Skip to main content

mockforge_bench/conformance/
spec_driven.rs

1//! Spec-driven conformance testing
2//!
3//! Analyzes the user's OpenAPI spec to determine which features their API uses,
4//! then generates k6 conformance tests against their real endpoints.
5
6use super::generator::ConformanceConfig;
7use super::schema_validator::SchemaValidatorGenerator;
8use super::spec::ConformanceFeature;
9use crate::error::Result;
10use crate::request_gen::RequestGenerator;
11use crate::spec_parser::ApiOperation;
12use openapiv3::{
13    OpenAPI, Operation, Parameter, ParameterSchemaOrContent, ReferenceOr, RequestBody, Response,
14    Schema, SchemaKind, SecurityScheme, StringFormat, Type, VariantOrUnknownOrEmpty,
15};
16use std::collections::HashSet;
17
18/// Resolve `$ref` references against the OpenAPI components
19mod ref_resolver {
20    use super::*;
21
22    pub fn resolve_parameter<'a>(
23        param_ref: &'a ReferenceOr<Parameter>,
24        spec: &'a OpenAPI,
25    ) -> Option<&'a Parameter> {
26        match param_ref {
27            ReferenceOr::Item(param) => Some(param),
28            ReferenceOr::Reference { reference } => {
29                let name = reference.strip_prefix("#/components/parameters/")?;
30                let components = spec.components.as_ref()?;
31                match components.parameters.get(name)? {
32                    ReferenceOr::Item(param) => Some(param),
33                    ReferenceOr::Reference {
34                        reference: inner_ref,
35                    } => {
36                        // One level of recursive resolution
37                        let inner_name = inner_ref.strip_prefix("#/components/parameters/")?;
38                        match components.parameters.get(inner_name)? {
39                            ReferenceOr::Item(param) => Some(param),
40                            ReferenceOr::Reference { .. } => None,
41                        }
42                    }
43                }
44            }
45        }
46    }
47
48    pub fn resolve_request_body<'a>(
49        body_ref: &'a ReferenceOr<RequestBody>,
50        spec: &'a OpenAPI,
51    ) -> Option<&'a RequestBody> {
52        match body_ref {
53            ReferenceOr::Item(body) => Some(body),
54            ReferenceOr::Reference { reference } => {
55                let name = reference.strip_prefix("#/components/requestBodies/")?;
56                let components = spec.components.as_ref()?;
57                match components.request_bodies.get(name)? {
58                    ReferenceOr::Item(body) => Some(body),
59                    ReferenceOr::Reference {
60                        reference: inner_ref,
61                    } => {
62                        // One level of recursive resolution
63                        let inner_name = inner_ref.strip_prefix("#/components/requestBodies/")?;
64                        match components.request_bodies.get(inner_name)? {
65                            ReferenceOr::Item(body) => Some(body),
66                            ReferenceOr::Reference { .. } => None,
67                        }
68                    }
69                }
70            }
71        }
72    }
73
74    pub fn resolve_schema<'a>(
75        schema_ref: &'a ReferenceOr<Schema>,
76        spec: &'a OpenAPI,
77    ) -> Option<&'a Schema> {
78        resolve_schema_with_visited(schema_ref, spec, &mut HashSet::new())
79    }
80
81    fn resolve_schema_with_visited<'a>(
82        schema_ref: &'a ReferenceOr<Schema>,
83        spec: &'a OpenAPI,
84        visited: &mut HashSet<String>,
85    ) -> Option<&'a Schema> {
86        match schema_ref {
87            ReferenceOr::Item(schema) => Some(schema),
88            ReferenceOr::Reference { reference } => {
89                if !visited.insert(reference.clone()) {
90                    return None; // Cycle detected
91                }
92                let name = reference.strip_prefix("#/components/schemas/")?;
93                let components = spec.components.as_ref()?;
94                let nested = components.schemas.get(name)?;
95                resolve_schema_with_visited(nested, spec, visited)
96            }
97        }
98    }
99
100    /// Resolve a boxed schema reference (used by array items and object properties)
101    pub fn resolve_boxed_schema<'a>(
102        schema_ref: &'a ReferenceOr<Box<Schema>>,
103        spec: &'a OpenAPI,
104    ) -> Option<&'a Schema> {
105        match schema_ref {
106            ReferenceOr::Item(schema) => Some(schema.as_ref()),
107            ReferenceOr::Reference { reference } => {
108                // Delegate to the regular schema resolver
109                let name = reference.strip_prefix("#/components/schemas/")?;
110                let components = spec.components.as_ref()?;
111                let nested = components.schemas.get(name)?;
112                resolve_schema_with_visited(nested, spec, &mut HashSet::new())
113            }
114        }
115    }
116
117    pub fn resolve_response<'a>(
118        resp_ref: &'a ReferenceOr<Response>,
119        spec: &'a OpenAPI,
120    ) -> Option<&'a Response> {
121        match resp_ref {
122            ReferenceOr::Item(resp) => Some(resp),
123            ReferenceOr::Reference { reference } => {
124                let name = reference.strip_prefix("#/components/responses/")?;
125                let components = spec.components.as_ref()?;
126                match components.responses.get(name)? {
127                    ReferenceOr::Item(resp) => Some(resp),
128                    ReferenceOr::Reference {
129                        reference: inner_ref,
130                    } => {
131                        // One level of recursive resolution
132                        let inner_name = inner_ref.strip_prefix("#/components/responses/")?;
133                        match components.responses.get(inner_name)? {
134                            ReferenceOr::Item(resp) => Some(resp),
135                            ReferenceOr::Reference { .. } => None,
136                        }
137                    }
138                }
139            }
140        }
141    }
142}
143
144/// An API operation annotated with the conformance features it exercises
145#[derive(Debug, Clone)]
146pub struct AnnotatedOperation {
147    pub path: String,
148    pub method: String,
149    pub features: Vec<ConformanceFeature>,
150    pub request_body_content_type: Option<String>,
151    pub sample_body: Option<String>,
152    pub query_params: Vec<(String, String)>,
153    pub header_params: Vec<(String, String)>,
154    pub path_params: Vec<(String, String)>,
155    /// Response schema for validation (JSON string of the schema)
156    pub response_schema: Option<Schema>,
157}
158
159/// Generates spec-driven conformance k6 scripts
160pub struct SpecDrivenConformanceGenerator {
161    config: ConformanceConfig,
162    operations: Vec<AnnotatedOperation>,
163}
164
165impl SpecDrivenConformanceGenerator {
166    pub fn new(config: ConformanceConfig, operations: Vec<AnnotatedOperation>) -> Self {
167        Self { config, operations }
168    }
169
170    /// Annotate a list of API operations with conformance features
171    pub fn annotate_operations(
172        operations: &[ApiOperation],
173        spec: &OpenAPI,
174    ) -> Vec<AnnotatedOperation> {
175        operations.iter().map(|op| Self::annotate_operation(op, spec)).collect()
176    }
177
178    /// Analyze an operation and determine which conformance features it exercises
179    fn annotate_operation(op: &ApiOperation, spec: &OpenAPI) -> AnnotatedOperation {
180        let mut features = Vec::new();
181        let mut query_params = Vec::new();
182        let mut header_params = Vec::new();
183        let mut path_params = Vec::new();
184
185        // Detect HTTP method feature
186        match op.method.to_uppercase().as_str() {
187            "GET" => features.push(ConformanceFeature::MethodGet),
188            "POST" => features.push(ConformanceFeature::MethodPost),
189            "PUT" => features.push(ConformanceFeature::MethodPut),
190            "PATCH" => features.push(ConformanceFeature::MethodPatch),
