npm - @autobe/agent - Versions diffs - 0.30.4 → 0.30.5 - Mend

@autobe/agent 0.30.4 → 0.30.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (210) hide show

package/lib/orchestrate/interface/orchestrateInterfaceAuthorization.js CHANGED Viewed

@@ -93,7 +93,7 @@ function process(ctx, props) {
                             properties: {
                                 thinking: {
                                     type: "string",
-                                    description: "Think before you act.\n\nBefore requesting preliminary data or completing your task, reflect on\nyour current state and explain your reasoning:\n\nFor preliminary requests (getAnalysisSections, getDatabaseSchemas, etc.):\n\n- What critical information is missing that you don't already have?\n- Why do you need it specifically right now?\n- Be brief - state the gap, don't list everything you have.\n\nFor completion (complete):\n\n- What key assets did you acquire?\n- What did you accomplish?\n- Why is it sufficient to complete?\n- Summarize - don't enumerate every single item.\n\nThis reflection helps you avoid duplicate requests and premature\ncompletion."
+                                    description: "Reasoning about your current state: what's missing (preliminary) or what\nyou accomplished (completion)."
                                 },
                                 request: {
                                     oneOf: [
@@ -123,7 +123,7 @@ function process(ctx, props) {
                                             complete: "#/components/schemas/IAutoBeInterfaceAuthorizationApplication.IComplete"
                                         }
                                     },
-                                    description: "Type discriminator for the request.\n\nDetermines which action to perform: preliminary data retrieval\n(getAnalysisSections, getPreviousAnalysisSections, getDatabaseSchemas,\ngetPreviousDatabaseSchemas) or final authorization operations generation\n(complete). When preliminary returns empty array, that type is removed\nfrom the union, physically preventing repeated calls."
+                                    description: "Action to perform. Exhausted preliminary types are removed from the\nunion."
                                 }
                             },
                             required: [
@@ -136,7 +136,7 @@ function process(ctx, props) {
                             properties: {
                                 type: {
                                     "const": "getAnalysisSections",
-                                    description: "Type discriminator for the request.\n\nDetermines which action to perform: preliminary data retrieval or actual\ntask execution. Value \"getAnalysisSections\" indicates this is a preliminary\ndata request for individual analysis sections."
+                                    description: "Type discriminator."
                                 },
                                 sectionIds: {
                                     type: "array",
@@ -146,21 +146,21 @@ function process(ctx, props) {
                                     },
                                     minItems: 1,
                                     maxItems: 100,
-                                    description: "List of section IDs to retrieve.\n\nThese are sequential integer IDs from the analysis sections catalog. Each\nID maps to a specific ### section in the requirements documents.\n\nCRITICAL: DO NOT request the same section IDs that you have already\nrequested in previous calls."
+                                    description: "Section IDs to retrieve. DO NOT request same IDs already requested in\nprevious calls."
                                 }
                             },
                             required: [
                                 "type",
                                 "sectionIds"
                             ],
-                            description: "Request to retrieve individual analysis sections by numeric ID.\n\nInstead of loading entire analysis files (~110-120KB each), this loads\nspecific ### sections (~200-600 words each) identified by integer IDs from\nthe section catalog."
+                            description: "Request to retrieve individual analysis sections by numeric ID."
                         },
                         IAutoBePreliminaryGetDatabaseSchemas: {
                             type: "object",
                             properties: {
                                 type: {
                                     "const": "getDatabaseSchemas",
-                                    description: "Type discriminator for the request.\n\nDetermines which action to perform: preliminary data retrieval or actual\ntask execution. Value \"getDatabaseSchemas\" indicates this is a preliminary\ndata request for database schemas."
+                                    description: "Type discriminator."
                                 },
                                 schemaNames: {
                                     type: "array",
@@ -168,21 +168,21 @@ function process(ctx, props) {
                                         type: "string"
                                     },
                                     minItems: 1,
-                                    description: "List of database table names to retrieve.\n\nTable names from the database schema representing database entities (e.g.,\n\"user\", \"post\", \"comment\").\n\nCRITICAL: DO NOT request the same schema names that you have already\nrequested in previous calls."
+                                    description: "Database table names to retrieve. DO NOT request same names already\nrequested in previous calls."
                                 }
                             },
                             required: [
                                 "type",
                                 "schemaNames"
                             ],
-                            description: "Request to retrieve database schema definitions for context.\n\nThis type is used in the preliminary phase to request specific database table\nschemas needed for generating type-safe API operations."
+                            description: "Request to retrieve database schema definitions for context."
                         },
                         IAutoBePreliminaryGetPreviousAnalysisSections: {
                             type: "object",
                             properties: {
                                 type: {
                                     "const": "getPreviousAnalysisSections",
-                                    description: "Type discriminator for the request.\n\nValue \"getPreviousAnalysisSections\" indicates this is a preliminary data\nrequest for analysis sections from the previous iteration."
+                                    description: "Type discriminator."
                                 },
                                 sectionIds: {
                                     type: "array",
@@ -191,21 +191,21 @@ function process(ctx, props) {
                                         minimum: 0
                                     },
                                     minItems: 1,
-                                    description: "List of section IDs to retrieve from the previous iteration.\n\nCRITICAL: DO NOT request the same section IDs that you have already\nrequested in previous calls."
+                                    description: "Section IDs to retrieve from previous iteration. DO NOT request same IDs\nalready requested in previous calls."
                                 }
                             },
                             required: [
                                 "type",
                                 "sectionIds"
                             ],
-                            description: "Request to retrieve individual analysis sections from previous iteration by\nnumeric ID.\n\nSame as {@link IAutoBePreliminaryGetAnalysisSections} but for sections from\nthe previous generation cycle, enabling comparison and consistency checks."
+                            description: "Request to retrieve analysis sections from the previous iteration by numeric\nID."
                         },
                         IAutoBePreliminaryGetPreviousDatabaseSchemas: {
                             type: "object",
                             properties: {
                                 type: {
                                     "const": "getPreviousDatabaseSchemas",
-                                    description: "Type discriminator for the request.\n\nDetermines which action to perform: preliminary data retrieval or actual\ntask execution. Value \"getPreviousDatabaseSchemas\" indicates this is a\npreliminary data request for database schemas from a previous version."
+                                    description: "Type discriminator."
                                 },
                                 schemaNames: {
                                     type: "array",
@@ -213,29 +213,29 @@ function process(ctx, props) {
                                         type: "string"
                                     },
                                     minItems: 1,
-                                    description: "List of database table names to retrieve from the previous version.\n\nThese are table schema names that were generated in a previous version and\nare needed as reference context for the current regeneration.\n\n**Important Notes:**\n\n- These schemas MUST exist in the previous version\n- This function is only available when a previous version exists\n- Used for reference/comparison, not for re-requesting within same execution\n- Table names are in snake_case (e.g., \"shopping_sale\", \"bbs_article\")\n\n**When This Function is Available:**\n\n- When a previous version exists\n- When user requests modifications to existing database schema\n- During correction/regeneration cycles that need previous schema context\n\n**When This Function is NOT Available:**\n\n- During initial generation (no previous version exists)\n- No previous database schemas available for this orchestration task\n\n**Example Table Names:**\n\n- \"users\", \"posts\", \"comments\"\n- \"shopping_sales\", \"shopping_orders\", \"shopping_products\"\n- \"bbs_articles\", \"bbs_article_files\""
+                                    description: "Table names to retrieve from previous iteration. DO NOT request same names\nalready requested in previous calls."
                                 }
                             },
                             required: [
                                 "type",
                                 "schemaNames"
                             ],
-                            description: "Request to retrieve database schemas from a previous version.\n\nThis type is used to load database schema definitions that were generated in\na **previous version** of the AutoBE generation pipeline. This is NOT about\nre-requesting schemas within the same execution, but rather accessing\nartifacts from an earlier version.\n\n**Use Case:** When regenerating or modifying the database schema based on\nuser change requests, agents need to reference the previously generated\ndatabase schemas to understand the existing database structure and what needs\nto be modified.\n\n**Key Difference from `getDatabaseSchemas`:**\n\n- `getDatabaseSchemas`: Fetches schemas from the **current version** (the\n  version being generated right now)\n- `getPreviousDatabaseSchemas`: Fetches schemas from the **previous version**\n  (the last successfully generated version)\n\n**Example Scenario:**\n\n    Initial generation:\n    - DATABASE phase creates: users, posts, comments tables\n    - Generation completes successfully\n\n    User: \"Add email verification status to users\"\n\n    Regeneration:\n    - DATABASE phase starts regeneration\n    - Calls getPreviousDatabaseSchemas([\"users\"])\n      \u2192 Loads the previous version of users table schema\n    - Creates new version with emailVerified field added\n\n**Waterfall + Spiral Pattern:**\n\nThis aligns with AutoBE's regeneration cycles where:\n\n- Compilation failures trigger regeneration with corrections\n- User modifications trigger new versions\n- Previous schemas serve as reference for incremental changes"
+                            description: "Request to retrieve database schemas from the previous iteration.\n\nLoads database table definitions from the last successfully generated\nversion, used as reference context during regeneration or modification\ncycles."
                         },
                         "IAutoBeInterfaceAuthorizationApplication.IComplete": {
                             type: "object",
                             properties: {
                                 type: {
                                     "const": "complete",
-                                    description: "Type discriminator for the request.\n\nDetermines which action to perform: preliminary data retrieval or actual\ntask execution. Value \"complete\" indicates this is the final task\nexecution request."
+                                    description: "Type discriminator for completion request."
                                 },
                                 analysis: {
                                     type: "string",
-                                    description: "Analysis of the actor's authentication requirements and schema context.\n\nDocuments the agent's understanding of the actor type\n(guest/member/admin), what authentication fields exist in the database\nschema, what additional authentication features are supported by the\nschema, and what operations are appropriate for this actor kind."
+                                    description: "Analysis of the actor's authentication requirements and schema context."
                                 },
                                 rationale: {
                                     type: "string",
-                                    description: "Rationale for the authorization operation design decisions.\n\nExplains why specific operations were included or excluded, how the actor\nkind influenced the essential operations selection (e.g., why guests\ndon't have login), what schema fields enabled additional operations, and\nwhy certain authentication patterns were chosen."
+                                    description: "Rationale for authorization operation design decisions."
                                 },
                                 operations: {
                                     type: "array",
@@ -243,7 +243,7 @@ function process(ctx, props) {
                                         $ref: "#/components/schemas/AutoBeOpenApi.IOperation"
                                     },
                                     minItems: 1,
-                                    description: "Array of API operations to generate authorization operation for.\n\nEach operation in this array must include:\n\n- Specification: Detailed API specification with clear purpose and\n  functionality\n- Path: Resource-centric URL path (e.g., \"/resources/{resourceId}\")\n- Method: HTTP method (get, post, put, delete, patch)\n- Description: Extremely detailed multi-paragraph description referencing\n  database schema comments\n- Summary: Concise one-sentence summary of the endpoint\n- Parameters: Array of all necessary parameters with descriptions and\n  schema definitions\n- RequestBody: For POST/PUT/PATCH methods, with typeName referencing\n  components.schemas\n- ResponseBody: With typeName referencing appropriate response type\n\nAll operations must follow strict quality standards:\n\n1. Detailed descriptions referencing database schema comments\n2. Accurate parameter definitions matching path parameters\n3. Appropriate request/response body type references\n4. Consistent patterns for CRUD operations\n\nFor list retrievals (typically PATCH), include pagination, search, and\nsorting. For detail retrieval (GET), return a single resource. For\ncreation (POST), use .ICreate request body. For modification (PUT), use\n.IUpdate request body."
+                                    description: "Array of API operations to generate for authorization."
                                 }
                             },
                             required: [
@@ -252,18 +252,18 @@ function process(ctx, props) {
                                 "rationale",
                                 "operations"
                             ],
-                            description: "Request to generate authorization operations.\n\nExecutes authorization operations generation to define the authorization\nrequirements for the given roles. Ensures operations reflect correct\npermissions and access levels for each role."
+                            description: "Request to generate authorization operations."
                         },
                         "AutoBeOpenApi.IOperation": {
                             type: "object",
                             properties: {
                                 specification: {
                                     type: "string",
-                                    description: "Implementation specification for the API operation.\n\nThis is an AutoBE-internal field (not exposed in standard OpenAPI output)\nthat provides detailed implementation guidance for downstream agents\n(Realize Agent, Test Agent, etc.).\n\nInclude **HOW** this operation should be implemented:\n\n- Service layer logic and algorithm\n- Database queries and transactions involved\n- Business rules and validation logic\n- Edge cases and error handling\n- Integration with other services\n\nThis field complements the `description` field: while `description` is\nfor API consumers (Swagger UI, SDK docs), `specification` is for agents\nthat implement the operation.\n\n> MUST be written in English. Never use other languages."
+                                    description: "Internal implementation guidance for downstream agents (Realize, Test).\n\nDescribe HOW this operation should be implemented: service logic, DB\nqueries, business rules, edge cases, and error handling.\n\n> MUST be written in English. Never use other languages."
                                 },
                                 description: {
                                     type: "string",
-                                    description: "Detailed description about the API operation.\n\nIMPORTANT: This field MUST be extensively detailed and MUST reference the\ndescription comments from the related database schema tables and columns.\nThe description should be organized into MULTIPLE PARAGRAPHS separated by\nline breaks to improve readability and comprehension.\n\nFor example, include separate paragraphs for:\n\n- The purpose and overview of the API operation\n- Security considerations and user permissions\n- Relationship to underlying database entities\n- Validation rules and business logic\n- Related API operations that might be used together with this one\n- Expected behavior and error handling\n\nWhen writing the description, be sure to incorporate the corresponding DB\nschema's description comments, matching the level of detail and style of\nthose comments. This ensures consistency between the API documentation\nand database structure.\n\nIf there's a dependency to other APIs, please describe the dependency API\noperation in this field with detailed reason. For example, if this API\noperation needs a pre-execution of other API operation, it must be\nexplicitly described.\n\n- `GET /shoppings/customers/sales` must be pre-executed to get entire list\n  of summarized sales. Detailed sale information would be obtained by\n  specifying the sale ID in the path parameter.\n\n**CRITICAL WARNING about soft delete keywords**: DO NOT use terms like\n\"soft delete\", \"soft-delete\", or similar variations in this description\nUNLESS the operation actually implements soft deletion. These keywords\ntrigger validation logic that expects a corresponding soft_delete_column\nto be specified. Only use these terms when you intend to implement soft\ndeletion (marking records as deleted without removing them from the\ndatabase).\n\nExample of problematic description: \u274C \"This would normally be a\nsoft-delete, but we intentionally perform permanent deletion here\" - This\ntriggers soft delete validation despite being a hard delete operation.\n\n> MUST be written in English. Never use other languages."
