test(scaffold): add skeleton test files for all 7 API endpoints

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

__tests__/api/next-story.test.ts

@@ -0,0 +1,56 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+
+vi.mock('@/lib/prisma', () => ({
+  prisma: {
+    sprint: {
+      findFirst: vi.fn(),
+    },
+  },
+}))
+
+vi.mock('@/lib/api-auth', () => ({
+  authenticateApiRequest: vi.fn(),
+}))
+
+import { prisma } from '@/lib/prisma'
+import { authenticateApiRequest } from '@/lib/api-auth'
+import { GET as getNextStory } from '@/app/api/products/[id]/next-story/route'
+
+const mockPrisma = prisma as unknown as {
+  sprint: { findFirst: ReturnType<typeof vi.fn> }
+}
+const mockAuth = authenticateApiRequest as ReturnType<typeof vi.fn>
+
+function makeRequest(productId = 'product-1'): [Request, { params: Promise<{ id: string }> }] {
+  return [
+    new Request(`http://localhost/api/products/${productId}/next-story`, {
+      method: 'GET',
+      headers: { Authorization: 'Bearer test-token' },
+    }),
+    { params: Promise.resolve({ id: productId }) },
+  ]
+}
+
+describe('GET /api/products/:id/next-story', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  // TC-NS-01
+  it.todo('returns 401 when no token provided')
+
+  // TC-NS-03
+  it.todo('returns 404 when product is not accessible')
+
+  // TC-NS-04
+  it.todo('returns 404 when product has no active sprint')
+
+  // TC-NS-05
+  it.todo('returns 404 when active sprint has no IN_SPRINT stories')
+
+  // TC-NS-06
+  it.todo('returns the highest-priority story with its tasks')
+
+  // TC-NS-07
+  it.todo('returns 404 for another user\'s product')
+})

__tests__/api/products.test.ts

@@ -0,0 +1,47 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+
+vi.mock('@/lib/prisma', () => ({
+  prisma: {
+    product: {
+      findMany: vi.fn(),
+    },
+  },
+}))
+
+vi.mock('@/lib/api-auth', () => ({
+  authenticateApiRequest: vi.fn(),
+}))
+
+import { prisma } from '@/lib/prisma'
+import { authenticateApiRequest } from '@/lib/api-auth'
+import { GET as getProducts } from '@/app/api/products/route'
+
+const mockPrisma = prisma as unknown as {
+  product: { findMany: ReturnType<typeof vi.fn> }
+}
+const mockAuth = authenticateApiRequest as ReturnType<typeof vi.fn>
+
+function makeRequest(): Request {
+  return new Request('http://localhost/api/products', {
+    method: 'GET',
+    headers: { Authorization: 'Bearer test-token' },
+  })
+}
+
+describe('GET /api/products', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  // TC-P-04
+  it.todo('returns products owned by the authenticated user')
+
+  // TC-P-05
+  it.todo('returns products where user is a team member')
+
+  // TC-P-06
+  it.todo('returns empty array when user has no products')
+
+  // TC-P-07
+  it.todo('excludes archived products')
+})

__tests__/api/reorder.test.ts

@@ -0,0 +1,70 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+
+vi.mock('@/lib/prisma', () => ({
+  prisma: {
+    story: {
+      findFirst: vi.fn(),
+    },
+    task: {
+      findMany: vi.fn(),
+      update: vi.fn(),
+    },
+    $transaction: vi.fn(),
+  },
+}))
+
+vi.mock('@/lib/api-auth', () => ({
+  authenticateApiRequest: vi.fn(),
+}))
+
+import { prisma } from '@/lib/prisma'
+import { authenticateApiRequest } from '@/lib/api-auth'
+import { PATCH as patchReorder } from '@/app/api/stories/[id]/tasks/reorder/route'
+
+const mockPrisma = prisma as unknown as {
+  story: { findFirst: ReturnType<typeof vi.fn> }
+  task: { findMany: ReturnType<typeof vi.fn>; update: ReturnType<typeof vi.fn> }
+  $transaction: ReturnType<typeof vi.fn>
+}
+const mockAuth = authenticateApiRequest as ReturnType<typeof vi.fn>
+
+function makeRequest(body: unknown, storyId = 'story-1'): [Request, { params: Promise<{ id: string }> }] {
+  return [
+    new Request(`http://localhost/api/stories/${storyId}/tasks/reorder`, {
+      method: 'PATCH',
+      headers: { Authorization: 'Bearer test-token', 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    }),
+    { params: Promise.resolve({ id: storyId }) },
+  ]
+}
+
+describe('PATCH /api/stories/:id/tasks/reorder', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  // TC-RO-01
+  it.todo('returns 401 when no token provided')
+
+  // TC-RO-03
+  it.todo('returns 403 for demo users')
+
+  // TC-RO-04
+  it.todo('returns 404 when story is not found')
+
+  // TC-RO-05
+  it.todo('returns 404 for another user\'s story')
+
+  // TC-RO-06
+  it.todo('returns 400 when task_ids is an empty array')
+
+  // TC-RO-07
+  it.todo('returns 400 when task_ids is not an array')
+
+  // TC-RO-08
+  it.todo('returns 400 when task_ids contains IDs from a different story')
+
+  // TC-RO-09
+  it.todo('reorders tasks and returns 200')
+})

