Docs: Align API documentation with implementation

[Devasy]

Updated service documentation in the docs/ folder (auth, expense, group, user) to accurately reflect the implemented API endpoints, request/response schemas, and current feature status.

• Ensured all existing API routes are documented.
• Marked features that are present in documentation but not fully implemented in the backend with TODO notes (e.g., expense attachment download, settlement checks on group leave, specific fields in create expense response).
• Corrected field names in example responses to match Pydantic schemas (e.g., snake_case vs camelCase).

Summary by CodeRabbit

• Documentation
  • Expanded authentication service documentation with detailed sections on password reset endpoints and a new OAuth2 token login endpoint.
  • Clarified expense service documentation regarding current placeholder fields and future enhancements for settlements, group summaries, and attachment endpoints.
  • Updated group service documentation with a new endpoint for listing group members and clarified the current behavior of group leaving restrictions.
  • Standardized user profile response field names to snake_case in documentation for consistency.

[netlify]

✅ Deploy Preview for splitwizer canceled.

Name	Link
🔨 Latest commit	ee8dcdd
🔍 Latest deploy log	https://app.netlify.com/projects/splitwizer/deploys/6861394335df3c000897ee7d

[coderabbitai]

Walkthrough

The documentation for four service APIs—authentication, expense, group, and user—was updated. Additions include new endpoint descriptions, expanded request/response examples, clarifications on current and planned behaviors, and standardization of field naming conventions. No underlying code or API signatures were changed; all modifications are documentation-only.

Changes

File(s)	Change Summary
docs/auth-service.md	Added OAuth2 token endpoint, expanded password reset documentation, detailed request/response examples.
docs/expense-service.md	Clarified placeholder response fields, added examples, and annotated attachment endpoints with current limitations.
docs/group-service.md	Added group members listing endpoint documentation and clarified leave group behavior as not yet enforced.
docs/user-service.md	Standardized response field names to snake_case in user profile examples.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant AuthService

    Client->>AuthService: POST /auth/token (username, password)
    AuthService-->>Client: { "access_token": "..." }

Loading

sequenceDiagram
    participant Client
    participant GroupService

    Client->>GroupService: GET /groups/{group_id}/members
    GroupService-->>Client: [ { userId, role, joinedAt, name, profileImageUrl }, ... ]

Loading

Poem

In docs we burrow, clear and bright,
New endpoints peek into the light.
Fields now snake and tokens gleam,
With future plans and settled scheme.
The rabbit hops from page to page,
Tidying up the knowledge cage!
🐇✨

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.09%. Comparing base (46f0987) to head (ee8dcdd).
⚠️ Report is 40 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #27   +/-   ##
=======================================
  Coverage   84.09%   84.09%           
=======================================
  Files          27       27           
  Lines        3176     3176           
=======================================
  Hits         2671     2671           
  Misses        505      505           

Components	Coverage Δ
Authentication System	55.98% <ø> (ø)
Expense Management	72.69% <ø> (ø)
Group Management	72.02% <ø> (ø)
User Management	91.11% <ø> (ø)
Backend Core	62.40% <ø> (ø)

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (8)

docs/user-service.md (1)

92-99: Inconsistent naming between request & response may confuse integrators

The response now uses image_url, created_at, updated_at, etc., yet the request example above (lines 78-84, unchanged) still shows imageUrl (camelCase). Unless the API intentionally accepts camelCase input while returning snake_case output, consider updating the request example or adding an explicit note so clients don’t guess.

docs/expense-service.md (3)

122-125: Key names use camelCase while the rest of the doc drifts to snake_case

"settlements" is fine, but "groupSummary" re-introduces camelCase right after the user-service doc standardised on snake_case (group_summary?). Decide on one style across services for less friction in client SDKs.

---

127-165: Good transparency about TODO fields – add explicit status code for clarity

You flag the placeholders and provide the intended structure – nice. Consider adding a short code sample of the current 200 OK with "groupSummary": null and a future 200 example, or move the long “intended” example behind a collapsible <details> tag to keep the main flow compact.

---

317-318: Provide concrete 501 example

Since you explicitly state the endpoint returns 501 Not Implemented, a small snippet like

501 Not Implemented
{ "error": "Attachment download not yet implemented" }

would set expectations.

docs/group-service.md (2)

177-178: Clarify current vs. future behaviour in bold or call-out box

Stating that the balance check is TODO is fine, but highlighting it (e.g., > **⚠️ Current limitation:** …) will prevent consumers from assuming enforced logic.

