Keep the OpenAPI spec in sync with API endpoints. Use when adding, changing, or removing API routes, request/response bodies, or auth requirements.
Whenever you change API endpoints, update the OpenAPI spec so /api-docs (Swagger UI) stays accurate and testable.
security: [{ bearerAuth: [] }] in the spec.components.schemas and path definitions.security array in the spec.apps/api/src/openapi.ts exports openApiDocument (OpenAPI 3.0).GET /api-docs via swagger-ui-express in apps/api/src/index.ts.GET /, GET /health, GET /auth/me, POST /auth/login, etc.) should have a matching path in openApiDocument.paths.components.schemas and reference with $ref.requireAuth must have security: [{ bearerAuth: [] }] and document 401 responses.After editing any of:
apps/api/src/index.ts (new top-level routes)apps/api/src/routes/*.tsapps/api/src/controllers/*.ts (if response/request shape changes)