+                                    description: "Multi-paragraph description of the API operation for consumers.\n\nReference and incorporate DB schema table/column description comments.\nOrganize into multiple paragraphs covering purpose, business logic,\nrelationships, and error handling.\n\nDo NOT use \"soft delete\" / \"soft-delete\" unless the operation actually\nimplements soft deletion (triggers validation expecting\nsoft_delete_column).\n\n> MUST be written in English. Never use other languages."
                                 },
                                 authorizationType: {
                                     oneOf: [
@@ -280,14 +280,14 @@ function process(ctx, props) {
                                             "const": "refresh"
                                         }
                                     ],
-                                    description: "Authorization type of the API operation.\n\n- `\"login\"`: User login operations that validate credentials\n- `\"join\"`: User registration operations that create accounts\n- `\"refresh\"`: Token refresh operations that renew access tokens\n- `null`: All other operations (CRUD, business logic, etc.)\n\nUse authentication values only for credential validation, user\nregistration, or token refresh operations. Use `null` for all other\nbusiness operations.\n\nExamples:\n\n- `/auth/login` \u2192 `\"login\"`\n- `/auth/register` \u2192 `\"join\"`\n- `/auth/refresh` \u2192 `\"refresh\"`\n- `/auth/validate` \u2192 `null`\n- `/users/{id}`, `/shoppings/customers/sales/cancel`, \u2192 `null`"
+                                    description: "Authorization type of the API operation.\n\n- `\"login\"`: Credential validation operations\n- `\"join\"`: Account registration operations\n- `\"refresh\"`: Token renewal operations\n- `null`: All other operations"
                                 },
                                 parameters: {
                                     type: "array",
                                     items: {
                                         $ref: "#/components/schemas/AutoBeOpenApi.IParameter"
                                     },
-                                    description: "List of path parameters.\n\nNote that, the {@link AutoBeOpenApi.IParameter.name identifier name} of\npath parameter must be corresponded to the\n{@link path API operation path}.\n\nFor example, if there's an API operation which has {@link path} of\n`/shoppings/customers/sales/{saleId}/questions/${questionId}/comments/${commentId}`,\nits list of {@link AutoBeOpenApi.IParameter.name path parameters} must be\nlike:\n\n- `saleId`\n- `questionId`\n- `commentId`"
+                                    description: "List of path parameters.\n\nEach parameter name must correspond to a `{paramName}` in the\n{@link path}."
                                 },
                                 requestBody: {
                                     oneOf: [
@@ -298,7 +298,7 @@ function process(ctx, props) {
                                             $ref: "#/components/schemas/AutoBeOpenApi.IRequestBody"
                                         }
                                     ],
-                                    description: "Request body of the API operation.\n\nDefines the payload structure for the request. Contains a description and\nschema reference to define the expected input data.\n\nShould be `null` for operations that don't require a request body, such\nas most \"get\" operations."
+                                    description: "Request body of the API operation, or `null` if none."
                                 },
                                 responseBody: {
                                     oneOf: [
@@ -309,7 +309,7 @@ function process(ctx, props) {
                                             $ref: "#/components/schemas/AutoBeOpenApi.IResponseBody"
                                         }
                                     ],
-                                    description: "Response body of the API operation.\n\nDefines the structure of the successful response data. Contains a\ndescription and schema reference for the returned data.\n\nShould be null for operations that don't return any data."
+                                    description: "Response body of the API operation, or `null` if none."
                                 },
                                 authorizationActor: {
                                     oneOf: [
@@ -322,24 +322,24 @@ function process(ctx, props) {
                                             minLength: 1
                                         }
                                     ],
-                                    description: "Authorization actor required to access this API operation.\n\nThis field specifies which user actor is allowed to access this endpoint.\nThe actor name must correspond exactly to the actual actors defined in\nyour system's database schema.\n\n## Naming Convention\n\nActor names MUST use camelCase.\n\n## Actor-Based Path Convention\n\nWhen authorizationActor is specified, it should align with the path\nstructure:\n\n- If authorizationActor is \"admin\" \u2192 path might be \"/admin/resources/{id}\"\n- If authorizationActor is \"seller\" \u2192 path might be \"/seller/products\"\n- Special case: For user's own resources, use path prefix \"/my/\" regardless\n  of actor\n\n## Important Guidelines\n\n- Set to `null` for public endpoints that require no authentication\n- Set to specific actor string for actor-restricted endpoints\n- The actor name MUST match exactly with the user type/actor defined in the\n  database\n- This actor will be used by the Realize Agent to generate appropriate\n  decorator and authorization logic in the provider functions\n- The controller will apply the corresponding authentication decorator\n  based on this actor\n\n## Examples\n\n- `null` - Public endpoint, no authentication required\n- `\"user\"` - Any authenticated user can access\n- `\"admin\"` - Only admin users can access\n- `\"seller\"` - Only seller users can access\n- `\"moderator\"` - Only moderator users can access\n\nNote: The actual authentication/authorization implementation will be\nhandled by decorators at the controller level, and the provider function\nwill receive the authenticated user object with the appropriate type."
+                                    description: "Authorization actor required to access this API operation.\n\nMUST use camelCase. The actor name MUST match exactly with a user\ntype/table defined in the database schema.\n\nSet to `null` for public endpoints requiring no authentication."
                                 },
                                 name: {
                                     type: "string",
                                     pattern: "^[a-z][a-zA-Z0-9]*$",
-                                    description: "Functional name of the API endpoint.\n\nThis is a semantic identifier that represents the primary function or\npurpose of the API endpoint. It serves as a canonical name that can be\nused for code generation, SDK method names, and internal references.\n\n## Reserved Word Restrictions\n\nCRITICAL: The name MUST NOT be a TypeScript/JavaScript reserved word, as\nit will be used as a class method name in generated code. Avoid names\nlike:\n\n- `delete`, `for`, `if`, `else`, `while`, `do`, `switch`, `case`, `break`\n- `continue`, `function`, `return`, `with`, `in`, `of`, `instanceof`\n- `typeof`, `void`, `var`, `let`, `const`, `class`, `extends`, `import`\n- `export`, `default`, `try`, `catch`, `finally`, `throw`, `new`\n- `super`, `this`, `null`, `true`, `false`, `async`, `await`\n- `yield`, `static`, `private`, `protected`, `public`, `implements`\n- `interface`, `package`, `enum`, `debugger`\n\nInstead, use alternative names for these operations:\n\n- Use `erase` instead of `delete`\n- Use `iterate` instead of `for`\n- Use `when` instead of `if`\n- Use `cls` instead of `class`\n\n## Standard Endpoint Names\n\nUse these conventional names based on the endpoint's primary function:\n\n- **`index`**: List/search operations that return multiple entities\n\n  - Typically used with PATCH method for complex queries\n  - Example: `PATCH /users` \u2192 `name: \"index\"`\n- **`at`**: Retrieve a specific entity by identifier\n\n  - Typically used with GET method on single resource\n  - Example: `GET /users/{userId}` \u2192 `name: \"at\"`\n- **`create`**: Create a new entity\n\n  - Typically used with POST method\n  - Example: `POST /users` \u2192 `name: \"create\"`\n- **`update`**: Update an existing entity\n\n  - Typically used with PUT method\n  - Example: `PUT /users/{userId}` \u2192 `name: \"update\"`\n- **`erase`**: Delete/remove an entity (NOT `delete` - reserved word!)\n\n  - Typically used with DELETE method\n  - Example: `DELETE /users/{userId}` \u2192 `name: \"erase\"`\n\n## Custom Endpoint Names\n\nFor specialized operations beyond basic CRUD, use descriptive verbs:\n\n- **`activate`**: Enable or turn on a feature/entity\n- **`deactivate`**: Disable or turn off a feature/entity\n- **`approve`**: Approve a request or entity\n- **`reject`**: Reject a request or entity\n- **`publish`**: Make content publicly available\n- **`archive`**: Move to archived state\n- **`restore`**: Restore from archived/deleted state\n- **`duplicate`**: Create a copy of an entity\n- **`transfer`**: Move ownership or change assignment\n- **`validate`**: Validate data or state\n- **`process`**: Execute a business process or workflow\n- **`export`**: Generate downloadable data\n- **`import`**: Process uploaded data\n\n## Naming Guidelines\n\n- MUST use camelCase naming convention\n- Use singular verb forms\n- Be concise but descriptive\n- Avoid abbreviations unless widely understood\n- Ensure the name clearly represents the endpoint's primary action\n- For nested resources, focus on the action rather than hierarchy\n- NEVER use JavaScript/TypeScript reserved words\n\nValid Examples:\n\n- `index`, `create`, `update`, `erase` (single word)\n- `updatePassword`, `cancelOrder`, `publishArticle` (camelCase)\n- `validateEmail`, `generateReport`, `exportData` (camelCase)\n\nInvalid Examples:\n\n- `update_password` (snake_case not allowed)\n- `UpdatePassword` (PascalCase not allowed)\n- `update-password` (kebab-case not allowed)\n\nPath to Name Examples:\n\n- `GET /shopping/orders/{orderId}/items` \u2192 `name: \"index\"` (lists items)\n- `POST /shopping/orders/{orderId}/cancel` \u2192 `name: \"cancel\"`\n- `PUT /users/{userId}/password` \u2192 `name: \"updatePassword\"`\n\n## Uniqueness Rule\n\nThe `name` must be unique within the API's accessor namespace. The\naccessor is formed by combining the path segments (excluding parameters)\nwith the operation name.\n\nAccessor formation:\n\n1. Extract non-parameter segments from the path (remove `{...}` parts)\n2. Join segments with dots\n3. Append the operation name\n\nExamples:\n\n- Path: `/shopping/sale/{saleId}/review/{reviewId}`, Name: `at` \u2192 Accessor:\n  `shopping.sale.review.at`\n- Path: `/users/{userId}/posts`, Name: `index` \u2192 Accessor:\n  `users.posts.index`\n- Path: `/auth/login`, Name: `signIn` \u2192 Accessor: `auth.login.signIn`\n\nEach accessor must be globally unique across the entire API. This ensures\noperations can be uniquely identified in generated SDKs and prevents\nnaming conflicts."
+                                    description: "Functional name of the API endpoint. MUST use camelCase.\n\nMUST NOT be a JS/TS reserved word (`delete`, `for`, `if`, `class`,\n`return`, `new`, `this`, `void`, `const`, `let`, `var`, `async`, `await`,\n`export`, `import`, `switch`, `case`, `throw`, `try`). Use `erase`\ninstead of `delete`, `iterate` instead of `for`.\n\nStandard names:\n\n- `index`: list/search (PATCH), `at`: get by ID (GET)\n- `create`: POST, `update`: PUT, `erase`: DELETE\n\nAccessor uniqueness: the accessor is formed by joining non-parameter path\nsegments with dots, then appending the name. E.g., path\n`/shopping/sale/{saleId}/review/{reviewId}` + name `at` = accessor\n`shopping.sale.review.at`. Must be globally unique."
                                 },
                                 prerequisites: {
                                     type: "array",
                                     items: {
                                         $ref: "#/components/schemas/AutoBeOpenApi.IPrerequisite"
                                     },
-                                    description: "Prerequisites for this API operation.\n\nThe `prerequisites` field defines API operations that must be\nsuccessfully executed before this operation can be performed. This\ncreates an explicit dependency chain between API endpoints, ensuring\nproper execution order and data availability.\n\n## CRITICAL WARNING: Authentication Prerequisites\n\n**NEVER include authentication-related operations as prerequisites!**\nAuthentication is handled separately through the `authorizationActor`\nfield and should NOT be part of the prerequisite chain. Do NOT add\nprerequisites for:\n\n- Login endpoints\n- Token validation endpoints\n- User authentication checks\n- Permission verification endpoints\n\nPrerequisites are ONLY for business logic dependencies, NOT for\nauthentication/authorization.\n\n## Purpose and Use Cases\n\nPrerequisites are essential for operations that depend on:\n\n1. **Existence Validation**: Ensuring resources exist before manipulation\n2. **State Requirements**: Verifying resources are in the correct state\n3. **Data Dependencies**: Loading necessary data for the current operation\n4. **Business Logic Constraints**: Enforcing domain-specific rules\n\n## Execution Flow\n\nWhen an operation has prerequisites:\n\n1. Each prerequisite API must be called first in the specified order\n2. Prerequisites must return successful responses (2xx status codes)\n3. Only after all prerequisites succeed can the main operation proceed\n4. If any prerequisite fails, the operation should not be attempted\n\n## Common Patterns\n\n### Resource Existence Check\n\n```typescript\n// Before updating an order item, ensure the order exists\nprerequisites: [\n  {\n    endpoint: { path: \"/orders/{orderId}\", method: \"get\" },\n    description: \"Order must exist in the system\",\n  },\n];\n```\n\n### State Validation\n\n```typescript\n// Before processing payment, ensure order is in correct state\nprerequisites: [\n  {\n    endpoint: { path: \"/orders/{orderId}/status\", method: \"get\" },\n    description: \"Order must be in 'pending_payment' status\",\n  },\n];\n```\n\n### Hierarchical Dependencies\n\n```typescript\n// Before accessing a deeply nested resource\nprerequisites: [\n  {\n    endpoint: { path: \"/projects/{projectId}\", method: \"get\" },\n    description: \"Project must exist\",\n  },\n  {\n    endpoint: {\n      path: \"/projects/{projectId}/tasks/{taskId}\",\n      method: \"get\",\n    },\n    description: \"Task must exist within the project\",\n  },\n];\n```\n\n## Important Guidelines\n\n1. **Order Matters**: Prerequisites are executed in array order\n2. **Parameter Inheritance**: Path parameters from prerequisites can be used\n   in the main operation\n3. **Error Handling**: Failed prerequisites should prevent main operation\n4. **Performance**: Consider caching prerequisite results when appropriate\n5. **Documentation**: Each prerequisite must have a clear description\n   explaining why it's required\n6. **No Authentication**: NEVER use prerequisites for authentication checks\n\n## Test Generation Impact\n\nThe Test Agent uses prerequisites to:\n\n- Generate proper test setup sequences\n- Create valid test data in the correct order\n- Ensure test scenarios follow realistic workflows\n- Validate error handling when prerequisites fail"
+                                    description: "Prerequisites: API operations that must succeed before this one.\n\nONLY for business logic dependencies (resource existence, state checks,\ndata availability). NEVER for authentication -- use `authorizationActor`\ninstead.\n\nPrerequisites are executed in array order; all must return 2xx before the\nmain operation proceeds."
