From 2ca2a3d6ba13142418052b0d5a859ce0615bf22c Mon Sep 17 00:00:00 2001
From: Nikolay Tkachenko <ntkachenko@wallarm.com>
Date: Fri, 28 Nov 2025 22:30:59 +0200
Subject: [PATCH 1/3] Bump Up APIFW version

---
 Makefile                                      |   2 +-
 .../OWASP_CoreRuleSet/docker-compose.yml      |   2 +-
 .../docker-compose-api-mode.yml               |   2 +-
 .../docker-compose-graphql-mode.yml           |   2 +-
 demo/docker-compose/docker-compose.yml        |   2 +-
 .../kubernetes/volumes/helm/api-firewall.yaml |   2 +-
 docs/configuration-guides/allowlist.md        |   2 +-
 docs/installation-guides/api-mode.md          |   2 +-
 docs/installation-guides/docker-container.md  |   4 +-
 .../graphql/docker-container.md               |   4 +-
 docs/release-notes.md                         |   4 +
 helm/api-firewall/Chart.yaml                  |   2 +-
 resources/test/docker-compose-api-mode.yml    |   2 +-
 resources/test/k6/30.js                       | 201 +++++++++++++++++
 resources/test/k6/32.js                       | 107 +++++++++
 resources/test/k6/33.js                       | 187 ++++++++++++++++
 resources/test/k6/34.js                       | 211 ++++++++++++++++++
 resources/test/k6/58.js                       | 154 +++++++++++++
 resources/test/k6/59.js                       | 148 ++++++++++++
 ..._account_authorization_validations.test.js |  85 +++++++
 20 files changed, 1111 insertions(+), 14 deletions(-)
 create mode 100644 resources/test/k6/30.js
 create mode 100644 resources/test/k6/32.js
 create mode 100644 resources/test/k6/33.js
 create mode 100644 resources/test/k6/34.js
 create mode 100644 resources/test/k6/58.js
 create mode 100644 resources/test/k6/59.js
 create mode 100644 resources/test/k6/doe_v2_account_authorization_validations.test.js

diff --git a/Makefile b/Makefile
index 81b4db0..fcb3378 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-VERSION := 0.9.3
+VERSION := 0.9.4
 NAMESPACE := github.com/wallarm/api-firewall
 
 .DEFAULT_GOAL := build
diff --git a/demo/docker-compose/OWASP_CoreRuleSet/docker-compose.yml b/demo/docker-compose/OWASP_CoreRuleSet/docker-compose.yml
index b9f5106..12692c3 100644
--- a/demo/docker-compose/OWASP_CoreRuleSet/docker-compose.yml
+++ b/demo/docker-compose/OWASP_CoreRuleSet/docker-compose.yml
@@ -2,7 +2,7 @@ version: "3.8"
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.3
+    image: wallarm/api-firewall:v0.9.4
     restart: on-failure
     environment:
       APIFW_URL: "http://0.0.0.0:8080"
diff --git a/demo/docker-compose/docker-compose-api-mode.yml b/demo/docker-compose/docker-compose-api-mode.yml
index 69416a5..aa2afc2 100644
--- a/demo/docker-compose/docker-compose-api-mode.yml
+++ b/demo/docker-compose/docker-compose-api-mode.yml
@@ -2,7 +2,7 @@ version: '3.8'
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.3
+    image: wallarm/api-firewall:v0.9.4
     restart: on-failure
     environment:
       APIFW_MODE: "api"
diff --git a/demo/docker-compose/docker-compose-graphql-mode.yml b/demo/docker-compose/docker-compose-graphql-mode.yml
index a41590b..e71b445 100644
--- a/demo/docker-compose/docker-compose-graphql-mode.yml
+++ b/demo/docker-compose/docker-compose-graphql-mode.yml
@@ -2,7 +2,7 @@ version: '3.8'
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.3
+    image: wallarm/api-firewall:v0.9.4
     restart: on-failure
     environment:
       APIFW_MODE: "graphql"
diff --git a/demo/docker-compose/docker-compose.yml b/demo/docker-compose/docker-compose.yml
index 7a197e1..1e72822 100644
--- a/demo/docker-compose/docker-compose.yml
+++ b/demo/docker-compose/docker-compose.yml
@@ -2,7 +2,7 @@ version: "3.8"
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.3
+    image: wallarm/api-firewall:v0.9.4
     restart: on-failure
     environment:
       APIFW_URL: "http://0.0.0.0:8080"
diff --git a/demo/kubernetes/volumes/helm/api-firewall.yaml b/demo/kubernetes/volumes/helm/api-firewall.yaml
index 58f922a..3ab1196 100644
--- a/demo/kubernetes/volumes/helm/api-firewall.yaml
+++ b/demo/kubernetes/volumes/helm/api-firewall.yaml
@@ -10,7 +10,7 @@ manifest:
           "url": "https://kennethreitz.org",
           "email": "me@kennethreitz.org"
         },
-        "version": "0.9.3"
+        "version": "0.9.4"
       },
       "servers": [
         {
diff --git a/docs/configuration-guides/allowlist.md b/docs/configuration-guides/allowlist.md
index b89006c..402a431 100644
--- a/docs/configuration-guides/allowlist.md
+++ b/docs/configuration-guides/allowlist.md
@@ -33,7 +33,7 @@ docker run --rm -it --network api-firewall-network --network-alias api-firewall
     -e APIFW_URL=<API_FIREWALL_URL> -e APIFW_SERVER_URL=<PROTECTED_APP_URL> \
     -e APIFW_REQUEST_VALIDATION=<REQUEST_VALIDATION_MODE> -e APIFW_RESPONSE_VALIDATION=<RESPONSE_VALIDATION_MODE> \
     -e APIFW_ALLOW_IP_FILE=/opt/ip-allowlist.txt -e APIFW_ALLOW_IP_HEADER_NAME="X-Real-IP" \
-    -p 8088:8088 wallarm/api-firewall:v0.9.3
+    -p 8088:8088 wallarm/api-firewall:v0.9.4
 ```
 
 | Environment variable | Description |
diff --git a/docs/installation-guides/api-mode.md b/docs/installation-guides/api-mode.md
index f7a5a0c..bf0b526 100644
--- a/docs/installation-guides/api-mode.md
+++ b/docs/installation-guides/api-mode.md
@@ -38,7 +38,7 @@ Use the following command to run the API Firewall container:
 
 ```
 docker run --rm -it -v <PATH_TO_SQLITE_DATABASE>:/var/lib/wallarm-api/1/wallarm_api.db \
-    -e APIFW_MODE=API -p 8282:8282 wallarm/api-firewall:v0.9.3
+    -e APIFW_MODE=API -p 8282:8282 wallarm/api-firewall:v0.9.4
 ```
 
 You can pass to the container the following variables:
diff --git a/docs/installation-guides/docker-container.md b/docs/installation-guides/docker-container.md
index d22a6a9..fadc075 100644
--- a/docs/installation-guides/docker-container.md
+++ b/docs/installation-guides/docker-container.md
@@ -27,7 +27,7 @@ networks:
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.3
+    image: wallarm/api-firewall:v0.9.4
     restart: on-failure
     volumes:
       - <HOST_PATH_TO_SPEC>:<CONTAINER_PATH_TO_SPEC>
@@ -171,6 +171,6 @@ To start API Firewall on Docker, you can also use regular Docker commands as in
         -v <HOST_PATH_TO_SPEC>:<CONTAINER_PATH_TO_SPEC> -e APIFW_API_SPECS=<PATH_TO_MOUNTED_SPEC> \
         -e APIFW_URL=<API_FIREWALL_URL> -e APIFW_SERVER_URL=<PROTECTED_APP_URL> \
         -e APIFW_REQUEST_VALIDATION=<REQUEST_VALIDATION_MODE> -e APIFW_RESPONSE_VALIDATION=<RESPONSE_VALIDATION_MODE> \
-        -p 8088:8088 wallarm/api-firewall:v0.9.3
+        -p 8088:8088 wallarm/api-firewall:v0.9.4
     ```
 4. When the environment is started, test it and enable traffic on API Firewall following steps 6 and 7.
diff --git a/docs/installation-guides/graphql/docker-container.md b/docs/installation-guides/graphql/docker-container.md
index fc2075d..02e353f 100644
--- a/docs/installation-guides/graphql/docker-container.md
+++ b/docs/installation-guides/graphql/docker-container.md
@@ -29,7 +29,7 @@ networks:
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.3
+    image: wallarm/api-firewall:v0.9.4
     restart: on-failure
     volumes:
       - <HOST_PATH_TO_SPEC>:<CONTAINER_PATH_TO_SPEC>
@@ -200,6 +200,6 @@ To start API Firewall on Docker, you can also use regular Docker commands as in
         -e APIFW_GRAPHQL_MAX_QUERY_COMPLEXITY=<MAX_QUERY_COMPLEXITY> \
         -e APIFW_GRAPHQL_MAX_QUERY_DEPTH=<MAX_QUERY_DEPTH> -e APIFW_GRAPHQL_NODE_COUNT_LIMIT=<NODE_COUNT_LIMIT> \
         -e APIFW_GRAPHQL_INTROSPECTION=<ALLOW_INTROSPECTION_OR_NOT> \
-        -p 8088:8088 wallarm/api-firewall:v0.9.3
+        -p 8088:8088 wallarm/api-firewall:v0.9.4
     ```
 4. When the environment is started, test it and enable traffic on API Firewall following steps 6 and 7.
diff --git a/docs/release-notes.md b/docs/release-notes.md
index 7b760d1..f4a5737 100644
--- a/docs/release-notes.md
+++ b/docs/release-notes.md
@@ -2,6 +2,10 @@
 
 This page describes new releases of Wallarm API Firewall.
 
+## v0.9.4 (2025-11-28)
+
+* Dependency upgrade
+
 ## v0.9.3 (2025-08-15)
 
 * Relaxed `content-type` handling: API Firewall no longer rejects requests with image MIME types (image/png, image/jpeg, image/gif, image/webp, image/avif, image/heic, image/heif, image/bmp, image/tiff, image/svg+xml)
diff --git a/helm/api-firewall/Chart.yaml b/helm/api-firewall/Chart.yaml
index f6cb13f..0e39a48 100644
--- a/helm/api-firewall/Chart.yaml
+++ b/helm/api-firewall/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: api-firewall
 version: 0.7.2
-appVersion: 0.9.3
+appVersion: 0.9.4
 description: Wallarm OpenAPI-based API Firewall
 home: https://github.com/wallarm/api-firewall
 icon: https://static.wallarm.com/wallarm-logo.svg
diff --git a/resources/test/docker-compose-api-mode.yml b/resources/test/docker-compose-api-mode.yml
index cbc7c94..35f403e 100644
--- a/resources/test/docker-compose-api-mode.yml
+++ b/resources/test/docker-compose-api-mode.yml
@@ -2,7 +2,7 @@ version: '3.8'
 services:
   api-firewall:
     container_name: api-firewall
-    image: wallarm/api-firewall:v0.9.3
+    image: wallarm/api-firewall:v0.9.4
     build:
       context: ../../
       dockerfile: Dockerfile
diff --git a/resources/test/k6/30.js b/resources/test/k6/30.js
new file mode 100644
index 0000000..b77b652
--- /dev/null
+++ b/resources/test/k6/30.js
@@ -0,0 +1,201 @@
+// file: document_management_all_paths_with_negative.test.js
+import http from 'k6/http';
+import { check, group } from 'k6';
+import { Trend } from 'k6/metrics';
+
+export const options = {
+    vus: Number(__ENV.VUS || 1),
+    iterations: Number(__ENV.ITERATIONS || 1),
+    thresholds: {
+        http_req_failed: ['rate==0'],
+        http_req_duration: ['p(95)<1200'],
+    },
+};
+
+const BASE_URL = __ENV.BASE_URL || 'http://localhost:8282';
+const H = { 'X-Wallarm-Schema-ID': '30' };
+const H_JSON = { ...H, 'Content-Type': 'application/json' };
+const H_BAD = { 'X-Wallarm-Schema-ID': '31' };           // неверное значение
+const H_JSON_BAD = { ...H_BAD, 'Content-Type': 'application/json' }; // неверное значение + JSON
+const EXPECTED = { summary: [{ schema_id: 30, status_code: 200 }] };
+
+const opTrend = new Trend('dm_op_duration_ms');
+
+function t(endpoint) { return `${BASE_URL}${endpoint}`; }
+function j(r) { try { return r.json(); } catch { return null; } }
+function eq(a, b) { return JSON.stringify(a) === JSON.stringify(b); }
+function uuidv4() {
+    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, c => {
+        const r = (Math.random() * 16) | 0, v = c === 'x' ? r : (r & 0x3 | 0x8);
+        return v.toString(16);
+    });
+}
+
+// ========= минимальные payload'ы для позитивных запросов =========
+function payloadEmailBatch() {
+    return {
+        attachments: [],
+        bcc: [],
+        cc: [],
+        contentType: 'HTML',
+        distributionType: 'ATTACHMENT',
+        id: uuidv4(),
+        name: 'batch',
+        notifyAnyway: false,
+        recipientAttachments: [],
+        status: 'DRAFT',
+        to: [],
+        type: 'MARKETING_CAMPAIGN',
+    };
+}
+function payloadFetchPaginatedQueryRequestV2() {
+    return { dataset: 'documents', fields: [{ id: 'id' }], pagination: { first: 1 } };
+}
+function payloadFetchGroupAndAggregateQueryRequestV2() {
+    return { dataset: 'documents', countTotalVisible: false };
+}
+function payloadCreateClientPortalDocumentInput() {
+    return { archived: false, documentName: 'doc', fileName: 'file.pdf' };
+}
+function payloadEditDocumentsInput() { return {}; }
+function payloadDownloadDocumentsInput() { return {}; }
+function payloadEditClientPortalDocumentInput() { return { documentName: 'doc-updated' }; }
+function payloadAddPortalUsersAccessInput() { return {}; }
+function payloadRemovePortalUsersAccessInput() { return {}; }
+function payloadAddBatchRecipientAttachmentRequestBody() { return {}; }
+
+// ========= позитивные кейсы по всей спеке =========
+function makePositiveCases() {
+    const docId = uuidv4();
+    const docId2 = uuidv4();
+    const batchId = uuidv4();
+    const recId = uuidv4();
+
+    return [
+        { m: 'PATCH', p: `/api-internal/document-management/v1/documents`, body: payloadEditDocumentsInput() },
+        { m: 'POST',  p: `/api-internal/document-management/v1/documents/query`, body: payloadFetchPaginatedQueryRequestV2() },
+        { m: 'POST',  p: `/api-internal/document-management/v1/documents/aggregate`, body: payloadFetchGroupAndAggregateQueryRequestV2() },
+        { m: 'GET',   p: `/api-internal/document-management/v1/documents/metadata` },
+        { m: 'POST',  p: `/api-internal/document-management/v1/documents/download`, body: payloadDownloadDocumentsInput() },
+        { m: 'POST',  p: `/api-internal/document-management/v1/documents/download/${docId}` },
+        { m: 'PATCH', p: `/api-internal/document-management/v1/documents/${docId}`, body: payloadEditDocumentsInput() },
+        { m: 'GET',   p: `/api-internal/document-management/v1/documents/upload-status?documentIds=${docId}` },
+        { m: 'GET',   p: `/api-internal/document-management/v1/documents/${docId2}/upload-status` },
+
+        { m: 'GET',   p: `/api-internal/document-management/v1/dataset/documents/metadata` },
+        { m: 'POST',  p: `/api-internal/document-management/v1/dataset/documents/paginated`, body: payloadFetchPaginatedQueryRequestV2() },
+        { m: 'POST',  p: `/api-internal/document-management/v1/dataset/documents/group-and-aggregate`, body: payloadFetchGroupAndAggregateQueryRequestV2() },
+
+        { m: 'POST',  p: `/api-internal/document-management/v1/documents/portal`, body: payloadCreateClientPortalDocumentInput() },
+        { m: 'POST',  p: `/api-internal/document-management/v1/documents/portal/query`, body: payloadFetchPaginatedQueryRequestV2() },
+        { m: 'GET',   p: `/api-internal/document-management/v1/documents/portal/metadata` },
+        { m: 'POST',  p: `/api-internal/document-management/v1/documents/portal/aggregate`, body: payloadFetchGroupAndAggregateQueryRequestV2() },
+        { m: 'PATCH', p: `/api-internal/document-management/v1/documents/portal/${docId}`, body: payloadEditClientPortalDocumentInput() },
+
+        { m: 'POST',  p: `/api-internal/document-management/v1/documents/portal-user-access`, body: payloadAddPortalUsersAccessInput() },
+        { m: 'POST',  p: `/api-internal/document-management/v1/documents/portal-user-access/remove`, body: payloadRemovePortalUsersAccessInput() },
+        { m: 'POST',  p: `/api-internal/document-management/v1/documents/portal-user-access/notification`, body: payloadAddPortalUsersAccessInput() },
+
+        { m: 'POST',  p: `/api-internal/document-management/v1/email-batches`, body: payloadEmailBatch() },
+        { m: 'GET',   p: `/api-internal/document-management/v1/email-batches/metadata` },
+        { m: 'POST',  p: `/api-internal/document-management/v1/email-batches/query`, body: payloadFetchPaginatedQueryRequestV2() },
+        { m: 'POST',  p: `/api-internal/document-management/v1/email-batches/aggregate`, body: payloadFetchGroupAndAggregateQueryRequestV2() },
+        { m: 'GET',   p: `/api-internal/document-management/v1/email-batches/${batchId}` },
+        { m: 'POST',  p: `/api-internal/document-management/v1/email-batches/${batchId}`, body: payloadEmailBatch() },
+        { m: 'POST',  p: `/api-internal/document-management/v1/email-batches/${batchId}/send`, body: payloadEmailBatch() },
+        { m: 'GET',   p: `/api-internal/document-management/v1/email-batches/${batchId}/preview` },
+        { m: 'POST',  p: `/api-internal/document-management/v1/email-batches/${batchId}/document-recipients`, body: payloadAddBatchRecipientAttachmentRequestBody() },
+        { m: 'DELETE',p: `/api-internal/document-management/v1/email-batches/${batchId}/document-recipients` },
+        { m: 'DELETE',p: `/api-internal/document-management/v1/email-batches/${batchId}/document-recipients/${recId}` },
+
+        { m: 'POST',  p: `/api-internal/document-management/v1/email-recipients/query`, body: payloadFetchPaginatedQueryRequestV2() },
+        { m: 'POST',  p: `/api-internal/document-management/v1/email-recipients/aggregate`, body: payloadFetchGroupAndAggregateQueryRequestV2() },
+        { m: 'GET',   p: `/api-internal/document-management/v1/email-recipients/metadata` },
+
+        { m: 'POST',  p: `/api-internal/document-management/v1/document-recipients/query`, body: payloadFetchPaginatedQueryRequestV2() },
+        { m: 'POST',  p: `/api-internal/document-management/v1/document-recipients/aggregate`, body: payloadFetchGroupAndAggregateQueryRequestV2() },
+        { m: 'GET',   p: `/api-internal/document-management/v1/document-recipients/metadata` },
+        { m: 'POST',  p: `/api-internal/document-management/v1/document-recipients/paginated`, body: payloadFetchPaginatedQueryRequestV2() },
+
+        { m: 'GET',   p: `/api-internal/document-management/v1/dataset/document-recipients/metadata` },
+        { m: 'POST',  p: `/api-internal/document-management/v1/dataset/document-recipients/paginated`, body: payloadFetchPaginatedQueryRequestV2() },
+        { m: 'POST',  p: `/api-internal/document-management/v1/dataset/document-recipients/group-and-aggregate`, body: payloadFetchGroupAndAggregateQueryRequestV2() },
+    ];
+}
+
+// ========= негативные кейсы =========
+// - отсутствие заголовка X-Wallarm-Schema-ID
+// - неверный X-Wallarm-Schema-ID
+// - пустые/некорректные тела для эндпоинтов с обязательным body
+// - невалидные UUID в path
+// - отсутствие обязательных query параметров
+function makeNegativeCases() {
+    const badUUID = 'not-a-uuid';
+
+    return [
+        // Нет заголовка X-Wallarm-Schema-ID
+        { title: 'missing header', m: 'GET',  p: `/api-internal/document-management/v1/documents/metadata`, headers: {} },
+        { title: 'missing header', m: 'POST', p: `/api-internal/document-management/v1/documents/query`, headers: { 'Content-Type': 'application/json' }, body: {} },
+
+        // Неверный заголовок X-Wallarm-Schema-ID
+        { title: 'wrong schema id', m: 'GET',  p: `/api-internal/document-management/v1/email-batches/metadata`, headers: H_BAD },
+        { title: 'wrong schema id', m: 'POST', p: `/api-internal/document-management/v1/email-batches`, headers: H_JSON_BAD, body: {} },
+
+        // Пустое тело там, где нужен обязательный body
+        { title: 'empty body', m: 'POST', p: `/api-internal/document-management/v1/dataset/documents/paginated`, headers: H_JSON, body: {} },
+        { title: 'empty body', m: 'POST', p: `/api-internal/document-management/v1/documents/aggregate`, headers: H_JSON, body: {} },
+        { title: 'empty body', m: 'POST', p: `/api-internal/document-management/v1/documents/portal`, headers: H_JSON, body: {} },
+
+        // Невалидный UUID в path
+        { title: 'invalid uuid', m: 'GET',  p: `/api-internal/document-management/v1/email-batches/${badUUID}`, headers: H },
+        { title: 'invalid uuid', m: 'PATCH',p: `/api-internal/document-management/v1/documents/${badUUID}`, headers: H_JSON, body: {} },
+        { title: 'invalid uuid', m: 'GET',  p: `/api-internal/document-management/v1/documents/${badUUID}/upload-status`, headers: H },
+
+        // Отсутствует обязательный query
+        { title: 'missing query', m: 'GET',  p: `/api-internal/document-management/v1/documents/upload-status`, headers: H },
+
+        // Неверный метод (например, DELETE без id where path requires id)
+        { title: 'wrong method shape', m: 'DELETE', p: `/api-internal/document-management/v1/email-batches/document-recipients`, headers: H }, // нет batchId в path
+    ];
+}
+
+function doRequest(method, url, headers, body) {
+    if (method === 'GET')   return http.get(url, { headers });
+    if (method === 'DELETE')return http.del(url, null, { headers });
+    if (method === 'POST')  return http.post(url, body ? JSON.stringify(body) : '', { headers });
+    if (method === 'PATCH') return http.patch(url, body ? JSON.stringify(body) : '', { headers });
+    throw new Error(`Unsupported method ${method}`);
+}
+
+export default function () {
+    const positives = makePositiveCases();
+
+    group('Document Management API – positive cases (expect 200 + stub body)', () => {
+        for (const c of positives) {
+            const url = t(c.p);
+            const headers = (c.m === 'GET' || c.m === 'DELETE') ? H : H_JSON;
+            const res = doRequest(c.m, url, headers, c.body);
+
+            opTrend.add(res.timings.duration, { path: c.p, method: c.m, kind: 'positive' });
+
+            const body = j(res);
+            check(res, { [`${c.m} ${c.p} -> status 200`]: (r) => r.status === 200 });
+            check(body, { [`${c.m} ${c.p} -> expected stub`]: (b) => eq(b, EXPECTED) });
+        }
+    });
+
+    const negatives = makeNegativeCases();
+
+    group('Document Management API – negative cases (expect non-200 and body != stub)', () => {
