract docs, standardized error envelopes, enum/state exposure, CORS, and frontend-facing DX. Use when Codex changes request or response shape, API artifacts, machine-readable errors, enum or state fields, pagination or meta behavior, or frontend integration guidance for web consumers.
Read AGENTS.md, .codex/AGENTS.md, and references/paths.md before editing.
storage/app/booking_release/openapi-v1.json and generated consumer artifacts as the only official frontend contract sources.{ data: ... } or { data: [...], meta: ... } for collections.error_code, message, request_id, and errors when validation details exist.row_version, Idempotency-Key, and X-Session-Id requirements visible in mutation contract outputs when they matter to browser clients.build/api-consumer/ or storage/app/booking_release/.config/api_artifacts.php, mutation contract docs, or frozen OpenAPI metadata.X-Request-Id response exposure when touching client-facing headers.composer api:artifactsphp artisan test tests/Feature/Infrastructure tests/Feature/Console/ApiConsumerArtifactsGenerateCommandTest.phpphp artisan test tests/Feature/Http/ApiListingQueryStandardTest.php tests/Feature/Http/ApiValidationPayloadCompatibilityTest.php tests/Feature/CorsContractTest.php tests/Unit/Config/ApiArtifactsConfigContractTest.php