# FieldOps Cloud API Contract Harness Report

Generated: 2026-06-26T20:04:03+00:00

Status: PASS

Checks: 43

Failures: 0

Active API-style routes: 6

Planned REST routes confirmed absent: 13

Routes parsed from `public/index.php`: 121

| Check | Status | Detail |
| --- | --- | --- |
| JSON success responses use the FieldOps envelope and content type | PASS | Expected API contract held. |
| JSON error responses use code, message, and field-level error envelope | PASS | Expected API contract held. |
| Unknown API routes return a JSON 404 instead of an HTML page | PASS | Expected API contract held. |
| Forbidden API routes return a JSON 403 envelope | PASS | Expected API contract held. |
| Forbidden web routes continue to render the existing HTML access-denied page | PASS | Expected API contract held. |
| Non-API POST requests still require CSRF before controller execution | PASS | Expected API contract held. |
| API POST requests bypass form CSRF and preserve the Authorization bearer token for API controllers | PASS | Expected API contract held. |
| Billing webhook stays disabled and returns a JSON error until provider secrets are configured | PASS | Expected API contract held. |
| Active API-style route is registered: POST /ai-assistant/generate | PASS | Expected API contract held. |
| Active API-style route is registered: POST /api/portal/quote | PASS | Expected API contract held. |
| Active API-style route is registered: POST /api/portal/invoice-payment | PASS | Expected API contract held. |
| Active API-style route is registered: POST /api/portal/booking-request | PASS | Expected API contract held. |
| Active API-style route is registered: POST /api/offline-sync | PASS | Expected API contract held. |
| Active API-style route is registered: POST /api/billing/stripe/webhook | PASS | Expected API contract held. |
| Planned public REST route is not accidentally registered: POST /api/auth/token | PASS | Expected API contract held. |
| Planned public REST route is not accidentally registered: POST /api/auth/revoke | PASS | Expected API contract held. |
| Planned public REST route is not accidentally registered: GET /api/clients | PASS | Expected API contract held. |
| Planned public REST route is not accidentally registered: POST /api/clients | PASS | Expected API contract held. |
| Planned public REST route is not accidentally registered: GET /api/jobs | PASS | Expected API contract held. |
| Planned public REST route is not accidentally registered: POST /api/jobs | PASS | Expected API contract held. |
| Planned public REST route is not accidentally registered: GET /api/quotes | PASS | Expected API contract held. |
| Planned public REST route is not accidentally registered: POST /api/quotes | PASS | Expected API contract held. |
| Planned public REST route is not accidentally registered: GET /api/invoices | PASS | Expected API contract held. |
| Planned public REST route is not accidentally registered: POST /api/invoices | PASS | Expected API contract held. |
| Planned public REST route is not accidentally registered: GET /api/dashboard | PASS | Expected API contract held. |
| Planned public REST route is not accidentally registered: GET /api/reports/summary | PASS | Expected API contract held. |
| Planned public REST route is not accidentally registered: GET /api/team | PASS | Expected API contract held. |
| API reference documents active route: POST /ai-assistant/generate | PASS | Expected API contract held. |
| API contracts document active route: POST /ai-assistant/generate | PASS | Expected API contract held. |
| API reference documents active route: POST /api/portal/quote | PASS | Expected API contract held. |
| API contracts document active route: POST /api/portal/quote | PASS | Expected API contract held. |
| API reference documents active route: POST /api/portal/invoice-payment | PASS | Expected API contract held. |
| API contracts document active route: POST /api/portal/invoice-payment | PASS | Expected API contract held. |
| API reference documents active route: POST /api/portal/booking-request | PASS | Expected API contract held. |
| API contracts document active route: POST /api/portal/booking-request | PASS | Expected API contract held. |
| API reference documents active route: POST /api/offline-sync | PASS | Expected API contract held. |
| API contracts document active route: POST /api/offline-sync | PASS | Expected API contract held. |
| API reference documents active route: POST /api/billing/stripe/webhook | PASS | Expected API contract held. |
| API contracts document active route: POST /api/billing/stripe/webhook | PASS | Expected API contract held. |
| API documentation includes truth marker: planned only | PASS | Expected API contract held. |
| API documentation includes truth marker: not live | PASS | Expected API contract held. |
| API documentation includes truth marker: not a live payment gateway | PASS | Expected API contract held. |
| API documentation includes truth marker: No external LLM is called | PASS | Expected API contract held. |