test: check if code is API breaking

[fl0rianr]

Summary

• add a static public API route contract manifest for Lemonade's HTTP and websocket routes
• add a dependency-free CI check that compares the manifest with the C++ route registrations
• run the check on PRs, pushes to main, and merge queue entries

Fixes #2137

Why

Issue #2137 asks for CI protection against breaking API changes. The public API is spread across Lemonade's OpenAI-compatible routes, Lemonade-specific routes, Ollama-compatible routes, Anthropic-compatible /v1/messages, and websocket endpoints.

This PR adds a lightweight guardrail that fails when a protected public route is accidentally removed, renamed, or has its HTTP method changed. It intentionally avoids building the server or downloading models, so it stays fast and reliable in CI.

Scope

This protects the public route-level contract: HTTP method + path, including dynamic path segments and websocket paths. It does not validate request or response JSON schemas; those should be added later once the API has a generated OpenAPI/schema source of truth.

Testing

python test/test_api_contract.py

Expected output:

Public API contract check passed (143 expected routes).

I also checked that removing a protected route makes the test fail with a focused missing-route message.

[superm1]

Probably from other code that merged but I notice:

The regex r"path\s*==\s*"([^\"]+)"" in extract_websocket_routes() does not match the actual code in websocket_server.cpp. The comparison uses stripped == "/realtime" and stripped == "/logs/stream", not
path == "...".