191            "DELETE" => features.push(ConformanceFeature::MethodDelete),
192            "HEAD" => features.push(ConformanceFeature::MethodHead),
193            "OPTIONS" => features.push(ConformanceFeature::MethodOptions),
194            _ => {}
195        }
196
197        // Detect parameter features (resolves $ref)
198        for param_ref in &op.operation.parameters {
199            if let Some(param) = ref_resolver::resolve_parameter(param_ref, spec) {
200                Self::annotate_parameter(
201                    param,
202                    spec,
203                    &mut features,
204                    &mut query_params,
205                    &mut header_params,
206                    &mut path_params,
207                );
208            }
209        }
210
211        // Detect path parameters from the path template itself
212        for segment in op.path.split('/') {
213            if segment.starts_with('{') && segment.ends_with('}') {
214                let name = &segment[1..segment.len() - 1];
215                // Only add if not already found from parameters
216                if !path_params.iter().any(|(n, _)| n == name) {
217                    path_params.push((name.to_string(), "test-value".to_string()));
218                    // Determine type from path params we didn't already handle
219                    if !features.contains(&ConformanceFeature::PathParamString)
220                        && !features.contains(&ConformanceFeature::PathParamInteger)
221                    {
222                        features.push(ConformanceFeature::PathParamString);
223                    }
224                }
225            }
226        }
227
228        // Detect request body features (resolves $ref)
229        let mut request_body_content_type = None;
230        let mut sample_body = None;
231
232        let resolved_body = op
233            .operation
234            .request_body
235            .as_ref()
236            .and_then(|b| ref_resolver::resolve_request_body(b, spec));
237
238        if let Some(body) = resolved_body {
239            for (content_type, _media) in &body.content {
240                match content_type.as_str() {
241                    "application/json" => {
242                        features.push(ConformanceFeature::BodyJson);
243                        request_body_content_type = Some("application/json".to_string());
244                        // Generate sample body from schema
245                        if let Ok(template) = RequestGenerator::generate_template(op) {
246                            if let Some(body_val) = &template.body {
247                                sample_body = Some(body_val.to_string());
248                            }
249                        }
250                    }
251                    "application/x-www-form-urlencoded" => {
252                        features.push(ConformanceFeature::BodyFormUrlencoded);
253                        request_body_content_type =
254                            Some("application/x-www-form-urlencoded".to_string());
255                    }
256                    "multipart/form-data" => {
257                        features.push(ConformanceFeature::BodyMultipart);
258                        request_body_content_type = Some("multipart/form-data".to_string());
259                    }
260                    _ => {}
261                }
262            }
263
264            // Detect schema features in request body (resolves $ref in schema)
265            if let Some(media) = body.content.get("application/json") {
266                if let Some(schema_ref) = &media.schema {
267                    if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
268                        Self::annotate_schema(schema, spec, &mut features);
269                    }
270                }
271            }
272        }
273
274        // Detect response code features
275        Self::annotate_responses(&op.operation, spec, &mut features);
276
277        // Extract response schema for validation (resolves $ref)
278        let response_schema = Self::extract_response_schema(&op.operation, spec);
279        if response_schema.is_some() {
280            features.push(ConformanceFeature::ResponseValidation);
281        }
282
283        // Detect content negotiation (response with multiple content types)
284        Self::annotate_content_negotiation(&op.operation, spec, &mut features);
285
286        // Detect security features
287        Self::annotate_security(&op.operation, spec, &mut features);
288
289        // Deduplicate features
290        features.sort_by_key(|f| f.check_name());
291        features.dedup_by_key(|f| f.check_name());
292
293        AnnotatedOperation {
294            path: op.path.clone(),
295            method: op.method.to_uppercase(),
296            features,
297            request_body_content_type,
298            sample_body,
299            query_params,
300            header_params,
301            path_params,
302            response_schema,
303        }
304    }
305
306    /// Annotate parameter features
307    fn annotate_parameter(
308        param: &Parameter,
309        spec: &OpenAPI,
310        features: &mut Vec<ConformanceFeature>,
311        query_params: &mut Vec<(String, String)>,
312        header_params: &mut Vec<(String, String)>,
313        path_params: &mut Vec<(String, String)>,
314    ) {
315        let (location, data) = match param {
316            Parameter::Query { parameter_data, .. } => ("query", parameter_data),
317            Parameter::Path { parameter_data, .. } => ("path", parameter_data),
318            Parameter::Header { parameter_data, .. } => ("header", parameter_data),
319            Parameter::Cookie { .. } => {
320                features.push(ConformanceFeature::CookieParam);
321                return;
322            }
323        };
324
325        // Detect type from schema
326        let is_integer = Self::param_schema_is_integer(data, spec);
327        let is_array = Self::param_schema_is_array(data, spec);
328
329        // Generate sample value
330        let sample = if is_integer {
331            "42".to_string()
332        } else if is_array {
333            "a,b".to_string()
334        } else {
335            "test-value".to_string()
336        };
337
338        match location {
339            "path" => {
340                if is_integer {
341                    features.push(ConformanceFeature::PathParamInteger);
342                } else {
343                    features.push(ConformanceFeature::PathParamString);
344                }
345                path_params.push((data.name.clone(), sample));
346            }
347            "query" => {
348                if is_array {
349                    features.push(ConformanceFeature::QueryParamArray);
350                } else if is_integer {
351                    features.push(ConformanceFeature::QueryParamInteger);
352                } else {
353                    features.push(ConformanceFeature::QueryParamString);
354                }
355                query_params.push((data.name.clone(), sample));
356            }
357            "header" => {
358                features.push(ConformanceFeature::HeaderParam);
359                header_params.push((data.name.clone(), sample));
360            }
361            _ => {}
362        }
363
364        // Check for constraint features on the parameter (resolves $ref)
365        if let ParameterSchemaOrContent::Schema(schema_ref) = &data.format {
366            if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
367                Self::annotate_schema(schema, spec, features);
368            }
369        }
370
371        // Required/optional
372        if data.required {
373            features.push(ConformanceFeature::ConstraintRequired);
374        } else {
375            features.push(ConformanceFeature::ConstraintOptional);
376        }
377    }
378
379    fn param_schema_is_integer(data: &openapiv3::ParameterData, spec: &OpenAPI) -> bool {
380        if let ParameterSchemaOrContent::Schema(schema_ref) = &data.format {