+        for (const n of negatives) {
+            const url = t(n.p);
+            const res = doRequest(n.m, url, n.headers ?? H, n.body);
+
+            opTrend.add(res.timings.duration, { path: n.p, method: n.m, kind: 'negative', title: n.title });
+
+            const body = j(res);
+            check(res, { [`NEG ${n.m} ${n.p} (${n.title}) -> status != 200`]: (r) => r.status !== 200 });
+            check(body, { [`NEG ${n.m} ${n.p} (${n.title}) -> body != stub`]: (b) => !eq(b, EXPECTED) });
+        }
+    });
+}
\ No newline at end of file
diff --git a/resources/test/k6/32.js b/resources/test/k6/32.js
new file mode 100644
index 0000000..fcb0b37
--- /dev/null
+++ b/resources/test/k6/32.js
@@ -0,0 +1,107 @@
+// file: query_engine_all_paths_schema32.test.js
+import http from 'k6/http';
+import { check, group } from 'k6';
+import { Trend } from 'k6/metrics';
+
+export const options = {
+    vus: Number(__ENV.VUS || 1),
+    iterations: Number(__ENV.ITERATIONS || 1),
+    thresholds: {
+        http_req_failed: ['rate==0'],
+        http_req_duration: ['p(95)<1000'],
+    },
+};
+
+// В спеке servers: [] — задаём вручную или через env
+const BASE_URL = __ENV.BASE_URL || 'http://localhost:8282';
+const DATASET_ID = __ENV.DATASET_ID || 'test-dataset';
+
+// Общие заголовки
+const H = { 'X-Wallarm-Schema-ID': '32' };
+const H_JSON = { ...H, 'Content-Type': 'application/json' };
+
+// Ожидаемый стаб-ответ
+const EXPECTED = { summary: [{ schema_id: 32, status_code: 200 }] };
+
+// Helpers
+function j(r) { try { return r.json(); } catch { return null; } }
+function eq(a, b) { return JSON.stringify(a) === JSON.stringify(b); }
+function u(p) { return `${BASE_URL}${p}`; }
+
+const op = new Trend('qe_op_ms');
+
+export default function () {
+    group('Query Engine API – all endpoints return stub (schema_id=32)', () => {
+        // 1) GET /api/v1/query-engine/datasets
+        {
+            const res = http.get(u(`/api/v1/query-engine/datasets`), { headers: H });
+            op.add(res.timings.duration, { path: '/datasets', method: 'GET' });
+            const body = j(res);
+            check(res, { 'GET /datasets -> 200': (r) => r.status === 200 });
+            check(body, { 'GET /datasets -> expected body': (b) => eq(b, EXPECTED) });
+            console.log('Response body:', body);
+        }
+
+        // 2) GET /api/v1/query-engine/datasets/{id}
+        {
+            const res = http.get(u(`/api/v1/query-engine/datasets/${encodeURIComponent(DATASET_ID)}`), { headers: H });
+            op.add(res.timings.duration, { path: '/datasets/{id}', method: 'GET' });
+            const body = j(res);
+            check(res, { 'GET /datasets/{id} -> 200': (r) => r.status === 200 });
+            check(body, { 'GET /datasets/{id} -> expected body': (b) => eq(b, EXPECTED) });
+            console.log('Response body:', body);
+        }
+
+        // 3) POST /api/v1/query-engine/datasets/{id}/query  (без тела)
+        {
+            const res = http.post(u(`/api/v1/query-engine/datasets/${encodeURIComponent(DATASET_ID)}/query`), '', { headers: H_JSON });
+            op.add(res.timings.duration, { path: '/datasets/{id}/query', method: 'POST' });
+            const body = j(res);
+            check(res, { 'POST /datasets/{id}/query -> 200': (r) => r.status === 200 });
+            check(body, { 'POST /datasets/{id}/query -> expected body': (b) => eq(b, EXPECTED) });
+            console.log('Response body:', body);
+        }
+
+        // 4) POST /api/v1/query-engine/datasets/{id}/query с query-параметрами
+        {
+            const params = { headers: H_JSON };
+            const url = u(`/api/v1/query-engine/datasets/${encodeURIComponent(DATASET_ID)}/query?limit=1&cursor=abc&direction=NEXT`);
+            const res = http.post(url, '', params);
+            op.add(res.timings.duration, { path: '/datasets/{id}/query?params', method: 'POST' });
+            const body = j(res);
+            check(res, { 'POST /datasets/{id}/query?params -> 200': (r) => r.status === 200 });
+            check(body, { 'POST /datasets/{id}/query?params -> expected body': (b) => eq(b, EXPECTED) });
+            console.log('Response body:', body);
+        }
+
+        // 5) POST /api/v1/query-engine/datasets/{id}/export  (без тела)
+        {
+            const res = http.post(u(`/api/v1/query-engine/datasets/${encodeURIComponent(DATASET_ID)}/export`), '', { headers: H_JSON });
+            op.add(res.timings.duration, { path: '/datasets/{id}/export', method: 'POST' });
+            const body = j(res);
+            check(res, { 'POST /datasets/{id}/export -> 200': (r) => r.status === 200 });
+            check(body, { 'POST /datasets/{id}/export -> expected body': (b) => eq(b, EXPECTED) });
+            console.log('Response body:', body);
+        }
+
+        // 6) POST /api/v1/query-engine/datasets/{id}/aggregate  (без тела)
+        {
+            const res = http.post(u(`/api/v1/query-engine/datasets/${encodeURIComponent(DATASET_ID)}/aggregate`), '', { headers: H_JSON });
+            op.add(res.timings.duration, { path: '/datasets/{id}/aggregate', method: 'POST' });
+            const body = j(res);
+            check(res, { 'POST /datasets/{id}/aggregate -> 200': (r) => r.status === 200 });
+            check(body, { 'POST /datasets/{id}/aggregate -> expected body': (b) => eq(b, EXPECTED) });
+            console.log('Response body:', body);
+        }
+
+        // 7) POST /api/v1/query-engine/datasets/{id}/query/count  (без тела)
+        {
+            const res = http.post(u(`/api/v1/query-engine/datasets/${encodeURIComponent(DATASET_ID)}/query/count`), '', { headers: H_JSON });
+            op.add(res.timings.duration, { path: '/datasets/{id}/query/count', method: 'POST' });
+            const body = j(res);
+            check(res, { 'POST /datasets/{id}/query/count -> 200': (r) => r.status === 200 });
+            check(body, { 'POST /datasets/{id}/query/count -> expected body': (b) => eq(b, EXPECTED) });
+            console.log('Response body:', body);
+        }
+    });
+}
\ No newline at end of file
diff --git a/resources/test/k6/33.js b/resources/test/k6/33.js
new file mode 100644
index 0000000..8303274
--- /dev/null
+++ b/resources/test/k6/33.js
@@ -0,0 +1,187 @@
+// file: recon_v3_all_paths_schema33_with_negative.test.js
+import http from 'k6/http';
+import { check, group } from 'k6';
+import { Trend } from 'k6/metrics';
+
+export const options = {
+    vus: Number(__ENV.VUS || 1),
+    iterations: Number(__ENV.ITERATIONS || 1),
+    thresholds: {
+        http_req_failed: ['rate==0'],
+        http_req_duration: ['p(95)<1200'],
+    },
+};
+
+const BASE_URL = __ENV.BASE_URL || 'http://localhost:8282';
+
+// --- Headers
+const H = { 'X-Wallarm-Schema-ID': '33' };
+const H_JSON = { ...H, 'Content-Type': 'application/json' };
+const H_WRONG = { 'X-Wallarm-Schema-ID': '33' };
+const H_JSON_WRONG = { ...H_WRONG, 'Content-Type': 'application/json' };
+
+// --- Expected stub
+const EXPECTED = { summary: [{ schema_id: 33, status_code: 200 }] };
+
+// --- Helpers
+function j(r) { try { return r.json(); } catch { return null; } }
+function eq(a, b) { return JSON.stringify(a) === JSON.stringify(b); }
+function u(p) { return `${BASE_URL}${p}`; }
+function uuidv4() {
+    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, c => {
+        const r = (Math.random() * 16) | 0, v = c === 'x' ? r : (r & 0x3 | 0x8);
+        return v.toString(16);
+    });
+}
+function doRequest(method, url, headers, body) {
+    if (method === 'GET') return http.get(url, { headers });
+    if (method === 'DELETE') return http.del(url, null, { headers });
+    if (method === 'POST') return http.post(url, body ? JSON.stringify(body) : '', { headers });
+    if (method === 'PATCH') return http.patch(url, body ? JSON.stringify(body) : '', { headers });
+    throw new Error(`Unsupported method ${method}`);
+}
+
+const opTrend = new Trend('recon_op_ms');
+
+// --- Minimal valid payloads (по required полям схем)
+function minimalCustodianSetting() {
+    return {
+        customName: 'rs-min',
+        reconcileDate: 'TODAY',
+        updatePriceAtStartOfDay: false,
+        excludeInternalAssetTypes: [],
+        excludeInternalInstrumentTypes: [],
+        excludeInternalTransactionTypes: [],
+        positionReconcileDateType: 'TRADE_DATE',
+        positionReconcileFaceType: 'CURRENT_QUANTITY',
+        positionReconcileValueType: 'BOOK_VALUES',
+        transactionReconcileDateType: 'TRADE_DATE',
+        matchingThresholdsOverride: { value: {} },
+        matchingThresholdsSettings: { value: {} },
+        positionAutoReconcileOverride: { value: {} },
+        positionAutoReconcileSettings: { value: {} },
+        transactionAutoReconcileOverride: { value: {} },
+        transactionAutoReconcileSettings: { value: {} },
+        transactionAutoAcceptCustodianOverride: { value: {} },
+        transactionAutoAcceptCustodianSettings: { value: {} },
+        positionReconcileDateTypeOverrideInstrumentTypes: [],
+    };
+}
+const payloadRuleSetInput = () => ({ ruleSet: minimalCustodianSetting() });
+const payloadUpdateGlobalRule = () => ({ globalRule: { reconcileDate: 'TODAY', updatePriceAtStartOfDay: false } });
+const payloadBulkFilters = () => ({ reconDate: '2025-01-01' });
+const payloadBulkPositions = () => ({ action: 'GET_COUNT', filters: payloadBulkFilters() });
+const payloadBulkMatched   = () => ({ action: 'GET_COUNT', filters: payloadBulkFilters() });
+const payloadBulkUnmatched = () => ({ action: 'GET_COUNT', filters: payloadBulkFilters() });
+const payloadGetNextTrigger = () => ({ /* currentTrigger опционален */ });
+const payloadTxnIds = () => ({ ids: [uuidv4()] });
+const payloadRemoveAssignments = () => ({ custodianIds: ['c1'] });
+const payloadReplaceAssignments = () => ({ ruleSetId: uuidv4(), custodianIds: ['c1'] });
+
+// --- Positive cases
+function makePositiveCases() {
+    const rsId = uuidv4();
+    const qInput = encodeURIComponent(JSON.stringify({})); // required query object
+
+    return [
+        { m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-rules` },
+        { m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-rules/global-rule` },
+        { m: 'PATCH', p: `/api-internal/reconciliation/v1/reconciliation-rules/global-rule`, body: payloadUpdateGlobalRule() },
+
+        { m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets`, body: payloadRuleSetInput() },
+        { m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${rsId}` },
+        { m: 'PATCH', p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${rsId}`, body: payloadRuleSetInput() },
+        { m: 'DELETE',p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${rsId}` },
+
+        { m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/assignments` },
+        { m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${rsId}/assignments` },
+
+        { m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/remove-assignments`, body: payloadRemoveAssignments() },
+        { m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/replace-assignments`, body: payloadReplaceAssignments() },
+
+        { m: 'POST',  p: `/api-internal/reconciliation/v1/ai/get-next-agent-trigger`, body: payloadGetNextTrigger() },
+
+        { m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-positions/actions/bulk`, body: payloadBulkPositions() },
+        { m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-transactions/actions/bulk-matched`, body: payloadBulkMatched() },
+        { m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-transactions/actions/bulk-unmatched`, body: payloadBulkUnmatched() },
+
+        { m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-positions/object-labels?input=${qInput}` },
+
+        { m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-positions/transactions/query`, body: payloadTxnIds() },
+    ];
+}
+
+// --- Negative cases
+function makeNegativeCases() {
+    const badUUID = 'not-a-uuid';
+    const rsId = uuidv4(); // будем использовать валидный для некоторых негативов
+
+    return [
+        // 1) Отсутствует заголовок X-Wallarm-Schema-ID
+        { title: 'missing schema header', m: 'GET',  p: `/api-internal/reconciliation/v1/reconciliation-rules`, headers: {} },
+        { title: 'missing schema header', m: 'POST', p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets`, headers: { 'Content-Type': 'application/json' }, body: payloadRuleSetInput() },
+
+        // 2) Неверный X-Wallarm-Schema-ID
+        { title: 'wrong schema header', m: 'GET',  p: `/api-internal/reconciliation/v1/reconciliation-rules/global-rule`, headers: H_WRONG },
+        { title: 'wrong schema header', m: 'PATCH',p: `/api-internal/reconciliation/v1/reconciliation-rules/global-rule`, headers: H_JSON_WRONG, body: payloadUpdateGlobalRule() },
+
+        // 3) Невалидный UUID в path
+        { title: 'invalid uuid in path', m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${badUUID}`, headers: H },
+        { title: 'invalid uuid in path', m: 'PATCH', p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${badUUID}`, headers: H_JSON, body: payloadRuleSetInput() },
+        { title: 'invalid uuid in path', m: 'DELETE',p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${badUUID}`, headers: H },
+        { title: 'invalid uuid in path', m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${badUUID}/assignments`, headers: H },
+
+        // 4) Пустой/битый body там, где он обязателен
+        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets`, headers: H_JSON, body: {} },
+        { title: 'empty body', m: 'PATCH', p: `/api-internal/reconciliation/v1/reconciliation-rules/global-rule`, headers: H_JSON, body: {} },
+        { title: 'empty body', m: 'PATCH', p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${rsId}`, headers: H_JSON, body: {} },
+        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/ai/get-next-agent-trigger`, headers: H_JSON, body: {} },
+        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-positions/actions/bulk`, headers: H_JSON, body: {} },
+        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-transactions/actions/bulk-matched`, headers: H_JSON, body: {} },
+        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-transactions/actions/bulk-unmatched`, headers: H_JSON, body: {} },
+        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/remove-assignments`, headers: H_JSON, body: {} },
+        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/replace-assignments`, headers: H_JSON, body: {} },
+        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-positions/transactions/query`, headers: H_JSON, body: {} },
+
+        // 5) Плохой query param: input обязателен, отсутствует
+        { title: 'missing required query param', m: 'GET', p: `/api-internal/reconciliation/v1/reconciliation-positions/object-labels`, headers: H },
+
+        // 6) Невалидные поля в body: невалидный UUID в ids
+        { title: 'invalid uuid in body ids', m: 'POST', p: `/api-internal/reconciliation/v1/reconciliation-positions/transactions/query`, headers: H_JSON, body: { ids: ['not-a-uuid'] } },
+
+        // 7) Отсутствующее required поле в bulk-параметрах (нет filters)
+        { title: 'bulk missing filters', m: 'POST', p: `/api-internal/reconciliation/v1/reconciliation-positions/actions/bulk`, headers: H_JSON, body: { action: 'GET_COUNT' } },
+        { title: 'bulk missing action',  m: 'POST', p: `/api-internal/reconciliation/v1/reconciliation-transactions/actions/bulk-matched`, headers: H_JSON, body: { filters: payloadBulkFilters() } },
+    ];
+}
+
+export default function () {
+    // --- Positive run
+    group('Reconciliation API – positive cases (expect 200 + stub)', () => {
+        for (const c of makePositiveCases()) {
+            const url = u(c.p);
+            const headers = (c.m === 'GET' || c.m === 'DELETE') ? H : H_JSON;
+            const res = doRequest(c.m, url, headers, c.body);
+            opTrend.add(res.timings.duration, { path: c.p, method: c.m, kind: 'positive' });
+
+            const body = j(res);
+            check(res, { [`${c.m} ${c.p} -> 200`]: (r) => r.status === 200 });
+            check(body, { [`${c.m} ${c.p} -> expected body`]: (b) => eq(b, EXPECTED) });
+            console.log('Response body:', body);
+        }
+    });
+
+    // --- Negative run
+    group('Reconciliation API – negative cases (expect non-200 and/or body != stub)', () => {
+        for (const n of makeNegativeCases()) {
+            const url = u(n.p);
+            const res = doRequest(n.m, url, n.headers ?? H, n.body);
+            opTrend.add(res.timings.duration, { path: n.p, method: n.m, kind: 'negative', title: n.title });
+
+            const body = j(res);
+            check(res, { [`NEG ${n.m} ${n.p} (${n.title}) -> status != 200`]: (r) => r.status !== 200 });
+            check(body, { [`NEG ${n.m} ${n.p} (${n.title}) -> body != stub`]: (b) => !eq(b, EXPECTED) });
+            console.log('Response body:', body);
+        }
+    });
+}
\ No newline at end of file
diff --git a/resources/test/k6/34.js b/resources/test/k6/34.js
new file mode 100644
index 0000000..8cfb31a
--- /dev/null
+++ b/resources/test/k6/34.js
@@ -0,0 +1,211 @@
+// file: kotlin_service_template_schema34.test.js
+import http from 'k6/http';
+import { check, group } from 'k6';
+import { Trend } from 'k6/metrics';
+
+export const options = {
+    vus: Number(__ENV.VUS || 1),
+    iterations: Number(__ENV.ITERATIONS || 1),
+    thresholds: {
+        http_req_failed: ['rate==0'],
+        http_req_duration: ['p(95)<1200'],
+    },
+};
+
+const BASE_URL = __ENV.BASE_URL || 'http://localhost:8282';
+
+const REQUIRED_HEADERS = {
+    'X-Wallarm-Schema-ID': '34',
+    'rl-tenant-id': __ENV.RL_TENANT_ID || 'tenant-1',
+    'rl-user-id': __ENV.RL_USER_ID || 'user-1',
+};
+const H = { ...REQUIRED_HEADERS };
+const H_JSON = { ...H, 'Content-Type': 'application/json' };
+
+const WRONG_SCHEMA_H = { ...REQUIRED_HEADERS, 'X-Wallarm-Schema-ID': '34' };
+
+const EXPECTED = { summary: [{ schema_id: 34, status_code: 200 }] };
+
+function j(r) { try { return r.json(); } catch { return null; } }
+function eq(a, b) { return JSON.stringify(a) === JSON.stringify(b); }
+function u(p) { return `${BASE_URL}${p}`; }
+function uuid() {
+    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, c => {
+        const r = (Math.random()*16)|0, v = c === 'x' ? r : (r&0x3|0x8);
+        return v.toString(16);
+    });
+}
+
+// ---- минимальные полезные данные ----
+function createWidgetBody() {
+    return { name: 'Widget A', type: 'BASIC', description: 'Example widget' };
+}
+function updateWidgetBody() {
+    return { description: 'Updated description' };
+}
+
+const op = new Trend('kst_op_ms');
+
+// ---- Позитивные тесты ----
+function positiveTests() {
+    group('POSITIVE /api-internal/v1/widgets (GET list)', () => {
+        const url = u('/api-internal/v1/widgets?limit=2&direction=STARTING_AFTER&ids=a&ids=b&types=BASIC');
+        const res = http.get(url, { headers: H });
+        op.add(res.timings.duration, { path: '/widgets', method: 'GET' });
+        const body = j(res);
+        // допускаем 200; если есть тело — сверяем стаб
+        check(res, { 'GET /widgets -> 200': r => r.status === 200 });
+        if (res.body && res.body.length) {
+            check(body, { 'GET /widgets -> expected stub': b => eq(b, EXPECTED) });
+            console.log('Response body:', body);
+        }
+    });
+
+    group('POSITIVE /api-internal/v1/widgets (POST create)', () => {
+        const res = http.post(u('/api-internal/v1/widgets'), JSON.stringify(createWidgetBody()), { headers: H_JSON });
+        op.add(res.timings.duration, { path: '/widgets', method: 'POST' });
+        const body = j(res);
+        // по спеке 201; некоторые стабы могут вернуть 200 — примем оба
+        check(res, { 'POST /widgets -> 201 or 200': r => r.status === 201 || r.status === 200 });
+        if (res.status === 200 || res.headers['Content-Type']?.includes('application/json')) {
+            check(body, { 'POST /widgets -> expected stub (if JSON body)': b => !res.body || eq(b, EXPECTED) });
+            console.log('Response body:', body);
+        }
+    });
+
+    group('POSITIVE /api-internal/v1/widgets/{id} (GET item)', () => {
+        const id = uuid(); // произвольный
+        const res = http.get(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), { headers: H });
+        op.add(res.timings.duration, { path: '/widgets/{id}', method: 'GET' });
+        const body = j(res);
+        check(res, { 'GET /widgets/{id} -> 200 or 404': r => r.status === 200 || r.status === 404 });
+        if (res.status === 200) {
+            check(body, { 'GET /widgets/{id} -> expected stub': b => eq(b, EXPECTED) });
+            console.log('Response body:', body);
+        }