__tests__/api/sprint-tasks.test.ts

@@ -0,0 +1,62 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+
+vi.mock('@/lib/prisma', () => ({
+  prisma: {
+    sprint: {
+      findFirst: vi.fn(),
+    },
+  },
+}))
+
+vi.mock('@/lib/api-auth', () => ({
+  authenticateApiRequest: vi.fn(),
+}))
+
+import { prisma } from '@/lib/prisma'
+import { authenticateApiRequest } from '@/lib/api-auth'
+import { GET as getSprintTasks } from '@/app/api/sprints/[id]/tasks/route'
+
+const mockPrisma = prisma as unknown as {
+  sprint: { findFirst: ReturnType<typeof vi.fn> }
+}
+const mockAuth = authenticateApiRequest as ReturnType<typeof vi.fn>
+
+function makeRequest(sprintId = 'sprint-1', limit?: number): [Request, { params: Promise<{ id: string }> }] {
+  const url = limit
+    ? `http://localhost/api/sprints/${sprintId}/tasks?limit=${limit}`
+    : `http://localhost/api/sprints/${sprintId}/tasks`
+  return [
+    new Request(url, {
+      method: 'GET',
+      headers: { Authorization: 'Bearer test-token' },
+    }),
+    { params: Promise.resolve({ id: sprintId }) },
+  ]
+}
+
+describe('GET /api/sprints/:id/tasks', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  // TC-ST-01
+  it.todo('returns 401 when no token provided')
+
+  // TC-ST-03
+  it.todo('returns 404 when sprint is not accessible')
+
+  // TC-ST-04
+  it.todo('returns 404 for another user\'s sprint')
+
+  // TC-ST-05
+  it.todo('applies default limit of 10 when no limit param given')
+
+  // TC-ST-06
+  it.todo('respects custom limit param')
+
+  // TC-ST-07
+  it.todo('handles limit=1 boundary')
+
+  // TC-ST-08
+  it.todo('returns empty array when sprint has no tasks')
+})

__tests__/api/story-log.test.ts

@@ -0,0 +1,94 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+
+vi.mock('@/lib/prisma', () => ({
+  prisma: {
+    story: {
+      findFirst: vi.fn(),
+    },
+    storyLog: {
+      create: vi.fn(),
+    },
+  },
+}))
+
+vi.mock('@/lib/api-auth', () => ({
+  authenticateApiRequest: vi.fn(),
+}))
+
+import { prisma } from '@/lib/prisma'
+import { authenticateApiRequest } from '@/lib/api-auth'
+import { POST as postStoryLog } from '@/app/api/stories/[id]/log/route'
+
+const mockPrisma = prisma as unknown as {
+  story: { findFirst: ReturnType<typeof vi.fn> }
+  storyLog: { create: ReturnType<typeof vi.fn> }
+}
+const mockAuth = authenticateApiRequest as ReturnType<typeof vi.fn>
+
+function makeRequest(body: unknown, storyId = 'story-1'): [Request, { params: Promise<{ id: string }> }] {
+  return [
+    new Request(`http://localhost/api/stories/${storyId}/log`, {
+      method: 'POST',
+      headers: { Authorization: 'Bearer test-token', 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    }),
+    { params: Promise.resolve({ id: storyId }) },
+  ]
+}
+
+describe('POST /api/stories/:id/log', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  // TC-L-01
+  it.todo('returns 401 when no token provided')
+
+  // TC-L-03
+  it.todo('returns 403 for demo users')
+
+  // TC-L-04
+  it.todo('returns 404 when story is not found')
+
+  // TC-L-05
+  it.todo('returns 404 for another user\'s story')
+
+  // TC-L-06
+  it.todo('returns 400 when type field is missing')
+
+  // TC-L-07
+  it.todo('returns 400 for unknown type value')
+
+  describe('type: IMPLEMENTATION_PLAN', () => {
+    // TC-L-08
+    it.todo('returns 400 when content is missing')
+
+    // TC-L-09
+    it.todo('creates log entry and returns 201')
+  })
+
+  describe('type: TEST_RESULT', () => {
+    // TC-L-10
+    it.todo('returns 400 when status is missing')
+
+    // TC-L-11
+    it.todo('returns 400 for invalid status value')
+
+    // TC-L-12
+    it.todo('creates log entry with status PASSED and returns 201')
+
+    // TC-L-13
+    it.todo('creates log entry with status FAILED and returns 201')
+  })
+
+  describe('type: COMMIT', () => {
+    // TC-L-14
+    it.todo('returns 400 when commit_hash is missing')
+
+    // TC-L-15
+    it.todo('returns 400 when commit_message is missing')
+
+    // TC-L-16
+    it.todo('creates log entry with commit fields and returns 201')
+  })
+})