                                 },
                                 path: {
                                     type: "string",
                                     pattern: "^\\/[a-zA-Z0-9\\/_{}.-]*$",
-                                    description: "HTTP path of the API operation.\n\nThe URL path for accessing this API operation, using path parameters\nenclosed in curly braces (e.g., `/shoppings/customers/sales/{saleId}`).\n\nIt must be corresponded to the {@link parameters path parameters}.\n\nThe path structure should clearly indicate which database entity this\noperation is manipulating, helping to ensure all entities have\nappropriate API coverage.\n\nPath validation rules:\n\n- Must start with a forward slash (/)\n- Can contain only: letters (a-z, A-Z), numbers (0-9), forward slashes (/),\n  curly braces for parameters ({paramName}), hyphens (-), and underscores\n  (_)\n- Parameters must be enclosed in curly braces: {paramName}\n- Resource names should be in camelCase\n- No quotes, spaces, or invalid special characters allowed\n- No domain or role-based prefixes\n\nValid examples:\n\n- \"/users\"\n- \"/users/{userId}\"\n- \"/articles/{articleId}/comments\"\n- \"/attachmentFiles\"\n- \"/orders/{orderId}/items/{itemId}\"\n\nInvalid examples:\n\n- \"'/users'\" (contains quotes)\n- \"/user profile\" (contains space)\n- \"/users/[userId]\" (wrong bracket format)\n- \"/admin/users\" (role prefix)\n- \"/api/v1/users\" (API prefix)"
+                                    description: "HTTP path of the API operation.\n\nMust start with `/`. Parameters use curly braces: `{paramName}`. Resource\nnames in camelCase. No quotes, spaces, role prefixes (`/admin/`), or API\nversion prefixes (`/api/v1/`).\n\nAllowed characters: letters, digits, `/`, `{`, `}`, `-`, `_`, `.`"
                                 },
                                 method: {
                                     oneOf: [
@@ -359,7 +359,7 @@ function process(ctx, props) {
                                             "const": "patch"
                                         }
                                     ],
-                                    description: "HTTP method of the API operation.\n\n**IMPORTANT**: Methods must be written in lowercase only (e.g., \"get\",\nnot \"GET\").\n\nNote that, if the API operation has {@link requestBody}, method must not\nbe `get`.\n\nAlso, even though the API operation has been designed to only get\ninformation, but it needs complicated request information, it must be\ndefined as `patch` method with {@link requestBody} data specification.\n\n- `get`: get information\n- `patch`: get information with complicated request data\n  ({@link requestBody})\n- `post`: create new record\n- `put`: update existing record\n- `delete`: remove record"
+                                    description: "HTTP method (lowercase only).\n\nUse `patch` (not `get`) when a read operation needs a complex\n{@link requestBody}. `get` cannot have a request body."
                                 }
                             },
                             required: [
@@ -375,19 +375,19 @@ function process(ctx, props) {
                                 "path",
                                 "method"
                             ],
-                            description: "Operation of the Restful API.\n\nThis interface defines a single API endpoint with its HTTP {@link method},\n{@link path}, {@link parameters path parameters},\n{@link requestBody request body}, and {@link responseBody} structure. It\ncorresponds to an individual operation in the paths section of an OpenAPI\ndocument.\n\nEach operation requires a detailed explanation of its purpose through the\nreason and description fields, making it clear why the API was designed and\nhow it should be used.\n\nAll request bodies and responses for this operation must be object types\nand must reference named types defined in the components section. The\ncontent-type is always `application/json`. For file upload/download\noperations, use `string & tags.Format<\"uri\">` in the appropriate schema\ninstead of binary data formats.\n\nIn OpenAPI, this might represent:\n\n```json\n{\n  \"/shoppings/customers/orders\": {\n    \"post\": {\n      \"description\": \"Create a new order application from shopping cart...\",\n      \"parameters\": [...],\n      \"requestBody\": {...},\n      \"responses\": {...},\n      ...\n    }\n  }\n}\n```"
+                            description: "Single API endpoint with method, path, parameters, and request/response.\n\nAll request/response bodies must be object types referencing named\ncomponents. Content-type is always `application/json`. For file\nupload/download, use `string & tags.Format<\"uri\">` instead of binary."
                         },
                         "AutoBeOpenApi.IParameter": {
                             type: "object",
                             properties: {
                                 description: {
                                     type: "string",
-                                    description: "Description about the path parameter.\n\nThis is the standard OpenAPI description field that will be displayed in\nSwagger UI, SDK documentation, and other API documentation tools. Write a\nshort, concise, and clear description that helps API consumers understand\nwhat this parameter represents.\n\nImplementation details for parameter handling are covered in the parent\n{@link IOperation.specification} field.\n\n> MUST be written in English. Never use other languages."
+                                    description: "Description of the path parameter.\n\n> MUST be written in English. Never use other languages."
                                 },
                                 name: {
                                     type: "string",
                                     pattern: "^[a-z][a-zA-Z0-9]*$",
-                                    description: "Identifier name of the path parameter.\n\nThis name must match exactly with the parameter name in the route path.\nIt must be corresponded to the\n{@link AutoBeOpenApi.IOperation.path API operation path}.\n\nMUST use camelCase naming convention."
+                                    description: "Identifier name in camelCase. Must match the `{paramName}` in the\n{@link AutoBeOpenApi.IOperation.path}."
                                 },
                                 schema: {
                                     oneOf: [
@@ -409,7 +409,7 @@ function process(ctx, props) {
                                             string: "#/components/schemas/AutoBeOpenApi.IJsonSchema.IString"
                                         }
                                     },
-                                    description: "Type schema of the path parameter.\n\nPath parameters are typically primitive types like\n{@link AutoBeOpenApi.IJsonSchema.IString strings},\n{@link AutoBeOpenApi.IJsonSchema.IInteger integers},\n{@link AutoBeOpenApi.IJsonSchema.INumber numbers}.\n\nIf you need other types, please use request body instead with object type\nencapsulation."
+                                    description: "Type schema of the path parameter (primitive types only)."
                                 }
                             },
                             required: [
@@ -417,35 +417,30 @@ function process(ctx, props) {
                                 "name",
                                 "schema"
                             ],
-                            description: "Path parameter information for API routes.\n\nThis interface defines a path parameter that appears in the URL of an API\nendpoint. Path parameters are enclosed in curly braces in the\n{@link AutoBeOpenApi.IOperation.path operation path} and must be defined\nwith their types and descriptions.\n\nFor example, if API operation path is\n`/shoppings/customers/sales/{saleId}/questions/${questionId}/comments/${commentId}`,\nthe path parameters should be like below:\n\n```json\n{\n  \"path\": \"/shoppings/customers/sales/{saleId}/questions/${questionId}/comments/${commentId}\",\n  \"method\": \"get\",\n  \"parameters\": [\n    {\n      \"name\": \"saleId\",\n      \"in\": \"path\",\n      \"schema\": { \"type\": \"string\", \"format\": \"uuid\" },\n      \"description\": \"Target sale's ID\"\n    },\n    {\n      \"name\": \"questionId\",\n      \"in\": \"path\",\n      \"schema\": { \"type\": \"string\", \"format\": \"uuid\" },\n      \"description\": \"Target question's ID\"\n    },\n    {\n      \"name\": \"commentId\",\n      \"in\": \"path\",\n      \"schema\": { \"type\": \"string\", \"format\": \"uuid\" },\n      \"description\": \"Target comment's ID\"\n    }\n  ]\n}\n```"
+                            description: "Path parameter definition for an API route."
                         },
                         "AutoBeOpenApi.IJsonSchema.INumber": {
                             type: "object",
                             properties: {
                                 minimum: {
-                                    type: "number",
-                                    description: "Minimum value restriction."
+                                    type: "number"
                                 },
                                 maximum: {
-                                    type: "number",
-                                    description: "Maximum value restriction."
+                                    type: "number"
                                 },
                                 exclusiveMinimum: {
-                                    type: "number",
-                                    description: "Exclusive minimum value restriction."
+                                    type: "number"
                                 },
                                 exclusiveMaximum: {
-                                    type: "number",
-                                    description: "Exclusive maximum value restriction."
+                                    type: "number"
                                 },
                                 multipleOf: {
                                     type: "number",
-                                    exclusiveMinimum: 0,
-                                    description: "Multiple of value restriction."
+                                    exclusiveMinimum: 0
                                 },
                                 type: {
                                     "const": "number",
-                                    description: "Discriminator value of the type.\n\nCRITICAL: This MUST be a SINGLE string value, NOT an array. The type\nfield identifies the JSON Schema type and must be exactly one of:\n\"boolean\", \"integer\", \"number\", \"string\", \"array\", \"object\", or\n\"null\".\n\n\u274C INCORRECT: type: [\"string\", \"null\"] // This is WRONG! \u2705 CORRECT:\ntype: \"string\" // For nullable string, use oneOf instead\n\nIf you need to express a nullable type (e.g., string | null), you MUST\nuse the `IOneOf` structure:\n\n```typescript\n{\n  \"oneOf\": [{ \"type\": \"string\" }, { \"type\": \"null\" }]\n}\n```\n\nNEVER use array notation in the type field. The type field is a\ndiscriminator that accepts only a single string value."
+                                    description: "Discriminator value. MUST be a single string, NEVER an array.\n\nFor nullable types, use `IOneOf` instead: `{ oneOf: [{ type: \"string\"\n}, { type: \"null\" }] }`"
                                 }
                             },
                             required: [
@@ -457,29 +452,24 @@ function process(ctx, props) {
                             type: "object",
                             properties: {
                                 minimum: {
-                                    type: "integer",
-                                    description: "Minimum value restriction."
+                                    type: "integer"
                                 },
                                 maximum: {
-                                    type: "integer",
-                                    description: "Maximum value restriction."
+                                    type: "integer"
                                 },
                                 exclusiveMinimum: {
-                                    type: "integer",
-                                    description: "Exclusive minimum value restriction."
+                                    type: "integer"
                                 },
                                 exclusiveMaximum: {
-                                    type: "integer",
-                                    description: "Exclusive maximum value restriction."
+                                    type: "integer"
                                 },
                                 multipleOf: {
                                     type: "integer",
-                                    exclusiveMinimum: 0,
-                                    description: "Multiple of value restriction."
+                                    exclusiveMinimum: 0
                                 },
                                 type: {
                                     "const": "integer",
-                                    description: "Discriminator value of the type.\n\nCRITICAL: This MUST be a SINGLE string value, NOT an array. The type\nfield identifies the JSON Schema type and must be exactly one of:\n\"boolean\", \"integer\", \"number\", \"string\", \"array\", \"object\", or\n\"null\".\n\n\u274C INCORRECT: type: [\"string\", \"null\"] // This is WRONG! \u2705 CORRECT:\ntype: \"string\" // For nullable string, use oneOf instead\n\nIf you need to express a nullable type (e.g., string | null), you MUST\nuse the `IOneOf` structure:\n\n```typescript\n{\n  \"oneOf\": [{ \"type\": \"string\" }, { \"type\": \"null\" }]\n}\n```\n\nNEVER use array notation in the type field. The type field is a\ndiscriminator that accepts only a single string value."
+                                    description: "Discriminator value. MUST be a single string, NEVER an array.\n\nFor nullable types, use `IOneOf` instead: `{ oneOf: [{ type: \"string\"\n}, { type: \"null\" }] }`"
                                 }
                             },
                             required: [
@@ -564,21 +554,19 @@ function process(ctx, props) {
                                 },
                                 contentMediaType: {
                                     type: "string",
-                                    description: "Content media type restriction.\n\nIf you want to accept multiple contentMediaType values simultaneously\n(e.g., `text/plain` and `text/html`), you MUST NOT violate the type by\nusing an array. Instead, use `oneOf` to define multiple `string`\nschemas with different `contentMediaType` values.\n\nExample for accepting both text/plain and text/html:\n\n```typescript\n{\n  \"oneOf\": [\n    { \"type\": \"string\", \"contentMediaType\": \"text/plain\" },\n    { \"type\": \"string\", \"contentMediaType\": \"text/html\" }\n  ]\n}\n```\n\nThis is the CORRECT approach. Never use array notation or modify the\nsingle string type to accept arrays."
+                                    description: "Content media type restriction.\n\nFor multiple media types, use `oneOf` with separate string schemas per\n`contentMediaType` value. Never use an array here."
                                 },
                                 minLength: {
                                     type: "integer",
-                                    minimum: 0,
-                                    description: "Minimum length restriction."
+                                    minimum: 0
                                 },
                                 maxLength: {
                                     type: "integer",
-                                    minimum: 0,
-                                    description: "Maximum length restriction."
+                                    minimum: 0
                                 },
                                 type: {
                                     "const": "string",
-                                    description: "Discriminator value of the type.\n\nCRITICAL: This MUST be a SINGLE string value, NOT an array. The type\nfield identifies the JSON Schema type and must be exactly one of:\n\"boolean\", \"integer\", \"number\", \"string\", \"array\", \"object\", or\n\"null\".\n\n\u274C INCORRECT: type: [\"string\", \"null\"] // This is WRONG! \u2705 CORRECT:\ntype: \"string\" // For nullable string, use oneOf instead\n\nIf you need to express a nullable type (e.g., string | null), you MUST\nuse the `IOneOf` structure:\n\n```typescript\n{\n  \"oneOf\": [{ \"type\": \"string\" }, { \"type\": \"null\" }]\n}\n```\n\nNEVER use array notation in the type field. The type field is a\ndiscriminator that accepts only a single string value."
+                                    description: "Discriminator value. MUST be a single string, NEVER an array.\n\nFor nullable types, use `IOneOf` instead: `{ oneOf: [{ type: \"string\"\n}, { type: \"null\" }] }`"
                                 }
                             },
                             required: [
@@ -591,54 +579,54 @@ function process(ctx, props) {
                             properties: {
                                 description: {
                                     type: "string",
-                                    description: "Description about the request body.\n\nMake short, concise and clear description about the request body.\n\n> MUST be written in English. Never use other languages."
+                                    description: "Description of the request body.\n\n> MUST be written in English. Never use other languages."
                                 },
                                 typeName: {
                                     type: "string",
-                                    description: "Request body type name.\n\nThis specifies the data structure expected in the request body, that will\nbe transformed to {@link AutoBeOpenApi.IJsonSchema.IReference reference}\ntype in the {@link AutoBeOpenApi.IComponents.schemas components section}\nas an {@link AutoBeOpenApi.IJsonSchema.Object object} type.\n\nHere is the naming convention for the request body type:\n\n- `IEntityName.ICreate`: Request body for creation operations (POST)\n- `IEntityName.IUpdate`: Request body for update operations (PUT)\n- `IEntityName.IRequest`: Request parameters for list operations (often\n  with search/pagination)\n\nWhat you write:\n\n```json\n{\n  \"typeName\": \"IShoppingOrder.ICreate\"\n}\n```\n\nTransformed to:\n\n```json\n{\n  \"schema\": {\n    \"$ref\": \"#/components/schemas/IShoppingOrder.ICreate\"\n  }\n}\n```"
+                                    description: "Type name referencing a component schema.\n\nNaming convention: `IEntityName.ICreate` (POST), `IEntityName.IUpdate`\n(PUT), `IEntityName.IRequest` (list/search)."