+    });
+
+    group('POSITIVE /api-internal/v1/widgets/{id} (PATCH update)', () => {
+        const id = uuid();
+        const res = http.patch(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), JSON.stringify(updateWidgetBody()), { headers: H_JSON });
+        op.add(res.timings.duration, { path: '/widgets/{id}', method: 'PATCH' });
+        const body = j(res);
+        check(res, { 'PATCH /widgets/{id} -> 200 or 404': r => r.status === 200 || r.status === 404 });
+        if (res.status === 200) {
+            check(body, { 'PATCH /widgets/{id} -> expected stub': b => eq(b, EXPECTED) });
+            console.log('Response body:', body);
+        }
+    });
+
+    group('POSITIVE /api-internal/v1/widgets/{id} (DELETE)', () => {
+        const id = uuid();
+        const res = http.del(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), null, { headers: H });
+        op.add(res.timings.duration, { path: '/widgets/{id}', method: 'DELETE' });
+        // по спеке 204; стабы иногда возвращают 200 — примем оба
+        check(res, { 'DELETE /widgets/{id} -> 204 or 200 or 404': r => [204,200,404].includes(r.status) });
+        if (res.status === 200 && res.body) {
+            check(j(res), { 'DELETE /widgets/{id} -> expected stub if body': b => eq(b, EXPECTED) });
+            console.log('Response body:', res.body);
+        }
+    });
+}
+
+// ---- Негативные тесты ----
+function negativeTests() {
+    // 1) отсутствуют обязательные заголовки
+    group('NEG missing required headers', () => {
+        const url = u('/api-internal/v1/widgets');
+        const res = http.get(url, { headers: { 'X-Wallarm-Schema-ID': '34' } }); // нет rl-tenant-id / rl-user-id
+        op.add(res.timings.duration, { path: '/widgets', method: 'GET', neg: 'missing headers' });
+        check(res, { 'GET /widgets without rl headers -> non-2xx': r => r.status < 200 || r.status >= 300 });
+        check(j(res), { 'body != stub': b => !eq(b, EXPECTED) });
+        console.log('Response body:', res.body);
+    });
+
+    // 2) неверный X-Wallarm-Schema-ID
+    group('NEG wrong X-Wallarm-Schema-ID', () => {
+        const res = http.get(u('/api-internal/v1/widgets'), { headers: WRONG_SCHEMA_H });
+        op.add(res.timings.duration, { path: '/widgets', method: 'GET', neg: 'wrong schema id' });
+        check(res, { 'GET /widgets wrong schema -> non-2xx': r => r.status < 200 || r.status >= 300 });
+        check(j(res), { 'body != stub': b => !eq(b, EXPECTED) });
+        console.log('Response body:', res.body);
+    });
+
+    // 3) невалидные query-параметры (limit < minimum, direction неверный)
+    group('NEG invalid query params', () => {
+        const res1 = http.get(u('/api-internal/v1/widgets?limit=0'), { headers: H }); // minimum: 1
+        op.add(res1.timings.duration, { path: '/widgets', method: 'GET', neg: 'limit=0' });
+        check(res1, { 'GET /widgets limit=0 -> 400 (or non-2xx)': r => r.status === 400 || r.status < 200 || r.status >= 300 });
+        check(j(res1), { 'body != stub': b => !eq(b, EXPECTED) });
+        console.log('Response body:', res1.body);
+
+        const res2 = http.get(u('/api-internal/v1/widgets?direction=SIDEWAYS'), { headers: H });
+        op.add(res2.timings.duration, { path: '/widgets', method: 'GET', neg: 'bad direction' });
+        check(res2, { 'GET /widgets direction invalid -> 400 (or non-2xx)': r => r.status === 400 || r.status < 200 || r.status >= 300 });
+        check(j(res2), { 'body != stub': b => !eq(b, EXPECTED) });
+        console.log('Response body:', res2.body);
+    });
+
+    // 4) create: отсутствует обязательное поле
+    group('NEG POST /widgets missing required body fields', () => {
+        const bad = { name: 'W', description: 'no type' }; // отсутствует type
+        const res = http.post(u('/api-internal/v1/widgets'), JSON.stringify(bad), { headers: H_JSON });
+        op.add(res.timings.duration, { path: '/widgets', method: 'POST', neg: 'missing type' });
+        check(res, { 'POST /widgets missing type -> 400 (or non-2xx)': r => r.status === 400 || r.status < 200 || r.status >= 300 });
+        check(j(res), { 'body != stub': b => !eq(b, EXPECTED) });
+        console.log('Response body:', res.body);
+    });
+
+    // 5) update: пустое тело
+    group('NEG PATCH /widgets/{id} empty body', () => {
+        const id = uuid();
+        const res = http.patch(u(`/api-internal/v1/widgets/${id}`), '', { headers: H_JSON });
+        op.add(res.timings.duration, { path: '/widgets/{id}', method: 'PATCH', neg: 'empty body' });
+        check(res, { 'PATCH /widgets/{id} empty -> 400/404/non-2xx': r => [400,404].includes(r.status) || r.status < 200 || r.status >= 300 });
+        check(j(res), { 'body != stub': b => !eq(b, EXPECTED) });
+        console.log('Response body:', res.body);
+    });
+
+    // 6) get/delete несуществующего id (ожидаем 404)
+    group('NEG GET/DELETE nonexistent id -> 404', () => {
+        const id = 'does-not-exist';
+        const resG = http.get(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), { headers: H });
+        op.add(resG.timings.duration, { path: '/widgets/{id}', method: 'GET', neg: 'nonexistent' });
+        check(resG, { 'GET /widgets/{id} -> 404 or non-2xx': r => r.status === 404 || r.status < 200 || r.status >= 300 });
+        check(j(resG), { 'body != stub': b => !eq(b, EXPECTED) });
+        console.log('Response body:', resG.body);
+
+        const resD = http.del(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), null, { headers: H });
+        op.add(resD.timings.duration, { path: '/widgets/{id}', method: 'DELETE', neg: 'nonexistent' });
+        check(resD, { 'DELETE /widgets/{id} -> 404 or non-2xx': r => r.status === 404 || r.status < 200 || r.status >= 300 });
+        if (resD.body) {
+            check(j(resD), { 'body != stub': b => !eq(b, EXPECTED) });
+            console.log('Response body:', resD.body);
+        }
+    });
+
+    // 7) пропущенные обязательные заголовки на mutate-методах
+    group('NEG missing rl headers on POST/PATCH/DELETE', () => {
+        const id = uuid();
+
+        const resP = http.post(u('/api-internal/v1/widgets'), JSON.stringify(createWidgetBody()), { headers: { 'X-Wallarm-Schema-ID': '34', 'Content-Type': 'application/json' } });
+        op.add(resP.timings.duration, { path: '/widgets', method: 'POST', neg: 'no rl headers' });
+        check(resP, { 'POST /widgets without rl headers -> non-2xx': r => r.status < 200 || r.status >= 300 });
+        console.log('Response body:', resP.body);
+
+        const resU = http.patch(u(`/api-internal/v1/widgets/${id}`), JSON.stringify(updateWidgetBody()), { headers: { 'X-Wallarm-Schema-ID': '34', 'Content-Type': 'application/json' } });
+        op.add(resU.timings.duration, { path: '/widgets/{id}', method: 'PATCH', neg: 'no rl headers' });
+        check(resU, { 'PATCH /widgets/{id} without rl headers -> non-2xx': r => r.status < 200 || r.status >= 300 });
+        console.log('Response body:', resU.body);
+
+        const resD = http.del(u(`/api-internal/v1/widgets/${id}`), null, { headers: { 'X-Wallarm-Schema-ID': '34' } });
+        op.add(resD.timings.duration, { path: '/widgets/{id}', method: 'DELETE', neg: 'no rl headers' });
+        check(resD, { 'DELETE /widgets/{id} without rl headers -> non-2xx': r => r.status < 200 || r.status >= 300 });
+        console.log('Response body:', resD.body);
+    });
+}
+
+export default function () {
+    positiveTests();
+    negativeTests();
+}
\ No newline at end of file
diff --git a/resources/test/k6/58.js b/resources/test/k6/58.js
new file mode 100644
index 0000000..b991ca0
--- /dev/null
+++ b/resources/test/k6/58.js
@@ -0,0 +1,154 @@
+// file: oas31_feature_showcase.test.js
+import http from 'k6/http';
+import { check, group } from 'k6';
+import { Trend } from 'k6/metrics';
+
+export const options = {
+    vus: Number(__ENV.VUS || 1),
+    iterations: Number(__ENV.ITERATIONS || 1),
+    thresholds: {
+        http_req_failed: ['rate==0'],
+        http_req_duration: ['p(95)<1000'],
+    },
+};
+
+const BASE_URL = __ENV.BASE_URL || 'http://localhost:8282';
+
+// общие заголовки и куки
+const H = {
+    'X-Wallarm-Schema-ID': '58',
+    'Cookie': 'SESSIONID=dummy',
+};
+const H_JSON = { ...H, 'Content-Type': 'application/json' };
+
+// ожидаемый стаб
+const EXPECTED = { summary: [{ schema_id: 58, status_code: 200 }] };
+
+function j(r) { try { return r.json(); } catch { return null; } }
+function eq(a, b) { return JSON.stringify(a) === JSON.stringify(b); }
+function u(p) { return `${BASE_URL}${p}`; }
+
+const op = new Trend('oas31_op_ms');
+
+// ------------------ Позитивные кейсы ------------------
+function positives() {
+    group('POSITIVE: /v1/orders (JSON Schema 2020-12 features)', () => {
+        const body = {
+            id: 'ord-1',
+            status: 'NEW',            // const
+            note: 'deliver asap',     // becomes required when flags.express = true (if/then)
+            items: [
+                { sku: 'SKU-1', qty: 1 } // unevaluatedProperties: false enforced in item
+            ],
+            flags: { express: true }  // triggers if/then -> note required
+        };
+        const res = http.post(u('/v1/orders'), JSON.stringify(body), { headers: H_JSON });
+        op.add(res.timings.duration, { path: '/v1/orders', method: 'POST', kind: 'positive' });
+        const bodyJson = j(res);
+        check(res, { '200 /v1/orders': (r) => r.status === 200 });
+        check(bodyJson, { 'expected stub /v1/orders': (b) => eq(b, EXPECTED) });
+        console.log('Response body:', res.body);
+    });
+
+    group('POSITIVE: /v1/orders/{id} (deepObject + allowReserved)', () => {
+        const params = '?filter[date][gt]=2025-01-01&filter[date][lt]=2025-12-31&search=[abc]{def}';
+        const res = http.get(u(`/v1/orders/ord-1${params}`), { headers: H });
+        op.add(res.timings.duration, { path: '/v1/orders/{id}', method: 'GET', kind: 'positive' });
+        const bodyJson = j(res);
+        check(res, { '200 /v1/orders/{id}': (r) => r.status === 200 });
+        check(bodyJson, { 'expected stub /v1/orders/{id}': (b) => eq(b, EXPECTED) });
+        console.log('Response body:', res.body);
+    });
+
+    group('POSITIVE: /v1/profile (JSON and merge-patch)', () => {
+        const resJson = http.patch(u('/v1/profile'), JSON.stringify({ nickname: 'Nick', age: 33 }), { headers: H_JSON });
+        op.add(resJson.timings.duration, { path: '/v1/profile', method: 'PATCH', kind: 'positive-json' });
+        check(resJson, { '200 /v1/profile JSON': (r) => r.status === 200 });
+        check(j(resJson), { 'expected stub /v1/profile JSON': (b) => eq(b, EXPECTED) });
+        console.log('Response body:', resJson.body);
+
+        const resPatch = http.patch(u('/v1/profile'), JSON.stringify({ nickname: null }), { headers: { ...H, 'Content-Type': 'application/merge-patch+json' } });
+        op.add(resPatch.timings.duration, { path: '/v1/profile', method: 'PATCH', kind: 'positive-merge' });
+        check(resPatch, { '200 /v1/profile merge-patch': (r) => r.status === 200 });
+        check(j(resPatch), { 'expected stub /v1/profile merge-patch': (b) => eq(b, EXPECTED) });
+        console.log('Response body:', resPatch.body);
+    });
+
+    group('POSITIVE: /v1/refsibling ($ref with siblings)', () => {
+        // $ref -> codeBase + minLength sibling
+        const res = http.post(u('/v1/refsibling'), JSON.stringify({ code: 'ABC_1' }), { headers: H_JSON });
+        op.add(res.timings.duration, { path: '/v1/refsibling', method: 'POST', kind: 'positive' });
+        check(res, { '200 /v1/refsibling': (r) => r.status === 200 });
+        check(j(res), { 'expected stub /v1/refsibling': (b) => eq(b, EXPECTED) });
+        console.log('Response body:', res.body);
+    });
+}
+
+// ------------------ Негативные кейсы ------------------
+function negatives() {
+    group('NEGATIVE: /v1/orders -> const violation (status != NEW)', () => {
+        const body = {
+            id: 'ord-2',
+            status: 'OLD',         // должно быть NEW
+            items: [{ sku: 'SKU-1', qty: 1 }],
+            flags: { express: false }
+        };
+        const res = http.post(u('/v1/orders'), JSON.stringify(body), { headers: H_JSON });
+        op.add(res.timings.duration, { path: '/v1/orders', method: 'POST', kind: 'neg-const' });
+        const bj = j(res);
+        check(res, { 'non-200 on const violation': (r) => r.status !== 200 });
+        check(bj,  { 'body != stub on const violation': (b) => !eq(b, EXPECTED) });
+    });
+
+    group('NEGATIVE: /v1/orders -> if/then/else (express=true but note missing)', () => {
+        const body = {
+            id: 'ord-3',
+            status: 'NEW',
+            items: [{ sku: 'SKU-1', qty: 1 }],
+            flags: { express: true } // note отсутствует
+        };
+        const res = http.post(u('/v1/orders'), JSON.stringify(body), { headers: H_JSON });
+        op.add(res.timings.duration, { path: '/v1/orders', method: 'POST', kind: 'neg-if-then' });
+        check(res, { 'non-200 on if/then violation': (r) => r.status !== 200 });
+        check(j(res), { 'body != stub on if/then violation': (b) => !eq(b, EXPECTED) });
+    });
+
+    group('NEGATIVE: /v1/orders -> unevaluatedProperties (extra field in item)', () => {
+        const body = {
+            id: 'ord-4',
+            status: 'NEW',
+            items: [{ sku: 'SKU-1', qty: 1, extra: 'nope' }], // лишнее поле
+        };
+        const res = http.post(u('/v1/orders'), JSON.stringify(body), { headers: H_JSON });
+        op.add(res.timings.duration, { path: '/v1/orders', method: 'POST', kind: 'neg-unevaluated' });
+        check(res, { 'non-200 on unevaluatedProperties': (r) => r.status !== 200 });
+        check(j(res), { 'body != stub on unevaluatedProperties': (b) => !eq(b, EXPECTED) });
+    });
+
+    group('NEGATIVE: /v1/profile -> wrong type (age < 0)', () => {
+        const res = http.patch(u('/v1/profile'), JSON.stringify({ age: -1 }), { headers: H_JSON });
+        op.add(res.timings.duration, { path: '/v1/profile', method: 'PATCH', kind: 'neg-age' });
+        check(res, { 'non-200 on min violation': (r) => r.status !== 200 });
+        check(j(res), { 'body != stub on min violation': (b) => !eq(b, EXPECTED) });
+    });
+
+    group('NEGATIVE: /v1/refsibling -> $ref sibling minLength not satisfied', () => {
+        const res = http.post(u('/v1/refsibling'), JSON.stringify({ code: 'A1' }), { headers: H_JSON }); // слишком короткий
+        op.add(res.timings.duration, { path: '/v1/refsibling', method: 'POST', kind: 'neg-ref-sibling' });
+        check(res, { 'non-200 on ref+minLength violation': (r) => r.status !== 200 });
+        check(j(res), { 'body != stub on ref+minLength violation': (b) => !eq(b, EXPECTED) });
+
+    });
+
+    group('NEGATIVE: missing Cookie SESSIONID (security)', () => {
+        const res = http.get(u('/v1/orders/ord-1?search=[abc]'), { headers: { 'X-Wallarm-Schema-ID': '999' } });
+        op.add(res.timings.duration, { path: '/v1/orders/{id}', method: 'GET', kind: 'neg-missing-cookie' });
+        check(res, { 'non-200 without cookie': (r) => r.status !== 200 });
+        check(j(res), { 'body != stub without cookie': (b) => !eq(b, EXPECTED) });
+    });
+}
+
+export default function () {
+    positives();
+    negatives();
+}
\ No newline at end of file
diff --git a/resources/test/k6/59.js b/resources/test/k6/59.js
new file mode 100644
index 0000000..433dc1a
--- /dev/null
+++ b/resources/test/k6/59.js
@@ -0,0 +1,148 @@
+// file: kotlin_service_template_schema34_allof_oneof.test.js
+import http from 'k6/http';
+import { check, group } from 'k6';
+
+export const options = {
+    vus: Number(__ENV.VUS || 1),
+    iterations: Number(__ENV.ITERATIONS || 1),
+};
+
+const BASE_URL = __ENV.BASE_URL || 'http://localhost:8282';
+const H = {
+    'X-Wallarm-Schema-ID': '59',
+    'rl-tenant-id': __ENV.RL_TENANT_ID || 'tenant-1',
+    'rl-user-id': __ENV.RL_USER_ID || 'user-1',
+};
+const H_JSON = { ...H, 'Content-Type': 'application/json' };
+
+// Стаб, который возвращают мок/фильтр Wallarm. Если видим его — пропускаем проверки формы виджета
+const EXPECTED_STUB = { summary: [{ schema_id: 59, status_code: 200 }] };
+
+function j(r) { try { return r.json(); } catch { return null; } }
+function eq(a, b) { return JSON.stringify(a) === JSON.stringify(b); }
+function u(p) { return `${BASE_URL}${p}`; }
+function uuid() {
+    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, c=>{
+        const r=(Math.random()*16)|0, v=c==='x'?r:(r&0x3|0x8); return v.toString(16);
+    });
+}
+
+// -------- Helpers to validate allOf(widgetId + widgetProperties) --------
+function isString(x) { return typeof x === 'string' && x.length >= 0; }
+function checkAllOfWidget(obj) {
+    // widget = allOf(widgetId, widgetProperties) + required: id, name, type, description
+    return obj
+        && isString(obj.id)
+        && isString(obj.name)
+        && isString(obj.type)
+        && isString(obj.description);
+}
+
+// -------- Bodies --------
+const createBody = (overrides={}) => ({
+    name: 'Widget A',
+    type: 'BASIC',
+    description: 'Example',
+    ...overrides,
+});
+const updateBody = (overrides={}) => ({
+    description: 'Updated',
+    ...overrides,
+});
+
+// =================== POSITIVE: проверка allOf ===================
+export default function () {
+    group('ALLOF – Create -> Get -> Update -> Delete', () => {
+        // POST /widgets  (Create)
+        const rCreate = http.post(u('/api-internal/v1/widgets'), JSON.stringify(createBody()), { headers: H_JSON });
+        check(rCreate, {
+            'POST /widgets 201/200': r => r.status === 201 || r.status === 200,
+        });
+        console.log('Response body:', rCreate.body);
+
+        const bjCreate = j(rCreate);
+        if (bjCreate && !eq(bjCreate, EXPECTED_STUB)) {
+            // Если не стаб — проверяем allOf
+            check(bjCreate, { 'create matches allOf widget': b => checkAllOfWidget(b) });
+        }
+
+        // Вытащим id если сервер реально вернул виджет, иначе сгенерим
+        const id = (bjCreate && bjCreate.id && !eq(bjCreate, EXPECTED_STUB)) ? bjCreate.id : uuid();
+
+        // GET /widgets/{id}
+        const rGet = http.get(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), { headers: H });
+        check(rGet, { 'GET /widgets/{id} 200/404': r => [200,404].includes(r.status) });
+        const bjGet = j(rGet);
+        if (rGet.status === 200 && bjGet && !eq(bjGet, EXPECTED_STUB)) {
+            check(bjGet, { 'get matches allOf widget': b => checkAllOfWidget(b) });
+        }
+        console.log('Response body:', rGet.body);
+
+        // PATCH /widgets/{id}
+        const rPatch = http.patch(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), JSON.stringify(updateBody()), { headers: H_JSON });
+        check(rPatch, { 'PATCH /widgets/{id} 200/404': r => [200,404].includes(r.status) });
+        const bjPatch = j(rPatch);
+        if (rPatch.status === 200 && bjPatch && !eq(bjPatch, EXPECTED_STUB)) {
+            check(bjPatch, { 'patch matches allOf widget': b => checkAllOfWidget(b) });
+        }
+        console.log('Response body:', rPatch.body);
+
+        // DELETE /widgets/{id}
+        const rDel = http.del(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), null, { headers: H });
+        check(rDel, { 'DELETE /widgets/{id} 204/200/404': r => [204,200,404].includes(r.status) });
+        console.log('Response body:', rDel.body);
+    });
+
+    // =================== NEGATIVE: нарушаем allOf (required из обеих частей) ===================
+    group('ALLOF – Negative create (missing required fields)', () => {
+        // Нет type
+        const r1 = http.post(u('/api-internal/v1/widgets'), JSON.stringify(createBody({ type: undefined })), { headers: H_JSON });
+        check(r1, { 'missing type -> 400/non-2xx': r => r.status === 400 || r.status < 200 || r.status >= 300 });
+        console.log('Response body:', r1.body);
+
+        // Нет name
+        const r2 = http.post(u('/api-internal/v1/widgets'), JSON.stringify(createBody({ name: undefined })), { headers: H_JSON });
+        check(r2, { 'missing name -> 400/non-2xx': r => r.status === 400 || r.status < 200 || r.status >= 300 });
+        console.log('Response body:', r2.body);
+
+        // Нет description
+        const r3 = http.post(u('/api-internal/v1/widgets'), JSON.stringify(createBody({ description: undefined })), { headers: H_JSON });
+        check(r3, { 'missing description -> 400/non-2xx': r => r.status === 400 || r.status < 200 || r.status >= 300 });
+        console.log('Response body:', r3.body);
+    });
+
+    // =================== ONEOF: примеры (в текущей спеки НЕТ oneOf) ===================
+    // Ниже — шаблон, как тестировать oneOf, если добавишь схему с oneOf в components.