__tests__/api/tasks.test.ts

@@ -0,0 +1,58 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+
+vi.mock('@/lib/prisma', () => ({
+  prisma: {
+    task: {
+      findFirst: vi.fn(),
+      update: vi.fn(),
+    },
+  },
+}))
+
+vi.mock('@/lib/api-auth', () => ({
+  authenticateApiRequest: vi.fn(),
+}))
+
+import { prisma } from '@/lib/prisma'
+import { authenticateApiRequest } from '@/lib/api-auth'
+import { PATCH as patchTask } from '@/app/api/tasks/[id]/route'
+
+const mockPrisma = prisma as unknown as {
+  task: { findFirst: ReturnType<typeof vi.fn>; update: ReturnType<typeof vi.fn> }
+}
+const mockAuth = authenticateApiRequest as ReturnType<typeof vi.fn>
+
+function makeRequest(body: unknown, taskId = 'task-1'): [Request, { params: Promise<{ id: string }> }] {
+  return [
+    new Request(`http://localhost/api/tasks/${taskId}`, {
+      method: 'PATCH',
+      headers: { Authorization: 'Bearer test-token', 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    }),
+    { params: Promise.resolve({ id: taskId }) },
+  ]
+}
+
+describe('PATCH /api/tasks/:id', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  // TC-T-06
+  it.todo('returns 400 for invalid status value')
+
+  // TC-T-07
+  it.todo('returns 400 when body has no recognized fields')
+
+  // TC-T-08
+  it.todo('updates status only and returns 200')
+
+  // TC-T-09
+  it.todo('updates implementation_plan only and returns 200')
+
+  // TC-T-10
+  it.todo('updates both status and implementation_plan and returns 200')
+
+  // TC-T-11
+  it.todo('allows update when user is a team member of the product')
+})

__tests__/api/todos.test.ts

@@ -0,0 +1,61 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+
+vi.mock('@/lib/prisma', () => ({
+  prisma: {
+    product: {
+      findFirst: vi.fn(),
+    },
+    todo: {
+      create: vi.fn(),
+    },
+  },
+}))
+
+vi.mock('@/lib/api-auth', () => ({
+  authenticateApiRequest: vi.fn(),
+}))
+
+import { prisma } from '@/lib/prisma'
+import { authenticateApiRequest } from '@/lib/api-auth'
+import { POST as postTodo } from '@/app/api/todos/route'
+
+const mockPrisma = prisma as unknown as {
+  product: { findFirst: ReturnType<typeof vi.fn> }
+  todo: { create: ReturnType<typeof vi.fn> }
+}
+const mockAuth = authenticateApiRequest as ReturnType<typeof vi.fn>
+
+function makeRequest(body: unknown): Request {
+  return new Request('http://localhost/api/todos', {
+    method: 'POST',
+    headers: { Authorization: 'Bearer test-token', 'Content-Type': 'application/json' },
+    body: JSON.stringify(body),
+  })
+}
+
+describe('POST /api/todos', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  // TC-TD-01
+  it.todo('returns 401 when no token provided')
+
+  // TC-TD-03
+  it.todo('returns 403 for demo users')
+
+  // TC-TD-04
+  it.todo('returns 400 when title is missing')
+
+  // TC-TD-05
+  it.todo('returns 400 when title is empty string')
+
+  // TC-TD-06
+  it.todo('creates todo without product_id and returns 201')
+
+  // TC-TD-07
+  it.todo('creates todo with valid product_id and returns 201')
+
+  // TC-TD-08
+  it.todo('returns 403 or 404 when product_id belongs to another user')
+})