381            if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
382                return matches!(&schema.schema_kind, SchemaKind::Type(Type::Integer(_)));
383            }
384        }
385        false
386    }
387
388    fn param_schema_is_array(data: &openapiv3::ParameterData, spec: &OpenAPI) -> bool {
389        if let ParameterSchemaOrContent::Schema(schema_ref) = &data.format {
390            if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
391                return matches!(&schema.schema_kind, SchemaKind::Type(Type::Array(_)));
392            }
393        }
394        false
395    }
396
397    /// Annotate schema-level features (types, composition, formats, constraints)
398    fn annotate_schema(schema: &Schema, spec: &OpenAPI, features: &mut Vec<ConformanceFeature>) {
399        match &schema.schema_kind {
400            SchemaKind::Type(Type::String(s)) => {
401                features.push(ConformanceFeature::SchemaString);
402                // Check format
403                match &s.format {
404                    VariantOrUnknownOrEmpty::Item(StringFormat::Date) => {
405                        features.push(ConformanceFeature::FormatDate);
406                    }
407                    VariantOrUnknownOrEmpty::Item(StringFormat::DateTime) => {
408                        features.push(ConformanceFeature::FormatDateTime);
409                    }
410                    VariantOrUnknownOrEmpty::Unknown(fmt) => match fmt.as_str() {
411                        "email" => features.push(ConformanceFeature::FormatEmail),
412                        "uuid" => features.push(ConformanceFeature::FormatUuid),
413                        "uri" | "url" => features.push(ConformanceFeature::FormatUri),
414                        "ipv4" => features.push(ConformanceFeature::FormatIpv4),
415                        "ipv6" => features.push(ConformanceFeature::FormatIpv6),
416                        _ => {}
417                    },
418                    _ => {}
419                }
420                // Check constraints
421                if s.pattern.is_some() {
422                    features.push(ConformanceFeature::ConstraintPattern);
423                }
424                if !s.enumeration.is_empty() {
425                    features.push(ConformanceFeature::ConstraintEnum);
426                }
427                if s.min_length.is_some() || s.max_length.is_some() {
428                    features.push(ConformanceFeature::ConstraintMinMax);
429                }
430            }
431            SchemaKind::Type(Type::Integer(i)) => {
432                features.push(ConformanceFeature::SchemaInteger);
433                if i.minimum.is_some() || i.maximum.is_some() {
434                    features.push(ConformanceFeature::ConstraintMinMax);
435                }
436                if !i.enumeration.is_empty() {
437                    features.push(ConformanceFeature::ConstraintEnum);
438                }
439            }
440            SchemaKind::Type(Type::Number(n)) => {
441                features.push(ConformanceFeature::SchemaNumber);
442                if n.minimum.is_some() || n.maximum.is_some() {
443                    features.push(ConformanceFeature::ConstraintMinMax);
444                }
445            }
446            SchemaKind::Type(Type::Boolean(_)) => {
447                features.push(ConformanceFeature::SchemaBoolean);
448            }
449            SchemaKind::Type(Type::Array(arr)) => {
450                features.push(ConformanceFeature::SchemaArray);
451                if let Some(item_ref) = &arr.items {
452                    if let Some(item_schema) = ref_resolver::resolve_boxed_schema(item_ref, spec) {
453                        Self::annotate_schema(item_schema, spec, features);
454                    }
455                }
456            }
457            SchemaKind::Type(Type::Object(obj)) => {
458                features.push(ConformanceFeature::SchemaObject);
459                // Check required fields
460                if !obj.required.is_empty() {
461                    features.push(ConformanceFeature::ConstraintRequired);
462                }
463                // Walk properties (resolves $ref)
464                for (_name, prop_ref) in &obj.properties {
465                    if let Some(prop_schema) = ref_resolver::resolve_boxed_schema(prop_ref, spec) {
466                        Self::annotate_schema(prop_schema, spec, features);
467                    }
468                }
469            }
470            SchemaKind::OneOf { .. } => {
471                features.push(ConformanceFeature::CompositionOneOf);
472            }
473            SchemaKind::AnyOf { .. } => {
474                features.push(ConformanceFeature::CompositionAnyOf);
475            }
476            SchemaKind::AllOf { .. } => {
477                features.push(ConformanceFeature::CompositionAllOf);
478            }
479            _ => {}
480        }
481    }
482
483    /// Detect response code features (resolves $ref in responses)
484    fn annotate_responses(
485        operation: &Operation,
486        spec: &OpenAPI,
487        features: &mut Vec<ConformanceFeature>,
488    ) {
489        for (status_code, resp_ref) in &operation.responses.responses {
490            // Only count features for responses that actually resolve
491            if ref_resolver::resolve_response(resp_ref, spec).is_some() {
492                match status_code {
493                    openapiv3::StatusCode::Code(200) => {
494                        features.push(ConformanceFeature::Response200)
495                    }
496                    openapiv3::StatusCode::Code(201) => {
497                        features.push(ConformanceFeature::Response201)
498                    }
499                    openapiv3::StatusCode::Code(204) => {
500                        features.push(ConformanceFeature::Response204)
501                    }
502                    openapiv3::StatusCode::Code(400) => {
503                        features.push(ConformanceFeature::Response400)
504                    }
505                    openapiv3::StatusCode::Code(404) => {
506                        features.push(ConformanceFeature::Response404)
507                    }
508                    _ => {}
509                }
510            }
511        }
512    }
513
514    /// Extract the response schema for the primary success response (200 or 201)
515    /// Resolves $ref for both the response and the schema within it.
516    fn extract_response_schema(operation: &Operation, spec: &OpenAPI) -> Option<Schema> {
517        // Try 200 first, then 201
518        for code in [200u16, 201] {
519            if let Some(resp_ref) =
520                operation.responses.responses.get(&openapiv3::StatusCode::Code(code))
521            {
522                if let Some(response) = ref_resolver::resolve_response(resp_ref, spec) {
523                    if let Some(media) = response.content.get("application/json") {
524                        if let Some(schema_ref) = &media.schema {
525                            if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
526                                return Some(schema.clone());
527                            }
528                        }
529                    }
530                }
531            }
532        }
533        None
534    }
535
536    /// Detect content negotiation: response supports multiple content types
537    fn annotate_content_negotiation(
538        operation: &Operation,
539        spec: &OpenAPI,
540        features: &mut Vec<ConformanceFeature>,
541    ) {
542        for (_status_code, resp_ref) in &operation.responses.responses {
543            if let Some(response) = ref_resolver::resolve_response(resp_ref, spec) {
544                if response.content.len() > 1 {
545                    features.push(ConformanceFeature::ContentNegotiation);
546                    return; // Only need to detect once per operation
547                }
548            }
549        }
550    }
551
552    /// Detect security scheme features.