+    /*
+    // Пример схемы (для справки, не исполняется):
+    // components:
+    //   schemas:
+    //     widgetUpsert:
+    //       oneOf:
+    //         - $ref: '#/components/schemas/widgetCreate'  # required: name,type,description
+    //         - $ref: '#/components/schemas/widgetUpdate'  # required: id + (любые свойства)
+    //
+    // Тесты:
+    group('ONEOF – Positive branch #1 (create variant)', () => {
+      const body = { name: 'W', type: 'BASIC', description: 'D' }; // соответствует widgetCreate
+      const r = http.post(u('/api-internal/v1/widgets/upsert'), JSON.stringify(body), { headers: H_JSON });
+      check(r, { 'oneOf create branch -> 200/201': rr => [200,201].includes(rr.status) });
+    });
+
+    group('ONEOF – Positive branch #2 (update variant)', () => {
+      const body = { id: uuid(), description: 'upd only' }; // соответствует widgetUpdate
+      const r = http.post(u('/api-internal/v1/widgets/upsert'), JSON.stringify(body), { headers: H_JSON });
+      check(r, { 'oneOf update branch -> 200/201': rr => [200,201].includes(rr.status) });
+    });
+
+    group('ONEOF – Negative (matches none or multiple)', () => {
+      // 1) Не подходит ни под одну ветку: нет обязательных полей обеих веток
+      const rBad1 = http.post(u('/api-internal/v1/widgets/upsert'), JSON.stringify({ foo: 'bar' }), { headers: H_JSON });
+      check(rBad1, { 'oneOf none -> 400/non-2xx': rr => rr.status === 400 || rr.status < 200 || rr.status >= 300 });
+
+      // 2) Подходит под обе ветки (если такое возможно по схеме) — сервер должен отбраковать
+      const rBad2 = http.post(u('/api-internal/v1/widgets/upsert'), JSON.stringify({ id: uuid(), name: 'W', type: 'BASIC', description: 'D' }), { headers: H_JSON });
+      check(rBad2, { 'oneOf multiple -> 400/non-2xx': rr => rr.status === 400 || rr.status < 200 || rr.status >= 300 });
+    });
+    */
+}
\ No newline at end of file
diff --git a/resources/test/k6/doe_v2_account_authorization_validations.test.js b/resources/test/k6/doe_v2_account_authorization_validations.test.js
new file mode 100644
index 0000000..a6cde71
--- /dev/null
+++ b/resources/test/k6/doe_v2_account_authorization_validations.test.js
@@ -0,0 +1,85 @@
+// doe_v2_account_authorization_validations.test.js
+import http from 'k6/http';
+import { check, group, sleep } from 'k6';
+import { Trend } from 'k6/metrics';
+
+export const options = {
+    vus: Number(__ENV.VUS || 1),
+    iterations: Number(__ENV.ITERATIONS || 1),
+    thresholds: {
+        http_req_failed: ['rate==0'],
+        http_req_duration: ['p(95)<800'],
+        'doe_v2_get_duration': ['p(95)<600'],
+        'doe_v2_post_duration': ['p(95)<600'],
+    },
+};
+
+const BASE_URL = __ENV.BASE_URL || 'http://localhost:8282';
+const TEST_DATE = __ENV.TEST_DATE || new Date().toISOString().slice(0, 10);
+
+const postTrend = new Trend('doe_v2_post_duration');
+const getTrend  = new Trend('doe_v2_get_duration');
+
+// Общие заголовки (по требованию)
+const COMMON_HEADERS_JSON = {
+    'Content-Type': 'application/json',
+    'X-Wallarm-Schema-ID': '29',
+};
+const COMMON_HEADERS = {
+    'X-Wallarm-Schema-ID': '29',
+};
+
+function safeJson(res) {
+    try { return res.json(); } catch { return null; }
+}
+function isString(v) { return typeof v === 'string'; }
+function looksLikeUrl(s) { return isString(s) && /^(https?:\/\/|\/)/i.test(s); }
+
+export default function () {
+    group('POST /api-internal/custodian-data/v1/account-authorization-validations', () => {
+        const endpoint = `${BASE_URL}/api-internal/custodian-data/v1/account-authorization-validations`;
+        const payload = { date: TEST_DATE };
+
+        const res = http.post(endpoint, JSON.stringify(payload), {
+            headers: COMMON_HEADERS_JSON,
+            tags: { service: 'doe-v2', operationId: 'account-authorization-validations-post' },
+        });
+        postTrend.add(res.timings.duration);
+
+        check(res, {
+            'POST status 200': (r) => r.status === 200,
+            'POST content-type JSON': (r) => (r.headers['Content-Type'] || '').includes('application/json'),
+        });
+
+        const json = safeJson(res);
+        check(json, {
+            'POST body is object': (j) => j && typeof j === 'object',
+            'POST has date': (j) => j && isString(j.date),
+            'POST date echoes input': (j) => j && j.date === TEST_DATE,
+        });
+    });
+
+    sleep(0.2);
+
+    group('GET /api-internal/custodian-data/v1/account-authorization-validations/{date}', () => {
+        const endpoint = `${BASE_URL}/api-internal/custodian-data/v1/account-authorization-validations/${encodeURIComponent(TEST_DATE)}`;
+        const res = http.get(endpoint, {
+            headers: COMMON_HEADERS,
+            tags: { service: 'doe-v2', operationId: 'account-authorization-validations-get' },
+        });
+        getTrend.add(res.timings.duration);
+
+        check(res, {
+            'GET status 200': (r) => r.status === 200,
+            'GET content-type JSON': (r) => (r.headers['Content-Type'] || '').includes('application/json'),
+        });
+
+        const json = safeJson(res);
+        check(json, {
+            'GET body is object': (j) => j && typeof j === 'object',
+            'has failureReportUrl': (j) => j && looksLikeUrl(j.failureReportUrl),
+            'has successReportUrl': (j) => j && looksLikeUrl(j.successReportUrl),
+            'has summaryReportUrl': (j) => j && looksLikeUrl(j.summaryReportUrl),
+        });
+    });
+}
\ No newline at end of file

From 874c542c018a71c36639e9564042125d9fd090ea Mon Sep 17 00:00:00 2001
From: Nikolay Tkachenko <ntkachenko@wallarm.com>
Date: Sat, 29 Nov 2025 01:08:50 +0200
Subject: [PATCH 2/3] Update Go version and dependencies

---
 .github/workflows/binaries.yml                |  12 +-
 cmd/api-firewall/tests/wallarm_api2_update.db | Bin 98304 -> 98304 bytes
 go.mod                                        | 109 +++----
 go.sum                                        | 267 ++++++++----------
 internal/platform/validator/issue641_test.go  |   2 +-
 internal/platform/validator/issue789_test.go  |   2 +-
 internal/platform/validator/issue949_test.go  | 116 ++++++++
 .../platform/validator/req_resp_decoder.go    |  17 +-
 .../validator/req_resp_decoder_test.go        |   8 +-
 .../validator/zip_file_upload_test.go         | 123 ++++++++
 pkg/APIMode/apifw_test.go                     |   3 +
 resources/test/k6/30.js                       | 201 -------------
 resources/test/k6/32.js                       | 107 -------
 resources/test/k6/33.js                       | 187 ------------
 resources/test/k6/34.js                       | 211 --------------
 resources/test/k6/58.js                       | 154 ----------
 resources/test/k6/59.js                       | 148 ----------
 ..._account_authorization_validations.test.js |  85 ------
 18 files changed, 433 insertions(+), 1319 deletions(-)
 create mode 100644 internal/platform/validator/issue949_test.go
 create mode 100644 internal/platform/validator/zip_file_upload_test.go
 delete mode 100644 resources/test/k6/30.js
 delete mode 100644 resources/test/k6/32.js
 delete mode 100644 resources/test/k6/33.js
 delete mode 100644 resources/test/k6/34.js
 delete mode 100644 resources/test/k6/58.js
 delete mode 100644 resources/test/k6/59.js
 delete mode 100644 resources/test/k6/doe_v2_account_authorization_validations.test.js

diff --git a/.github/workflows/binaries.yml b/.github/workflows/binaries.yml
index 6a8dc2b..e5f3060 100644
--- a/.github/workflows/binaries.yml
+++ b/.github/workflows/binaries.yml
@@ -51,7 +51,7 @@ jobs:
     needs:
       - draft-release
     env:
-      X_GO_DISTRIBUTION: "https://go.dev/dl/go1.24.6.linux-amd64.tar.gz"
+      X_GO_DISTRIBUTION: "https://go.dev/dl/go1.24.10.linux-amd64.tar.gz"
       APIFIREWALL_NAMESPACE: "github.com/wallarm/api-firewall"
     strategy:
       matrix:
@@ -162,7 +162,7 @@ jobs:
     needs:
       - draft-release
     env:
-      X_GO_VERSION: "1.24.6"
+      X_GO_VERSION: "1.24.10"
       APIFIREWALL_NAMESPACE: "github.com/wallarm/api-firewall"
     strategy:
       matrix:
@@ -272,19 +272,19 @@ jobs:
         include:
           - arch: armv6
             distro: bookworm
-            go_distribution: https://go.dev/dl/go1.24.6.linux-armv6l.tar.gz
+            go_distribution: https://go.dev/dl/go1.24.10.linux-armv6l.tar.gz
             artifact: armv6-libc
           - arch: aarch64
             distro: bookworm
-            go_distribution: https://go.dev/dl/go1.24.6.linux-arm64.tar.gz
+            go_distribution: https://go.dev/dl/go1.24.10.linux-arm64.tar.gz
             artifact: arm64-libc
           - arch: armv6
             distro: alpine_latest
-            go_distribution: https://go.dev/dl/go1.24.6.linux-armv6l.tar.gz
+            go_distribution: https://go.dev/dl/go1.24.10.linux-armv6l.tar.gz
             artifact: armv6-musl
           - arch: aarch64
             distro: alpine_latest
-            go_distribution: https://go.dev/dl/go1.24.6.linux-arm64.tar.gz
+            go_distribution: https://go.dev/dl/go1.24.10.linux-arm64.tar.gz
             artifact: arm64-musl
     steps:
       - uses: actions/checkout@v4
diff --git a/cmd/api-firewall/tests/wallarm_api2_update.db b/cmd/api-firewall/tests/wallarm_api2_update.db
index 2b22ece001d1bb2d961ae36ac87d94a828245d63..e258ef342193e9ac9e6e342a6756102fb9e406b6 100644
GIT binary patch
delta 46
zcmZo@U~6b#n;^}&X`+lX<ED)XezLqy><s*(E%wreO$zPKn|I5)2r(XRGFWE77ytlG
Ca1H$c

delta 46
zcmZo@U~6b#n;^|tJyFJ)v3g^IpDeF2I|ILHi@mgAlR~@6=H0R`LX2CQ43-%%1^@s%
C+zny?

diff --git a/go.mod b/go.mod
index eaaefc7..e4f2862 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/wallarm/api-firewall
 
-go 1.24.6
+go 1.24.10
 
 require (
 	github.com/andybalholm/brotli v1.2.0
@@ -10,25 +10,25 @@ require (
 	github.com/dgraph-io/ristretto v0.2.0
 	github.com/fasthttp/websocket v1.5.12
 	github.com/foxcpp/go-mockdns v1.1.0
-	github.com/gabriel-vasile/mimetype v1.4.9
-	github.com/getkin/kin-openapi v0.132.0
+	github.com/gabriel-vasile/mimetype v1.4.11
+	github.com/getkin/kin-openapi v0.133.0
 	github.com/go-playground/validator v9.31.0+incompatible
 	github.com/golang-jwt/jwt/v5 v5.3.0
 	github.com/golang/mock v1.6.0
 	github.com/google/uuid v1.6.0
 	github.com/karlseguin/ccache/v2 v2.0.8
-	github.com/klauspost/compress v1.18.0
+	github.com/klauspost/compress v1.18.1
 	github.com/mattn/go-sqlite3 v1.14.32
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.23.0
+	github.com/prometheus/client_golang v1.23.2
 	github.com/rs/zerolog v1.34.0
-	github.com/savsgio/gotils v0.0.0-20250408102913-196191ec6287
-	github.com/spf13/viper v1.20.1
-	github.com/stretchr/testify v1.10.0
-	github.com/valyala/fasthttp v1.65.0
+	github.com/savsgio/gotils v0.0.0-20250924091648-bce9a52d7761
+	github.com/spf13/viper v1.21.0
+	github.com/stretchr/testify v1.11.1
+	github.com/valyala/fasthttp v1.68.0
 	github.com/valyala/fastjson v1.6.4
 	github.com/wundergraph/graphql-go-tools v1.67.4
-	golang.org/x/sync v0.16.0
+	golang.org/x/sync v0.18.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -39,75 +39,76 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/buger/jsonparser v1.1.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/corazawaf/libinjection-go v0.2.2 // indirect
+	github.com/corazawaf/libinjection-go v0.2.3 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/eclipse/paho.mqtt.golang v1.2.0 // indirect
-	github.com/fsnotify/fsnotify v1.8.0 // indirect
-	github.com/go-openapi/jsonpointer v0.21.0 // indirect
-	github.com/go-openapi/swag v0.23.0 // indirect
-	github.com/go-playground/locales v0.13.0 // indirect
-	github.com/go-playground/universal-translator v0.17.0 // indirect
-	github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
-	github.com/goccy/go-json v0.10.5 // indirect
-	github.com/gorilla/mux v1.8.0 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/huandu/xstrings v1.2.1 // indirect
-	github.com/imdario/mergo v0.3.8 // indirect
+	github.com/eclipse/paho.mqtt.golang v1.5.1 // indirect
+	github.com/fsnotify/fsnotify v1.9.0 // indirect
+	github.com/go-openapi/jsonpointer v0.22.3 // indirect
+	github.com/go-openapi/swag/jsonname v0.25.4 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
+	github.com/gorilla/mux v1.8.1 // indirect
+	github.com/gorilla/websocket v1.5.3 // indirect
+	github.com/hashicorp/golang-lru v1.0.2 // indirect
+	github.com/huandu/xstrings v1.5.0 // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/jensneuse/abstractlogger v0.0.4 // indirect
-	github.com/jensneuse/byte-template v0.0.0-20200214152254-4f3cf06e5c68 // indirect
+	github.com/jensneuse/byte-template v0.0.0-20231025215717-69252eb3ed56 // indirect
 	github.com/jensneuse/pipeline v0.0.0-20200117120358-9fb4de085cd6 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
-	github.com/leodido/go-urn v1.2.0 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/magefile/mage v1.15.1-0.20241126214340-bdc92f694516 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mailru/easyjson v0.9.1 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/miekg/dns v1.1.57 // indirect
-	github.com/mitchellh/copystructure v1.0.0 // indirect
-	github.com/mitchellh/reflectwalk v1.0.0 // indirect
+	github.com/miekg/dns v1.1.68 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/nats-io/nats.go v1.34.1 // indirect
-	github.com/nats-io/nkeys v0.4.7 // indirect
+	github.com/nats-io/nats.go v1.47.0 // indirect
+	github.com/nats-io/nkeys v0.4.12 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
 	github.com/oasdiff/yaml v0.0.0-20250309154309-f31be36b4037 // indirect
 	github.com/oasdiff/yaml3 v0.0.0-20250309153720-d2182401db90 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/perimeterx/marshmallow v1.1.5 // indirect
-	github.com/petar-dambovaliev/aho-corasick v0.0.0-20240411101913-e07a1f0e8eb4 // indirect
+	github.com/petar-dambovaliev/aho-corasick v0.0.0-20250424160509-463d218d4745 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
-	github.com/prometheus/common v0.65.0 // indirect
-	github.com/prometheus/procfs v0.16.1 // indirect
-	github.com/r3labs/sse/v2 v2.8.1 // indirect
-	github.com/sagikazarmark/locafero v0.7.0 // indirect
+	github.com/prometheus/common v0.67.4 // indirect
+	github.com/prometheus/procfs v0.19.2 // indirect
+	github.com/r3labs/sse/v2 v2.10.0 // indirect
+	github.com/sagikazarmark/locafero v0.12.0 // indirect
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/afero v1.12.0 // indirect
-	github.com/spf13/cast v1.7.1 // indirect
-	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/spf13/afero v1.15.0 // indirect
+	github.com/spf13/cast v1.10.0 // indirect
+	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tidwall/gjson v1.18.0 // indirect
-	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/match v1.2.0 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/tidwall/sjson v1.2.5 // indirect
-	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/valllabh/ocsf-schema-golang v1.0.3 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	github.com/woodsbury/decimal128 v1.4.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.26.0 // indirect
-	golang.org/x/crypto v0.41.0 // indirect
-	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/mod v0.26.0 // indirect
-	golang.org/x/net v0.43.0 // indirect
-	golang.org/x/sys v0.35.0 // indirect
-	golang.org/x/text v0.28.0 // indirect
-	golang.org/x/tools v0.35.0 // indirect
-	google.golang.org/protobuf v1.36.6 // indirect
+	go.uber.org/zap v1.27.1 // indirect
+	go.yaml.in/yaml/v2 v2.4.3 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/crypto v0.45.0 // indirect
+	golang.org/x/exp v0.0.0-20251125195548-87e1e737ad39 // indirect
+	golang.org/x/mod v0.30.0 // indirect
+	golang.org/x/net v0.47.0 // indirect
+	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/tools v0.39.0 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/cenkalti/backoff.v1 v1.1.0 // indirect
 	gopkg.in/go-playground/assert.v1 v1.2.1 // indirect
-	nhooyr.io/websocket v1.8.7 // indirect
+	nhooyr.io/websocket v1.8.17 // indirect
 	rsc.io/binaryregexp v0.2.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 9f1d2ab..8283799 100644
--- a/go.sum
+++ b/go.sum
@@ -18,22 +18,16 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
-github.com/bytedance/sonic v1.10.0-rc h1:3S5HeWxjX08CUqNrXtEittExpJsEKBNzrV5UnrzHxVQ=
-github.com/bytedance/sonic v1.10.0-rc/go.mod h1:ElCzW+ufi8qKqNW0FY314xriJhyJhuoJ3gFZdAHF7NM=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d h1:77cEq6EriyTZ0g/qfRdp61a3Uu/AWrgIq2s0ClJV1g0=
-github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d/go.mod h1:8EPpVsBuRksnlj1mLy4AWzRNQYxauNi62uWcE3to6eA=
-github.com/chenzhuoyu/iasm v0.9.1 h1:tUHQJXo3NhBqw6s33wkGn9SP3bvrWLdlVIJ3hQBL7P0=
-github.com/chenzhuoyu/iasm v0.9.1/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
 github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME=
 github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
 github.com/corazawaf/coraza-coreruleset v0.0.0-20240226094324-415b1017abdc h1:OlJhrgI3I+FLUCTI3JJW8MoqyM78WbqJjecqMnqG+wc=
 github.com/corazawaf/coraza-coreruleset v0.0.0-20240226094324-415b1017abdc/go.mod h1:7rsocqNDkTCira5T0M7buoKR2ehh7YZiPkzxRuAgvVU=
 github.com/corazawaf/coraza/v3 v3.3.3 h1:kqjStHAgWqwP5dh7n0vhTOF0a3t+VikNS/EaMiG0Fhk=
 github.com/corazawaf/coraza/v3 v3.3.3/go.mod h1:xSaXWOhFMSbrV8qOOfBKAyw3aOqfwaSaOy5BgSF8XlA=
-github.com/corazawaf/libinjection-go v0.2.2 h1:Chzodvb6+NXh6wew5/yhD0Ggioif9ACrQGR4qjTCs1g=
-github.com/corazawaf/libinjection-go v0.2.2/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw=
+github.com/corazawaf/libinjection-go v0.2.3 h1:rKiRM8sqbb2A+brb5N8wQ2gyg4oL0tsr3rcMJwVB5Yc=
+github.com/corazawaf/libinjection-go v0.2.3/go.mod h1:Ik/+w3UmTWH9yn366RgS9D95K3y7Atb5m/H/gXzzPCk=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -45,8 +39,8 @@ github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WA
 github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
-github.com/eclipse/paho.mqtt.golang v1.2.0 h1:1F8mhG9+aO5/xpdtFkW4SxOJB67ukuDC3t2y2qayIX0=
-github.com/eclipse/paho.mqtt.golang v1.2.0/go.mod h1:H9keYFcgq3Qr5OUJm/JZI/i6U7joQ8SYLhZwfeOo6Ts=
+github.com/eclipse/paho.mqtt.golang v1.5.1 h1:/VSOv3oDLlpqR2Epjn1Q7b2bSTplJIeV2ISgCl2W7nE=
+github.com/eclipse/paho.mqtt.golang v1.5.1/go.mod h1:1/yJCneuyOoCOzKSsOTUc0AJfpsItBGWvYpBLimhArU=
 github.com/evanphx/json-patch/v5 v5.1.0 h1:B0aXl1o/1cP8NbviYiBMkcHBtUjIJ1/Ccg6b+SwCLQg=
 github.com/evanphx/json-patch/v5 v5.1.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
 github.com/fasthttp/websocket v1.5.12 h1:e4RGPpWW2HTbL3zV0Y/t7g0ub294LkiuXXUuTOUInlE=
@@ -55,102 +49,73 @@ github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7Dlme
 github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
-github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY=
-github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok=
-github.com/getkin/kin-openapi v0.132.0 h1:3ISeLMsQzcb5v26yeJrBcdTCEQTag36ZjaGk7MIRUwk=
-github.com/getkin/kin-openapi v0.132.0/go.mod h1:3OlG51PCYNsPByuiMB0t4fjnNlIDnaEDsjiKUV8nL58=
-github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
-github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
-github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
-github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
-github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
-github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
-github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
-github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q=
-github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
-github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no=
-github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
+github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
+github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/gabriel-vasile/mimetype v1.4.11 h1:AQvxbp830wPhHTqc1u7nzoLT+ZFxGY7emj5DR5DYFik=
+github.com/gabriel-vasile/mimetype v1.4.11/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/getkin/kin-openapi v0.133.0 h1:pJdmNohVIJ97r4AUFtEXRXwESr8b0bD721u/Tz6k8PQ=
+github.com/getkin/kin-openapi v0.133.0/go.mod h1:boAciF6cXk5FhPqe/NQeBTeenbjqU4LhWBf09ILVvWE=
+github.com/go-openapi/jsonpointer v0.22.3 h1:dKMwfV4fmt6Ah90zloTbUKWMD+0he+12XYAsPotrkn8=
+github.com/go-openapi/jsonpointer v0.22.3/go.mod h1:0lBbqeRsQ5lIanv3LHZBrmRGHLHcQoOXQnf88fHlGWo=
+github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI=
+github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag=
+github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls=
+github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator v9.31.0+incompatible h1:UA72EPEogEnq76ehGdEDp4Mit+3FDh548oRqwVgNsHA=
 github.com/go-playground/validator v9.31.0+incompatible/go.mod h1:yrEkQXlcI+PugkyDjY2bRrL/UBU4f3rvrgkN3V8JEig=
-github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
-github.com/go-playground/validator/v10 v10.15.5 h1:LEBecTWb/1j5TNY1YYG2RcOUN3R7NLylN+x8TTueE24=
-github.com/go-playground/validator/v10 v10.15.5/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
 github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
-github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIxtHqx8aGss=
-github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
-github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
-github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
-github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
-github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
-github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
-github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
-github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
-github.com/gobwas/ws v1.3.1 h1:Qi34dfLMWJbiKaNbDVzM9x27nZBjmkaW6i4+Ku+pGVU=
-github.com/gobwas/ws v1.3.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=
-github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
-github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
+github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
 github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
-github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
-github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
-github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
-github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
+github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c=
+github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
 github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
-github.com/huandu/xstrings v1.2.1 h1:v6IdmkCnDhJG/S0ivr58PeIfg+tyhqQYy4YsCsQ0Pdc=