                                 }
                             },
                             required: [
                                 "description",
                                 "typeName"
                             ],
-                            description: "Request body information of OpenAPI operation.\n\nThis interface defines the structure for request bodies in API routes. It\ncorresponds to the requestBody section in OpenAPI specifications, providing\nboth a description and schema reference for the request payload.\n\nThe content-type for all request bodies is always `application/json`. Even\nwhen file uploading is required, don't use `multipart/form-data` or\n`application/x-www-form-urlencoded` content types. Instead, just define an\nURI string property in the request body schema.\n\nNote that, all body schemas must be transformable to a\n{@link AutoBeOpenApi.IJsonSchema.IReference reference} type defined in the\n{@link AutoBeOpenApi.IComponents.schemas components section} as an\n{@link AutoBeOpenApi.IJsonSchema.IObject object} type.\n\nIn OpenAPI, this might represent:\n\n```json\n{\n  \"requestBody\": {\n    \"description\": \"Creation info of the order\",\n    \"content\": {\n      \"application/json\": {\n        \"schema\": {\n          \"$ref\": \"#/components/schemas/IShoppingOrder.ICreate\"\n        }\n      }\n    }\n  }\n}\n```"
+                            description: "Request body for an API operation.\n\nContent-type is always `application/json`. For file uploads, use a URI\nstring property instead of `multipart/form-data`."
                         },
                         "AutoBeOpenApi.IResponseBody": {
                             type: "object",
                             properties: {
                                 description: {
                                     type: "string",
-                                    description: "Description about the response body.\n\nMake short, concise and clear description about the response body.\n\n> MUST be written in English. Never use other languages."
+                                    description: "Description of the response body.\n\n> MUST be written in English. Never use other languages."
                                 },
                                 typeName: {
                                     type: "string",
-                                    description: "Response body's data type.\n\nSpecifies the structure of the returned data (response body), that will\nbe transformed to {@link AutoBeOpenApi.IJsonSchema.IReference} type in the\n{@link AutoBeOpenApi.IComponents.schemas components section} as an\n{@link AutoBeOpenApi.IJsonSchema.IObject object} type.\n\nHere is the naming convention for the response body type:\n\n- `IEntityName`: Main entity with detailed information (e.g.,\n  `IShoppingSale`)\n- `IEntityName.ISummary`: Simplified response version with essential\n  properties\n- `IEntityName.IInvert`: Alternative view of an entity from a different\n  perspective\n- `IPageIEntityName`: Paginated results container with `pagination` and\n  `data` properties\n\nWhat you write:\n\n```json\n{\n  \"typeName\": \"IShoppingOrder\"\n}\n```\n\nTransformed to:\n\n```json\n{\n  \"schema\": {\n    \"$ref\": \"#/components/schemas/IShoppingOrder\"\n  }\n}\n```"
+                                    description: "Type name referencing a component schema.\n\nNaming convention: `IEntityName` (full), `IEntityName.ISummary`,\n`IEntityName.IInvert`, `IPageIEntityName` (paginated)."
                                 }
                             },
                             required: [
                                 "description",
                                 "typeName"
                             ],
-                            description: "Response body information for OpenAPI operation.\n\nThis interface defines the structure of a successful response from an API\noperation. It provides a description of the response and a schema reference\nto define the returned data structure.\n\nThe content-type for all responses is always `application/json`. Even when\nfile downloading is required, don't use `application/octet-stream` or\n`multipart/form-data` content types. Instead, just define an URI string\nproperty in the response body schema.\n\nIn OpenAPI, this might represent:\n\n```json\n{\n  \"responses\": {\n    \"200\": {\n      \"description\": \"Order information\",\n      \"content\": {\n        \"application/json\": {\n          \"schema\": { \"$ref\": \"#/components/schemas/IShoppingOrder\" }\n        }\n      }\n    }\n  }\n}\n```"
+                            description: "Response body for an API operation.\n\nContent-type is always `application/json`. For file downloads, use a URI\nstring property instead of `application/octet-stream`."
                         },
                         "AutoBeOpenApi.IPrerequisite": {
                             type: "object",
                             properties: {
                                 endpoint: {
                                     $ref: "#/components/schemas/AutoBeOpenApi.IEndpoint",
-                                    description: "The API endpoint that must be called before the main operation.\n\nThis specifies the exact HTTP method and path of the prerequisite API.\nThe endpoint must be a valid operation defined elsewhere in the API\nspecification. Path parameters in the prerequisite endpoint can reference\nthe same parameters available in the main operation."
+                                    description: "The API endpoint that must be called first."
                                 },
                                 description: {
                                     type: "string",
-                                    description: "Clear description of why this prerequisite is required.\n\nThis description should explain:\n\n- What validation or check this prerequisite performs\n- What state or condition must be satisfied\n- What happens if this prerequisite fails\n- Any specific data from the prerequisite used by the main operation\n\nThe description helps developers understand the dependency relationship\nand aids in debugging when prerequisites fail.\n\nGuidelines for good descriptions:\n\n- Be specific about the requirement (e.g., \"must be in 'active' state\")\n- Explain business logic constraints (e.g., \"budget must not be exceeded\")\n- Explain data dependencies (e.g., \"provides pricing information needed\")\n- Keep it concise but complete\n\n> MUST be written in English. Never use other languages."
+                                    description: "Why this prerequisite is required (specific condition or state).\n\n> MUST be written in English. Never use other languages."
                                 }
                             },
                             required: [
                                 "endpoint",
                                 "description"
                             ],
-                            description: "Prerequisite API operation dependency.\n\n`IPrerequisite` defines a dependency relationship between API operations,\nspecifying that certain endpoints must be successfully called before the\ncurrent operation can proceed. This ensures proper resource validation,\nstate checking, and data availability in complex API workflows.\n\n## CRITICAL WARNING: Authentication is NOT a Prerequisite\n\n**NEVER use prerequisites for authentication or authorization checks!**\n\nPrerequisites are ONLY for business logic dependencies such as:\n\n- Checking if a resource exists\n- Verifying resource state\n- Loading required data\n\nDo NOT create prerequisites for:\n\n- Login/authentication endpoints\n- Token validation\n- Permission checks\n- User authorization verification\n\nAuthentication is handled separately via the `authorizationActor` field on\nthe operation itself. Mixing authentication with business prerequisites\ncreates confusion and incorrect test scenarios.\n\n## Core Concept\n\nPrerequisites create an execution dependency graph for API operations. They\nexplicitly declare which APIs must succeed before attempting the current\noperation, preventing invalid states and ensuring data consistency.\n\n## Structure\n\nEach prerequisite consists of:\n\n1. **endpoint**: The API endpoint that must be called first\n2. **description**: Clear explanation of why this prerequisite is required\n\n## Common Use Cases\n\n### 1. Resource Existence Validation\n\n```typescript\n{\n  \"endpoint\": { \"path\": \"/users/{userId}\", \"method\": \"get\" },\n  \"description\": \"User must exist before updating their profile\"\n}\n```\n\n### 2. Parent-Child Relationships\n\n```typescript\n{\n  \"endpoint\": { \"path\": \"/posts/{postId}\", \"method\": \"get\" },\n  \"description\": \"Post must exist before adding comments\"\n}\n```\n\n### 3. State Prerequisites\n\n```typescript\n{\n  \"endpoint\": { \"path\": \"/orders/{orderId}/status\", \"method\": \"get\" },\n  \"description\": \"Order must be in 'confirmed' state before shipping\"\n}\n```\n\n### 4. Business Logic Dependencies\n\n```typescript\n{\n  \"endpoint\": {\n    \"path\": \"/inventory/{productId}/stock\",\n    \"method\": \"get\"\n  },\n  \"description\": \"Product must have sufficient stock before creating order\"\n}\n```\n\n## Implementation Guidelines\n\n1. **Clear Descriptions**: Always explain WHY the prerequisite is needed\n2. **Minimal Dependencies**: Only include truly necessary prerequisites\n3. **Logical Order**: If multiple prerequisites exist, order them logically\n4. **Error Context**: Description should help understand failure scenarios\n5. **No Authentication**: Prerequisites must NEVER be authentication checks\n\n## Test Generation Usage\n\nThe Test Agent utilizes prerequisites to:\n\n- Set up test data in the correct sequence\n- Generate realistic test scenarios\n- Create both positive and negative test cases\n- Ensure proper cleanup in reverse dependency order\n\n## Best Practices\n\n- Keep prerequisite chains as short as possible for performance\n- Consider caching prerequisite results when safe to do so\n- Ensure prerequisite descriptions are specific, not generic\n- Validate that circular dependencies don't exist\n- Document any side effects of prerequisite calls\n- NEVER use for authentication/authorization validation"
+                            description: "Prerequisite API operation that must succeed before the main operation.\n\nONLY for business logic dependencies (resource existence, state checks,\ndata availability). NEVER for authentication or authorization -- those are\nhandled via `authorizationActor`.\n\nKeep prerequisite chains minimal. Descriptions should explain WHY the\ndependency is needed."
                         },
                         "AutoBeOpenApi.IEndpoint": {
                             type: "object",
@@ -646,7 +634,7 @@ function process(ctx, props) {
                                 path: {
                                     type: "string",
                                     pattern: "^\\/[a-zA-Z0-9\\/_{}.-]*$",
-                                    description: "HTTP path of the API operation.\n\nThe URL path for accessing this API operation, using path parameters\nenclosed in curly braces (e.g., `/shoppings/customers/sales/{saleId}`).\n\nIt must be corresponded to the {@link parameters path parameters}.\n\nThe path structure should clearly indicate which database entity this\noperation is manipulating, helping to ensure all entities have\nappropriate API coverage.\n\nPath validation rules:\n\n- Must start with a forward slash (/)\n- Can contain only: letters (a-z, A-Z), numbers (0-9), forward slashes (/),\n  curly braces for parameters ({paramName}), hyphens (-), and underscores\n  (_)\n- Parameters must be enclosed in curly braces: {paramName}\n- Resource names should be in camelCase\n- No quotes, spaces, or invalid special characters allowed\n- No domain or role-based prefixes\n\nValid examples:\n\n- \"/users\"\n- \"/users/{userId}\"\n- \"/articles/{articleId}/comments\"\n- \"/attachmentFiles\"\n- \"/orders/{orderId}/items/{itemId}\"\n\nInvalid examples:\n\n- \"'/users'\" (contains quotes)\n- \"/user profile\" (contains space)\n- \"/users/[userId]\" (wrong bracket format)\n- \"/admin/users\" (role prefix)\n- \"/api/v1/users\" (API prefix)"
+                                    description: "HTTP path of the API operation.\n\nMust start with `/`. Parameters use curly braces: `{paramName}`. Resource\nnames in camelCase. No quotes, spaces, role prefixes (`/admin/`), or API\nversion prefixes (`/api/v1/`).\n\nAllowed characters: letters, digits, `/`, `{`, `}`, `-`, `_`, `.`"
                                 },
                                 method: {
                                     oneOf: [
@@ -666,7 +654,7 @@ function process(ctx, props) {
                                             "const": "patch"
                                         }
                                     ],
-                                    description: "HTTP method of the API operation.\n\n**IMPORTANT**: Methods must be written in lowercase only (e.g., \"get\",\nnot \"GET\").\n\nNote that, if the API operation has {@link requestBody}, method must not\nbe `get`.\n\nAlso, even though the API operation has been designed to only get\ninformation, but it needs complicated request information, it must be\ndefined as `patch` method with {@link requestBody} data specification.\n\n- `get`: get information\n- `patch`: get information with complicated request data\n  ({@link requestBody})\n- `post`: create new record\n- `put`: update existing record\n- `delete`: remove record"
+                                    description: "HTTP method (lowercase only).\n\nUse `patch` (not `get`) when a read operation needs a complex\n{@link requestBody}. `get` cannot have a request body."
                                 }
                             },
                             required: [
@@ -684,14 +672,13 @@ function process(ctx, props) {
                         parameters: [
                             {
                                 name: "props",
-                                description: " Request containing either preliminary data request or complete\ntask",
                                 required: true,
                                 schema: {
                                     $ref: "#/components/schemas/IAutoBeInterfaceAuthorizationApplication.IProps"
                                 }
                             }
                         ],
-                        description: "Process authorization operations generation task or preliminary data\nrequests.\n\nGenerates authorization operations for the given roles and ensures the\ninterface reflects correct permissions and access levels."
+                        description: "Process task or retrieve preliminary data."
