Build spec-first docs site and contract enforcement pipeline

[Logiar]

Summary

• add a separate Astro docs site with semantic use-case pages, theme support, and a spec-driven interactive API console (including live curl previews and copy support)
• enforce openapi.yaml as the single source of truth by generating web artifacts and a Rust contract crate used by backend compile-time checks
• add CI quality gates for generation drift, web unit/a11y tests, and runtime contract validation, plus workflow and accessibility documentation

Test Plan

• cargo test --all-targets --all-features
• ./scripts/generate-all.sh
• npm run test:unit (in web/)
• npm run test:a11y (in web/)
• npm run build (in web/)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 88c95f90ce

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Wait for server readiness before invoking Schemathesis

The contract test starts cargo run --release in the background and then uses a fixed sleep 2 before running Schemathesis, which is too short on fresh CI runners where the binary still needs to compile; in this repository’s runtime-contract job there is no cargo cache step, so Schemathesis can run before port 8080 is listening and fail with connection errors. Replace the fixed delay with an explicit readiness loop (e.g., poll /now or the socket) before starting the test run.

Useful? React with 👍 / 👎.

[Logiar]

Fixed in 016d424. Replaced fixed sleep with a readiness loop that polls /now for up to 60s before running Schemathesis, and prints server logs if startup never succeeds.

[chatgpt-codex-connector]

Use same-origin API base for interactive docs by default

The API docs page defaults apiBase to http://localhost:8080, but the Astro site is served from a different origin during normal dev/preview runs, so the in-browser fetch requests become cross-origin and are blocked unless the backend is configured for CORS. Because the backend currently does not add CORS headers, the “Send request” flow is non-functional out of the box; defaulting to a relative URL (or documenting/providing a proxy/CORS config) avoids this breakage.

Useful? React with 👍 / 👎.

[Logiar]

Fixed in 016d424. The API docs now default to same-origin (PUBLIC_API_BASE_URL fallback is empty), so browser requests work without CORS setup by default. Curl previews also render relative URLs in same-origin mode.