# AGM API Contract Baseline Test Matrix Date: 2026-04-18 Owner: QA Lead Purpose: Baseline API contract checks for Phase 1 gate validation. ## Public and Core Endpoints | Endpoint | Method | Expected Status | Required Keys/Signals | |---|---|---|---| | api/kpi-dashboard.php | GET | 200 | success, generated_at, kpis | | api/lead-intelligence.php?mode=public | GET | 200 | success, mode, summary, leads | | api/msp-sla-alerts.php?mode=public | GET | 200 | success, mode, total_alerts, alerts | | api/project-pipeline.php | GET | 200 | success, generated_at, summary, projects | | api/sdlc-governance.php | GET | 200 | success, tracker_summary, sdlc_recommendations | | api/soap-gateway.php?wsdl | GET | 200 | XML/WSDL response contains `definitions` | ## Protected/Auth-Gated Endpoints | Endpoint | Method | Expected Status | Required Keys/Signals | |---|---|---|---| | api/rbac-profile.php | GET | 200 or 401 | If 200: success, user, permissions | | api/lead-intelligence.php?mode=secure | GET | 200 or 401 | If 200: success, summary, leads | | api/msp-sla-alerts.php?mode=secure | GET | 200 or 401 | If 200: success, alerts | | api/project-pipeline-audit.php | GET | 200 or 401 | If 200: success, total_events, events | | api/cpq-quotes.php | GET | 200 or 401 | If 200: success, summary, quotes | ## Token-Controlled Endpoints | Endpoint | Method | Expected Status | Required Keys/Signals | |---|---|---|---| | api/webhook-automation.php (missing token) | POST | 403 or 500 | JSON error payload | | api/webhook-automation.php (valid token header) | POST | 200 | success, action | | api/lead-intelligence-export.php (missing token) | POST | 403 or 500 | JSON error payload | | api/lead-intelligence-export.php (valid token header) | POST | 200 | JSON success payload or CSV body | ## Test Runner - Script: `scripts/run-api-contract-baseline.ps1` - Report output: `AGM_API_CONTRACT_BASELINE_REPORT_.md` ## Gate Rule - Critical endpoints must pass at 100 percent. - Overall baseline target: 95 percent pass rate or higher.