 github.com/huandu/xstrings v1.2.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/imdario/mergo v0.3.8 h1:CGgOkSJeqMRmt0D9XLWExdT4m4F1vd3FV3VPt+0VxkQ=
+github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
+github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
+github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/jcchavezs/mergefs v0.1.0 h1:7oteO7Ocl/fnfFMkoVLJxTveCjrsd//UB0j89xmnpec=
 github.com/jcchavezs/mergefs v0.1.0/go.mod h1:eRLTrsA+vFwQZ48hj8p8gki/5v9C2bFtHH5Mnn4bcGk=
 github.com/jensneuse/abstractlogger v0.0.4 h1:sa4EH8fhWk3zlTDbSncaWKfwxYM8tYSlQ054ETLyyQY=
 github.com/jensneuse/abstractlogger v0.0.4/go.mod h1:6WuamOHuykJk8zED/R0LNiLhWR6C7FIAo43ocUEB3mo=
-github.com/jensneuse/byte-template v0.0.0-20200214152254-4f3cf06e5c68 h1:E80wOd3IFQcoBxLkAUpUQ3BoGrZ4DxhQdP21+HH1s6A=
-github.com/jensneuse/byte-template v0.0.0-20200214152254-4f3cf06e5c68/go.mod h1:0D5r/VSW6D/o65rKLL9xk7sZxL2+oku2HvFPYeIMFr4=
+github.com/jensneuse/byte-template v0.0.0-20231025215717-69252eb3ed56 h1:wo26fh6a6Za0cOMZIopD2sfH/kq83SJ89ixUWl7pCWc=
+github.com/jensneuse/byte-template v0.0.0-20231025215717-69252eb3ed56/go.mod h1:0D5r/VSW6D/o65rKLL9xk7sZxL2+oku2HvFPYeIMFr4=
 github.com/jensneuse/diffview v1.0.0 h1:4b6FQJ7y3295JUHU3tRko6euyEboL825ZsXeZZM47Z4=
 github.com/jensneuse/diffview v1.0.0/go.mod h1:i6IacuD8LnEaPuiyzMHA+Wfz5mAuycMOf3R/orUY9y4=
 github.com/jensneuse/pipeline v0.0.0-20200117120358-9fb4de085cd6 h1:y8hvuqbuVGFNpEos+vB5I5X+QxWm0uyTk+5oeOinMjY=
 github.com/jensneuse/pipeline v0.0.0-20200117120358-9fb4de085cd6/go.mod h1:UsfzaMt+keVOxa007GcCJMFeTHr6voRfBGMQEW7DkdM=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/karlseguin/ccache/v2 v2.0.8 h1:lT38cE//uyf6KcFok0rlgXtGFBWxkI6h/qg4tbFyDnA=
 github.com/karlseguin/ccache/v2 v2.0.8/go.mod h1:2BDThcfQMf/c0jnZowt16eW405XIqZPavt+HoYEtcxQ=
 github.com/karlseguin/expect v1.0.2-0.20190806010014-778a5f0c6003 h1:vJ0Snvo+SLMY72r5J4sEfkuE7AFbixEP2qRbEcum/wA=
 github.com/karlseguin/expect v1.0.2-0.20190806010014-778a5f0c6003/go.mod h1:zNBxMY8P21owkeogJELCLeHIt+voOSduHYTFUbwRAV8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
-github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
-github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
-github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/klauspost/compress v1.18.1 h1:bcSGx7UbpBqMChDtsF28Lw6v/G94LPrrbMbdC3JH2co=
+github.com/klauspost/compress v1.18.1/go.mod h1:ZQFFVG+MdnR0P+l6wpXgIL4NTtwiKIdBnrBd8Nrxr+0=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -161,85 +126,82 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
-github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/logrusorgru/aurora/v3 v3.0.0 h1:R6zcoZZbvVcGMvDCKo45A9U/lzYyzl5NfYIvznmDfE4=
 github.com/logrusorgru/aurora/v3 v3.0.0/go.mod h1:vsR12bk5grlLvLXAYrBsb5Oc/N+LxAlxggSjiwMnCUc=
 github.com/magefile/mage v1.15.1-0.20241126214340-bdc92f694516 h1:aAO0L0ulox6m/CLRYvJff+jWXYYCKGpEm3os7dM/Z+M=
 github.com/magefile/mage v1.15.1-0.20241126214340-bdc92f694516/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
-github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
-github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mailru/easyjson v0.9.1 h1:LbtsOm5WAswyWbvTEOqhypdPeZzHavpZx96/n553mR8=
+github.com/mailru/easyjson v0.9.1/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
+github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-sqlite3 v1.14.32 h1:JD12Ag3oLy1zQA+BNn74xRgaBbdhbNIDYvQUEuuErjs=
 github.com/mattn/go-sqlite3 v1.14.32/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
-github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM=
 github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk=
-github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ=
+github.com/miekg/dns v1.1.68 h1:jsSRkNozw7G/mnmXULynzMNIsgY2dHC8LO6U6Ij2JEA=
+github.com/miekg/dns v1.1.68/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
+github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
+github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
+github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw=
 github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/nats-io/nats.go v1.34.1 h1:syWey5xaNHZgicYBemv0nohUPPmaLteiBEUT6Q5+F/4=
-github.com/nats-io/nats.go v1.34.1/go.mod h1:Ubdu4Nh9exXdSz0RVWRFBbRfrbSxOYd26oF0wkWclB8=
-github.com/nats-io/nkeys v0.4.7 h1:RwNJbbIdYCoClSDNY7QVKZlyb/wfT6ugvFCiKy6vDvI=
-github.com/nats-io/nkeys v0.4.7/go.mod h1:kqXRgRDPlGy7nGaEDMuYzmiJCIAAWDK0IMBtDmGD0nc=
+github.com/nats-io/nats.go v1.47.0 h1:YQdADw6J/UfGUd2Oy6tn4Hq6YHxCaJrVKayxxFqYrgM=
+github.com/nats-io/nats.go v1.47.0/go.mod h1:iRWIPokVIFbVijxuMQq4y9ttaBTMe0SFdlZfMDd+33g=
+github.com/nats-io/nkeys v0.4.12 h1:nssm7JKOG9/x4J8II47VWCL1Ds29avyiQDRn0ckMvDc=
+github.com/nats-io/nkeys v0.4.12/go.mod h1:MT59A1HYcjIcyQDJStTfaOY6vhy9XTUjOFo+SVsvpBg=
 github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
 github.com/oasdiff/yaml v0.0.0-20250309154309-f31be36b4037 h1:G7ERwszslrBzRxj//JalHPu/3yz+De2J+4aLtSRlHiY=
 github.com/oasdiff/yaml v0.0.0-20250309154309-f31be36b4037/go.mod h1:2bpvgLBZEtENV5scfDFEtB/5+1M4hkQhDQrccEJ/qGw=
 github.com/oasdiff/yaml3 v0.0.0-20250309153720-d2182401db90 h1:bQx3WeLcUWy+RletIKwUIt4x3t8n2SxavmoclizMb8c=
 github.com/oasdiff/yaml3 v0.0.0-20250309153720-d2182401db90/go.mod h1:y5+oSEHCPT/DGrS++Wc/479ERge0zTFxaF8PbGKcg2o=
-github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
-github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
+github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
+github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/perimeterx/marshmallow v1.1.5 h1:a2LALqQ1BlHM8PZblsDdidgv1mWi1DgC2UmX50IvK2s=
 github.com/perimeterx/marshmallow v1.1.5/go.mod h1:dsXbUu8CRzfYP5a87xpp0xq9S3u0Vchtcl8we9tYaXw=
-github.com/petar-dambovaliev/aho-corasick v0.0.0-20240411101913-e07a1f0e8eb4 h1:1Kw2vDBXmjop+LclnzCb/fFy+sgb3gYARwfmoUcQe6o=
-github.com/petar-dambovaliev/aho-corasick v0.0.0-20240411101913-e07a1f0e8eb4/go.mod h1:EHPiTAKtiFmrMldLUNswFwfZ2eJIYBHktdaUTZxYWRw=
+github.com/petar-dambovaliev/aho-corasick v0.0.0-20250424160509-463d218d4745 h1:Vpr4VgAizEgEZsaMohpw6JYDP+i9Of9dmdY4ufNP6HI=
+github.com/petar-dambovaliev/aho-corasick v0.0.0-20250424160509-463d218d4745/go.mod h1:EHPiTAKtiFmrMldLUNswFwfZ2eJIYBHktdaUTZxYWRw=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc=
-github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE=
+github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
+github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
 github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
 github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
-github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE=
-github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=
-github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
-github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
-github.com/r3labs/sse/v2 v2.8.1 h1:lZH+W4XOLIq88U5MIHOsLec7+R62uhz3bIi2yn0Sg8o=
-github.com/r3labs/sse/v2 v2.8.1/go.mod h1:Igau6Whc+F17QUgML1fYe1VPZzTV6EMCnYktEmkNJ7I=
+github.com/prometheus/common v0.67.4 h1:yR3NqWO1/UyO1w2PhUvXlGQs/PtFmoveVO0KZ4+Lvsc=
+github.com/prometheus/common v0.67.4/go.mod h1:gP0fq6YjjNCLssJCQp0yk4M8W6ikLURwkdd/YKtTbyI=
+github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws=
+github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw=
+github.com/r3labs/sse/v2 v2.10.0 h1:hFEkLLFY4LDifoHdiCN/LlGBAdVJYsANaLqNYa1l/v0=
+github.com/r3labs/sse/v2 v2.10.0/go.mod h1:Igau6Whc+F17QUgML1fYe1VPZzTV6EMCnYktEmkNJ7I=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
 github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
-github.com/sagikazarmark/locafero v0.7.0 h1:5MqpDsTGNDhY8sGp0Aowyf0qKsPrhewaLSsFaodPcyo=
-github.com/sagikazarmark/locafero v0.7.0/go.mod h1:2za3Cg5rMaTMoG/2Ulr9AwtFaIppKXTRYnozin4aB5k=
+github.com/sagikazarmark/locafero v0.12.0 h1:/NQhBAkUb4+fH1jivKHWusDYFjMOOKU88eegjfxfHb4=
+github.com/sagikazarmark/locafero v0.12.0/go.mod h1:sZh36u/YSZ918v0Io+U9ogLYQJ9tLLBmM4eneO6WwsI=
 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4=
 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY=
-github.com/savsgio/gotils v0.0.0-20250408102913-196191ec6287 h1:qIQ0tWF9vxGtkJa24bR+2i53WBCz1nW/Pc47oVYauC4=
-github.com/savsgio/gotils v0.0.0-20250408102913-196191ec6287/go.mod h1:sM7Mt7uEoCeFSCBM+qBrqvEo+/9vdmj19wzp3yzUhmg=
+github.com/savsgio/gotils v0.0.0-20250924091648-bce9a52d7761 h1:McifyVxygw1d67y6vxUqls2D46J8W9nrki9c8c0eVvE=
+github.com/savsgio/gotils v0.0.0-20250924091648-bce9a52d7761/go.mod h1:Vi9gvHvTw4yCUHIznFl5TPULS7aXwgaTByGeBY75Wko=
 github.com/sebdah/goldie/v2 v2.5.3 h1:9ES/mNN+HNUbNWpVAlrzuZ7jE+Nrczbj8uFRjM7624Y=
 github.com/sebdah/goldie/v2 v2.5.3/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvKI/NNtssI=
 github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
@@ -249,53 +211,49 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sosodev/duration v1.2.0 h1:pqK/FLSjsAADWY74SyWDCjOcd5l7H8GSnnOGEB9A1Us=
 github.com/sosodev/duration v1.2.0/go.mod h1:RQIBBX0+fMLc/D9+Jb/fwvVmo0eZvDDEERAikUR6SDg=
-github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
-github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
-github.com/spf13/afero v1.12.0 h1:UcOPyRBYczmFn6yvphxkn9ZEOY65cpwGKb5mL36mrqs=
-github.com/spf13/afero v1.12.0/go.mod h1:ZTlWwG4/ahT8W7T0WQ5uYmjI9duaLQGy3Q2OAl4sk/4=
-github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y=
-github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
-github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
-github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.20.1 h1:ZMi+z/lvLyPSCoNtFCpqjy0S4kPbirhpTMwl8BkW9X4=
-github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
+github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
+github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
+github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=
+github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
+github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
+github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU=
+github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY=
 github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
-github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
 github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
+github.com/tidwall/match v1.2.0 h1:0pt8FlkOwjN2fPt4bIl4BoNxb98gGHN2ObFEDkrfZnM=
+github.com/tidwall/match v1.2.0/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
 github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
 github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY=
 github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28=
-github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
-github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo=
-github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
-github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0=
 github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
 github.com/valllabh/ocsf-schema-golang v1.0.3 h1:eR8k/3jP/OOqB8LRCtdJ4U+vlgd/gk5y3KMXoodrsrw=
 github.com/valllabh/ocsf-schema-golang v1.0.3/go.mod h1:sZ3as9xqm1SSK5feFWIR2CuGeGRhsM7TR1MbpBctzPk=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasthttp v1.65.0 h1:j/u3uzFEGFfRxw79iYzJN+TteTJwbYkru9uDp3d0Yf8=
-github.com/valyala/fasthttp v1.65.0/go.mod h1:P/93/YkKPMsKSnATEeELUCkG8a7Y+k99uxNHVbKINr4=
+github.com/valyala/fasthttp v1.68.0 h1:v12Nx16iepr8r9ySOwqI+5RBJ/DqTxhOy1HrHoDFnok=
+github.com/valyala/fasthttp v1.68.0/go.mod h1:5EXiRfYQAoiO/khu4oU9VISC/eVY6JqmSpPJoHCKsz4=
 github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXVQ=
 github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
 github.com/vektah/gqlparser/v2 v2.5.11 h1:JJxLtXIoN7+3x6MBdtIP59TP1RANnY7pXOaDnADQSf8=
 github.com/vektah/gqlparser/v2 v2.5.11/go.mod h1:1rCcfwB2ekJofmluGWXMSEnPMZgbxzwj6FaZ/4OT8Cc=
+github.com/woodsbury/decimal128 v1.4.0 h1:xJATj7lLu4f2oObouMt2tgGiElE5gO6mSWUjQsBgUlc=
+github.com/woodsbury/decimal128 v1.4.0/go.mod h1:BP46FUrVjVhdTbKT+XuQh2xfQaGki9LMIRJSFuh6THU=
 github.com/wsxiaoys/terminal v0.0.0-20160513160801-0940f3fc43a0 h1:3UeQBvD0TFrlVjOeLOBz+CPAI8dnbqNSVwUwRrkp7vQ=
 github.com/wsxiaoys/terminal v0.0.0-20160513160801-0940f3fc43a0/go.mod h1:IXCdmsXIht47RaVFLEdVnh1t+pgYtTAhQGj73kz+2DM=
 github.com/wundergraph/graphql-go-tools v1.67.4 h1:1QtoftaZz5sScV/J6XLZ/oTfi1lMHp6UmFkYRQfY2/g=
@@ -314,10 +272,12 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
 go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
-go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
-go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
-golang.org/x/arch v0.4.0 h1:A8WCeEWhLwPBKNbFi5Wv5UTCBx5zzubnXDlMOFAzFMc=
-golang.org/x/arch v0.4.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc=
+go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0=
+go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8=
+go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -326,10 +286,10 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
-golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
-golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
+golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
+golang.org/x/exp v0.0.0-20251125195548-87e1e737ad39 h1:DHNhtq3sNNzrvduZZIiFyXWOL9IWaDPHqTnLJp+rCBY=
+golang.org/x/exp v0.0.0-20251125195548-87e1e737ad39/go.mod h1:46edojNIoXTNOhySWIWdix628clX9ODXwPsQuG6hsK0=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -337,8 +297,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
-golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
+golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
+golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -351,8 +311,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
-golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
+golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
+golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -360,12 +320,11 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
-golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
+golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -380,8 +339,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
-golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
+golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -390,16 +349,14 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
-golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
+golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
@@ -411,14 +368,13 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk=
-golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
-golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
-google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/cenkalti/backoff.v1 v1.1.0 h1:Arh75ttbsvlpVA7WtVpH4u9h6Zl46xuptxqLxPiSo4Y=
 gopkg.in/cenkalti/backoff.v1 v1.1.0/go.mod h1:J6Vskwqd+OMVJl8C33mmtxTBs2gyzfv7UDAkHu8BrjI=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -429,14 +385,11 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/go-playground/assert.v1 v1.2.1 h1:xoYuJVE7KT85PYWrN730RguIQO0ePzVRfFMXadIrXTM=
 gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
-nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
+nhooyr.io/websocket v1.8.17 h1:KEVeLJkUywCKVsnLIDlD/5gtayKp8VoCkksHCGGfT9Y=
+nhooyr.io/websocket v1.8.17/go.mod h1:rN9OFWIUwuxg4fR5tELlYC04bXYowCP9GX47ivo2l+c=
 rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
diff --git a/internal/platform/validator/issue641_test.go b/internal/platform/validator/issue641_test.go
index 90ac3ea..30ef962 100644
--- a/internal/platform/validator/issue641_test.go
+++ b/internal/platform/validator/issue641_test.go
@@ -69,7 +69,7 @@ paths:
 			name:   "failed allof pattern",
 			spec:   allOfSpec,
 			req:    `/items?test=999999`,
-			errStr: `parameter "test" in query has an error: string doesn't match the regular expression "^[0-9]{1,4}$"`,
+			errStr: `parameter "test" in query has an error: doesn't match schema due to: string doesn't match the regular expression "^[0-9]{1,4}$"`,
 		},
 	}
 
diff --git a/internal/platform/validator/issue789_test.go b/internal/platform/validator/issue789_test.go
index fac7524..ed9a258 100644
--- a/internal/platform/validator/issue789_test.go
+++ b/internal/platform/validator/issue789_test.go
@@ -69,7 +69,7 @@ paths:
 			name:   "failed allof object array",
 			spec:   allOfArraySpec,
 			req:    `/items?test=foo`,
-			errStr: `parameter "test" in query has an error: string doesn't match the regular expression`,
+			errStr: `parameter "test" in query has an error: doesn't match schema due to: string doesn't match the regular expression`,
 		},
 		{
 			name: "success oneof string pattern match",
diff --git a/internal/platform/validator/issue949_test.go b/internal/platform/validator/issue949_test.go
new file mode 100644
index 0000000..616503e
--- /dev/null
+++ b/internal/platform/validator/issue949_test.go
@@ -0,0 +1,116 @@
+package validator
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"mime/multipart"
+	"net/http"
+	"net/textproto"
+	"strings"
+	"testing"
+
+	"github.com/getkin/kin-openapi/openapi3"
+	"github.com/getkin/kin-openapi/openapi3filter"
+	"github.com/getkin/kin-openapi/routers/gorillamux"
+	"github.com/stretchr/testify/require"
+)
+
+const testSchema = `
+openapi: 3.0.0
+info:
+  title: 'Validator'
+  version: 0.0.1
+paths:
+  /test:
+    post:
+      requestBody:
+        required: true
+        content:
+          multipart/form-data:
+            schema:
+              type: object
+              properties:
+                file:
+                  type: string
+                  format: binary
+                counts:
+                  type: object
+                  properties:
+                    name:
+                      type: string
+                    count:
+                      type: integer
+                primitive:
+                  type: integer
+      responses:
+        '200':
+          description: OK
+`
+
+type count struct {
+	Name  string `json:"name"`
+	Count int    `json:"count"`
+}
+
+func TestIssue949(t *testing.T) {
+	loader := openapi3.NewLoader()
+	doc, err := loader.LoadFromData([]byte(testSchema))
+	require.NoError(t, err)
+
+	err = doc.Validate(context.Background())
+	require.NoError(t, err)
+
+	router, err := gorillamux.NewRouter(doc)
+	require.NoError(t, err)
+
+	body := &bytes.Buffer{}
+	writer := multipart.NewWriter(body)
+
+	// Add the counts object to the request body
+	h := make(textproto.MIMEHeader)
+	h.Set("Content-Disposition", fmt.Sprintf(`form-data; name="%s"`, "counts"))
+	h.Set("Content-Type", "application/json")
+	fw, err := writer.CreatePart(h)
+	require.NoError(t, err)
+
+	countStruct := count{Name: "foo", Count: 7}
+	countBody, err := json.Marshal(countStruct)
+	require.NoError(t, err)
+	_, err = fw.Write(countBody)
+	require.NoError(t, err)
+
+	// Add the file to the request body
+	fw, err = writer.CreateFormFile("file", "hello.txt")
+	require.NoError(t, err)
+
+	_, err = io.Copy(fw, strings.NewReader("hello"))
+	require.NoError(t, err)
+
+	// Add the primitive integer to the request body
+	fw, err = writer.CreateFormField("primitive")
+	require.NoError(t, err)
+	_, err = fw.Write([]byte("1"))
+	require.NoError(t, err)
+
+	writer.Close()
+
+	req, _ := http.NewRequest(http.MethodPost, "/test", bytes.NewReader(body.Bytes()))
+	req.Header.Set("Content-Type", writer.FormDataContentType())
+
+	route, pathParams, err := router.FindRoute(req)
+	require.NoError(t, err)
+
+	reqBody := route.Operation.RequestBody.Value
+
+	requestValidationInput := &openapi3filter.RequestValidationInput{
+		Request:    req,
+		PathParams: pathParams,
+		Route:      route,
+	}
+
+	err = openapi3filter.ValidateRequestBody(context.TODO(), requestValidationInput, reqBody)
+	require.NoError(t, err)
+}
diff --git a/internal/platform/validator/req_resp_decoder.go b/internal/platform/validator/req_resp_decoder.go
index b4307e9..f11e24b 100644
--- a/internal/platform/validator/req_resp_decoder.go
+++ b/internal/platform/validator/req_resp_decoder.go
@@ -1231,7 +1231,7 @@ var headerCT = http.CanonicalHeaderKey("Content-Type")
 const prefixUnsupportedCT = "unsupported content type"
 
 // getBodyDecoder searches by media type or suffix and returns body decoder or error
-func getBodyDecoder(mediaType, suffix string) (BodyDecoder, error) {
+func getBodyDecoder(schema *openapi3.SchemaRef, mediaType, suffix string) (BodyDecoder, error) {
 	var decoder BodyDecoder
 	var ok bool
 
@@ -1273,7 +1273,7 @@ func decodeBody(body io.Reader, header http.Header, schema *openapi3.SchemaRef,
 		}
 	}
 	mediaType, suffix := parseMediaType(contentType)
-	decoder, err := getBodyDecoder(mediaType, suffix)
+	decoder, err := getBodyDecoder(schema, mediaType, suffix)
 	if err != nil {
 		return "", nil, err
 	}
@@ -1561,13 +1561,24 @@ func multipartBodyDecoder(body io.Reader, header http.Header, schema *openapi3.S
 			}
 		}
 
+		partHeader := http.Header(part.Header)
 		var value any
-		if _, value, err = decodeBody(part, http.Header(part.Header), valueSchema, subEncFn, jsonParser); err != nil {
+		if _, value, err = decodeBody(part, partHeader, valueSchema, subEncFn, jsonParser); err != nil {
 			if v, ok := err.(*ParseError); ok {
 				return nil, &ParseError{path: []any{name}, Cause: v}
 			}
 			return nil, fmt.Errorf("part %s: %w", name, err)
 		}
+		// Parse primitive types when no content type is explicitely provided, or the content type is set to text/plain
+		contentType := partHeader.Get(headerCT)
+		if contentType == "" || contentType == "text/plain" {
+			if value, err = parsePrimitive(value.(string), valueSchema); err != nil {
+				if v, ok := err.(*ParseError); ok {
+					return nil, &ParseError{path: []any{name}, Cause: v}
+				}
+				return nil, fmt.Errorf("part %s: %w", name, err)
+			}
+		}
 		values[name] = append(values[name], value)
 	}
 
diff --git a/internal/platform/validator/req_resp_decoder_test.go b/internal/platform/validator/req_resp_decoder_test.go
index afd5391..3d48525 100644
--- a/internal/platform/validator/req_resp_decoder_test.go
+++ b/internal/platform/validator/req_resp_decoder_test.go
@@ -23,8 +23,8 @@ import (
 )
 
 var (
-	explode   = openapi3.BoolPtr(true)
-	noExplode = openapi3.BoolPtr(false)
+	explode   = openapi3.Ptr(true)
+	noExplode = openapi3.Ptr(false)
 	arrayOf   = func(items *openapi3.SchemaRef) *openapi3.SchemaRef {
 		return &openapi3.SchemaRef{Value: &openapi3.Schema{Type: &openapi3.Types{"array"}, Items: items}}
 	}
@@ -1725,7 +1725,7 @@ func TestDecodeBody(t *testing.T) {
 				WithProperty("b", openapi3.NewIntegerSchema()).