                     }
                 ]
             },
@@ -1263,11 +1250,11 @@ function createController(props) {
                     type: "object",
                     properties: {
                         thinking: {
-                            description: "Think before you act.\n\nBefore requesting preliminary data or completing your task, reflect on\nyour current state and explain your reasoning:\n\nFor preliminary requests (getAnalysisSections, getDatabaseSchemas, etc.):\n\n- What critical information is missing that you don't already have?\n- Why do you need it specifically right now?\n- Be brief - state the gap, don't list everything you have.\n\nFor completion (complete):\n\n- What key assets did you acquire?\n- What did you accomplish?\n- Why is it sufficient to complete?\n- Summarize - don't enumerate every single item.\n\nThis reflection helps you avoid duplicate requests and premature\ncompletion.",
+                            description: "Reasoning about your current state: what's missing (preliminary) or what\nyou accomplished (completion).",
                             type: "string"
                         },
                         request: {
-                            description: "Type discriminator for the request.\n\nDetermines which action to perform: preliminary data retrieval\n(getAnalysisSections, getPreviousAnalysisSections, getDatabaseSchemas,\ngetPreviousDatabaseSchemas) or final authorization operations generation\n(complete). When preliminary returns empty array, that type is removed\nfrom the union, physically preventing repeated calls.",
+                            description: "Action to perform. Exhausted preliminary types are removed from the\nunion.",
                             anyOf: [
                                 {
                                     $ref: "#/$defs/IAutoBePreliminaryGetAnalysisSections"
@@ -1304,18 +1291,18 @@ function createController(props) {
                     additionalProperties: false,
                     $defs: {
                         IAutoBePreliminaryGetAnalysisSections: {
-                            description: "Request to retrieve individual analysis sections by numeric ID.\n\nInstead of loading entire analysis files (~110-120KB each), this loads\nspecific ### sections (~200-600 words each) identified by integer IDs from\nthe section catalog.",
+                            description: "Request to retrieve individual analysis sections by numeric ID.",
                             type: "object",
                             properties: {
                                 type: {
-                                    description: "Type discriminator for the request.\n\nDetermines which action to perform: preliminary data retrieval or actual\ntask execution. Value \"getAnalysisSections\" indicates this is a preliminary\ndata request for individual analysis sections.",
+                                    description: "Type discriminator.",
                                     type: "string",
                                     "enum": [
                                         "getAnalysisSections"
                                     ]
                                 },
                                 sectionIds: {
-                                    description: "List of section IDs to retrieve.\n\nThese are sequential integer IDs from the analysis sections catalog. Each\nID maps to a specific ### section in the requirements documents.\n\nCRITICAL: DO NOT request the same section IDs that you have already\nrequested in previous calls.",
+                                    description: "Section IDs to retrieve. DO NOT request same IDs already requested in\nprevious calls.",
                                     type: "array",
                                     items: {
                                         type: "integer",
@@ -1331,18 +1318,18 @@ function createController(props) {
                             ]
                         },
                         IAutoBePreliminaryGetDatabaseSchemas: {
-                            description: "Request to retrieve database schema definitions for context.\n\nThis type is used in the preliminary phase to request specific database table\nschemas needed for generating type-safe API operations.",
+                            description: "Request to retrieve database schema definitions for context.",
                             type: "object",
                             properties: {
                                 type: {
-                                    description: "Type discriminator for the request.\n\nDetermines which action to perform: preliminary data retrieval or actual\ntask execution. Value \"getDatabaseSchemas\" indicates this is a preliminary\ndata request for database schemas.",
+                                    description: "Type discriminator.",
                                     type: "string",
                                     "enum": [
                                         "getDatabaseSchemas"
                                     ]
                                 },
                                 schemaNames: {
-                                    description: "List of database table names to retrieve.\n\nTable names from the database schema representing database entities (e.g.,\n\"user\", \"post\", \"comment\").\n\nCRITICAL: DO NOT request the same schema names that you have already\nrequested in previous calls.",
+                                    description: "Database table names to retrieve. DO NOT request same names already\nrequested in previous calls.",
                                     type: "array",
                                     items: {
                                         type: "string"
@@ -1356,18 +1343,18 @@ function createController(props) {
                             ]
                         },
                         IAutoBePreliminaryGetPreviousAnalysisSections: {
-                            description: "Request to retrieve individual analysis sections from previous iteration by\nnumeric ID.\n\nSame as {@link IAutoBePreliminaryGetAnalysisSections} but for sections from\nthe previous generation cycle, enabling comparison and consistency checks.",
+                            description: "Request to retrieve analysis sections from the previous iteration by numeric\nID.",
                             type: "object",
                             properties: {
                                 type: {
-                                    description: "Type discriminator for the request.\n\nValue \"getPreviousAnalysisSections\" indicates this is a preliminary data\nrequest for analysis sections from the previous iteration.",
+                                    description: "Type discriminator.",
                                     type: "string",
                                     "enum": [
                                         "getPreviousAnalysisSections"
                                     ]
                                 },
                                 sectionIds: {
-                                    description: "List of section IDs to retrieve from the previous iteration.\n\nCRITICAL: DO NOT request the same section IDs that you have already\nrequested in previous calls.",
+                                    description: "Section IDs to retrieve from previous iteration. DO NOT request same IDs\nalready requested in previous calls.",
                                     type: "array",
                                     items: {
                                         type: "integer",
@@ -1382,18 +1369,18 @@ function createController(props) {
                             ]
                         },
                         IAutoBePreliminaryGetPreviousDatabaseSchemas: {
-                            description: "Request to retrieve database schemas from a previous version.\n\nThis type is used to load database schema definitions that were generated in\na **previous version** of the AutoBE generation pipeline. This is NOT about\nre-requesting schemas within the same execution, but rather accessing\nartifacts from an earlier version.\n\n**Use Case:** When regenerating or modifying the database schema based on\nuser change requests, agents need to reference the previously generated\ndatabase schemas to understand the existing database structure and what needs\nto be modified.\n\n**Key Difference from `getDatabaseSchemas`:**\n\n- `getDatabaseSchemas`: Fetches schemas from the **current version** (the\n  version being generated right now)\n- `getPreviousDatabaseSchemas`: Fetches schemas from the **previous version**\n  (the last successfully generated version)\n\n**Example Scenario:**\n\n    Initial generation:\n    - DATABASE phase creates: users, posts, comments tables\n    - Generation completes successfully\n\n    User: \"Add email verification status to users\"\n\n    Regeneration:\n    - DATABASE phase starts regeneration\n    - Calls getPreviousDatabaseSchemas([\"users\"])\n      \u2192 Loads the previous version of users table schema\n    - Creates new version with emailVerified field added\n\n**Waterfall + Spiral Pattern:**\n\nThis aligns with AutoBE's regeneration cycles where:\n\n- Compilation failures trigger regeneration with corrections\n- User modifications trigger new versions\n- Previous schemas serve as reference for incremental changes",
+                            description: "Request to retrieve database schemas from the previous iteration.\n\nLoads database table definitions from the last successfully generated\nversion, used as reference context during regeneration or modification\ncycles.",
                             type: "object",
                             properties: {
                                 type: {
-                                    description: "Type discriminator for the request.\n\nDetermines which action to perform: preliminary data retrieval or actual\ntask execution. Value \"getPreviousDatabaseSchemas\" indicates this is a\npreliminary data request for database schemas from a previous version.",
+                                    description: "Type discriminator.",
                                     type: "string",
                                     "enum": [
                                         "getPreviousDatabaseSchemas"
                                     ]
                                 },
                                 schemaNames: {
-                                    description: "List of database table names to retrieve from the previous version.\n\nThese are table schema names that were generated in a previous version and\nare needed as reference context for the current regeneration.\n\n**Important Notes:**\n\n- These schemas MUST exist in the previous version\n- This function is only available when a previous version exists\n- Used for reference/comparison, not for re-requesting within same execution\n- Table names are in snake_case (e.g., \"shopping_sale\", \"bbs_article\")\n\n**When This Function is Available:**\n\n- When a previous version exists\n- When user requests modifications to existing database schema\n- During correction/regeneration cycles that need previous schema context\n\n**When This Function is NOT Available:**\n\n- During initial generation (no previous version exists)\n- No previous database schemas available for this orchestration task\n\n**Example Table Names:**\n\n- \"users\", \"posts\", \"comments\"\n- \"shopping_sales\", \"shopping_orders\", \"shopping_products\"\n- \"bbs_articles\", \"bbs_article_files\"",
+                                    description: "Table names to retrieve from previous iteration. DO NOT request same names\nalready requested in previous calls.",
                                     type: "array",
                                     items: {
                                         type: "string"
@@ -1407,26 +1394,26 @@ function createController(props) {
                             ]
                         },
                         "IAutoBeInterfaceAuthorizationApplication.IComplete": {
-                            description: "Request to generate authorization operations.\n\nExecutes authorization operations generation to define the authorization\nrequirements for the given roles. Ensures operations reflect correct\npermissions and access levels for each role.",
+                            description: "Request to generate authorization operations.",
                             type: "object",
                             properties: {
                                 type: {
-                                    description: "Type discriminator for the request.\n\nDetermines which action to perform: preliminary data retrieval or actual\ntask execution. Value \"complete\" indicates this is the final task\nexecution request.",
+                                    description: "Type discriminator for completion request.",
                                     type: "string",
                                     "enum": [
                                         "complete"
                                     ]
                                 },
                                 analysis: {
-                                    description: "Analysis of the actor's authentication requirements and schema context.\n\nDocuments the agent's understanding of the actor type\n(guest/member/admin), what authentication fields exist in the database\nschema, what additional authentication features are supported by the\nschema, and what operations are appropriate for this actor kind.",
+                                    description: "Analysis of the actor's authentication requirements and schema context.",
                                     type: "string"
                                 },
                                 rationale: {
-                                    description: "Rationale for the authorization operation design decisions.\n\nExplains why specific operations were included or excluded, how the actor\nkind influenced the essential operations selection (e.g., why guests\ndon't have login), what schema fields enabled additional operations, and\nwhy certain authentication patterns were chosen.",
+                                    description: "Rationale for authorization operation design decisions.",
                                     type: "string"
                                 },
                                 operations: {
-                                    description: "Array of API operations to generate authorization operation for.\n\nEach operation in this array must include:\n\n- Specification: Detailed API specification with clear purpose and\n  functionality\n- Path: Resource-centric URL path (e.g., \"/resources/{resourceId}\")\n- Method: HTTP method (get, post, put, delete, patch)\n- Description: Extremely detailed multi-paragraph description referencing\n  database schema comments\n- Summary: Concise one-sentence summary of the endpoint\n- Parameters: Array of all necessary parameters with descriptions and\n  schema definitions\n- RequestBody: For POST/PUT/PATCH methods, with typeName referencing\n  components.schemas\n- ResponseBody: With typeName referencing appropriate response type\n\nAll operations must follow strict quality standards:\n\n1. Detailed descriptions referencing database schema comments\n2. Accurate parameter definitions matching path parameters\n3. Appropriate request/response body type references\n4. Consistent patterns for CRUD operations\n\nFor list retrievals (typically PATCH), include pagination, search, and\nsorting. For detail retrieval (GET), return a single resource. For\ncreation (POST), use .ICreate request body. For modification (PUT), use\n.IUpdate request body.",
+                                    description: "Array of API operations to generate for authorization.",
                                     type: "array",
                                     items: {
                                         $ref: "#/$defs/AutoBeOpenApi.IOperation"
@@ -1442,19 +1429,19 @@ function createController(props) {
                             ]
                         },
                         "AutoBeOpenApi.IOperation": {
-                            description: "Operation of the Restful API.\n\nThis interface defines a single API endpoint with its HTTP {@link method},\n{@link path}, {@link parameters path parameters},\n{@link requestBody request body}, and {@link responseBody} structure. It\ncorresponds to an individual operation in the paths section of an OpenAPI\ndocument.\n\nEach operation requires a detailed explanation of its purpose through the\nreason and description fields, making it clear why the API was designed and\nhow it should be used.\n\nAll request bodies and responses for this operation must be object types\nand must reference named types defined in the components section. The\ncontent-type is always `application/json`. For file upload/download\noperations, use `string & tags.Format<\"uri\">` in the appropriate schema\ninstead of binary data formats.\n\nIn OpenAPI, this might represent:\n\n```json\n{\n  \"/shoppings/customers/orders\": {\n    \"post\": {\n      \"description\": \"Create a new order application from shopping cart...\",\n      \"parameters\": [...],\n      \"requestBody\": {...},\n      \"responses\": {...},\n      ...\n    }\n  }\n}\n```",
+                            description: "Single API endpoint with method, path, parameters, and request/response.\n\nAll request/response bodies must be object types referencing named\ncomponents. Content-type is always `application/json`. For file\nupload/download, use `string & tags.Format<\"uri\">` instead of binary.",
                             type: "object",
                             properties: {
                                 specification: {
-                                    description: "Implementation specification for the API operation.\n\nThis is an AutoBE-internal field (not exposed in standard OpenAPI output)\nthat provides detailed implementation guidance for downstream agents\n(Realize Agent, Test Agent, etc.).\n\nInclude **HOW** this operation should be implemented:\n\n- Service layer logic and algorithm\n- Database queries and transactions involved\n- Business rules and validation logic\n- Edge cases and error handling\n- Integration with other services\n\nThis field complements the `description` field: while `description` is\nfor API consumers (Swagger UI, SDK docs), `specification` is for agents\nthat implement the operation.\n\n> MUST be written in English. Never use other languages.",