553    /// Checks operation-level security first, falling back to global security requirements.
554    /// Resolves scheme names against SecurityScheme definitions in components.
555    fn annotate_security(
556        operation: &Operation,
557        spec: &OpenAPI,
558        features: &mut Vec<ConformanceFeature>,
559    ) {
560        // Use operation-level security if present, otherwise fall back to global
561        let security_reqs = operation.security.as_ref().or(spec.security.as_ref());
562
563        if let Some(security) = security_reqs {
564            for security_req in security {
565                for scheme_name in security_req.keys() {
566                    // Try to resolve the scheme from components for accurate type detection
567                    if let Some(resolved) = Self::resolve_security_scheme(scheme_name, spec) {
568                        match resolved {
569                            SecurityScheme::HTTP { ref scheme, .. } => {
570                                if scheme.eq_ignore_ascii_case("bearer") {
571                                    features.push(ConformanceFeature::SecurityBearer);
572                                } else if scheme.eq_ignore_ascii_case("basic") {
573                                    features.push(ConformanceFeature::SecurityBasic);
574                                }
575                            }
576                            SecurityScheme::APIKey { .. } => {
577                                features.push(ConformanceFeature::SecurityApiKey);
578                            }
579                            // OAuth2 and OpenIDConnect don't map to our current feature set
580                            _ => {}
581                        }
582                    } else {
583                        // Fallback: heuristic name matching for unresolvable schemes
584                        let name_lower = scheme_name.to_lowercase();
585                        if name_lower.contains("bearer") || name_lower.contains("jwt") {
586                            features.push(ConformanceFeature::SecurityBearer);
587                        } else if name_lower.contains("api") && name_lower.contains("key") {
588                            features.push(ConformanceFeature::SecurityApiKey);
589                        } else if name_lower.contains("basic") {
590                            features.push(ConformanceFeature::SecurityBasic);
591                        }
592                    }
593                }
594            }
595        }
596    }
597
598    /// Resolve a security scheme name to its SecurityScheme definition
599    fn resolve_security_scheme<'a>(name: &str, spec: &'a OpenAPI) -> Option<&'a SecurityScheme> {
600        let components = spec.components.as_ref()?;
601        match components.security_schemes.get(name)? {
602            ReferenceOr::Item(scheme) => Some(scheme),
603            ReferenceOr::Reference { .. } => None,
604        }
605    }
606
607    /// Returns the number of operations being tested
608    pub fn operation_count(&self) -> usize {
609        self.operations.len()
610    }
611
612    /// Generate the k6 conformance script.
613    /// Returns (script, check_count) where check_count is the number of unique checks emitted.
614    pub fn generate(&self) -> Result<(String, usize)> {
615        let mut script = String::with_capacity(16384);
616
617        // Imports
618        script.push_str("import http from 'k6/http';\n");
619        script.push_str("import { check, group } from 'k6';\n\n");
620
621        // Options
622        script.push_str("export const options = {\n");
623        script.push_str("  vus: 1,\n");
624        script.push_str("  iterations: 1,\n");
625        if self.config.skip_tls_verify {
626            script.push_str("  insecureSkipTLSVerify: true,\n");
627        }
628        script.push_str("  thresholds: {\n");
629        script.push_str("    checks: ['rate>0'],\n");
630        script.push_str("  },\n");
631        script.push_str("};\n\n");
632
633        // Base URL (includes base_path if configured)
634        script.push_str(&format!("const BASE_URL = '{}';\n\n", self.config.effective_base_url()));
635        script.push_str("const JSON_HEADERS = { 'Content-Type': 'application/json' };\n\n");
636
637        // Default function
638        script.push_str("export default function () {\n");
639
640        if self.config.has_cookie_header() {
641            script.push_str(
642                "  // Clear cookie jar to prevent server Set-Cookie from duplicating custom Cookie header\n",
643            );
644            script.push_str("  http.cookieJar().clear(BASE_URL);\n\n");
645        }
646
647        // Group operations by category
648        let mut category_ops: std::collections::BTreeMap<
649            &'static str,
650            Vec<(&AnnotatedOperation, &ConformanceFeature)>,
651        > = std::collections::BTreeMap::new();
652
653        for op in &self.operations {
654            for feature in &op.features {
655                let category = feature.category();
656                if self.config.should_include_category(category) {
657                    category_ops.entry(category).or_default().push((op, feature));
658                }
659            }
660        }
661
662        // Emit grouped tests
663        let mut total_checks = 0usize;
664        for (category, ops) in &category_ops {
665            script.push_str(&format!("  group('{}', function () {{\n", category));
666
667            if self.config.all_operations {
668                // All-operations mode: test every operation, using path-qualified check names
669                let mut emitted_checks: HashSet<String> = HashSet::new();
670                for (op, feature) in ops {
671                    let qualified = format!("{}:{}", feature.check_name(), op.path);
672                    if emitted_checks.insert(qualified.clone()) {
673                        self.emit_check_named(&mut script, op, feature, &qualified);
674                        total_checks += 1;
675                    }
676                }
677            } else {
678                // Default: one representative operation per feature check name
679                let mut emitted_checks: HashSet<&str> = HashSet::new();
680                for (op, feature) in ops {
681                    if emitted_checks.insert(feature.check_name()) {
682                        self.emit_check(&mut script, op, feature);
683                        total_checks += 1;
684                    }
685                }
686            }
687
688            script.push_str("  });\n\n");
689        }
690
691        script.push_str("}\n\n");
692
693        // handleSummary
694        self.generate_handle_summary(&mut script);
695
696        Ok((script, total_checks))
697    }
698
699    /// Emit a single k6 check for an operation + feature using the feature's default check name
700    fn emit_check(
701        &self,
702        script: &mut String,
703        op: &AnnotatedOperation,
704        feature: &ConformanceFeature,
705    ) {
706        self.emit_check_named(script, op, feature, feature.check_name());
707    }
708
709    /// Emit a single k6 check for an operation + feature with a custom check name
710    fn emit_check_named(
711        &self,
712        script: &mut String,
713        op: &AnnotatedOperation,
714        feature: &ConformanceFeature,
715        check_name: &str,
716    ) {
717        // Escape single quotes in check name since it's embedded in JS single-quoted strings
718        let check_name = check_name.replace('\'', "\\'");
719        let check_name = check_name.as_str();
720
721        script.push_str("    {\n");
722
723        // Build the URL path with parameters substituted
724        let mut url_path = op.path.clone();
725        for (name, value) in &op.path_params {
726            url_path = url_path.replace(&format!("{{{}}}", name), value);
727        }
728
729        // Build query string
730        if !op.query_params.is_empty() {
731            let qs: Vec<String> =
732                op.query_params.iter().map(|(k, v)| format!("{}={}", k, v)).collect();
733            url_path = format!("{}?{}", url_path, qs.join("&"));
734        }
735
736        let full_url = format!("${{BASE_URL}}{}", url_path);
737
738        // Build effective headers: merge spec-derived headers with custom headers.