---

201-236: Great addition – consider envelope pattern for consistency

Every other list endpoint (/expenses, /settlements, etc.) wraps results in an object with metadata ({ items: [...], pagination: {...} }). Returning a bare array here deviates from that pattern; if this is intentional, add a note.

docs/auth-service.md (2)

14-15: Row formatting inconsistent with earlier entries

For /auth/token, wrap the path in back-ticks and add an anchor like the other rows for uniform rendering & clickable navigation.

-| POST   | `/auth/token`                                     | OAuth2 compatible token login (for Swagger UI/OpenAPI) |
+| POST   | [`/auth/token`](#6-oauth2-token-endpoint-primarily-for-swaggeropenapi) | OAuth2 compatible token login (for Swagger UI/OpenAPI) |

---

241-245: Missing fenced-block language triggers MD040

Specify a language (text works) to silence markdown-lint and improve syntax highlighting.

-```
+```text
 [email protected]
 password=userpassword

</blockquote></details>

</blockquote></details>

<details>
<summary>📜 Review details</summary>

**Configuration used: CodeRabbit UI**
**Review profile: CHILL**
**Plan: Pro**


<details>
<summary>📥 Commits</summary>

Reviewing files that changed from the base of the PR and between 46f0987708c90e5702c5d24c99e80f98e974a108 and ee8dcddf764b3fa044e162796b8a7fdc65281662.

</details>

<details>
<summary>📒 Files selected for processing (4)</summary>

* `docs/auth-service.md` (2 hunks)
* `docs/expense-service.md` (4 hunks)
* `docs/group-service.md` (2 hunks)
* `docs/user-service.md` (2 hunks)

</details>

<details>
<summary>🧰 Additional context used</summary>

<details>
<summary>🪛 markdownlint-cli2 (0.17.2)</summary>

<details>
<summary>docs/auth-service.md</summary>

242-242: Fenced code blocks should have a language specified
null

(MD040, fenced-code-language)

</details>

</details>
<details>
<summary>🪛 LanguageTool</summary>

<details>
<summary>docs/group-service.md</summary>

[uncategorized] ~232-~232: Loose punctuation mark.
Context: ...nique identifier of the member. - `role`: The role of the member in the group (e....

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~233-~233: Loose punctuation mark.
Context: ... (e.g., "admin", "member"). - `joinedAt`: The timestamp when the member joined th...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~234-~234: Loose punctuation mark.
Context: ...en the member joined the group. - `name`: The name of the user (fetched from user...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~235-~235: Loose punctuation mark.
Context: ...fetched from user profile). - `imageUrl`: The profile image URL of the user (fetc...

(UNLIKELY_OPENING_PUNCTUATION)

</details>

</details>

</details>

<details>
<summary>🔇 Additional comments (3)</summary><blockquote>

<details>
<summary>docs/user-service.md (1)</summary>

`42-43`: **Field rename looks good – matches Pydantic output**  

`updated_at` now follows the snake_case convention introduced elsewhere in the docs & backend models. 👍

</details>
<details>
<summary>docs/expense-service.md (1)</summary>

`304-305`: **Attachment upload section: flag missing persistence earlier**  

The note is helpful; you might also mention that a 201 is returned even though storage is simulated, so API testers don’t misinterpret the behaviour.

</details>
<details>
<summary>docs/auth-service.md (1)</summary>

`190-256`: **Comprehensive section – nice!**  

The expanded password-reset and OAuth2 docs align well with the rest of the spec.

</details>

</blockquote></details>

</details>

<!-- This is an auto-generated comment by CodeRabbit for review status -->

[coderabbitai]

⚠️ Potential issue

Anchor in summary table is now stale

Row 15 in the summary table still links to #4-crud-endpoints-recap even though the dedicated section is now §5 List Group Members. Update the link target to keep in-page navigation working.

-|   GET  | [`/groups/{group_id}/members`](#4-crud-endpoints-recap)             | List members                        |
+|   GET  | [`/groups/{group_id}/members`](#5-list-group-members)               | List members                        |

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In docs/group-service.md around lines 198 to 200, the anchor link in row 15 of
the summary table incorrectly points to #4-crud-endpoints-recap instead of the
updated section §5 List Group Members. Update the href attribute of the anchor
tag in that row to #5-list-group-members to ensure the in-page navigation link
is correct and functional.