+                                    description: "Internal implementation guidance for downstream agents (Realize, Test).\n\nDescribe HOW this operation should be implemented: service logic, DB\nqueries, business rules, edge cases, and error handling.\n\n> MUST be written in English. Never use other languages.",
                                     type: "string"
                                 },
                                 description: {
-                                    description: "Detailed description about the API operation.\n\nIMPORTANT: This field MUST be extensively detailed and MUST reference the\ndescription comments from the related database schema tables and columns.\nThe description should be organized into MULTIPLE PARAGRAPHS separated by\nline breaks to improve readability and comprehension.\n\nFor example, include separate paragraphs for:\n\n- The purpose and overview of the API operation\n- Security considerations and user permissions\n- Relationship to underlying database entities\n- Validation rules and business logic\n- Related API operations that might be used together with this one\n- Expected behavior and error handling\n\nWhen writing the description, be sure to incorporate the corresponding DB\nschema's description comments, matching the level of detail and style of\nthose comments. This ensures consistency between the API documentation\nand database structure.\n\nIf there's a dependency to other APIs, please describe the dependency API\noperation in this field with detailed reason. For example, if this API\noperation needs a pre-execution of other API operation, it must be\nexplicitly described.\n\n- `GET /shoppings/customers/sales` must be pre-executed to get entire list\n  of summarized sales. Detailed sale information would be obtained by\n  specifying the sale ID in the path parameter.\n\n**CRITICAL WARNING about soft delete keywords**: DO NOT use terms like\n\"soft delete\", \"soft-delete\", or similar variations in this description\nUNLESS the operation actually implements soft deletion. These keywords\ntrigger validation logic that expects a corresponding soft_delete_column\nto be specified. Only use these terms when you intend to implement soft\ndeletion (marking records as deleted without removing them from the\ndatabase).\n\nExample of problematic description: \u274C \"This would normally be a\nsoft-delete, but we intentionally perform permanent deletion here\" - This\ntriggers soft delete validation despite being a hard delete operation.\n\n> MUST be written in English. Never use other languages.",
+                                    description: "Multi-paragraph description of the API operation for consumers.\n\nReference and incorporate DB schema table/column description comments.\nOrganize into multiple paragraphs covering purpose, business logic,\nrelationships, and error handling.\n\nDo NOT use \"soft delete\" / \"soft-delete\" unless the operation actually\nimplements soft deletion (triggers validation expecting\nsoft_delete_column).\n\n> MUST be written in English. Never use other languages.",
                                     type: "string"
                                 },
                                 authorizationType: {
-                                    description: "Authorization type of the API operation.\n\n- `\"login\"`: User login operations that validate credentials\n- `\"join\"`: User registration operations that create accounts\n- `\"refresh\"`: Token refresh operations that renew access tokens\n- `null`: All other operations (CRUD, business logic, etc.)\n\nUse authentication values only for credential validation, user\nregistration, or token refresh operations. Use `null` for all other\nbusiness operations.\n\nExamples:\n\n- `/auth/login` \u2192 `\"login\"`\n- `/auth/register` \u2192 `\"join\"`\n- `/auth/refresh` \u2192 `\"refresh\"`\n- `/auth/validate` \u2192 `null`\n- `/users/{id}`, `/shoppings/customers/sales/cancel`, \u2192 `null`",
+                                    description: "Authorization type of the API operation.\n\n- `\"login\"`: Credential validation operations\n- `\"join\"`: Account registration operations\n- `\"refresh\"`: Token renewal operations\n- `null`: All other operations",
                                     anyOf: [
                                         {
                                             type: "string",
@@ -1470,14 +1457,14 @@ function createController(props) {
                                     ]
                                 },
                                 parameters: {
-                                    description: "List of path parameters.\n\nNote that, the {@link AutoBeOpenApi.IParameter.name identifier name} of\npath parameter must be corresponded to the\n{@link path API operation path}.\n\nFor example, if there's an API operation which has {@link path} of\n`/shoppings/customers/sales/{saleId}/questions/${questionId}/comments/${commentId}`,\nits list of {@link AutoBeOpenApi.IParameter.name path parameters} must be\nlike:\n\n- `saleId`\n- `questionId`\n- `commentId`",
+                                    description: "List of path parameters.\n\nEach parameter name must correspond to a `{paramName}` in the\n{@link path}.",
                                     type: "array",
                                     items: {
                                         $ref: "#/$defs/AutoBeOpenApi.IParameter"
                                     }
                                 },
                                 requestBody: {
-                                    description: "Request body of the API operation.\n\nDefines the payload structure for the request. Contains a description and\nschema reference to define the expected input data.\n\nShould be `null` for operations that don't require a request body, such\nas most \"get\" operations.",
+                                    description: "Request body of the API operation, or `null` if none.",
                                     anyOf: [
                                         {
                                             type: "null"
@@ -1488,7 +1475,7 @@ function createController(props) {
                                     ]
                                 },
                                 responseBody: {
-                                    description: "Response body of the API operation.\n\nDefines the structure of the successful response data. Contains a\ndescription and schema reference for the returned data.\n\nShould be null for operations that don't return any data.",
+                                    description: "Response body of the API operation, or `null` if none.",
                                     anyOf: [
                                         {
                                             type: "null"
@@ -1499,7 +1486,7 @@ function createController(props) {
                                     ]
                                 },
                                 authorizationActor: {
-                                    description: "Authorization actor required to access this API operation.\n\nThis field specifies which user actor is allowed to access this endpoint.\nThe actor name must correspond exactly to the actual actors defined in\nyour system's database schema.\n\n## Naming Convention\n\nActor names MUST use camelCase.\n\n## Actor-Based Path Convention\n\nWhen authorizationActor is specified, it should align with the path\nstructure:\n\n- If authorizationActor is \"admin\" \u2192 path might be \"/admin/resources/{id}\"\n- If authorizationActor is \"seller\" \u2192 path might be \"/seller/products\"\n- Special case: For user's own resources, use path prefix \"/my/\" regardless\n  of actor\n\n## Important Guidelines\n\n- Set to `null` for public endpoints that require no authentication\n- Set to specific actor string for actor-restricted endpoints\n- The actor name MUST match exactly with the user type/actor defined in the\n  database\n- This actor will be used by the Realize Agent to generate appropriate\n  decorator and authorization logic in the provider functions\n- The controller will apply the corresponding authentication decorator\n  based on this actor\n\n## Examples\n\n- `null` - Public endpoint, no authentication required\n- `\"user\"` - Any authenticated user can access\n- `\"admin\"` - Only admin users can access\n- `\"seller\"` - Only seller users can access\n- `\"moderator\"` - Only moderator users can access\n\nNote: The actual authentication/authorization implementation will be\nhandled by decorators at the controller level, and the provider function\nwill receive the authenticated user object with the appropriate type.",
+                                    description: "Authorization actor required to access this API operation.\n\nMUST use camelCase. The actor name MUST match exactly with a user\ntype/table defined in the database schema.\n\nSet to `null` for public endpoints requiring no authentication.",
                                     anyOf: [
                                         {
                                             type: "null"
@@ -1512,24 +1499,24 @@ function createController(props) {
                                     ]
                                 },
                                 name: {
-                                    description: "Functional name of the API endpoint.\n\nThis is a semantic identifier that represents the primary function or\npurpose of the API endpoint. It serves as a canonical name that can be\nused for code generation, SDK method names, and internal references.\n\n## Reserved Word Restrictions\n\nCRITICAL: The name MUST NOT be a TypeScript/JavaScript reserved word, as\nit will be used as a class method name in generated code. Avoid names\nlike:\n\n- `delete`, `for`, `if`, `else`, `while`, `do`, `switch`, `case`, `break`\n- `continue`, `function`, `return`, `with`, `in`, `of`, `instanceof`\n- `typeof`, `void`, `var`, `let`, `const`, `class`, `extends`, `import`\n- `export`, `default`, `try`, `catch`, `finally`, `throw`, `new`\n- `super`, `this`, `null`, `true`, `false`, `async`, `await`\n- `yield`, `static`, `private`, `protected`, `public`, `implements`\n- `interface`, `package`, `enum`, `debugger`\n\nInstead, use alternative names for these operations:\n\n- Use `erase` instead of `delete`\n- Use `iterate` instead of `for`\n- Use `when` instead of `if`\n- Use `cls` instead of `class`\n\n## Standard Endpoint Names\n\nUse these conventional names based on the endpoint's primary function:\n\n- **`index`**: List/search operations that return multiple entities\n\n  - Typically used with PATCH method for complex queries\n  - Example: `PATCH /users` \u2192 `name: \"index\"`\n- **`at`**: Retrieve a specific entity by identifier\n\n  - Typically used with GET method on single resource\n  - Example: `GET /users/{userId}` \u2192 `name: \"at\"`\n- **`create`**: Create a new entity\n\n  - Typically used with POST method\n  - Example: `POST /users` \u2192 `name: \"create\"`\n- **`update`**: Update an existing entity\n\n  - Typically used with PUT method\n  - Example: `PUT /users/{userId}` \u2192 `name: \"update\"`\n- **`erase`**: Delete/remove an entity (NOT `delete` - reserved word!)\n\n  - Typically used with DELETE method\n  - Example: `DELETE /users/{userId}` \u2192 `name: \"erase\"`\n\n## Custom Endpoint Names\n\nFor specialized operations beyond basic CRUD, use descriptive verbs:\n\n- **`activate`**: Enable or turn on a feature/entity\n- **`deactivate`**: Disable or turn off a feature/entity\n- **`approve`**: Approve a request or entity\n- **`reject`**: Reject a request or entity\n- **`publish`**: Make content publicly available\n- **`archive`**: Move to archived state\n- **`restore`**: Restore from archived/deleted state\n- **`duplicate`**: Create a copy of an entity\n- **`transfer`**: Move ownership or change assignment\n- **`validate`**: Validate data or state\n- **`process`**: Execute a business process or workflow\n- **`export`**: Generate downloadable data\n- **`import`**: Process uploaded data\n\n## Naming Guidelines\n\n- MUST use camelCase naming convention\n- Use singular verb forms\n- Be concise but descriptive\n- Avoid abbreviations unless widely understood\n- Ensure the name clearly represents the endpoint's primary action\n- For nested resources, focus on the action rather than hierarchy\n- NEVER use JavaScript/TypeScript reserved words\n\nValid Examples:\n\n- `index`, `create`, `update`, `erase` (single word)\n- `updatePassword`, `cancelOrder`, `publishArticle` (camelCase)\n- `validateEmail`, `generateReport`, `exportData` (camelCase)\n\nInvalid Examples:\n\n- `update_password` (snake_case not allowed)\n- `UpdatePassword` (PascalCase not allowed)\n- `update-password` (kebab-case not allowed)\n\nPath to Name Examples:\n\n- `GET /shopping/orders/{orderId}/items` \u2192 `name: \"index\"` (lists items)\n- `POST /shopping/orders/{orderId}/cancel` \u2192 `name: \"cancel\"`\n- `PUT /users/{userId}/password` \u2192 `name: \"updatePassword\"`\n\n## Uniqueness Rule\n\nThe `name` must be unique within the API's accessor namespace. The\naccessor is formed by combining the path segments (excluding parameters)\nwith the operation name.\n\nAccessor formation:\n\n1. Extract non-parameter segments from the path (remove `{...}` parts)\n2. Join segments with dots\n3. Append the operation name\n\nExamples:\n\n- Path: `/shopping/sale/{saleId}/review/{reviewId}`, Name: `at` \u2192 Accessor:\n  `shopping.sale.review.at`\n- Path: `/users/{userId}/posts`, Name: `index` \u2192 Accessor:\n  `users.posts.index`\n- Path: `/auth/login`, Name: `signIn` \u2192 Accessor: `auth.login.signIn`\n\nEach accessor must be globally unique across the entire API. This ensures\noperations can be uniquely identified in generated SDKs and prevents\nnaming conflicts.",
+                                    description: "Functional name of the API endpoint. MUST use camelCase.\n\nMUST NOT be a JS/TS reserved word (`delete`, `for`, `if`, `class`,\n`return`, `new`, `this`, `void`, `const`, `let`, `var`, `async`, `await`,\n`export`, `import`, `switch`, `case`, `throw`, `try`). Use `erase`\ninstead of `delete`, `iterate` instead of `for`.\n\nStandard names:\n\n- `index`: list/search (PATCH), `at`: get by ID (GET)\n- `create`: POST, `update`: PUT, `erase`: DELETE\n\nAccessor uniqueness: the accessor is formed by joining non-parameter path\nsegments with dots, then appending the name. E.g., path\n`/shopping/sale/{saleId}/review/{reviewId}` + name `at` = accessor\n`shopping.sale.review.at`. Must be globally unique.",
                                     type: "string",
                                     pattern: "^[a-z][a-zA-Z0-9]*$"
                                 },
                                 prerequisites: {
-                                    description: "Prerequisites for this API operation.\n\nThe `prerequisites` field defines API operations that must be\nsuccessfully executed before this operation can be performed. This\ncreates an explicit dependency chain between API endpoints, ensuring\nproper execution order and data availability.\n\n## CRITICAL WARNING: Authentication Prerequisites\n\n**NEVER include authentication-related operations as prerequisites!**\nAuthentication is handled separately through the `authorizationActor`\nfield and should NOT be part of the prerequisite chain. Do NOT add\nprerequisites for:\n\n- Login endpoints\n- Token validation endpoints\n- User authentication checks\n- Permission verification endpoints\n\nPrerequisites are ONLY for business logic dependencies, NOT for\nauthentication/authorization.\n\n## Purpose and Use Cases\n\nPrerequisites are essential for operations that depend on:\n\n1. **Existence Validation**: Ensuring resources exist before manipulation\n2. **State Requirements**: Verifying resources are in the correct state\n3. **Data Dependencies**: Loading necessary data for the current operation\n4. **Business Logic Constraints**: Enforcing domain-specific rules\n\n## Execution Flow\n\nWhen an operation has prerequisites:\n\n1. Each prerequisite API must be called first in the specified order\n2. Prerequisites must return successful responses (2xx status codes)\n3. Only after all prerequisites succeed can the main operation proceed\n4. If any prerequisite fails, the operation should not be attempted\n\n## Common Patterns\n\n### Resource Existence Check\n\n```typescript\n// Before updating an order item, ensure the order exists\nprerequisites: [\n  {\n    endpoint: { path: \"/orders/{orderId}\", method: \"get\" },\n    description: \"Order must exist in the system\",\n  },\n];\n```\n\n### State Validation\n\n```typescript\n// Before processing payment, ensure order is in correct state\nprerequisites: [\n  {\n    endpoint: { path: \"/orders/{orderId}/status\", method: \"get\" },\n    description: \"Order must be in 'pending_payment' status\",\n  },\n];\n```\n\n### Hierarchical Dependencies\n\n```typescript\n// Before accessing a deeply nested resource\nprerequisites: [\n  {\n    endpoint: { path: \"/projects/{projectId}\", method: \"get\" },\n    description: \"Project must exist\",\n  },\n  {\n    endpoint: {\n      path: \"/projects/{projectId}/tasks/{taskId}\",\n      method: \"get\",\n    },\n    description: \"Task must exist within the project\",\n  },\n];\n```\n\n## Important Guidelines\n\n1. **Order Matters**: Prerequisites are executed in array order\n2. **Parameter Inheritance**: Path parameters from prerequisites can be used\n   in the main operation\n3. **Error Handling**: Failed prerequisites should prevent main operation\n4. **Performance**: Consider caching prerequisite results when appropriate\n5. **Documentation**: Each prerequisite must have a clear description\n   explaining why it's required\n6. **No Authentication**: NEVER use prerequisites for authentication checks\n\n## Test Generation Impact\n\nThe Test Agent uses prerequisites to:\n\n- Generate proper test setup sequences\n- Create valid test data in the correct order\n- Ensure test scenarios follow realistic workflows\n- Validate error handling when prerequisites fail",
+                                    description: "Prerequisites: API operations that must succeed before this one.\n\nONLY for business logic dependencies (resource existence, state checks,\ndata availability). NEVER for authentication -- use `authorizationActor`\ninstead.\n\nPrerequisites are executed in array order; all must return 2xx before the\nmain operation proceeds.",