739        // Custom headers override spec-derived ones with the same name.
740        let mut effective_headers = self.effective_headers(&op.header_params);
741
742        // For non-default response code checks, add header to tell the mock server
743        // which status code to return (the server defaults to the first declared status)
744        if matches!(feature, ConformanceFeature::Response400 | ConformanceFeature::Response404) {
745            let expected_code = match feature {
746                ConformanceFeature::Response400 => "400",
747                ConformanceFeature::Response404 => "404",
748                _ => unreachable!(),
749            };
750            effective_headers
751                .push(("X-Mockforge-Response-Status".to_string(), expected_code.to_string()));
752        }
753
754        let has_headers = !effective_headers.is_empty();
755        let headers_obj = if has_headers {
756            Self::format_headers(&effective_headers)
757        } else {
758            String::new()
759        };
760
761        // Determine HTTP method and emit request
762        match op.method.as_str() {
763            "GET" => {
764                if has_headers {
765                    script.push_str(&format!(
766                        "      let res = http.get(`{}`, {{ headers: {} }});\n",
767                        full_url, headers_obj
768                    ));
769                } else {
770                    script.push_str(&format!("      let res = http.get(`{}`);\n", full_url));
771                }
772            }
773            "POST" => {
774                self.emit_request_with_body(script, "post", &full_url, op, &effective_headers);
775            }
776            "PUT" => {
777                self.emit_request_with_body(script, "put", &full_url, op, &effective_headers);
778            }
779            "PATCH" => {
780                self.emit_request_with_body(script, "patch", &full_url, op, &effective_headers);
781            }
782            "DELETE" => {
783                if has_headers {
784                    script.push_str(&format!(
785                        "      let res = http.del(`{}`, null, {{ headers: {} }});\n",
786                        full_url, headers_obj
787                    ));
788                } else {
789                    script.push_str(&format!("      let res = http.del(`{}`);\n", full_url));
790                }
791            }
792            "HEAD" => {
793                if has_headers {
794                    script.push_str(&format!(
795                        "      let res = http.head(`{}`, {{ headers: {} }});\n",
796                        full_url, headers_obj
797                    ));
798                } else {
799                    script.push_str(&format!("      let res = http.head(`{}`);\n", full_url));
800                }
801            }
802            "OPTIONS" => {
803                if has_headers {
804                    script.push_str(&format!(
805                        "      let res = http.options(`{}`, null, {{ headers: {} }});\n",
806                        full_url, headers_obj
807                    ));
808                } else {
809                    script.push_str(&format!("      let res = http.options(`{}`);\n", full_url));
810                }
811            }
812            _ => {
813                if has_headers {
814                    script.push_str(&format!(
815                        "      let res = http.get(`{}`, {{ headers: {} }});\n",
816                        full_url, headers_obj
817                    ));
818                } else {
819                    script.push_str(&format!("      let res = http.get(`{}`);\n", full_url));
820                }
821            }
822        }
823
824        // Check: emit assertion based on feature type
825        if matches!(
826            feature,
827            ConformanceFeature::Response200
828                | ConformanceFeature::Response201
829                | ConformanceFeature::Response204
830                | ConformanceFeature::Response400
831                | ConformanceFeature::Response404
832        ) {
833            let expected_code = match feature {
834                ConformanceFeature::Response200 => 200,
835                ConformanceFeature::Response201 => 201,
836                ConformanceFeature::Response204 => 204,
837                ConformanceFeature::Response400 => 400,
838                ConformanceFeature::Response404 => 404,
839                _ => 200,
840            };
841            script.push_str(&format!(
842                "      check(res, {{ '{}': (r) => r.status === {} }});\n",
843                check_name, expected_code
844            ));
845        } else if matches!(feature, ConformanceFeature::ResponseValidation) {
846            // Response schema validation — validate the response body against the schema
847            if let Some(schema) = &op.response_schema {
848                let validation_js = SchemaValidatorGenerator::generate_validation(schema);
849                script.push_str(&format!(
850                    "      try {{ let body = res.json(); check(res, {{ '{}': (r) => {{ {} }} }}); }} catch(e) {{ check(res, {{ '{}': () => false }}); }}\n",
851                    check_name, validation_js, check_name
852                ));
853            }
854        } else {
855            script.push_str(&format!(
856                "      check(res, {{ '{}': (r) => r.status >= 200 && r.status < 500 }});\n",
857                check_name
858            ));
859        }
860
861        // Clear cookie jar after each request to prevent Set-Cookie leaking
862        if self.config.has_cookie_header() {
863            script.push_str("      http.cookieJar().clear(BASE_URL);\n");
864        }
865
866        script.push_str("    }\n");
867    }
868
869    /// Emit an HTTP request with a body
870    fn emit_request_with_body(
871        &self,
872        script: &mut String,
873        method: &str,
874        url: &str,
875        op: &AnnotatedOperation,
876        effective_headers: &[(String, String)],
877    ) {
878        if let Some(body) = &op.sample_body {
879            let escaped_body = body.replace('\'', "\\'");
880            let headers = if !effective_headers.is_empty() {
881                format!(
882                    "Object.assign({{}}, JSON_HEADERS, {})",
883                    Self::format_headers(effective_headers)
884                )
885            } else {
886                "JSON_HEADERS".to_string()
887            };
888            script.push_str(&format!(
889                "      let res = http.{}(`{}`, '{}', {{ headers: {} }});\n",
890                method, url, escaped_body, headers
891            ));
892        } else if !effective_headers.is_empty() {
893            script.push_str(&format!(
894                "      let res = http.{}(`{}`, null, {{ headers: {} }});\n",
895                method,
896                url,
897                Self::format_headers(effective_headers)
898            ));
899        } else {
900            script.push_str(&format!("      let res = http.{}(`{}`, null);\n", method, url));
901        }
902    }
903
904    /// Build effective headers by merging spec-derived headers with custom headers.
