test(api): align tests with new envelope codes

Update API handler tests to expect numeric `code`, `success` messages, and
new envelope fields (`trace_id`, `details`), matching recent response
envelope changes.

internal/api/admin_issue_key_test.go

@@ -57,11 +57,11 @@ func TestAdmin_IssueChildKeyForMaster_IssuedByAdminAndSynced(t *testing.T) {
 
 	var resp map[string]any
 	env := decodeEnvelope(t, rr, &resp)
-	if env.Code != "ok" {
-		t.Fatalf("expected code=ok, got %q", env.Code)
+	if env.Code != 0 {
+		t.Fatalf("expected code=0, got %d", env.Code)
 	}
-	if env.Message != "" {
-		t.Fatalf("expected empty message, got %q", env.Message)
+	if env.Message != "success" {
+		t.Fatalf("expected message=success, got %q", env.Message)
 	}
 	if resp["issued_by"] != "admin" {
 		t.Fatalf("expected issued_by=admin, got=%v", resp["issued_by"])

internal/api/apikey_stats_handler_test.go

@@ -58,8 +58,8 @@ func TestAdminHandler_GetAPIKeyStatsSummary(t *testing.T) {
 
 	var resp APIKeyStatsSummaryResponse
 	env := decodeEnvelope(t, rec, &resp)
-	if env.Code != "ok" {
-		t.Fatalf("expected code=ok, got %q", env.Code)
+	if env.Code != 0 {
+		t.Fatalf("expected code=0, got %d", env.Code)
 	}
 	if resp.TotalRequests != 15 || resp.SuccessRequests != 12 || resp.FailureRequests != 3 {
 		t.Fatalf("totals mismatch: %+v", resp)

internal/api/auth_handler_test.go

@@ -144,11 +144,11 @@ func TestAuthHandler_Whoami_KeyResponseIncludesIPRules(t *testing.T) {
 
 	var resp map[string]any
 	env := decodeEnvelope(t, rr, &resp)
-	if env.Code != "ok" {
-		t.Fatalf("expected code=ok, got %q", env.Code)
+	if env.Code != 0 {
+		t.Fatalf("expected code=0, got %d", env.Code)
 	}
-	if env.Message != "" {
-		t.Fatalf("expected empty message, got %q", env.Message)
+	if env.Message != "success" {
+		t.Fatalf("expected message=success, got %q", env.Message)
 	}
 	if resp["allow_ips"] != "1.2.3.4" {
 		t.Fatalf("expected allow_ips, got %v", resp["allow_ips"])
@@ -206,15 +206,11 @@ func TestAuthHandler_Whoami_ExpiredKey_Returns401(t *testing.T) {
 		t.Fatalf("expected 401 for expired key, got %d body=%s", rr.Code, rr.Body.String())
 	}
 
-	var resp map[string]any
-	env := decodeEnvelope(t, rr, &resp)
-	if env.Code != "unauthorized" {
-		t.Fatalf("expected code=unauthorized, got %q", env.Code)
+	env := decodeEnvelope(t, rr, nil)
+	if env.Code != 1002 {
+		t.Fatalf("expected code=1002, got %d", env.Code)
 	}
 	if env.Message != "token has expired" {
 		t.Fatalf("expected message 'token has expired', got %q", env.Message)
 	}
-	if resp["error"] != "token has expired" {
-		t.Fatalf("expected 'token has expired' error, got %v", resp["error"])
-	}
 }