 				WithProperty("c", openapi3.NewArraySchema().WithItems(openapi3.NewStringSchema())),
 			encoding: map[string]*openapi3.Encoding{
-				"c": {Style: openapi3.SerializationSpaceDelimited, Explode: openapi3.BoolPtr(false)},
+				"c": {Style: openapi3.SerializationSpaceDelimited, Explode: openapi3.Ptr(false)},
 			},
 			want: map[string]any{"a": "a1", "b": int64(10), "c": []any{"c1", "c2"}},
 		},
@@ -1738,7 +1738,7 @@ func TestDecodeBody(t *testing.T) {
 				WithProperty("b", openapi3.NewIntegerSchema()).
 				WithProperty("c", openapi3.NewArraySchema().WithItems(openapi3.NewStringSchema())),
 			encoding: map[string]*openapi3.Encoding{
-				"c": {Style: openapi3.SerializationPipeDelimited, Explode: openapi3.BoolPtr(false)},
+				"c": {Style: openapi3.SerializationPipeDelimited, Explode: openapi3.Ptr(false)},
 			},
 			want: map[string]any{"a": "a1", "b": int64(10), "c": []any{"c1", "c2"}},
 		},
diff --git a/internal/platform/validator/zip_file_upload_test.go b/internal/platform/validator/zip_file_upload_test.go
new file mode 100644
index 0000000..7a165f1
--- /dev/null
+++ b/internal/platform/validator/zip_file_upload_test.go
@@ -0,0 +1,123 @@
+package validator
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"mime/multipart"
+	"net/http"
+	"net/textproto"
+	"testing"
+
+	"github.com/getkin/kin-openapi/openapi3"
+	"github.com/getkin/kin-openapi/openapi3filter"
+	"github.com/getkin/kin-openapi/routers/gorillamux"
+	"github.com/stretchr/testify/require"
+	"github.com/valyala/fastjson"
+)
+
+func TestValidateZipFileUpload(t *testing.T) {
+	RegisterBodyDecoder("application/zip", zipFileBodyDecoder)
+	t.Cleanup(func() {
+		openapi3filter.UnregisterBodyDecoder("application/zip")
+	})
+
+	const spec = `
+openapi: 3.0.0
+info:
+  title: 'Validator'
+  version: 0.0.1
+paths:
+  /test:
+    post:
+      requestBody:
+        required: true
+        content:
+          multipart/form-data:
+            schema:
+              type: object
+              required:
+                - file
+              properties:
+                file:
+                  type: string
+                  format: binary
+      responses:
+        '200':
+          description: Created
+`
+
+	loader := openapi3.NewLoader()
+	doc, err := loader.LoadFromData([]byte(spec))
+	require.NoError(t, err)
+
+	err = doc.Validate(loader.Context)
+	require.NoError(t, err)
+
+	router, err := gorillamux.NewRouter(doc)
+	require.NoError(t, err)
+
+	tests := []struct {
+		zipData []byte
+		wantErr bool
+	}{
+		{
+			[]byte{
+				0x50, 0x4b, 0x03, 0x04, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7c, 0x7d, 0x23, 0x56, 0xcd, 0xfd, 0x67, 0xf8, 0x07, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x09, 0x00, 0x1c, 0x00, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x74, 0x78, 0x74, 0x55, 0x54, 0x09, 0x00, 0x03, 0xac, 0xce, 0xb3, 0x63, 0xaf, 0xce, 0xb3, 0x63, 0x75, 0x78, 0x0b, 0x00, 0x01, 0x04, 0xf7, 0x01, 0x00, 0x00, 0x04, 0x14, 0x00, 0x00, 0x00, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x2e, 0x0a, 0x50, 0x4b, 0x01, 0x02, 0x1e, 0x03, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7c, 0x7d, 0x23, 0x56, 0xcd, 0xfd, 0x67, 0xf8, 0x07, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x09, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xa4, 0x81, 0x00, 0x00, 0x00, 0x00, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x74, 0x78, 0x74, 0x55, 0x54, 0x05, 0x00, 0x03, 0xac, 0xce, 0xb3, 0x63, 0x75, 0x78, 0x0b, 0x00, 0x01, 0x04, 0xf7, 0x01, 0x00, 0x00, 0x04, 0x14, 0x00, 0x00, 0x00, 0x50, 0x4b, 0x05, 0x06, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x4f, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x00, 0x00, 0x00, 0x00,
+			},
+			false,
+		},
+		{
+			[]byte{
+				0x50, 0x4b, 0x05, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			}, // No entry
+			true,
+		},
+	}
+	for _, tt := range tests {
+		body := &bytes.Buffer{}
+		writer := multipart.NewWriter(body)
+
+		{ // Add file data
+			h := make(textproto.MIMEHeader)
+			h.Set("Content-Disposition", `form-data; name="file"; filename="hello.zip"`)
+			h.Set("Content-Type", "application/zip")
+
+			fw, err := writer.CreatePart(h)
+			require.NoError(t, err)
+			_, err = io.Copy(fw, bytes.NewReader(tt.zipData))
+
+			require.NoError(t, err)
+		}
+
+		writer.Close()
+
+		req, err := http.NewRequest(http.MethodPost, "/test", bytes.NewReader(body.Bytes()))
+		require.NoError(t, err)
+
+		req.Header.Set("Content-Type", writer.FormDataContentType())
+
+		route, pathParams, err := router.FindRoute(req)
+		require.NoError(t, err)
+
+		jsonParser := &fastjson.Parser{}
+		if err = ValidateRequestBody(
+			context.Background(),
+			&openapi3filter.RequestValidationInput{
+				Request:    req,
+				PathParams: pathParams,
+				Route:      route,
+			},
+			route.Operation.RequestBody.Value,
+			jsonParser,
+		); err != nil {
+			if !tt.wantErr {
+				t.Errorf("got %v", err)
+			}
+			continue
+		}
+		if tt.wantErr {
+			t.Errorf("want err")
+		}
+	}
+}
diff --git a/pkg/APIMode/apifw_test.go b/pkg/APIMode/apifw_test.go
index 9502161..dd8192a 100644
--- a/pkg/APIMode/apifw_test.go
+++ b/pkg/APIMode/apifw_test.go
@@ -462,6 +462,9 @@ func TestAPIFWBasicErrors(t *testing.T) {
 	}
 	bw.Flush()
 
+	// reset the reader
+	r.Reset(bufio.NewReader(w))
+
 	// check ErrSchemaNotFound
 	_, err = apifw.ValidateRequestFromReader([]int{wrongIntSchemaID}, r)
 	if !errors.Is(err, validator.ErrSchemaNotFound) {
diff --git a/resources/test/k6/30.js b/resources/test/k6/30.js
deleted file mode 100644
index b77b652..0000000
--- a/resources/test/k6/30.js
+++ /dev/null
@@ -1,201 +0,0 @@
-// file: document_management_all_paths_with_negative.test.js
-import http from 'k6/http';
-import { check, group } from 'k6';
-import { Trend } from 'k6/metrics';
-
-export const options = {
-    vus: Number(__ENV.VUS || 1),
-    iterations: Number(__ENV.ITERATIONS || 1),
-    thresholds: {
-        http_req_failed: ['rate==0'],
-        http_req_duration: ['p(95)<1200'],
-    },
-};
-
-const BASE_URL = __ENV.BASE_URL || 'http://localhost:8282';
-const H = { 'X-Wallarm-Schema-ID': '30' };
-const H_JSON = { ...H, 'Content-Type': 'application/json' };
-const H_BAD = { 'X-Wallarm-Schema-ID': '31' };           // неверное значение
-const H_JSON_BAD = { ...H_BAD, 'Content-Type': 'application/json' }; // неверное значение + JSON
-const EXPECTED = { summary: [{ schema_id: 30, status_code: 200 }] };
-
-const opTrend = new Trend('dm_op_duration_ms');
-
-function t(endpoint) { return `${BASE_URL}${endpoint}`; }
-function j(r) { try { return r.json(); } catch { return null; } }
-function eq(a, b) { return JSON.stringify(a) === JSON.stringify(b); }
-function uuidv4() {
-    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, c => {
-        const r = (Math.random() * 16) | 0, v = c === 'x' ? r : (r & 0x3 | 0x8);
-        return v.toString(16);
-    });
-}
-
-// ========= минимальные payload'ы для позитивных запросов =========
-function payloadEmailBatch() {
-    return {
-        attachments: [],
-        bcc: [],
-        cc: [],
-        contentType: 'HTML',
-        distributionType: 'ATTACHMENT',
-        id: uuidv4(),
-        name: 'batch',
-        notifyAnyway: false,
-        recipientAttachments: [],
-        status: 'DRAFT',
-        to: [],
-        type: 'MARKETING_CAMPAIGN',
-    };
-}
-function payloadFetchPaginatedQueryRequestV2() {
-    return { dataset: 'documents', fields: [{ id: 'id' }], pagination: { first: 1 } };
-}
-function payloadFetchGroupAndAggregateQueryRequestV2() {
-    return { dataset: 'documents', countTotalVisible: false };
-}
-function payloadCreateClientPortalDocumentInput() {
-    return { archived: false, documentName: 'doc', fileName: 'file.pdf' };
-}
-function payloadEditDocumentsInput() { return {}; }
-function payloadDownloadDocumentsInput() { return {}; }
-function payloadEditClientPortalDocumentInput() { return { documentName: 'doc-updated' }; }
-function payloadAddPortalUsersAccessInput() { return {}; }
-function payloadRemovePortalUsersAccessInput() { return {}; }
-function payloadAddBatchRecipientAttachmentRequestBody() { return {}; }
-
-// ========= позитивные кейсы по всей спеке =========
-function makePositiveCases() {
-    const docId = uuidv4();
-    const docId2 = uuidv4();
-    const batchId = uuidv4();
-    const recId = uuidv4();
-
-    return [
-        { m: 'PATCH', p: `/api-internal/document-management/v1/documents`, body: payloadEditDocumentsInput() },
-        { m: 'POST',  p: `/api-internal/document-management/v1/documents/query`, body: payloadFetchPaginatedQueryRequestV2() },
-        { m: 'POST',  p: `/api-internal/document-management/v1/documents/aggregate`, body: payloadFetchGroupAndAggregateQueryRequestV2() },
-        { m: 'GET',   p: `/api-internal/document-management/v1/documents/metadata` },
-        { m: 'POST',  p: `/api-internal/document-management/v1/documents/download`, body: payloadDownloadDocumentsInput() },
-        { m: 'POST',  p: `/api-internal/document-management/v1/documents/download/${docId}` },
-        { m: 'PATCH', p: `/api-internal/document-management/v1/documents/${docId}`, body: payloadEditDocumentsInput() },
-        { m: 'GET',   p: `/api-internal/document-management/v1/documents/upload-status?documentIds=${docId}` },
-        { m: 'GET',   p: `/api-internal/document-management/v1/documents/${docId2}/upload-status` },
-
-        { m: 'GET',   p: `/api-internal/document-management/v1/dataset/documents/metadata` },
-        { m: 'POST',  p: `/api-internal/document-management/v1/dataset/documents/paginated`, body: payloadFetchPaginatedQueryRequestV2() },
-        { m: 'POST',  p: `/api-internal/document-management/v1/dataset/documents/group-and-aggregate`, body: payloadFetchGroupAndAggregateQueryRequestV2() },
-
-        { m: 'POST',  p: `/api-internal/document-management/v1/documents/portal`, body: payloadCreateClientPortalDocumentInput() },
-        { m: 'POST',  p: `/api-internal/document-management/v1/documents/portal/query`, body: payloadFetchPaginatedQueryRequestV2() },
-        { m: 'GET',   p: `/api-internal/document-management/v1/documents/portal/metadata` },
-        { m: 'POST',  p: `/api-internal/document-management/v1/documents/portal/aggregate`, body: payloadFetchGroupAndAggregateQueryRequestV2() },
-        { m: 'PATCH', p: `/api-internal/document-management/v1/documents/portal/${docId}`, body: payloadEditClientPortalDocumentInput() },
-
-        { m: 'POST',  p: `/api-internal/document-management/v1/documents/portal-user-access`, body: payloadAddPortalUsersAccessInput() },
-        { m: 'POST',  p: `/api-internal/document-management/v1/documents/portal-user-access/remove`, body: payloadRemovePortalUsersAccessInput() },
-        { m: 'POST',  p: `/api-internal/document-management/v1/documents/portal-user-access/notification`, body: payloadAddPortalUsersAccessInput() },
-
-        { m: 'POST',  p: `/api-internal/document-management/v1/email-batches`, body: payloadEmailBatch() },
-        { m: 'GET',   p: `/api-internal/document-management/v1/email-batches/metadata` },
-        { m: 'POST',  p: `/api-internal/document-management/v1/email-batches/query`, body: payloadFetchPaginatedQueryRequestV2() },
-        { m: 'POST',  p: `/api-internal/document-management/v1/email-batches/aggregate`, body: payloadFetchGroupAndAggregateQueryRequestV2() },
-        { m: 'GET',   p: `/api-internal/document-management/v1/email-batches/${batchId}` },
-        { m: 'POST',  p: `/api-internal/document-management/v1/email-batches/${batchId}`, body: payloadEmailBatch() },
-        { m: 'POST',  p: `/api-internal/document-management/v1/email-batches/${batchId}/send`, body: payloadEmailBatch() },
-        { m: 'GET',   p: `/api-internal/document-management/v1/email-batches/${batchId}/preview` },
-        { m: 'POST',  p: `/api-internal/document-management/v1/email-batches/${batchId}/document-recipients`, body: payloadAddBatchRecipientAttachmentRequestBody() },
-        { m: 'DELETE',p: `/api-internal/document-management/v1/email-batches/${batchId}/document-recipients` },
-        { m: 'DELETE',p: `/api-internal/document-management/v1/email-batches/${batchId}/document-recipients/${recId}` },
-
-        { m: 'POST',  p: `/api-internal/document-management/v1/email-recipients/query`, body: payloadFetchPaginatedQueryRequestV2() },
-        { m: 'POST',  p: `/api-internal/document-management/v1/email-recipients/aggregate`, body: payloadFetchGroupAndAggregateQueryRequestV2() },
-        { m: 'GET',   p: `/api-internal/document-management/v1/email-recipients/metadata` },
-
-        { m: 'POST',  p: `/api-internal/document-management/v1/document-recipients/query`, body: payloadFetchPaginatedQueryRequestV2() },
-        { m: 'POST',  p: `/api-internal/document-management/v1/document-recipients/aggregate`, body: payloadFetchGroupAndAggregateQueryRequestV2() },
-        { m: 'GET',   p: `/api-internal/document-management/v1/document-recipients/metadata` },
-        { m: 'POST',  p: `/api-internal/document-management/v1/document-recipients/paginated`, body: payloadFetchPaginatedQueryRequestV2() },
-
-        { m: 'GET',   p: `/api-internal/document-management/v1/dataset/document-recipients/metadata` },
-        { m: 'POST',  p: `/api-internal/document-management/v1/dataset/document-recipients/paginated`, body: payloadFetchPaginatedQueryRequestV2() },
-        { m: 'POST',  p: `/api-internal/document-management/v1/dataset/document-recipients/group-and-aggregate`, body: payloadFetchGroupAndAggregateQueryRequestV2() },
-    ];
-}
-
-// ========= негативные кейсы =========
-// - отсутствие заголовка X-Wallarm-Schema-ID
-// - неверный X-Wallarm-Schema-ID
-// - пустые/некорректные тела для эндпоинтов с обязательным body
-// - невалидные UUID в path
-// - отсутствие обязательных query параметров
-function makeNegativeCases() {
-    const badUUID = 'not-a-uuid';
-
-    return [
-        // Нет заголовка X-Wallarm-Schema-ID
-        { title: 'missing header', m: 'GET',  p: `/api-internal/document-management/v1/documents/metadata`, headers: {} },
-        { title: 'missing header', m: 'POST', p: `/api-internal/document-management/v1/documents/query`, headers: { 'Content-Type': 'application/json' }, body: {} },
-
-        // Неверный заголовок X-Wallarm-Schema-ID
-        { title: 'wrong schema id', m: 'GET',  p: `/api-internal/document-management/v1/email-batches/metadata`, headers: H_BAD },
-        { title: 'wrong schema id', m: 'POST', p: `/api-internal/document-management/v1/email-batches`, headers: H_JSON_BAD, body: {} },
-
-        // Пустое тело там, где нужен обязательный body
-        { title: 'empty body', m: 'POST', p: `/api-internal/document-management/v1/dataset/documents/paginated`, headers: H_JSON, body: {} },
-        { title: 'empty body', m: 'POST', p: `/api-internal/document-management/v1/documents/aggregate`, headers: H_JSON, body: {} },
-        { title: 'empty body', m: 'POST', p: `/api-internal/document-management/v1/documents/portal`, headers: H_JSON, body: {} },
-
-        // Невалидный UUID в path
-        { title: 'invalid uuid', m: 'GET',  p: `/api-internal/document-management/v1/email-batches/${badUUID}`, headers: H },
-        { title: 'invalid uuid', m: 'PATCH',p: `/api-internal/document-management/v1/documents/${badUUID}`, headers: H_JSON, body: {} },
-        { title: 'invalid uuid', m: 'GET',  p: `/api-internal/document-management/v1/documents/${badUUID}/upload-status`, headers: H },
-
-        // Отсутствует обязательный query
-        { title: 'missing query', m: 'GET',  p: `/api-internal/document-management/v1/documents/upload-status`, headers: H },
-
-        // Неверный метод (например, DELETE без id where path requires id)
-        { title: 'wrong method shape', m: 'DELETE', p: `/api-internal/document-management/v1/email-batches/document-recipients`, headers: H }, // нет batchId в path
-    ];
-}
-
-function doRequest(method, url, headers, body) {
-    if (method === 'GET')   return http.get(url, { headers });
-    if (method === 'DELETE')return http.del(url, null, { headers });
-    if (method === 'POST')  return http.post(url, body ? JSON.stringify(body) : '', { headers });
-    if (method === 'PATCH') return http.patch(url, body ? JSON.stringify(body) : '', { headers });
-    throw new Error(`Unsupported method ${method}`);
-}
-
-export default function () {
-    const positives = makePositiveCases();
-
-    group('Document Management API – positive cases (expect 200 + stub body)', () => {
-        for (const c of positives) {
-            const url = t(c.p);
-            const headers = (c.m === 'GET' || c.m === 'DELETE') ? H : H_JSON;
-            const res = doRequest(c.m, url, headers, c.body);
-
-            opTrend.add(res.timings.duration, { path: c.p, method: c.m, kind: 'positive' });
-
-            const body = j(res);
-            check(res, { [`${c.m} ${c.p} -> status 200`]: (r) => r.status === 200 });
-            check(body, { [`${c.m} ${c.p} -> expected stub`]: (b) => eq(b, EXPECTED) });
-        }
-    });
-
-    const negatives = makeNegativeCases();
-
-    group('Document Management API – negative cases (expect non-200 and body != stub)', () => {
-        for (const n of negatives) {
-            const url = t(n.p);
-            const res = doRequest(n.m, url, n.headers ?? H, n.body);
-
-            opTrend.add(res.timings.duration, { path: n.p, method: n.m, kind: 'negative', title: n.title });
-
-            const body = j(res);
-            check(res, { [`NEG ${n.m} ${n.p} (${n.title}) -> status != 200`]: (r) => r.status !== 200 });
-            check(body, { [`NEG ${n.m} ${n.p} (${n.title}) -> body != stub`]: (b) => !eq(b, EXPECTED) });
-        }
-    });
-}
\ No newline at end of file
diff --git a/resources/test/k6/32.js b/resources/test/k6/32.js
deleted file mode 100644
index fcb0b37..0000000
--- a/resources/test/k6/32.js
+++ /dev/null
@@ -1,107 +0,0 @@
-// file: query_engine_all_paths_schema32.test.js
-import http from 'k6/http';
-import { check, group } from 'k6';
-import { Trend } from 'k6/metrics';
-
-export const options = {
-    vus: Number(__ENV.VUS || 1),
-    iterations: Number(__ENV.ITERATIONS || 1),
-    thresholds: {
-        http_req_failed: ['rate==0'],
-        http_req_duration: ['p(95)<1000'],
-    },
-};
-
-// В спеке servers: [] — задаём вручную или через env
-const BASE_URL = __ENV.BASE_URL || 'http://localhost:8282';
-const DATASET_ID = __ENV.DATASET_ID || 'test-dataset';
-
-// Общие заголовки
-const H = { 'X-Wallarm-Schema-ID': '32' };
-const H_JSON = { ...H, 'Content-Type': 'application/json' };
-
-// Ожидаемый стаб-ответ
-const EXPECTED = { summary: [{ schema_id: 32, status_code: 200 }] };
-
-// Helpers
-function j(r) { try { return r.json(); } catch { return null; } }
-function eq(a, b) { return JSON.stringify(a) === JSON.stringify(b); }
-function u(p) { return `${BASE_URL}${p}`; }
-
-const op = new Trend('qe_op_ms');
-
-export default function () {
-    group('Query Engine API – all endpoints return stub (schema_id=32)', () => {
-        // 1) GET /api/v1/query-engine/datasets
-        {
-            const res = http.get(u(`/api/v1/query-engine/datasets`), { headers: H });
-            op.add(res.timings.duration, { path: '/datasets', method: 'GET' });
-            const body = j(res);
-            check(res, { 'GET /datasets -> 200': (r) => r.status === 200 });
-            check(body, { 'GET /datasets -> expected body': (b) => eq(b, EXPECTED) });
-            console.log('Response body:', body);
-        }
-
-        // 2) GET /api/v1/query-engine/datasets/{id}
-        {
-            const res = http.get(u(`/api/v1/query-engine/datasets/${encodeURIComponent(DATASET_ID)}`), { headers: H });
-            op.add(res.timings.duration, { path: '/datasets/{id}', method: 'GET' });
-            const body = j(res);
-            check(res, { 'GET /datasets/{id} -> 200': (r) => r.status === 200 });
-            check(body, { 'GET /datasets/{id} -> expected body': (b) => eq(b, EXPECTED) });
-            console.log('Response body:', body);
-        }
-
-        // 3) POST /api/v1/query-engine/datasets/{id}/query  (без тела)
-        {
-            const res = http.post(u(`/api/v1/query-engine/datasets/${encodeURIComponent(DATASET_ID)}/query`), '', { headers: H_JSON });
-            op.add(res.timings.duration, { path: '/datasets/{id}/query', method: 'POST' });
-            const body = j(res);
-            check(res, { 'POST /datasets/{id}/query -> 200': (r) => r.status === 200 });
-            check(body, { 'POST /datasets/{id}/query -> expected body': (b) => eq(b, EXPECTED) });
-            console.log('Response body:', body);
-        }
-
-        // 4) POST /api/v1/query-engine/datasets/{id}/query с query-параметрами
-        {
-            const params = { headers: H_JSON };
-            const url = u(`/api/v1/query-engine/datasets/${encodeURIComponent(DATASET_ID)}/query?limit=1&cursor=abc&direction=NEXT`);
-            const res = http.post(url, '', params);
-            op.add(res.timings.duration, { path: '/datasets/{id}/query?params', method: 'POST' });
-            const body = j(res);
-            check(res, { 'POST /datasets/{id}/query?params -> 200': (r) => r.status === 200 });
-            check(body, { 'POST /datasets/{id}/query?params -> expected body': (b) => eq(b, EXPECTED) });
-            console.log('Response body:', body);
-        }
-
-        // 5) POST /api/v1/query-engine/datasets/{id}/export  (без тела)
-        {
-            const res = http.post(u(`/api/v1/query-engine/datasets/${encodeURIComponent(DATASET_ID)}/export`), '', { headers: H_JSON });
-            op.add(res.timings.duration, { path: '/datasets/{id}/export', method: 'POST' });
-            const body = j(res);