905    /// Custom headers override spec-derived ones with the same name (case-insensitive).
906    /// Custom headers not in the spec are appended.
907    fn effective_headers(&self, spec_headers: &[(String, String)]) -> Vec<(String, String)> {
908        let custom = &self.config.custom_headers;
909        if custom.is_empty() {
910            return spec_headers.to_vec();
911        }
912
913        let mut result: Vec<(String, String)> = Vec::new();
914
915        // Start with spec headers, replacing values if a custom header matches
916        for (name, value) in spec_headers {
917            if let Some((_, custom_val)) =
918                custom.iter().find(|(cn, _)| cn.eq_ignore_ascii_case(name))
919            {
920                result.push((name.clone(), custom_val.clone()));
921            } else {
922                result.push((name.clone(), value.clone()));
923            }
924        }
925
926        // Append custom headers that aren't already in spec headers
927        for (name, value) in custom {
928            if !spec_headers.iter().any(|(sn, _)| sn.eq_ignore_ascii_case(name)) {
929                result.push((name.clone(), value.clone()));
930            }
931        }
932
933        result
934    }
935
936    /// Format header params as a JS object literal
937    fn format_headers(headers: &[(String, String)]) -> String {
938        let entries: Vec<String> = headers
939            .iter()
940            .map(|(k, v)| format!("'{}': '{}'", k, v.replace('\'', "\\'")))
941            .collect();
942        format!("{{ {} }}", entries.join(", "))
943    }
944
945    /// handleSummary — same format as reference mode for report compatibility
946    fn generate_handle_summary(&self, script: &mut String) {
947        // Use absolute path for report output so k6 writes where the CLI expects
948        let report_path = match &self.config.output_dir {
949            Some(dir) => {
950                let abs = std::fs::canonicalize(dir)
951                    .unwrap_or_else(|_| dir.clone())
952                    .join("conformance-report.json");
953                abs.to_string_lossy().to_string()
954            }
955            None => "conformance-report.json".to_string(),
956        };
957
958        script.push_str("export function handleSummary(data) {\n");
959        script.push_str("  let checks = {};\n");
960        script.push_str("  if (data.metrics && data.metrics.checks) {\n");
961        script.push_str("    checks.overall_pass_rate = data.metrics.checks.values.rate;\n");
962        script.push_str("  }\n");
963        script.push_str("  let checkResults = {};\n");
964        script.push_str("  function walkGroups(group) {\n");
965        script.push_str("    if (group.checks) {\n");
966        script.push_str("      for (let checkObj of group.checks) {\n");
967        script.push_str("        checkResults[checkObj.name] = {\n");
968        script.push_str("          passes: checkObj.passes,\n");
969        script.push_str("          fails: checkObj.fails,\n");
970        script.push_str("        };\n");
971        script.push_str("      }\n");
972        script.push_str("    }\n");
973        script.push_str("    if (group.groups) {\n");
974        script.push_str("      for (let subGroup of group.groups) {\n");
975        script.push_str("        walkGroups(subGroup);\n");
976        script.push_str("      }\n");
977        script.push_str("    }\n");
978        script.push_str("  }\n");
979        script.push_str("  if (data.root_group) {\n");
980        script.push_str("    walkGroups(data.root_group);\n");
981        script.push_str("  }\n");
982        script.push_str("  return {\n");
983        script.push_str(&format!(
984            "    '{}': JSON.stringify({{ checks: checkResults, overall: checks }}, null, 2),\n",
985            report_path
986        ));
987        script.push_str("    stdout: textSummary(data, { indent: '  ', enableColors: true }),\n");
988        script.push_str("  };\n");
989        script.push_str("}\n\n");
990        script.push_str("function textSummary(data, opts) {\n");
991        script.push_str("  return JSON.stringify(data, null, 2);\n");
992        script.push_str("}\n");
993    }
994}
995
996#[cfg(test)]
997mod tests {
998    use super::*;
999    use openapiv3::{
1000        Operation, ParameterData, ParameterSchemaOrContent, PathStyle, Response, Schema,
1001        SchemaData, SchemaKind, StringType, Type,
1002    };
1003
1004    fn make_op(method: &str, path: &str, operation: Operation) -> ApiOperation {
1005        ApiOperation {
1006            method: method.to_string(),
1007            path: path.to_string(),
1008            operation,
1009            operation_id: None,
1010        }
1011    }
1012
1013    fn empty_spec() -> OpenAPI {
1014        OpenAPI::default()
1015    }
1016
1017    #[test]
1018    fn test_annotate_get_with_path_param() {
1019        let mut op = Operation::default();
1020        op.parameters.push(ReferenceOr::Item(Parameter::Path {
1021            parameter_data: ParameterData {
1022                name: "id".to_string(),
1023                description: None,
1024                required: true,
1025                deprecated: None,
1026                format: ParameterSchemaOrContent::Schema(ReferenceOr::Item(Schema {
1027                    schema_data: SchemaData::default(),
1028                    schema_kind: SchemaKind::Type(Type::String(StringType::default())),
1029                })),
1030                example: None,
1031                examples: Default::default(),
1032                explode: None,
1033                extensions: Default::default(),
1034            },
1035            style: PathStyle::Simple,
1036        }));
1037
1038        let api_op = make_op("get", "/users/{id}", op);
1039        let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1040
1041        assert!(annotated.features.contains(&ConformanceFeature::MethodGet));
1042        assert!(annotated.features.contains(&ConformanceFeature::PathParamString));
1043        assert!(annotated.features.contains(&ConformanceFeature::ConstraintRequired));
1044        assert_eq!(annotated.path_params.len(), 1);
1045        assert_eq!(annotated.path_params[0].0, "id");
1046    }
1047
1048    #[test]
1049    fn test_annotate_post_with_json_body() {
1050        let mut op = Operation::default();
1051        let mut body = openapiv3::RequestBody {
1052            required: true,
1053            ..Default::default()
1054        };
1055        body.content
1056            .insert("application/json".to_string(), openapiv3::MediaType::default());
1057        op.request_body = Some(ReferenceOr::Item(body));
1058
1059        let api_op = make_op("post", "/items", op);
1060        let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1061
1062        assert!(annotated.features.contains(&ConformanceFeature::MethodPost));
1063        assert!(annotated.features.contains(&ConformanceFeature::BodyJson));
1064    }
1065
1066    #[test]
1067    fn test_annotate_response_codes() {
1068        let mut op = Operation::default();
1069        op.responses
1070            .responses
1071            .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(Response::default()));
1072        op.responses
1073            .responses
1074            .insert(openapiv3::StatusCode::Code(404), ReferenceOr::Item(Response::default()));
1075
1076        let api_op = make_op("get", "/items", op);
1077        let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1078
1079        assert!(annotated.features.contains(&ConformanceFeature::Response200));