                                     type: "array",
                                     items: {
                                         $ref: "#/$defs/AutoBeOpenApi.IPrerequisite"
                                     }
                                 },
                                 path: {
-                                    description: "HTTP path of the API operation.\n\nThe URL path for accessing this API operation, using path parameters\nenclosed in curly braces (e.g., `/shoppings/customers/sales/{saleId}`).\n\nIt must be corresponded to the {@link parameters path parameters}.\n\nThe path structure should clearly indicate which database entity this\noperation is manipulating, helping to ensure all entities have\nappropriate API coverage.\n\nPath validation rules:\n\n- Must start with a forward slash (/)\n- Can contain only: letters (a-z, A-Z), numbers (0-9), forward slashes (/),\n  curly braces for parameters ({paramName}), hyphens (-), and underscores\n  (_)\n- Parameters must be enclosed in curly braces: {paramName}\n- Resource names should be in camelCase\n- No quotes, spaces, or invalid special characters allowed\n- No domain or role-based prefixes\n\nValid examples:\n\n- \"/users\"\n- \"/users/{userId}\"\n- \"/articles/{articleId}/comments\"\n- \"/attachmentFiles\"\n- \"/orders/{orderId}/items/{itemId}\"\n\nInvalid examples:\n\n- \"'/users'\" (contains quotes)\n- \"/user profile\" (contains space)\n- \"/users/[userId]\" (wrong bracket format)\n- \"/admin/users\" (role prefix)\n- \"/api/v1/users\" (API prefix)",
+                                    description: "HTTP path of the API operation.\n\nMust start with `/`. Parameters use curly braces: `{paramName}`. Resource\nnames in camelCase. No quotes, spaces, role prefixes (`/admin/`), or API\nversion prefixes (`/api/v1/`).\n\nAllowed characters: letters, digits, `/`, `{`, `}`, `-`, `_`, `.`",
                                     type: "string",
                                     pattern: "^\\/[a-zA-Z0-9\\/_{}.-]*$"
                                 },
                                 method: {
-                                    description: "HTTP method of the API operation.\n\n**IMPORTANT**: Methods must be written in lowercase only (e.g., \"get\",\nnot \"GET\").\n\nNote that, if the API operation has {@link requestBody}, method must not\nbe `get`.\n\nAlso, even though the API operation has been designed to only get\ninformation, but it needs complicated request information, it must be\ndefined as `patch` method with {@link requestBody} data specification.\n\n- `get`: get information\n- `patch`: get information with complicated request data\n  ({@link requestBody})\n- `post`: create new record\n- `put`: update existing record\n- `delete`: remove record",
+                                    description: "HTTP method (lowercase only).\n\nUse `patch` (not `get`) when a read operation needs a complex\n{@link requestBody}. `get` cannot have a request body.",
                                     type: "string",
                                     "enum": [
                                         "get",
@@ -1555,20 +1542,20 @@ function createController(props) {
                             ]
                         },
                         "AutoBeOpenApi.IParameter": {
-                            description: "Path parameter information for API routes.\n\nThis interface defines a path parameter that appears in the URL of an API\nendpoint. Path parameters are enclosed in curly braces in the\n{@link AutoBeOpenApi.IOperation.path operation path} and must be defined\nwith their types and descriptions.\n\nFor example, if API operation path is\n`/shoppings/customers/sales/{saleId}/questions/${questionId}/comments/${commentId}`,\nthe path parameters should be like below:\n\n```json\n{\n  \"path\": \"/shoppings/customers/sales/{saleId}/questions/${questionId}/comments/${commentId}\",\n  \"method\": \"get\",\n  \"parameters\": [\n    {\n      \"name\": \"saleId\",\n      \"in\": \"path\",\n      \"schema\": { \"type\": \"string\", \"format\": \"uuid\" },\n      \"description\": \"Target sale's ID\"\n    },\n    {\n      \"name\": \"questionId\",\n      \"in\": \"path\",\n      \"schema\": { \"type\": \"string\", \"format\": \"uuid\" },\n      \"description\": \"Target question's ID\"\n    },\n    {\n      \"name\": \"commentId\",\n      \"in\": \"path\",\n      \"schema\": { \"type\": \"string\", \"format\": \"uuid\" },\n      \"description\": \"Target comment's ID\"\n    }\n  ]\n}\n```",
+                            description: "Path parameter definition for an API route.",
                             type: "object",
                             properties: {
                                 description: {
-                                    description: "Description about the path parameter.\n\nThis is the standard OpenAPI description field that will be displayed in\nSwagger UI, SDK documentation, and other API documentation tools. Write a\nshort, concise, and clear description that helps API consumers understand\nwhat this parameter represents.\n\nImplementation details for parameter handling are covered in the parent\n{@link IOperation.specification} field.\n\n> MUST be written in English. Never use other languages.",
+                                    description: "Description of the path parameter.\n\n> MUST be written in English. Never use other languages.",
                                     type: "string"
                                 },
                                 name: {
-                                    description: "Identifier name of the path parameter.\n\nThis name must match exactly with the parameter name in the route path.\nIt must be corresponded to the\n{@link AutoBeOpenApi.IOperation.path API operation path}.\n\nMUST use camelCase naming convention.",
+                                    description: "Identifier name in camelCase. Must match the `{paramName}` in the\n{@link AutoBeOpenApi.IOperation.path}.",
                                     type: "string",
                                     pattern: "^[a-z][a-zA-Z0-9]*$"
                                 },
                                 schema: {
-                                    description: "Type schema of the path parameter.\n\nPath parameters are typically primitive types like\n{@link AutoBeOpenApi.IJsonSchema.IString strings},\n{@link AutoBeOpenApi.IJsonSchema.IInteger integers},\n{@link AutoBeOpenApi.IJsonSchema.INumber numbers}.\n\nIf you need other types, please use request body instead with object type\nencapsulation.",
+                                    description: "Type schema of the path parameter (primitive types only).",
                                     anyOf: [
                                         {
                                             $ref: "#/$defs/AutoBeOpenApi.IJsonSchema.INumber"
@@ -1601,28 +1588,23 @@ function createController(props) {
                             type: "object",
                             properties: {
                                 minimum: {
-                                    description: "Minimum value restriction.",
                                     type: "number"
                                 },
                                 maximum: {
-                                    description: "Maximum value restriction.",
                                     type: "number"
                                 },
                                 exclusiveMinimum: {
-                                    description: "Exclusive minimum value restriction.",
                                     type: "number"
                                 },
                                 exclusiveMaximum: {
-                                    description: "Exclusive maximum value restriction.",
                                     type: "number"
                                 },
                                 multipleOf: {
-                                    description: "Multiple of value restriction.",
                                     type: "number",
                                     exclusiveMinimum: 0
                                 },
                                 type: {
-                                    description: "Discriminator value of the type.\n\nCRITICAL: This MUST be a SINGLE string value, NOT an array. The type\nfield identifies the JSON Schema type and must be exactly one of:\n\"boolean\", \"integer\", \"number\", \"string\", \"array\", \"object\", or\n\"null\".\n\n\u274C INCORRECT: type: [\"string\", \"null\"] // This is WRONG! \u2705 CORRECT:\ntype: \"string\" // For nullable string, use oneOf instead\n\nIf you need to express a nullable type (e.g., string | null), you MUST\nuse the `IOneOf` structure:\n\n```typescript\n{\n  \"oneOf\": [{ \"type\": \"string\" }, { \"type\": \"null\" }]\n}\n```\n\nNEVER use array notation in the type field. The type field is a\ndiscriminator that accepts only a single string value.",
+                                    description: "Discriminator value. MUST be a single string, NEVER an array.\n\nFor nullable types, use `IOneOf` instead: `{ oneOf: [{ type: \"string\"\n}, { type: \"null\" }] }`",
                                     type: "string",
                                     "enum": [
                                         "number"
@@ -1638,28 +1620,23 @@ function createController(props) {
                             type: "object",
                             properties: {
                                 minimum: {
-                                    description: "Minimum value restriction.",
                                     type: "integer"
                                 },
                                 maximum: {
-                                    description: "Maximum value restriction.",
                                     type: "integer"
                                 },
                                 exclusiveMinimum: {
-                                    description: "Exclusive minimum value restriction.",
                                     type: "integer"
                                 },
                                 exclusiveMaximum: {
-                                    description: "Exclusive maximum value restriction.",
                                     type: "integer"
                                 },
                                 multipleOf: {
-                                    description: "Multiple of value restriction.",
                                     type: "integer",
                                     exclusiveMinimum: 0
                                 },
                                 type: {
-                                    description: "Discriminator value of the type.\n\nCRITICAL: This MUST be a SINGLE string value, NOT an array. The type\nfield identifies the JSON Schema type and must be exactly one of:\n\"boolean\", \"integer\", \"number\", \"string\", \"array\", \"object\", or\n\"null\".\n\n\u274C INCORRECT: type: [\"string\", \"null\"] // This is WRONG! \u2705 CORRECT:\ntype: \"string\" // For nullable string, use oneOf instead\n\nIf you need to express a nullable type (e.g., string | null), you MUST\nuse the `IOneOf` structure:\n\n```typescript\n{\n  \"oneOf\": [{ \"type\": \"string\" }, { \"type\": \"null\" }]\n}\n```\n\nNEVER use array notation in the type field. The type field is a\ndiscriminator that accepts only a single string value.",
+                                    description: "Discriminator value. MUST be a single string, NEVER an array.\n\nFor nullable types, use `IOneOf` instead: `{ oneOf: [{ type: \"string\"\n}, { type: \"null\" }] }`",
                                     type: "string",
                                     "enum": [
                                         "integer"
@@ -1706,21 +1683,19 @@ function createController(props) {
                                     type: "string"
                                 },
                                 contentMediaType: {
-                                    description: "Content media type restriction.\n\nIf you want to accept multiple contentMediaType values simultaneously\n(e.g., `text/plain` and `text/html`), you MUST NOT violate the type by\nusing an array. Instead, use `oneOf` to define multiple `string`\nschemas with different `contentMediaType` values.\n\nExample for accepting both text/plain and text/html:\n\n```typescript\n{\n  \"oneOf\": [\n    { \"type\": \"string\", \"contentMediaType\": \"text/plain\" },\n    { \"type\": \"string\", \"contentMediaType\": \"text/html\" }\n  ]\n}\n```\n\nThis is the CORRECT approach. Never use array notation or modify the\nsingle string type to accept arrays.",
+                                    description: "Content media type restriction.\n\nFor multiple media types, use `oneOf` with separate string schemas per\n`contentMediaType` value. Never use an array here.",
                                     type: "string"
                                 },
                                 minLength: {
-                                    description: "Minimum length restriction.",
                                     type: "integer",
                                     minimum: 0
                                 },
                                 maxLength: {
-                                    description: "Maximum length restriction.",
                                     type: "integer",
                                     minimum: 0
                                 },
                                 type: {
-                                    description: "Discriminator value of the type.\n\nCRITICAL: This MUST be a SINGLE string value, NOT an array. The type\nfield identifies the JSON Schema type and must be exactly one of:\n\"boolean\", \"integer\", \"number\", \"string\", \"array\", \"object\", or\n\"null\".\n\n\u274C INCORRECT: type: [\"string\", \"null\"] // This is WRONG! \u2705 CORRECT:\ntype: \"string\" // For nullable string, use oneOf instead\n\nIf you need to express a nullable type (e.g., string | null), you MUST\nuse the `IOneOf` structure:\n\n```typescript\n{\n  \"oneOf\": [{ \"type\": \"string\" }, { \"type\": \"null\" }]\n}\n```\n\nNEVER use array notation in the type field. The type field is a\ndiscriminator that accepts only a single string value.",
+                                    description: "Discriminator value. MUST be a single string, NEVER an array.\n\nFor nullable types, use `IOneOf` instead: `{ oneOf: [{ type: \"string\"\n}, { type: \"null\" }] }`",
                                     type: "string",
                                     "enum": [
                                         "string"
@@ -1732,15 +1707,15 @@ function createController(props) {
                             ]
                         },
                         "AutoBeOpenApi.IRequestBody": {
-                            description: "Request body information of OpenAPI operation.\n\nThis interface defines the structure for request bodies in API routes. It\ncorresponds to the requestBody section in OpenAPI specifications, providing\nboth a description and schema reference for the request payload.\n\nThe content-type for all request bodies is always `application/json`. Even\nwhen file uploading is required, don't use `multipart/form-data` or\n`application/x-www-form-urlencoded` content types. Instead, just define an\nURI string property in the request body schema.\n\nNote that, all body schemas must be transformable to a\n{@link AutoBeOpenApi.IJsonSchema.IReference reference} type defined in the\n{@link AutoBeOpenApi.IComponents.schemas components section} as an\n{@link AutoBeOpenApi.IJsonSchema.IObject object} type.\n\nIn OpenAPI, this might represent:\n\n```json\n{\n  \"requestBody\": {\n    \"description\": \"Creation info of the order\",\n    \"content\": {\n      \"application/json\": {\n        \"schema\": {\n          \"$ref\": \"#/components/schemas/IShoppingOrder.ICreate\"\n        }\n      }\n    }\n  }\n}\n```",
+                            description: "Request body for an API operation.\n\nContent-type is always `application/json`. For file uploads, use a URI\nstring property instead of `multipart/form-data`.",
                             type: "object",
                             properties: {
                                 description: {
-                                    description: "Description about the request body.\n\nMake short, concise and clear description about the request body.\n\n> MUST be written in English. Never use other languages.",
+                                    description: "Description of the request body.\n\n> MUST be written in English. Never use other languages.",
                                     type: "string"
                                 },
                                 typeName: {
-                                    description: "Request body type name.\n\nThis specifies the data structure expected in the request body, that will\nbe transformed to {@link AutoBeOpenApi.IJsonSchema.IReference reference}\ntype in the {@link AutoBeOpenApi.IComponents.schemas components section}\nas an {@link AutoBeOpenApi.IJsonSchema.Object object} type.\n\nHere is the naming convention for the request body type:\n\n- `IEntityName.ICreate`: Request body for creation operations (POST)\n- `IEntityName.IUpdate`: Request body for update operations (PUT)\n- `IEntityName.IRequest`: Request parameters for list operations (often\n  with search/pagination)\n\nWhat you write:\n\n```json\n{\n  \"typeName\": \"IShoppingOrder.ICreate\"\n}\n```\n\nTransformed to:\n\n```json\n{\n  \"schema\": {\n    \"$ref\": \"#/components/schemas/IShoppingOrder.ICreate\"\n  }\n}\n```",
+                                    description: "Type name referencing a component schema.\n\nNaming convention: `IEntityName.ICreate` (POST), `IEntityName.IUpdate`\n(PUT), `IEntityName.IRequest` (list/search).",
                                     type: "string"
                                 }
                             },
@@ -1750,15 +1725,15 @@ function createController(props) {
                             ]
                         },
                         "AutoBeOpenApi.IResponseBody": {