-            check(res, { 'POST /datasets/{id}/export -> 200': (r) => r.status === 200 });
-            check(body, { 'POST /datasets/{id}/export -> expected body': (b) => eq(b, EXPECTED) });
-            console.log('Response body:', body);
-        }
-
-        // 6) POST /api/v1/query-engine/datasets/{id}/aggregate  (без тела)
-        {
-            const res = http.post(u(`/api/v1/query-engine/datasets/${encodeURIComponent(DATASET_ID)}/aggregate`), '', { headers: H_JSON });
-            op.add(res.timings.duration, { path: '/datasets/{id}/aggregate', method: 'POST' });
-            const body = j(res);
-            check(res, { 'POST /datasets/{id}/aggregate -> 200': (r) => r.status === 200 });
-            check(body, { 'POST /datasets/{id}/aggregate -> expected body': (b) => eq(b, EXPECTED) });
-            console.log('Response body:', body);
-        }
-
-        // 7) POST /api/v1/query-engine/datasets/{id}/query/count  (без тела)
-        {
-            const res = http.post(u(`/api/v1/query-engine/datasets/${encodeURIComponent(DATASET_ID)}/query/count`), '', { headers: H_JSON });
-            op.add(res.timings.duration, { path: '/datasets/{id}/query/count', method: 'POST' });
-            const body = j(res);
-            check(res, { 'POST /datasets/{id}/query/count -> 200': (r) => r.status === 200 });
-            check(body, { 'POST /datasets/{id}/query/count -> expected body': (b) => eq(b, EXPECTED) });
-            console.log('Response body:', body);
-        }
-    });
-}
\ No newline at end of file
diff --git a/resources/test/k6/33.js b/resources/test/k6/33.js
deleted file mode 100644
index 8303274..0000000
--- a/resources/test/k6/33.js
+++ /dev/null
@@ -1,187 +0,0 @@
-// file: recon_v3_all_paths_schema33_with_negative.test.js
-import http from 'k6/http';
-import { check, group } from 'k6';
-import { Trend } from 'k6/metrics';
-
-export const options = {
-    vus: Number(__ENV.VUS || 1),
-    iterations: Number(__ENV.ITERATIONS || 1),
-    thresholds: {
-        http_req_failed: ['rate==0'],
-        http_req_duration: ['p(95)<1200'],
-    },
-};
-
-const BASE_URL = __ENV.BASE_URL || 'http://localhost:8282';
-
-// --- Headers
-const H = { 'X-Wallarm-Schema-ID': '33' };
-const H_JSON = { ...H, 'Content-Type': 'application/json' };
-const H_WRONG = { 'X-Wallarm-Schema-ID': '33' };
-const H_JSON_WRONG = { ...H_WRONG, 'Content-Type': 'application/json' };
-
-// --- Expected stub
-const EXPECTED = { summary: [{ schema_id: 33, status_code: 200 }] };
-
-// --- Helpers
-function j(r) { try { return r.json(); } catch { return null; } }
-function eq(a, b) { return JSON.stringify(a) === JSON.stringify(b); }
-function u(p) { return `${BASE_URL}${p}`; }
-function uuidv4() {
-    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, c => {
-        const r = (Math.random() * 16) | 0, v = c === 'x' ? r : (r & 0x3 | 0x8);
-        return v.toString(16);
-    });
-}
-function doRequest(method, url, headers, body) {
-    if (method === 'GET') return http.get(url, { headers });
-    if (method === 'DELETE') return http.del(url, null, { headers });
-    if (method === 'POST') return http.post(url, body ? JSON.stringify(body) : '', { headers });
-    if (method === 'PATCH') return http.patch(url, body ? JSON.stringify(body) : '', { headers });
-    throw new Error(`Unsupported method ${method}`);
-}
-
-const opTrend = new Trend('recon_op_ms');
-
-// --- Minimal valid payloads (по required полям схем)
-function minimalCustodianSetting() {
-    return {
-        customName: 'rs-min',
-        reconcileDate: 'TODAY',
-        updatePriceAtStartOfDay: false,
-        excludeInternalAssetTypes: [],
-        excludeInternalInstrumentTypes: [],
-        excludeInternalTransactionTypes: [],
-        positionReconcileDateType: 'TRADE_DATE',
-        positionReconcileFaceType: 'CURRENT_QUANTITY',
-        positionReconcileValueType: 'BOOK_VALUES',
-        transactionReconcileDateType: 'TRADE_DATE',
-        matchingThresholdsOverride: { value: {} },
-        matchingThresholdsSettings: { value: {} },
-        positionAutoReconcileOverride: { value: {} },
-        positionAutoReconcileSettings: { value: {} },
-        transactionAutoReconcileOverride: { value: {} },
-        transactionAutoReconcileSettings: { value: {} },
-        transactionAutoAcceptCustodianOverride: { value: {} },
-        transactionAutoAcceptCustodianSettings: { value: {} },
-        positionReconcileDateTypeOverrideInstrumentTypes: [],
-    };
-}
-const payloadRuleSetInput = () => ({ ruleSet: minimalCustodianSetting() });
-const payloadUpdateGlobalRule = () => ({ globalRule: { reconcileDate: 'TODAY', updatePriceAtStartOfDay: false } });
-const payloadBulkFilters = () => ({ reconDate: '2025-01-01' });
-const payloadBulkPositions = () => ({ action: 'GET_COUNT', filters: payloadBulkFilters() });
-const payloadBulkMatched   = () => ({ action: 'GET_COUNT', filters: payloadBulkFilters() });
-const payloadBulkUnmatched = () => ({ action: 'GET_COUNT', filters: payloadBulkFilters() });
-const payloadGetNextTrigger = () => ({ /* currentTrigger опционален */ });
-const payloadTxnIds = () => ({ ids: [uuidv4()] });
-const payloadRemoveAssignments = () => ({ custodianIds: ['c1'] });
-const payloadReplaceAssignments = () => ({ ruleSetId: uuidv4(), custodianIds: ['c1'] });
-
-// --- Positive cases
-function makePositiveCases() {
-    const rsId = uuidv4();
-    const qInput = encodeURIComponent(JSON.stringify({})); // required query object
-
-    return [
-        { m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-rules` },
-        { m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-rules/global-rule` },
-        { m: 'PATCH', p: `/api-internal/reconciliation/v1/reconciliation-rules/global-rule`, body: payloadUpdateGlobalRule() },
-
-        { m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets`, body: payloadRuleSetInput() },
-        { m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${rsId}` },
-        { m: 'PATCH', p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${rsId}`, body: payloadRuleSetInput() },
-        { m: 'DELETE',p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${rsId}` },
-
-        { m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/assignments` },
-        { m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${rsId}/assignments` },
-
-        { m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/remove-assignments`, body: payloadRemoveAssignments() },
-        { m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/replace-assignments`, body: payloadReplaceAssignments() },
-
-        { m: 'POST',  p: `/api-internal/reconciliation/v1/ai/get-next-agent-trigger`, body: payloadGetNextTrigger() },
-
-        { m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-positions/actions/bulk`, body: payloadBulkPositions() },
-        { m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-transactions/actions/bulk-matched`, body: payloadBulkMatched() },
-        { m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-transactions/actions/bulk-unmatched`, body: payloadBulkUnmatched() },
-
-        { m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-positions/object-labels?input=${qInput}` },
-
-        { m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-positions/transactions/query`, body: payloadTxnIds() },
-    ];
-}
-
-// --- Negative cases
-function makeNegativeCases() {
-    const badUUID = 'not-a-uuid';
-    const rsId = uuidv4(); // будем использовать валидный для некоторых негативов
-
-    return [
-        // 1) Отсутствует заголовок X-Wallarm-Schema-ID
-        { title: 'missing schema header', m: 'GET',  p: `/api-internal/reconciliation/v1/reconciliation-rules`, headers: {} },
-        { title: 'missing schema header', m: 'POST', p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets`, headers: { 'Content-Type': 'application/json' }, body: payloadRuleSetInput() },
-
-        // 2) Неверный X-Wallarm-Schema-ID
-        { title: 'wrong schema header', m: 'GET',  p: `/api-internal/reconciliation/v1/reconciliation-rules/global-rule`, headers: H_WRONG },
-        { title: 'wrong schema header', m: 'PATCH',p: `/api-internal/reconciliation/v1/reconciliation-rules/global-rule`, headers: H_JSON_WRONG, body: payloadUpdateGlobalRule() },
-
-        // 3) Невалидный UUID в path
-        { title: 'invalid uuid in path', m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${badUUID}`, headers: H },
-        { title: 'invalid uuid in path', m: 'PATCH', p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${badUUID}`, headers: H_JSON, body: payloadRuleSetInput() },
-        { title: 'invalid uuid in path', m: 'DELETE',p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${badUUID}`, headers: H },
-        { title: 'invalid uuid in path', m: 'GET',   p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${badUUID}/assignments`, headers: H },
-
-        // 4) Пустой/битый body там, где он обязателен
-        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets`, headers: H_JSON, body: {} },
-        { title: 'empty body', m: 'PATCH', p: `/api-internal/reconciliation/v1/reconciliation-rules/global-rule`, headers: H_JSON, body: {} },
-        { title: 'empty body', m: 'PATCH', p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/${rsId}`, headers: H_JSON, body: {} },
-        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/ai/get-next-agent-trigger`, headers: H_JSON, body: {} },
-        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-positions/actions/bulk`, headers: H_JSON, body: {} },
-        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-transactions/actions/bulk-matched`, headers: H_JSON, body: {} },
-        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-transactions/actions/bulk-unmatched`, headers: H_JSON, body: {} },
-        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/remove-assignments`, headers: H_JSON, body: {} },
-        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-rules/rule-sets/replace-assignments`, headers: H_JSON, body: {} },
-        { title: 'empty body', m: 'POST',  p: `/api-internal/reconciliation/v1/reconciliation-positions/transactions/query`, headers: H_JSON, body: {} },
-
-        // 5) Плохой query param: input обязателен, отсутствует
-        { title: 'missing required query param', m: 'GET', p: `/api-internal/reconciliation/v1/reconciliation-positions/object-labels`, headers: H },
-
-        // 6) Невалидные поля в body: невалидный UUID в ids
-        { title: 'invalid uuid in body ids', m: 'POST', p: `/api-internal/reconciliation/v1/reconciliation-positions/transactions/query`, headers: H_JSON, body: { ids: ['not-a-uuid'] } },
-
-        // 7) Отсутствующее required поле в bulk-параметрах (нет filters)
-        { title: 'bulk missing filters', m: 'POST', p: `/api-internal/reconciliation/v1/reconciliation-positions/actions/bulk`, headers: H_JSON, body: { action: 'GET_COUNT' } },
-        { title: 'bulk missing action',  m: 'POST', p: `/api-internal/reconciliation/v1/reconciliation-transactions/actions/bulk-matched`, headers: H_JSON, body: { filters: payloadBulkFilters() } },
-    ];
-}
-
-export default function () {
-    // --- Positive run
-    group('Reconciliation API – positive cases (expect 200 + stub)', () => {
-        for (const c of makePositiveCases()) {
-            const url = u(c.p);
-            const headers = (c.m === 'GET' || c.m === 'DELETE') ? H : H_JSON;
-            const res = doRequest(c.m, url, headers, c.body);
-            opTrend.add(res.timings.duration, { path: c.p, method: c.m, kind: 'positive' });
-
-            const body = j(res);
-            check(res, { [`${c.m} ${c.p} -> 200`]: (r) => r.status === 200 });
-            check(body, { [`${c.m} ${c.p} -> expected body`]: (b) => eq(b, EXPECTED) });
-            console.log('Response body:', body);
-        }
-    });
-
-    // --- Negative run
-    group('Reconciliation API – negative cases (expect non-200 and/or body != stub)', () => {
-        for (const n of makeNegativeCases()) {
-            const url = u(n.p);
-            const res = doRequest(n.m, url, n.headers ?? H, n.body);
-            opTrend.add(res.timings.duration, { path: n.p, method: n.m, kind: 'negative', title: n.title });
-
-            const body = j(res);
-            check(res, { [`NEG ${n.m} ${n.p} (${n.title}) -> status != 200`]: (r) => r.status !== 200 });
-            check(body, { [`NEG ${n.m} ${n.p} (${n.title}) -> body != stub`]: (b) => !eq(b, EXPECTED) });
-            console.log('Response body:', body);
-        }
-    });
-}
\ No newline at end of file
diff --git a/resources/test/k6/34.js b/resources/test/k6/34.js
deleted file mode 100644
index 8cfb31a..0000000
--- a/resources/test/k6/34.js
+++ /dev/null
@@ -1,211 +0,0 @@
-// file: kotlin_service_template_schema34.test.js
-import http from 'k6/http';
-import { check, group } from 'k6';
-import { Trend } from 'k6/metrics';
-
-export const options = {
-    vus: Number(__ENV.VUS || 1),
-    iterations: Number(__ENV.ITERATIONS || 1),
-    thresholds: {
-        http_req_failed: ['rate==0'],
-        http_req_duration: ['p(95)<1200'],
-    },
-};
-
-const BASE_URL = __ENV.BASE_URL || 'http://localhost:8282';
-
-const REQUIRED_HEADERS = {
-    'X-Wallarm-Schema-ID': '34',
-    'rl-tenant-id': __ENV.RL_TENANT_ID || 'tenant-1',
-    'rl-user-id': __ENV.RL_USER_ID || 'user-1',
-};
-const H = { ...REQUIRED_HEADERS };
-const H_JSON = { ...H, 'Content-Type': 'application/json' };
-
-const WRONG_SCHEMA_H = { ...REQUIRED_HEADERS, 'X-Wallarm-Schema-ID': '34' };
-
-const EXPECTED = { summary: [{ schema_id: 34, status_code: 200 }] };
-
-function j(r) { try { return r.json(); } catch { return null; } }
-function eq(a, b) { return JSON.stringify(a) === JSON.stringify(b); }
-function u(p) { return `${BASE_URL}${p}`; }
-function uuid() {
-    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, c => {
-        const r = (Math.random()*16)|0, v = c === 'x' ? r : (r&0x3|0x8);
-        return v.toString(16);
-    });
-}
-
-// ---- минимальные полезные данные ----
-function createWidgetBody() {
-    return { name: 'Widget A', type: 'BASIC', description: 'Example widget' };
-}
-function updateWidgetBody() {
-    return { description: 'Updated description' };
-}
-
-const op = new Trend('kst_op_ms');
-
-// ---- Позитивные тесты ----
-function positiveTests() {
-    group('POSITIVE /api-internal/v1/widgets (GET list)', () => {
-        const url = u('/api-internal/v1/widgets?limit=2&direction=STARTING_AFTER&ids=a&ids=b&types=BASIC');
-        const res = http.get(url, { headers: H });
-        op.add(res.timings.duration, { path: '/widgets', method: 'GET' });
-        const body = j(res);
-        // допускаем 200; если есть тело — сверяем стаб
-        check(res, { 'GET /widgets -> 200': r => r.status === 200 });
-        if (res.body && res.body.length) {
-            check(body, { 'GET /widgets -> expected stub': b => eq(b, EXPECTED) });
-            console.log('Response body:', body);
-        }
-    });
-
-    group('POSITIVE /api-internal/v1/widgets (POST create)', () => {
-        const res = http.post(u('/api-internal/v1/widgets'), JSON.stringify(createWidgetBody()), { headers: H_JSON });
-        op.add(res.timings.duration, { path: '/widgets', method: 'POST' });
-        const body = j(res);
-        // по спеке 201; некоторые стабы могут вернуть 200 — примем оба
-        check(res, { 'POST /widgets -> 201 or 200': r => r.status === 201 || r.status === 200 });
-        if (res.status === 200 || res.headers['Content-Type']?.includes('application/json')) {
-            check(body, { 'POST /widgets -> expected stub (if JSON body)': b => !res.body || eq(b, EXPECTED) });
-            console.log('Response body:', body);
-        }
-    });
-
-    group('POSITIVE /api-internal/v1/widgets/{id} (GET item)', () => {
-        const id = uuid(); // произвольный
-        const res = http.get(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), { headers: H });
-        op.add(res.timings.duration, { path: '/widgets/{id}', method: 'GET' });
-        const body = j(res);
-        check(res, { 'GET /widgets/{id} -> 200 or 404': r => r.status === 200 || r.status === 404 });
-        if (res.status === 200) {
-            check(body, { 'GET /widgets/{id} -> expected stub': b => eq(b, EXPECTED) });
-            console.log('Response body:', body);
-        }
-    });
-
-    group('POSITIVE /api-internal/v1/widgets/{id} (PATCH update)', () => {
-        const id = uuid();
-        const res = http.patch(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), JSON.stringify(updateWidgetBody()), { headers: H_JSON });
-        op.add(res.timings.duration, { path: '/widgets/{id}', method: 'PATCH' });
-        const body = j(res);
-        check(res, { 'PATCH /widgets/{id} -> 200 or 404': r => r.status === 200 || r.status === 404 });
-        if (res.status === 200) {
-            check(body, { 'PATCH /widgets/{id} -> expected stub': b => eq(b, EXPECTED) });
-            console.log('Response body:', body);
-        }
-    });
-
-    group('POSITIVE /api-internal/v1/widgets/{id} (DELETE)', () => {
-        const id = uuid();
-        const res = http.del(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), null, { headers: H });
-        op.add(res.timings.duration, { path: '/widgets/{id}', method: 'DELETE' });
-        // по спеке 204; стабы иногда возвращают 200 — примем оба
-        check(res, { 'DELETE /widgets/{id} -> 204 or 200 or 404': r => [204,200,404].includes(r.status) });
-        if (res.status === 200 && res.body) {
-            check(j(res), { 'DELETE /widgets/{id} -> expected stub if body': b => eq(b, EXPECTED) });
-            console.log('Response body:', res.body);
-        }
-    });
-}
-
-// ---- Негативные тесты ----
-function negativeTests() {
-    // 1) отсутствуют обязательные заголовки
-    group('NEG missing required headers', () => {
-        const url = u('/api-internal/v1/widgets');
-        const res = http.get(url, { headers: { 'X-Wallarm-Schema-ID': '34' } }); // нет rl-tenant-id / rl-user-id
-        op.add(res.timings.duration, { path: '/widgets', method: 'GET', neg: 'missing headers' });
-        check(res, { 'GET /widgets without rl headers -> non-2xx': r => r.status < 200 || r.status >= 300 });
-        check(j(res), { 'body != stub': b => !eq(b, EXPECTED) });
-        console.log('Response body:', res.body);
-    });
-
-    // 2) неверный X-Wallarm-Schema-ID
-    group('NEG wrong X-Wallarm-Schema-ID', () => {
-        const res = http.get(u('/api-internal/v1/widgets'), { headers: WRONG_SCHEMA_H });
-        op.add(res.timings.duration, { path: '/widgets', method: 'GET', neg: 'wrong schema id' });
-        check(res, { 'GET /widgets wrong schema -> non-2xx': r => r.status < 200 || r.status >= 300 });
-        check(j(res), { 'body != stub': b => !eq(b, EXPECTED) });
-        console.log('Response body:', res.body);
-    });
-
-    // 3) невалидные query-параметры (limit < minimum, direction неверный)
-    group('NEG invalid query params', () => {
-        const res1 = http.get(u('/api-internal/v1/widgets?limit=0'), { headers: H }); // minimum: 1
-        op.add(res1.timings.duration, { path: '/widgets', method: 'GET', neg: 'limit=0' });
-        check(res1, { 'GET /widgets limit=0 -> 400 (or non-2xx)': r => r.status === 400 || r.status < 200 || r.status >= 300 });
-        check(j(res1), { 'body != stub': b => !eq(b, EXPECTED) });
-        console.log('Response body:', res1.body);
-
-        const res2 = http.get(u('/api-internal/v1/widgets?direction=SIDEWAYS'), { headers: H });
-        op.add(res2.timings.duration, { path: '/widgets', method: 'GET', neg: 'bad direction' });
-        check(res2, { 'GET /widgets direction invalid -> 400 (or non-2xx)': r => r.status === 400 || r.status < 200 || r.status >= 300 });
-        check(j(res2), { 'body != stub': b => !eq(b, EXPECTED) });
-        console.log('Response body:', res2.body);
-    });
-
-    // 4) create: отсутствует обязательное поле
-    group('NEG POST /widgets missing required body fields', () => {
-        const bad = { name: 'W', description: 'no type' }; // отсутствует type
-        const res = http.post(u('/api-internal/v1/widgets'), JSON.stringify(bad), { headers: H_JSON });
-        op.add(res.timings.duration, { path: '/widgets', method: 'POST', neg: 'missing type' });
-        check(res, { 'POST /widgets missing type -> 400 (or non-2xx)': r => r.status === 400 || r.status < 200 || r.status >= 300 });
-        check(j(res), { 'body != stub': b => !eq(b, EXPECTED) });
-        console.log('Response body:', res.body);
-    });
-
-    // 5) update: пустое тело
-    group('NEG PATCH /widgets/{id} empty body', () => {
-        const id = uuid();
-        const res = http.patch(u(`/api-internal/v1/widgets/${id}`), '', { headers: H_JSON });
-        op.add(res.timings.duration, { path: '/widgets/{id}', method: 'PATCH', neg: 'empty body' });
-        check(res, { 'PATCH /widgets/{id} empty -> 400/404/non-2xx': r => [400,404].includes(r.status) || r.status < 200 || r.status >= 300 });
-        check(j(res), { 'body != stub': b => !eq(b, EXPECTED) });
-        console.log('Response body:', res.body);
-    });
-
-    // 6) get/delete несуществующего id (ожидаем 404)
-    group('NEG GET/DELETE nonexistent id -> 404', () => {
-        const id = 'does-not-exist';
-        const resG = http.get(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), { headers: H });
-        op.add(resG.timings.duration, { path: '/widgets/{id}', method: 'GET', neg: 'nonexistent' });
-        check(resG, { 'GET /widgets/{id} -> 404 or non-2xx': r => r.status === 404 || r.status < 200 || r.status >= 300 });