1080        assert!(annotated.features.contains(&ConformanceFeature::Response404));
1081    }
1082
1083    #[test]
1084    fn test_generate_spec_driven_script() {
1085        let config = ConformanceConfig {
1086            target_url: "http://localhost:3000".to_string(),
1087            api_key: None,
1088            basic_auth: None,
1089            skip_tls_verify: false,
1090            categories: None,
1091            base_path: None,
1092            custom_headers: vec![],
1093            output_dir: None,
1094            all_operations: false,
1095        };
1096
1097        let operations = vec![AnnotatedOperation {
1098            path: "/users/{id}".to_string(),
1099            method: "GET".to_string(),
1100            features: vec![
1101                ConformanceFeature::MethodGet,
1102                ConformanceFeature::PathParamString,
1103            ],
1104            request_body_content_type: None,
1105            sample_body: None,
1106            query_params: vec![],
1107            header_params: vec![],
1108            path_params: vec![("id".to_string(), "test-value".to_string())],
1109            response_schema: None,
1110        }];
1111
1112        let gen = SpecDrivenConformanceGenerator::new(config, operations);
1113        let (script, _check_count) = gen.generate().unwrap();
1114
1115        assert!(script.contains("import http from 'k6/http'"));
1116        assert!(script.contains("/users/test-value"));
1117        assert!(script.contains("param:path:string"));
1118        assert!(script.contains("method:GET"));
1119        assert!(script.contains("handleSummary"));
1120    }
1121
1122    #[test]
1123    fn test_generate_with_category_filter() {
1124        let config = ConformanceConfig {
1125            target_url: "http://localhost:3000".to_string(),
1126            api_key: None,
1127            basic_auth: None,
1128            skip_tls_verify: false,
1129            categories: Some(vec!["Parameters".to_string()]),
1130            base_path: None,
1131            custom_headers: vec![],
1132            output_dir: None,
1133            all_operations: false,
1134        };
1135
1136        let operations = vec![AnnotatedOperation {
1137            path: "/users/{id}".to_string(),
1138            method: "GET".to_string(),
1139            features: vec![
1140                ConformanceFeature::MethodGet,
1141                ConformanceFeature::PathParamString,
1142            ],
1143            request_body_content_type: None,
1144            sample_body: None,
1145            query_params: vec![],
1146            header_params: vec![],
1147            path_params: vec![("id".to_string(), "1".to_string())],
1148            response_schema: None,
1149        }];
1150
1151        let gen = SpecDrivenConformanceGenerator::new(config, operations);
1152        let (script, _check_count) = gen.generate().unwrap();
1153
1154        assert!(script.contains("group('Parameters'"));
1155        assert!(!script.contains("group('HTTP Methods'"));
1156    }
1157
1158    #[test]
1159    fn test_annotate_response_validation() {
1160        use openapiv3::ObjectType;
1161
1162        // Operation with a 200 response that has a JSON schema
1163        let mut op = Operation::default();
1164        let mut response = Response::default();
1165        let mut media = openapiv3::MediaType::default();
1166        let mut obj_type = ObjectType::default();
1167        obj_type.properties.insert(
1168            "name".to_string(),
1169            ReferenceOr::Item(Box::new(Schema {
1170                schema_data: SchemaData::default(),
1171                schema_kind: SchemaKind::Type(Type::String(StringType::default())),
1172            })),
1173        );
1174        obj_type.required = vec!["name".to_string()];
1175        media.schema = Some(ReferenceOr::Item(Schema {
1176            schema_data: SchemaData::default(),
1177            schema_kind: SchemaKind::Type(Type::Object(obj_type)),
1178        }));
1179        response.content.insert("application/json".to_string(), media);
1180        op.responses
1181            .responses
1182            .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(response));
1183
1184        let api_op = make_op("get", "/users", op);
1185        let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1186
1187        assert!(
1188            annotated.features.contains(&ConformanceFeature::ResponseValidation),
1189            "Should detect ResponseValidation when response has a JSON schema"
1190        );
1191        assert!(annotated.response_schema.is_some(), "Should extract the response schema");
1192
1193        // Verify generated script includes schema validation with try-catch
1194        let config = ConformanceConfig {
1195            target_url: "http://localhost:3000".to_string(),
1196            api_key: None,
1197            basic_auth: None,
1198            skip_tls_verify: false,
1199            categories: None,
1200            base_path: None,
1201            custom_headers: vec![],
1202            output_dir: None,
1203            all_operations: false,
1204        };
1205        let gen = SpecDrivenConformanceGenerator::new(config, vec![annotated]);
1206        let (script, _check_count) = gen.generate().unwrap();
1207
1208        assert!(
1209            script.contains("response:schema:validation"),
1210            "Script should contain the validation check name"
1211        );
1212        assert!(script.contains("try {"), "Script should wrap validation in try-catch");
1213        assert!(script.contains("res.json()"), "Script should parse response as JSON");
1214    }
1215
1216    #[test]
1217    fn test_annotate_global_security() {
1218        // Spec with global security requirement, operation without its own security
1219        let op = Operation::default();
1220        let mut spec = OpenAPI::default();
1221        let mut global_req = openapiv3::SecurityRequirement::new();
1222        global_req.insert("bearerAuth".to_string(), vec![]);
1223        spec.security = Some(vec![global_req]);
1224        // Define the security scheme in components
1225        let mut components = openapiv3::Components::default();
1226        components.security_schemes.insert(
1227            "bearerAuth".to_string(),
1228            ReferenceOr::Item(SecurityScheme::HTTP {
1229                scheme: "bearer".to_string(),
1230                bearer_format: Some("JWT".to_string()),
1231                description: None,
1232                extensions: Default::default(),
1233            }),
1234        );
1235        spec.components = Some(components);
1236
1237        let api_op = make_op("get", "/protected", op);
1238        let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &spec);
1239
1240        assert!(
1241            annotated.features.contains(&ConformanceFeature::SecurityBearer),
1242            "Should detect SecurityBearer from global security + components"
1243        );
1244    }
1245
1246    #[test]
1247    fn test_annotate_security_scheme_resolution() {
1248        // Test that security scheme type is resolved from components, not just name heuristic
1249        let mut op = Operation::default();
1250        // Use a generic name that wouldn't match name heuristics
1251        let mut req = openapiv3::SecurityRequirement::new();
1252        req.insert("myAuth".to_string(), vec![]);
1253        op.security = Some(vec![req]);
1254
1255        let mut spec = OpenAPI::default();
1256        let mut components = openapiv3::Components::default();
1257        components.security_schemes.insert(
1258            "myAuth".to_string(),
1259            ReferenceOr::Item(SecurityScheme::APIKey {