-                            description: "Response body information for OpenAPI operation.\n\nThis interface defines the structure of a successful response from an API\noperation. It provides a description of the response and a schema reference\nto define the returned data structure.\n\nThe content-type for all responses is always `application/json`. Even when\nfile downloading is required, don't use `application/octet-stream` or\n`multipart/form-data` content types. Instead, just define an URI string\nproperty in the response body schema.\n\nIn OpenAPI, this might represent:\n\n```json\n{\n  \"responses\": {\n    \"200\": {\n      \"description\": \"Order information\",\n      \"content\": {\n        \"application/json\": {\n          \"schema\": { \"$ref\": \"#/components/schemas/IShoppingOrder\" }\n        }\n      }\n    }\n  }\n}\n```",
+                            description: "Response body for an API operation.\n\nContent-type is always `application/json`. For file downloads, use a URI\nstring property instead of `application/octet-stream`.",
                             type: "object",
                             properties: {
                                 description: {
-                                    description: "Description about the response body.\n\nMake short, concise and clear description about the response body.\n\n> MUST be written in English. Never use other languages.",
+                                    description: "Description of the response body.\n\n> MUST be written in English. Never use other languages.",
                                     type: "string"
                                 },
                                 typeName: {
-                                    description: "Response body's data type.\n\nSpecifies the structure of the returned data (response body), that will\nbe transformed to {@link AutoBeOpenApi.IJsonSchema.IReference} type in the\n{@link AutoBeOpenApi.IComponents.schemas components section} as an\n{@link AutoBeOpenApi.IJsonSchema.IObject object} type.\n\nHere is the naming convention for the response body type:\n\n- `IEntityName`: Main entity with detailed information (e.g.,\n  `IShoppingSale`)\n- `IEntityName.ISummary`: Simplified response version with essential\n  properties\n- `IEntityName.IInvert`: Alternative view of an entity from a different\n  perspective\n- `IPageIEntityName`: Paginated results container with `pagination` and\n  `data` properties\n\nWhat you write:\n\n```json\n{\n  \"typeName\": \"IShoppingOrder\"\n}\n```\n\nTransformed to:\n\n```json\n{\n  \"schema\": {\n    \"$ref\": \"#/components/schemas/IShoppingOrder\"\n  }\n}\n```",
+                                    description: "Type name referencing a component schema.\n\nNaming convention: `IEntityName` (full), `IEntityName.ISummary`,\n`IEntityName.IInvert`, `IPageIEntityName` (paginated).",
                                     type: "string"
                                 }
                             },
@@ -1768,15 +1743,15 @@ function createController(props) {
                             ]
                         },
                         "AutoBeOpenApi.IPrerequisite": {
-                            description: "Prerequisite API operation dependency.\n\n`IPrerequisite` defines a dependency relationship between API operations,\nspecifying that certain endpoints must be successfully called before the\ncurrent operation can proceed. This ensures proper resource validation,\nstate checking, and data availability in complex API workflows.\n\n## CRITICAL WARNING: Authentication is NOT a Prerequisite\n\n**NEVER use prerequisites for authentication or authorization checks!**\n\nPrerequisites are ONLY for business logic dependencies such as:\n\n- Checking if a resource exists\n- Verifying resource state\n- Loading required data\n\nDo NOT create prerequisites for:\n\n- Login/authentication endpoints\n- Token validation\n- Permission checks\n- User authorization verification\n\nAuthentication is handled separately via the `authorizationActor` field on\nthe operation itself. Mixing authentication with business prerequisites\ncreates confusion and incorrect test scenarios.\n\n## Core Concept\n\nPrerequisites create an execution dependency graph for API operations. They\nexplicitly declare which APIs must succeed before attempting the current\noperation, preventing invalid states and ensuring data consistency.\n\n## Structure\n\nEach prerequisite consists of:\n\n1. **endpoint**: The API endpoint that must be called first\n2. **description**: Clear explanation of why this prerequisite is required\n\n## Common Use Cases\n\n### 1. Resource Existence Validation\n\n```typescript\n{\n  \"endpoint\": { \"path\": \"/users/{userId}\", \"method\": \"get\" },\n  \"description\": \"User must exist before updating their profile\"\n}\n```\n\n### 2. Parent-Child Relationships\n\n```typescript\n{\n  \"endpoint\": { \"path\": \"/posts/{postId}\", \"method\": \"get\" },\n  \"description\": \"Post must exist before adding comments\"\n}\n```\n\n### 3. State Prerequisites\n\n```typescript\n{\n  \"endpoint\": { \"path\": \"/orders/{orderId}/status\", \"method\": \"get\" },\n  \"description\": \"Order must be in 'confirmed' state before shipping\"\n}\n```\n\n### 4. Business Logic Dependencies\n\n```typescript\n{\n  \"endpoint\": {\n    \"path\": \"/inventory/{productId}/stock\",\n    \"method\": \"get\"\n  },\n  \"description\": \"Product must have sufficient stock before creating order\"\n}\n```\n\n## Implementation Guidelines\n\n1. **Clear Descriptions**: Always explain WHY the prerequisite is needed\n2. **Minimal Dependencies**: Only include truly necessary prerequisites\n3. **Logical Order**: If multiple prerequisites exist, order them logically\n4. **Error Context**: Description should help understand failure scenarios\n5. **No Authentication**: Prerequisites must NEVER be authentication checks\n\n## Test Generation Usage\n\nThe Test Agent utilizes prerequisites to:\n\n- Set up test data in the correct sequence\n- Generate realistic test scenarios\n- Create both positive and negative test cases\n- Ensure proper cleanup in reverse dependency order\n\n## Best Practices\n\n- Keep prerequisite chains as short as possible for performance\n- Consider caching prerequisite results when safe to do so\n- Ensure prerequisite descriptions are specific, not generic\n- Validate that circular dependencies don't exist\n- Document any side effects of prerequisite calls\n- NEVER use for authentication/authorization validation",
+                            description: "Prerequisite API operation that must succeed before the main operation.\n\nONLY for business logic dependencies (resource existence, state checks,\ndata availability). NEVER for authentication or authorization -- those are\nhandled via `authorizationActor`.\n\nKeep prerequisite chains minimal. Descriptions should explain WHY the\ndependency is needed.",
                             type: "object",
                             properties: {
                                 endpoint: {
-                                    description: "The API endpoint that must be called before the main operation.\n\nThis specifies the exact HTTP method and path of the prerequisite API.\nThe endpoint must be a valid operation defined elsewhere in the API\nspecification. Path parameters in the prerequisite endpoint can reference\nthe same parameters available in the main operation.",
+                                    description: "The API endpoint that must be called first.",
                                     $ref: "#/$defs/AutoBeOpenApi.IEndpoint"
                                 },
                                 description: {
-                                    description: "Clear description of why this prerequisite is required.\n\nThis description should explain:\n\n- What validation or check this prerequisite performs\n- What state or condition must be satisfied\n- What happens if this prerequisite fails\n- Any specific data from the prerequisite used by the main operation\n\nThe description helps developers understand the dependency relationship\nand aids in debugging when prerequisites fail.\n\nGuidelines for good descriptions:\n\n- Be specific about the requirement (e.g., \"must be in 'active' state\")\n- Explain business logic constraints (e.g., \"budget must not be exceeded\")\n- Explain data dependencies (e.g., \"provides pricing information needed\")\n- Keep it concise but complete\n\n> MUST be written in English. Never use other languages.",
+                                    description: "Why this prerequisite is required (specific condition or state).\n\n> MUST be written in English. Never use other languages.",
                                     type: "string"
                                 }
                             },
@@ -1790,12 +1765,12 @@ function createController(props) {
                             type: "object",
                             properties: {
                                 path: {
-                                    description: "HTTP path of the API operation.\n\nThe URL path for accessing this API operation, using path parameters\nenclosed in curly braces (e.g., `/shoppings/customers/sales/{saleId}`).\n\nIt must be corresponded to the {@link parameters path parameters}.\n\nThe path structure should clearly indicate which database entity this\noperation is manipulating, helping to ensure all entities have\nappropriate API coverage.\n\nPath validation rules:\n\n- Must start with a forward slash (/)\n- Can contain only: letters (a-z, A-Z), numbers (0-9), forward slashes (/),\n  curly braces for parameters ({paramName}), hyphens (-), and underscores\n  (_)\n- Parameters must be enclosed in curly braces: {paramName}\n- Resource names should be in camelCase\n- No quotes, spaces, or invalid special characters allowed\n- No domain or role-based prefixes\n\nValid examples:\n\n- \"/users\"\n- \"/users/{userId}\"\n- \"/articles/{articleId}/comments\"\n- \"/attachmentFiles\"\n- \"/orders/{orderId}/items/{itemId}\"\n\nInvalid examples:\n\n- \"'/users'\" (contains quotes)\n- \"/user profile\" (contains space)\n- \"/users/[userId]\" (wrong bracket format)\n- \"/admin/users\" (role prefix)\n- \"/api/v1/users\" (API prefix)",
+                                    description: "HTTP path of the API operation.\n\nMust start with `/`. Parameters use curly braces: `{paramName}`. Resource\nnames in camelCase. No quotes, spaces, role prefixes (`/admin/`), or API\nversion prefixes (`/api/v1/`).\n\nAllowed characters: letters, digits, `/`, `{`, `}`, `-`, `_`, `.`",
                                     type: "string",
                                     pattern: "^\\/[a-zA-Z0-9\\/_{}.-]*$"
                                 },
                                 method: {
-                                    description: "HTTP method of the API operation.\n\n**IMPORTANT**: Methods must be written in lowercase only (e.g., \"get\",\nnot \"GET\").\n\nNote that, if the API operation has {@link requestBody}, method must not\nbe `get`.\n\nAlso, even though the API operation has been designed to only get\ninformation, but it needs complicated request information, it must be\ndefined as `patch` method with {@link requestBody} data specification.\n\n- `get`: get information\n- `patch`: get information with complicated request data\n  ({@link requestBody})\n- `post`: create new record\n- `put`: update existing record\n- `delete`: remove record",
+                                    description: "HTTP method (lowercase only).\n\nUse `patch` (not `get`) when a read operation needs a complex\n{@link requestBody}. `get` cannot have a request body.",
                                     type: "string",
                                     "enum": [
                                         "get",
@@ -1813,7 +1788,7 @@ function createController(props) {
                         }
                     }
                 },
-                description: "Process authorization operations generation task or preliminary data\nrequests.\n\nGenerates authorization operations for the given roles and ensures the\ninterface reflects correct permissions and access levels.",
+                description: "Process task or retrieve preliminary data.",
                 validate: (() => { const _iv8 = new Set(["password", "regex", "uuid", "email", "hostname", "idn-email", "idn-hostname", "iri", "iri-reference", "ipv4", "ipv6", "uri", "uri-reference", "uri-template", "url", "date-time", "date", "time", "duration", "json-pointer", "relative-json-pointer"]); const _vv16 = new Set(["password", "regex", "uuid", "email", "hostname", "idn-email", "idn-hostname", "iri", "iri-reference", "ipv4", "ipv6", "uri", "uri-reference", "uri-template", "url", "date-time", "date", "time", "duration", "json-pointer", "relative-json-pointer"]); const _io0 = input => "string" === typeof input.thinking && ("object" === typeof input.request && null !== input.request && _iu0(input.request)); const _io1 = input => "getAnalysisSections" === input.type && (Array.isArray(input.sectionIds) && (1 <= input.sectionIds.length && input.sectionIds.length <= 100 && input.sectionIds.every(elem => "number" === typeof elem && __typia_transform__isTypeUint32._isTypeUint32(elem)))); const _io2 = input => "getDatabaseSchemas" === input.type && (Array.isArray(input.schemaNames) && (1 <= input.schemaNames.length && input.schemaNames.every(elem => "string" === typeof elem))); const _io3 = input => "getPreviousAnalysisSections" === input.type && (Array.isArray(input.sectionIds) && (1 <= input.sectionIds.length && input.sectionIds.every(elem => "number" === typeof elem && __typia_transform__isTypeUint32._isTypeUint32(elem)))); const _io4 = input => "getPreviousDatabaseSchemas" === input.type && (Array.isArray(input.schemaNames) && (1 <= input.schemaNames.length && input.schemaNames.every(elem => "string" === typeof elem))); const _io5 = input => "complete" === input.type && "string" === typeof input.analysis && "string" === typeof input.rationale && (Array.isArray(input.operations) && (1 <= input.operations.length && input.operations.every(elem => "object" === typeof elem && null !== elem && _io6(elem)))); const _io6 = input => "string" === typeof input.specification && "string" === typeof input.description && (null === input.authorizationType || "login" === input.authorizationType || "join" === input.authorizationType || "refresh" === input.authorizationType) && (Array.isArray(input.parameters) && input.parameters.every(elem => "object" === typeof elem && null !== elem && _io7(elem))) && (null === input.requestBody || "object" === typeof input.requestBody && null !== input.requestBody && _io11(input.requestBody)) && (null === input.responseBody || "object" === typeof input.responseBody && null !== input.responseBody && _io12(input.responseBody)) && (null === input.authorizationActor || "string" === typeof input.authorizationActor && (RegExp("^[a-z][a-zA-Z0-9]*$").test(input.authorizationActor) && 1 <= input.authorizationActor.length)) && ("string" === typeof input.name && RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name)) && (Array.isArray(input.prerequisites) && input.prerequisites.every(elem => "object" === typeof elem && null !== elem && _io13(elem))) && ("string" === typeof input.path && RegExp("^\\/[a-zA-Z0-9\\/_{}.-]*$").test(input.path)) && ("get" === input.method || "post" === input.method || "put" === input.method || "delete" === input.method || "patch" === input.method); const _io7 = input => "string" === typeof input.description && ("string" === typeof input.name && RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name)) && ("object" === typeof input.schema && null !== input.schema && _iu1(input.schema)); const _io8 = input => (undefined === input.minimum || "number" === typeof input.minimum && (Math.floor(input.minimum) === input.minimum && -9223372036854776000 <= input.minimum && input.minimum <= 9223372036854776000)) && (undefined === input.maximum || "number" === typeof input.maximum && (Math.floor(input.maximum) === input.maximum && -9223372036854776000 <= input.maximum && input.maximum <= 9223372036854776000)) && (undefined === input.exclusiveMinimum || "number" === typeof input.exclusiveMinimum && (Math.floor(input.exclusiveMinimum) === input.exclusiveMinimum && -9223372036854776000 <= input.exclusiveMinimum && input.exclusiveMinimum <= 9223372036854776000)) && (undefined === input.exclusiveMaximum || "number" === typeof input.exclusiveMaximum && (Math.floor(input.exclusiveMaximum) === input.exclusiveMaximum && -9223372036854776000 <= input.exclusiveMaximum && input.exclusiveMaximum <= 9223372036854776000)) && (undefined === input.multipleOf || "number" === typeof input.multipleOf && (Math.floor(input.multipleOf) === input.multipleOf && 0 <= input.multipleOf && input.multipleOf <= 18446744073709552000 && 0 < input.multipleOf)) && "integer" === input.type; const _io9 = input => (undefined === input.minimum || "number" === typeof input.minimum) && (undefined === input.maximum || "number" === typeof input.maximum) && (undefined === input.exclusiveMinimum || "number" === typeof input.exclusiveMinimum) && (undefined === input.exclusiveMaximum || "number" === typeof input.exclusiveMaximum) && (undefined === input.multipleOf || "number" === typeof input.multipleOf && 0 < input.multipleOf) && "number" === input.type; const _io10 = input => (undefined === input.format || true === _iv8.has(input.format)) && (undefined === input.pattern || "string" === typeof input.pattern) && (undefined === input.contentMediaType || "string" === typeof input.contentMediaType) && (undefined === input.minLength || "number" === typeof input.minLength && (Math.floor(input.minLength) === input.minLength && 0 <= input.minLength && input.minLength <= 18446744073709552000)) && (undefined === input.maxLength || "number" === typeof input.maxLength && (Math.floor(input.maxLength) === input.maxLength && 0 <= input.maxLength && input.maxLength <= 18446744073709552000)) && "string" === input.type; const _io11 = input => "string" === typeof input.description && "string" === typeof input.typeName; const _io12 = input => "string" === typeof input.description && "string" === typeof input.typeName; const _io13 = input => "object" === typeof input.endpoint && null !== input.endpoint && _io14(input.endpoint) && "string" === typeof input.description; const _io14 = input => "string" === typeof input.path && RegExp("^\\/[a-zA-Z0-9\\/_{}.-]*$").test(input.path) && ("get" === input.method || "post" === input.method || "put" === input.method || "delete" === input.method || "patch" === input.method); const _iu0 = input => (() => {
                     if ("getAnalysisSections" === input.type)
                         return _io1(input);