-        check(j(resG), { 'body != stub': b => !eq(b, EXPECTED) });
-        console.log('Response body:', resG.body);
-
-        const resD = http.del(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), null, { headers: H });
-        op.add(resD.timings.duration, { path: '/widgets/{id}', method: 'DELETE', neg: 'nonexistent' });
-        check(resD, { 'DELETE /widgets/{id} -> 404 or non-2xx': r => r.status === 404 || r.status < 200 || r.status >= 300 });
-        if (resD.body) {
-            check(j(resD), { 'body != stub': b => !eq(b, EXPECTED) });
-            console.log('Response body:', resD.body);
-        }
-    });
-
-    // 7) пропущенные обязательные заголовки на mutate-методах
-    group('NEG missing rl headers on POST/PATCH/DELETE', () => {
-        const id = uuid();
-
-        const resP = http.post(u('/api-internal/v1/widgets'), JSON.stringify(createWidgetBody()), { headers: { 'X-Wallarm-Schema-ID': '34', 'Content-Type': 'application/json' } });
-        op.add(resP.timings.duration, { path: '/widgets', method: 'POST', neg: 'no rl headers' });
-        check(resP, { 'POST /widgets without rl headers -> non-2xx': r => r.status < 200 || r.status >= 300 });
-        console.log('Response body:', resP.body);
-
-        const resU = http.patch(u(`/api-internal/v1/widgets/${id}`), JSON.stringify(updateWidgetBody()), { headers: { 'X-Wallarm-Schema-ID': '34', 'Content-Type': 'application/json' } });
-        op.add(resU.timings.duration, { path: '/widgets/{id}', method: 'PATCH', neg: 'no rl headers' });
-        check(resU, { 'PATCH /widgets/{id} without rl headers -> non-2xx': r => r.status < 200 || r.status >= 300 });
-        console.log('Response body:', resU.body);
-
-        const resD = http.del(u(`/api-internal/v1/widgets/${id}`), null, { headers: { 'X-Wallarm-Schema-ID': '34' } });
-        op.add(resD.timings.duration, { path: '/widgets/{id}', method: 'DELETE', neg: 'no rl headers' });
-        check(resD, { 'DELETE /widgets/{id} without rl headers -> non-2xx': r => r.status < 200 || r.status >= 300 });
-        console.log('Response body:', resD.body);
-    });
-}
-
-export default function () {
-    positiveTests();
-    negativeTests();
-}
\ No newline at end of file
diff --git a/resources/test/k6/58.js b/resources/test/k6/58.js
deleted file mode 100644
index b991ca0..0000000
--- a/resources/test/k6/58.js
+++ /dev/null
@@ -1,154 +0,0 @@
-// file: oas31_feature_showcase.test.js
-import http from 'k6/http';
-import { check, group } from 'k6';
-import { Trend } from 'k6/metrics';
-
-export const options = {
-    vus: Number(__ENV.VUS || 1),
-    iterations: Number(__ENV.ITERATIONS || 1),
-    thresholds: {
-        http_req_failed: ['rate==0'],
-        http_req_duration: ['p(95)<1000'],
-    },
-};
-
-const BASE_URL = __ENV.BASE_URL || 'http://localhost:8282';
-
-// общие заголовки и куки
-const H = {
-    'X-Wallarm-Schema-ID': '58',
-    'Cookie': 'SESSIONID=dummy',
-};
-const H_JSON = { ...H, 'Content-Type': 'application/json' };
-
-// ожидаемый стаб
-const EXPECTED = { summary: [{ schema_id: 58, status_code: 200 }] };
-
-function j(r) { try { return r.json(); } catch { return null; } }
-function eq(a, b) { return JSON.stringify(a) === JSON.stringify(b); }
-function u(p) { return `${BASE_URL}${p}`; }
-
-const op = new Trend('oas31_op_ms');
-
-// ------------------ Позитивные кейсы ------------------
-function positives() {
-    group('POSITIVE: /v1/orders (JSON Schema 2020-12 features)', () => {
-        const body = {
-            id: 'ord-1',
-            status: 'NEW',            // const
-            note: 'deliver asap',     // becomes required when flags.express = true (if/then)
-            items: [
-                { sku: 'SKU-1', qty: 1 } // unevaluatedProperties: false enforced in item
-            ],
-            flags: { express: true }  // triggers if/then -> note required
-        };
-        const res = http.post(u('/v1/orders'), JSON.stringify(body), { headers: H_JSON });
-        op.add(res.timings.duration, { path: '/v1/orders', method: 'POST', kind: 'positive' });
-        const bodyJson = j(res);
-        check(res, { '200 /v1/orders': (r) => r.status === 200 });
-        check(bodyJson, { 'expected stub /v1/orders': (b) => eq(b, EXPECTED) });
-        console.log('Response body:', res.body);
-    });
-
-    group('POSITIVE: /v1/orders/{id} (deepObject + allowReserved)', () => {
-        const params = '?filter[date][gt]=2025-01-01&filter[date][lt]=2025-12-31&search=[abc]{def}';
-        const res = http.get(u(`/v1/orders/ord-1${params}`), { headers: H });
-        op.add(res.timings.duration, { path: '/v1/orders/{id}', method: 'GET', kind: 'positive' });
-        const bodyJson = j(res);
-        check(res, { '200 /v1/orders/{id}': (r) => r.status === 200 });
-        check(bodyJson, { 'expected stub /v1/orders/{id}': (b) => eq(b, EXPECTED) });
-        console.log('Response body:', res.body);
-    });
-
-    group('POSITIVE: /v1/profile (JSON and merge-patch)', () => {
-        const resJson = http.patch(u('/v1/profile'), JSON.stringify({ nickname: 'Nick', age: 33 }), { headers: H_JSON });
-        op.add(resJson.timings.duration, { path: '/v1/profile', method: 'PATCH', kind: 'positive-json' });
-        check(resJson, { '200 /v1/profile JSON': (r) => r.status === 200 });
-        check(j(resJson), { 'expected stub /v1/profile JSON': (b) => eq(b, EXPECTED) });
-        console.log('Response body:', resJson.body);
-
-        const resPatch = http.patch(u('/v1/profile'), JSON.stringify({ nickname: null }), { headers: { ...H, 'Content-Type': 'application/merge-patch+json' } });
-        op.add(resPatch.timings.duration, { path: '/v1/profile', method: 'PATCH', kind: 'positive-merge' });
-        check(resPatch, { '200 /v1/profile merge-patch': (r) => r.status === 200 });
-        check(j(resPatch), { 'expected stub /v1/profile merge-patch': (b) => eq(b, EXPECTED) });
-        console.log('Response body:', resPatch.body);
-    });
-
-    group('POSITIVE: /v1/refsibling ($ref with siblings)', () => {
-        // $ref -> codeBase + minLength sibling
-        const res = http.post(u('/v1/refsibling'), JSON.stringify({ code: 'ABC_1' }), { headers: H_JSON });
-        op.add(res.timings.duration, { path: '/v1/refsibling', method: 'POST', kind: 'positive' });
-        check(res, { '200 /v1/refsibling': (r) => r.status === 200 });
-        check(j(res), { 'expected stub /v1/refsibling': (b) => eq(b, EXPECTED) });
-        console.log('Response body:', res.body);
-    });
-}
-
-// ------------------ Негативные кейсы ------------------
-function negatives() {
-    group('NEGATIVE: /v1/orders -> const violation (status != NEW)', () => {
-        const body = {
-            id: 'ord-2',
-            status: 'OLD',         // должно быть NEW
-            items: [{ sku: 'SKU-1', qty: 1 }],
-            flags: { express: false }
-        };
-        const res = http.post(u('/v1/orders'), JSON.stringify(body), { headers: H_JSON });
-        op.add(res.timings.duration, { path: '/v1/orders', method: 'POST', kind: 'neg-const' });
-        const bj = j(res);
-        check(res, { 'non-200 on const violation': (r) => r.status !== 200 });
-        check(bj,  { 'body != stub on const violation': (b) => !eq(b, EXPECTED) });
-    });
-
-    group('NEGATIVE: /v1/orders -> if/then/else (express=true but note missing)', () => {
-        const body = {
-            id: 'ord-3',
-            status: 'NEW',
-            items: [{ sku: 'SKU-1', qty: 1 }],
-            flags: { express: true } // note отсутствует
-        };
-        const res = http.post(u('/v1/orders'), JSON.stringify(body), { headers: H_JSON });
-        op.add(res.timings.duration, { path: '/v1/orders', method: 'POST', kind: 'neg-if-then' });
-        check(res, { 'non-200 on if/then violation': (r) => r.status !== 200 });
-        check(j(res), { 'body != stub on if/then violation': (b) => !eq(b, EXPECTED) });
-    });
-
-    group('NEGATIVE: /v1/orders -> unevaluatedProperties (extra field in item)', () => {
-        const body = {
-            id: 'ord-4',
-            status: 'NEW',
-            items: [{ sku: 'SKU-1', qty: 1, extra: 'nope' }], // лишнее поле
-        };
-        const res = http.post(u('/v1/orders'), JSON.stringify(body), { headers: H_JSON });
-        op.add(res.timings.duration, { path: '/v1/orders', method: 'POST', kind: 'neg-unevaluated' });
-        check(res, { 'non-200 on unevaluatedProperties': (r) => r.status !== 200 });
-        check(j(res), { 'body != stub on unevaluatedProperties': (b) => !eq(b, EXPECTED) });
-    });
-
-    group('NEGATIVE: /v1/profile -> wrong type (age < 0)', () => {
-        const res = http.patch(u('/v1/profile'), JSON.stringify({ age: -1 }), { headers: H_JSON });
-        op.add(res.timings.duration, { path: '/v1/profile', method: 'PATCH', kind: 'neg-age' });
-        check(res, { 'non-200 on min violation': (r) => r.status !== 200 });
-        check(j(res), { 'body != stub on min violation': (b) => !eq(b, EXPECTED) });
-    });
-
-    group('NEGATIVE: /v1/refsibling -> $ref sibling minLength not satisfied', () => {
-        const res = http.post(u('/v1/refsibling'), JSON.stringify({ code: 'A1' }), { headers: H_JSON }); // слишком короткий
-        op.add(res.timings.duration, { path: '/v1/refsibling', method: 'POST', kind: 'neg-ref-sibling' });
-        check(res, { 'non-200 on ref+minLength violation': (r) => r.status !== 200 });
-        check(j(res), { 'body != stub on ref+minLength violation': (b) => !eq(b, EXPECTED) });
-
-    });
-
-    group('NEGATIVE: missing Cookie SESSIONID (security)', () => {
-        const res = http.get(u('/v1/orders/ord-1?search=[abc]'), { headers: { 'X-Wallarm-Schema-ID': '999' } });
-        op.add(res.timings.duration, { path: '/v1/orders/{id}', method: 'GET', kind: 'neg-missing-cookie' });
-        check(res, { 'non-200 without cookie': (r) => r.status !== 200 });
-        check(j(res), { 'body != stub without cookie': (b) => !eq(b, EXPECTED) });
-    });
-}
-
-export default function () {
-    positives();
-    negatives();
-}
\ No newline at end of file
diff --git a/resources/test/k6/59.js b/resources/test/k6/59.js
deleted file mode 100644
index 433dc1a..0000000
--- a/resources/test/k6/59.js
+++ /dev/null
@@ -1,148 +0,0 @@
-// file: kotlin_service_template_schema34_allof_oneof.test.js
-import http from 'k6/http';
-import { check, group } from 'k6';
-
-export const options = {
-    vus: Number(__ENV.VUS || 1),
-    iterations: Number(__ENV.ITERATIONS || 1),
-};
-
-const BASE_URL = __ENV.BASE_URL || 'http://localhost:8282';
-const H = {
-    'X-Wallarm-Schema-ID': '59',
-    'rl-tenant-id': __ENV.RL_TENANT_ID || 'tenant-1',
-    'rl-user-id': __ENV.RL_USER_ID || 'user-1',
-};
-const H_JSON = { ...H, 'Content-Type': 'application/json' };
-
-// Стаб, который возвращают мок/фильтр Wallarm. Если видим его — пропускаем проверки формы виджета
-const EXPECTED_STUB = { summary: [{ schema_id: 59, status_code: 200 }] };
-
-function j(r) { try { return r.json(); } catch { return null; } }
-function eq(a, b) { return JSON.stringify(a) === JSON.stringify(b); }
-function u(p) { return `${BASE_URL}${p}`; }
-function uuid() {
-    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, c=>{
-        const r=(Math.random()*16)|0, v=c==='x'?r:(r&0x3|0x8); return v.toString(16);
-    });
-}
-
-// -------- Helpers to validate allOf(widgetId + widgetProperties) --------
-function isString(x) { return typeof x === 'string' && x.length >= 0; }
-function checkAllOfWidget(obj) {
-    // widget = allOf(widgetId, widgetProperties) + required: id, name, type, description
-    return obj
-        && isString(obj.id)
-        && isString(obj.name)
-        && isString(obj.type)
-        && isString(obj.description);
-}
-
-// -------- Bodies --------
-const createBody = (overrides={}) => ({
-    name: 'Widget A',
-    type: 'BASIC',
-    description: 'Example',
-    ...overrides,
-});
-const updateBody = (overrides={}) => ({
-    description: 'Updated',
-    ...overrides,
-});
-
-// =================== POSITIVE: проверка allOf ===================
-export default function () {
-    group('ALLOF – Create -> Get -> Update -> Delete', () => {
-        // POST /widgets  (Create)
-        const rCreate = http.post(u('/api-internal/v1/widgets'), JSON.stringify(createBody()), { headers: H_JSON });
-        check(rCreate, {
-            'POST /widgets 201/200': r => r.status === 201 || r.status === 200,
-        });
-        console.log('Response body:', rCreate.body);
-
-        const bjCreate = j(rCreate);
-        if (bjCreate && !eq(bjCreate, EXPECTED_STUB)) {
-            // Если не стаб — проверяем allOf
-            check(bjCreate, { 'create matches allOf widget': b => checkAllOfWidget(b) });
-        }
-
-        // Вытащим id если сервер реально вернул виджет, иначе сгенерим
-        const id = (bjCreate && bjCreate.id && !eq(bjCreate, EXPECTED_STUB)) ? bjCreate.id : uuid();
-
-        // GET /widgets/{id}
-        const rGet = http.get(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), { headers: H });
-        check(rGet, { 'GET /widgets/{id} 200/404': r => [200,404].includes(r.status) });
-        const bjGet = j(rGet);
-        if (rGet.status === 200 && bjGet && !eq(bjGet, EXPECTED_STUB)) {
-            check(bjGet, { 'get matches allOf widget': b => checkAllOfWidget(b) });
-        }
-        console.log('Response body:', rGet.body);
-
-        // PATCH /widgets/{id}
-        const rPatch = http.patch(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), JSON.stringify(updateBody()), { headers: H_JSON });
-        check(rPatch, { 'PATCH /widgets/{id} 200/404': r => [200,404].includes(r.status) });
-        const bjPatch = j(rPatch);
-        if (rPatch.status === 200 && bjPatch && !eq(bjPatch, EXPECTED_STUB)) {
-            check(bjPatch, { 'patch matches allOf widget': b => checkAllOfWidget(b) });
-        }
-        console.log('Response body:', rPatch.body);
-
-        // DELETE /widgets/{id}
-        const rDel = http.del(u(`/api-internal/v1/widgets/${encodeURIComponent(id)}`), null, { headers: H });
-        check(rDel, { 'DELETE /widgets/{id} 204/200/404': r => [204,200,404].includes(r.status) });
-        console.log('Response body:', rDel.body);
-    });
-
-    // =================== NEGATIVE: нарушаем allOf (required из обеих частей) ===================
-    group('ALLOF – Negative create (missing required fields)', () => {
-        // Нет type
-        const r1 = http.post(u('/api-internal/v1/widgets'), JSON.stringify(createBody({ type: undefined })), { headers: H_JSON });
-        check(r1, { 'missing type -> 400/non-2xx': r => r.status === 400 || r.status < 200 || r.status >= 300 });
-        console.log('Response body:', r1.body);
-
-        // Нет name
-        const r2 = http.post(u('/api-internal/v1/widgets'), JSON.stringify(createBody({ name: undefined })), { headers: H_JSON });
-        check(r2, { 'missing name -> 400/non-2xx': r => r.status === 400 || r.status < 200 || r.status >= 300 });
-        console.log('Response body:', r2.body);
-
-        // Нет description
-        const r3 = http.post(u('/api-internal/v1/widgets'), JSON.stringify(createBody({ description: undefined })), { headers: H_JSON });
-        check(r3, { 'missing description -> 400/non-2xx': r => r.status === 400 || r.status < 200 || r.status >= 300 });
-        console.log('Response body:', r3.body);
-    });
-
-    // =================== ONEOF: примеры (в текущей спеки НЕТ oneOf) ===================
-    // Ниже — шаблон, как тестировать oneOf, если добавишь схему с oneOf в components.
-    /*
-    // Пример схемы (для справки, не исполняется):
-    // components:
-    //   schemas:
-    //     widgetUpsert:
-    //       oneOf:
-    //         - $ref: '#/components/schemas/widgetCreate'  # required: name,type,description
-    //         - $ref: '#/components/schemas/widgetUpdate'  # required: id + (любые свойства)
-    //
-    // Тесты:
-    group('ONEOF – Positive branch #1 (create variant)', () => {
-      const body = { name: 'W', type: 'BASIC', description: 'D' }; // соответствует widgetCreate
-      const r = http.post(u('/api-internal/v1/widgets/upsert'), JSON.stringify(body), { headers: H_JSON });
-      check(r, { 'oneOf create branch -> 200/201': rr => [200,201].includes(rr.status) });
-    });
-
-    group('ONEOF – Positive branch #2 (update variant)', () => {
-      const body = { id: uuid(), description: 'upd only' }; // соответствует widgetUpdate
-      const r = http.post(u('/api-internal/v1/widgets/upsert'), JSON.stringify(body), { headers: H_JSON });
-      check(r, { 'oneOf update branch -> 200/201': rr => [200,201].includes(rr.status) });
-    });
-
-    group('ONEOF – Negative (matches none or multiple)', () => {
-      // 1) Не подходит ни под одну ветку: нет обязательных полей обеих веток
-      const rBad1 = http.post(u('/api-internal/v1/widgets/upsert'), JSON.stringify({ foo: 'bar' }), { headers: H_JSON });
-      check(rBad1, { 'oneOf none -> 400/non-2xx': rr => rr.status === 400 || rr.status < 200 || rr.status >= 300 });
-
-      // 2) Подходит под обе ветки (если такое возможно по схеме) — сервер должен отбраковать
-      const rBad2 = http.post(u('/api-internal/v1/widgets/upsert'), JSON.stringify({ id: uuid(), name: 'W', type: 'BASIC', description: 'D' }), { headers: H_JSON });
-      check(rBad2, { 'oneOf multiple -> 400/non-2xx': rr => rr.status === 400 || rr.status < 200 || rr.status >= 300 });
-    });
-    */
-}
\ No newline at end of file
diff --git a/resources/test/k6/doe_v2_account_authorization_validations.test.js b/resources/test/k6/doe_v2_account_authorization_validations.test.js
deleted file mode 100644
index a6cde71..0000000
--- a/resources/test/k6/doe_v2_account_authorization_validations.test.js
+++ /dev/null
@@ -1,85 +0,0 @@
-// doe_v2_account_authorization_validations.test.js
-import http from 'k6/http';
-import { check, group, sleep } from 'k6';
-import { Trend } from 'k6/metrics';
-
-export const options = {
-    vus: Number(__ENV.VUS || 1),
-    iterations: Number(__ENV.ITERATIONS || 1),
-    thresholds: {
-        http_req_failed: ['rate==0'],
-        http_req_duration: ['p(95)<800'],
-        'doe_v2_get_duration': ['p(95)<600'],
-        'doe_v2_post_duration': ['p(95)<600'],
-    },
-};
-
-const BASE_URL = __ENV.BASE_URL || 'http://localhost:8282';
-const TEST_DATE = __ENV.TEST_DATE || new Date().toISOString().slice(0, 10);
-
-const postTrend = new Trend('doe_v2_post_duration');
-const getTrend  = new Trend('doe_v2_get_duration');
-
-// Общие заголовки (по требованию)
-const COMMON_HEADERS_JSON = {
-    'Content-Type': 'application/json',
-    'X-Wallarm-Schema-ID': '29',
-};
-const COMMON_HEADERS = {
-    'X-Wallarm-Schema-ID': '29',
-};
-
-function safeJson(res) {
-    try { return res.json(); } catch { return null; }
-}
-function isString(v) { return typeof v === 'string'; }
-function looksLikeUrl(s) { return isString(s) && /^(https?:\/\/|\/)/i.test(s); }
-
-export default function () {
-    group('POST /api-internal/custodian-data/v1/account-authorization-validations', () => {
-        const endpoint = `${BASE_URL}/api-internal/custodian-data/v1/account-authorization-validations`;
-        const payload = { date: TEST_DATE };
-
-        const res = http.post(endpoint, JSON.stringify(payload), {
-            headers: COMMON_HEADERS_JSON,
-            tags: { service: 'doe-v2', operationId: 'account-authorization-validations-post' },
-        });
-        postTrend.add(res.timings.duration);
-
-        check(res, {
-            'POST status 200': (r) => r.status === 200,
-            'POST content-type JSON': (r) => (r.headers['Content-Type'] || '').includes('application/json'),
-        });
-
-        const json = safeJson(res);
-        check(json, {
-            'POST body is object': (j) => j && typeof j === 'object',
-            'POST has date': (j) => j && isString(j.date),
-            'POST date echoes input': (j) => j && j.date === TEST_DATE,
-        });
-    });
-
-    sleep(0.2);
-
-    group('GET /api-internal/custodian-data/v1/account-authorization-validations/{date}', () => {
-        const endpoint = `${BASE_URL}/api-internal/custodian-data/v1/account-authorization-validations/${encodeURIComponent(TEST_DATE)}`;
-        const res = http.get(endpoint, {
-            headers: COMMON_HEADERS,
-            tags: { service: 'doe-v2', operationId: 'account-authorization-validations-get' },
-        });
-        getTrend.add(res.timings.duration);
-
-        check(res, {
-            'GET status 200': (r) => r.status === 200,
-            'GET content-type JSON': (r) => (r.headers['Content-Type'] || '').includes('application/json'),
-        });
-
-        const json = safeJson(res);
-        check(json, {
-            'GET body is object': (j) => j && typeof j === 'object',
-            'has failureReportUrl': (j) => j && looksLikeUrl(j.failureReportUrl),
-            'has successReportUrl': (j) => j && looksLikeUrl(j.successReportUrl),
-            'has summaryReportUrl': (j) => j && looksLikeUrl(j.summaryReportUrl),
-        });
-    });
-}
\ No newline at end of file

From dd5f16273c9c3086bed9423ab012f756d0feaa4e Mon Sep 17 00:00:00 2001
From: Nikolay Tkachenko <ntkachenko@wallarm.com>
Date: Sat, 29 Nov 2025 01:39:06 +0200
Subject: [PATCH 3/3] Update release notes

---
 docs/release-notes.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/release-notes.md b/docs/release-notes.md
index f4a5737..543fe36 100644
--- a/docs/release-notes.md
+++ b/docs/release-notes.md
@@ -4,7 +4,8 @@ This page describes new releases of Wallarm API Firewall.
 
 ## v0.9.4 (2025-11-28)
 
-* Dependency upgrade
+* Upgrade Go to 1.24.10
+* Upgrade dependencies
 
 ## v0.9.3 (2025-08-15)