1260                location: openapiv3::APIKeyLocation::Header,
1261                name: "X-API-Key".to_string(),
1262                description: None,
1263                extensions: Default::default(),
1264            }),
1265        );
1266        spec.components = Some(components);
1267
1268        let api_op = make_op("get", "/data", op);
1269        let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &spec);
1270
1271        assert!(
1272            annotated.features.contains(&ConformanceFeature::SecurityApiKey),
1273            "Should detect SecurityApiKey from SecurityScheme::APIKey, not name heuristic"
1274        );
1275    }
1276
1277    #[test]
1278    fn test_annotate_content_negotiation() {
1279        let mut op = Operation::default();
1280        let mut response = Response::default();
1281        // Response with multiple content types
1282        response
1283            .content
1284            .insert("application/json".to_string(), openapiv3::MediaType::default());
1285        response
1286            .content
1287            .insert("application/xml".to_string(), openapiv3::MediaType::default());
1288        op.responses
1289            .responses
1290            .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(response));
1291
1292        let api_op = make_op("get", "/items", op);
1293        let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1294
1295        assert!(
1296            annotated.features.contains(&ConformanceFeature::ContentNegotiation),
1297            "Should detect ContentNegotiation when response has multiple content types"
1298        );
1299    }
1300
1301    #[test]
1302    fn test_no_content_negotiation_for_single_type() {
1303        let mut op = Operation::default();
1304        let mut response = Response::default();
1305        response
1306            .content
1307            .insert("application/json".to_string(), openapiv3::MediaType::default());
1308        op.responses
1309            .responses
1310            .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(response));
1311
1312        let api_op = make_op("get", "/items", op);
1313        let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1314
1315        assert!(
1316            !annotated.features.contains(&ConformanceFeature::ContentNegotiation),
1317            "Should NOT detect ContentNegotiation for a single content type"
1318        );
1319    }
1320
1321    #[test]
1322    fn test_spec_driven_with_base_path() {
1323        let annotated = AnnotatedOperation {
1324            path: "/users".to_string(),
1325            method: "GET".to_string(),
1326            features: vec![ConformanceFeature::MethodGet],
1327            path_params: vec![],
1328            query_params: vec![],
1329            header_params: vec![],
1330            request_body_content_type: None,
1331            sample_body: None,
1332            response_schema: None,
1333        };
1334        let config = ConformanceConfig {
1335            target_url: "https://192.168.2.86/".to_string(),
1336            api_key: None,
1337            basic_auth: None,
1338            skip_tls_verify: true,
1339            categories: None,
1340            base_path: Some("/api".to_string()),
1341            custom_headers: vec![],
1342            output_dir: None,
1343            all_operations: false,
1344        };
1345        let gen = SpecDrivenConformanceGenerator::new(config, vec![annotated]);
1346        let (script, _check_count) = gen.generate().unwrap();
1347
1348        assert!(
1349            script.contains("const BASE_URL = 'https://192.168.2.86/api'"),
1350            "BASE_URL should include the base_path. Got: {}",
1351            script.lines().find(|l| l.contains("BASE_URL")).unwrap_or("not found")
1352        );
1353    }
1354
1355    #[test]
1356    fn test_spec_driven_with_custom_headers() {
1357        let annotated = AnnotatedOperation {
1358            path: "/users".to_string(),
1359            method: "GET".to_string(),
1360            features: vec![ConformanceFeature::MethodGet],
1361            path_params: vec![],
1362            query_params: vec![],
1363            header_params: vec![
1364                ("X-Avi-Tenant".to_string(), "test-value".to_string()),
1365                ("X-CSRFToken".to_string(), "test-value".to_string()),
1366            ],
1367            request_body_content_type: None,
1368            sample_body: None,
1369            response_schema: None,
1370        };
1371        let config = ConformanceConfig {
1372            target_url: "https://192.168.2.86/".to_string(),
1373            api_key: None,
1374            basic_auth: None,
1375            skip_tls_verify: true,
1376            categories: None,
1377            base_path: Some("/api".to_string()),
1378            custom_headers: vec![
1379                ("X-Avi-Tenant".to_string(), "admin".to_string()),
1380                ("X-CSRFToken".to_string(), "real-csrf-token".to_string()),
1381                ("Cookie".to_string(), "sessionid=abc123".to_string()),
1382            ],
1383            output_dir: None,
1384            all_operations: false,
1385        };
1386        let gen = SpecDrivenConformanceGenerator::new(config, vec![annotated]);
1387        let (script, _check_count) = gen.generate().unwrap();
1388
1389        // Custom headers should override spec-derived test-value placeholders
1390        assert!(
1391            script.contains("'X-Avi-Tenant': 'admin'"),
1392            "Should use custom value for X-Avi-Tenant, not test-value"
1393        );
1394        assert!(
1395            script.contains("'X-CSRFToken': 'real-csrf-token'"),
1396            "Should use custom value for X-CSRFToken, not test-value"
1397        );
1398        // Custom headers not in spec should be appended
1399        assert!(
1400            script.contains("'Cookie': 'sessionid=abc123'"),
1401            "Should include Cookie header from custom_headers"
1402        );
1403        // test-value should NOT appear
1404        assert!(
1405            !script.contains("'test-value'"),
1406            "test-value placeholders should be replaced by custom values"
1407        );
1408    }
1409
1410    #[test]
1411    fn test_effective_headers_merging() {
1412        let config = ConformanceConfig {
1413            target_url: "http://localhost".to_string(),
1414            api_key: None,
1415            basic_auth: None,
1416            skip_tls_verify: false,
1417            categories: None,
1418            base_path: None,
1419            custom_headers: vec![
1420                ("X-Auth".to_string(), "real-token".to_string()),
1421                ("Cookie".to_string(), "session=abc".to_string()),
1422            ],
1423            output_dir: None,
1424            all_operations: false,
1425        };
1426        let gen = SpecDrivenConformanceGenerator::new(config, vec![]);
1427
1428        // Spec headers with a matching custom header
1429        let spec_headers = vec![
1430            ("X-Auth".to_string(), "test-value".to_string()),
1431            ("X-Other".to_string(), "keep-this".to_string()),
1432        ];
1433        let effective = gen.effective_headers(&spec_headers);
1434
1435        // X-Auth should be overridden
1436        assert_eq!(effective[0], ("X-Auth".to_string(), "real-token".to_string()));
1437        // X-Other should be kept as-is
1438        assert_eq!(effective[1], ("X-Other".to_string(), "keep-this".to_string()));
1439        // Cookie should be appended
1440        assert_eq!(effective[2], ("Cookie".to_string(), "session=abc".to_string()));
1441    }
1442}