internal/api/feature_handler_test.go

@@ -38,11 +38,11 @@ func TestFeatureHandler_UpdateFeatures_LogOverrides(t *testing.T) {
 	}
 	var got resp
 	env := decodeEnvelope(t, rr, &got)
-	if env.Code != "ok" {
-		t.Fatalf("expected code=ok, got %q", env.Code)
+	if env.Code != 0 {
+		t.Fatalf("expected code=0, got %d", env.Code)
 	}
-	if env.Message != "" {
-		t.Fatalf("expected empty message, got %q", env.Message)
+	if env.Message != "success" {
+		t.Fatalf("expected message=success, got %q", env.Message)
 	}
 	if got.Updated["log_retention_days"] != "7" {
 		t.Fatalf("expected log_retention_days=7, got %q", got.Updated["log_retention_days"])
@@ -123,8 +123,8 @@ func TestFeatureHandler_UpdateFeatures_RegularKeys(t *testing.T) {
 		Updated map[string]string `json:"updated"`
 	}
 	env := decodeEnvelope(t, rr, &got)
-	if env.Code != "ok" {
-		t.Fatalf("expected code=ok, got %q", env.Code)
+	if env.Code != 0 {
+		t.Fatalf("expected code=0, got %d", env.Code)
 	}
 	if got.Updated["dp_context_preflight_enabled"] != "false" {
 		t.Fatalf("expected dp_context_preflight_enabled=false, got %q", got.Updated["dp_context_preflight_enabled"])
@@ -177,8 +177,8 @@ func TestFeatureHandler_UpdateFeatures_MixedKeys(t *testing.T) {
 		Updated map[string]string `json:"updated"`
 	}
 	env := decodeEnvelope(t, rr, &got)
-	if env.Code != "ok" {
-		t.Fatalf("expected code=ok, got %q", env.Code)
+	if env.Code != 0 {
+		t.Fatalf("expected code=0, got %d", env.Code)
 	}
 	if got.Updated["dp_context_preflight_enabled"] != "true" {
 		t.Fatalf("expected dp_context_preflight_enabled=true, got %q", got.Updated["dp_context_preflight_enabled"])
@@ -230,8 +230,8 @@ func TestFeatureHandler_ListFeatures_IncludesLogOverrides(t *testing.T) {
 		Features map[string]string `json:"features"`
 	}
 	env := decodeEnvelope(t, rr, &got)
-	if env.Code != "ok" {
-		t.Fatalf("expected code=ok, got %q", env.Code)
+	if env.Code != 0 {
+		t.Fatalf("expected code=0, got %d", env.Code)
 	}
 	if got.Features["registration_code_enabled"] != "true" {
 		t.Fatalf("expected registration_code_enabled=true, got %q", got.Features["registration_code_enabled"])

internal/api/log_handler_test.go

@@ -500,14 +500,10 @@ func TestTrafficChart_MinuteGranularityValidation(t *testing.T) {
 				t.Fatalf("expected status %d, got %d body=%s", tt.wantStatus, rr.Code, rr.Body.String())
 			}
 
-			var resp map[string]any
-			env := decodeEnvelope(t, rr, &resp)
+			env := decodeEnvelope(t, rr, nil)
 			if env.Message != tt.wantError {
 				t.Fatalf("expected message=%q, got %q", tt.wantError, env.Message)
 			}
-			if errMsg, ok := resp["error"].(string); !ok || errMsg != tt.wantError {
-				t.Fatalf("expected error=%q, got %v", tt.wantError, resp["error"])
-			}
 		})
 	}
 }

internal/api/log_webhook_handler_test.go

@@ -73,8 +73,8 @@ func TestLogWebhookConfigCRUD(t *testing.T) {
 
 	var got service.LogWebhookConfig
 	env := decodeEnvelope(t, getRR, &got)
-	if env.Code != "ok" {
-		t.Fatalf("expected code=ok, got %q", env.Code)
+	if env.Code != 0 {
+		t.Fatalf("expected code=0, got %d", env.Code)
 	}
 	if !got.Enabled || got.URL == "" || got.Threshold != 3 {
 		t.Fatalf("unexpected webhook config: %+v", got)

internal/api/response_test.go

@@ -7,9 +7,11 @@ import (
 )
 
 type testEnvelope struct {
-	Code    string          `json:"code"`
+	Code    int             `json:"code"`
 	Data    json.RawMessage `json:"data"`
 	Message string          `json:"message"`
+	TraceID string          `json:"trace_id"`
+	Details any             `json:"details,omitempty"`
 }
 
 func decodeEnvelope(t *testing.T, rr *httptest.ResponseRecorder, out any) testEnvelope {