1. Drop the "active,revoked" literal from ListInput.status. Reviewer
   flagged the asymmetry: listing one CSV combination implies it's
   canonical, but the API accepts any order ("active,revoked" or
   "revoked,active") and may add filter-only values. Simplified to
   `"active" | "revoked" | (string & {})`. The JSDoc already documents
   the CSV form, so autocomplete for the canonical single values stays
   and arbitrary strings still type-check.

2. Remove the raw response-body snippet from the batchCreate shape
   validation error. The previous message embedded up to 200 chars of
   the unexpected body, which could leak sensitive data (auth details,
   request echoes) into client-side error logs. Replaced with a static
   "Unexpected response shape from POST /v1/qurls/batch" message.
   Added a comment explaining why the snippet is intentionally absent.

3. Add qurl_id and label assertions to the existing "creates a QURL"
   test. The PR adds both fields to CreateOutput but the existing test
   only checked resource_id and qurl_link, leaving the new required
   fields without a regression guard.

Tests: 63 (unchanged — #3 tightens an existing test rather than
adding a new one).

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

cr round 1 (non-blocking) + /simplify findings:

- Extract mockFetch + createClient to src/test-helpers.ts so both
  client.test.ts and contract.test.ts import a single fixture.
  tsconfig.json excludes the new file from the build output so it
  doesn't ship in dist/.
- Regen script: replace the `CONTENT=$(git show …)` capture with a
  direct `git show` stream inside the heredoc. Avoids bash command-
  substitution's trailing-newline strip and ARG_MAX edges on large
  specs.
- Regen script: run `git fetch --quiet origin` before `rev-parse`
  so `origin/main` resolves to the live upstream tip rather than
  a stale local ref.
- Multi-page listAll contract case: original test asserted only
  the first page; the new case mocks two pages and asserts both
  calls hit GET /v1/qurls (covers the pagination path properly).
- `assertSdkCallMatches` takes a `callIndex` param for the multi-
  page case and guards against a future SDK method calling fetch
  without an `init` object (clearer error than a bare access).
- Trim narrative-only comment explaining a lint workaround that
  would rot if the rule changed.
- Add CONTRIBUTING note: new public SDK methods require a matching
  contract case (alias methods included, so alias rewires can't
  silently slip past).

Snapshot-staleness detector (cr round 1 suggestion #3) filed as a
follow-up issue — scope-appropriate since it's a new CI workflow
rather than a change to this test.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

cr round 5 (Approved, non-blocking) findings I acted on:

- Completeness test: replace vitest's default set-diff with a
  custom remediation message. On drift, it names the offending
  method AND tells the contributor what to do: "add to
  SDK_PUBLIC_METHODS + add a case" OR "add to INTERNAL_HELPERS
  if not user-facing." Saves a future-dev the five minutes of
  figuring out where to update on first encounter.
- Regen script: verify origin remote is qurl-service. Prevents
  the silent-foot-gun where someone with an unrelated repo at
  ../qurl-service that happens to contain api/openapi.yaml
  (or a fork) snapshots from the wrong source. The header SHA
  would otherwise be from the fork, not upstream.

Skipped per cr's explicit guidance:
  - #2 (throw-vs-expect) — cr: "probably the right tradeoff"
  - #3 (second-page cursor) — cr: "no coverage gap … consistent
    with the CONTRIBUTING.md scope note"
  - #5 (mockOk in test-helpers) — cr: "not worth churning for"

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

…cious-batch logs

5 items + 2 coverage gaps from the latest cr round.

### Concerns

1. **Empty-string handling on timing fields.** `update({ extend_by: "" })`
   and `mintLink({ expires_in: "" })` previously round-tripped to the API
   as `{"extend_by": ""}`, hitting either the mutual-exclusion check
   (because `"" !== undefined`) or the server's duration parser. Both
   write surfaces now reject empty-string timing fields with a structured
   `ValidationError` — `description: ""` keeps its documented
   clear-the-field semantic. Three new tests: rejection on each surface
   plus a positive test locking in `description: ""` round-trips.

2. **Conflicting IPv6 hostname comment.** Tightened the outer comment
   that said `URL.hostname` strips IPv6 brackets — the inner comment
   correctly notes Node returns hosts WITH brackets, and the code
   handles both forms. Outer comment now points at the inner block
   instead of contradicting it.

4. **`request_id` shadowing debug log.** Added a both-fields-present
   debug log in `batchCreate` mirroring `mapQurlsField`'s pattern.
   If the server ever puts `request_id` on both `data` and `meta`,
   operators see the divergence rather than learning about it via
   support-ticket archaeology.

5. **Empty BatchCreateOutput debug log.** Added a debug log in
   `validateBatchCreateResponse` for the `succeeded: 0, failed: 0,
   results: []` case — shape-valid but suspicious (the SDK definitely
   sent items). Keeps the response valid; surfaces the anomaly.

### Coverage

- **list-side `mapQurlsField` mapping.** Test asserts list items
  containing wire-format `qurls` map to `access_tokens` consistently.
  Locks in the defensive `data.map(mapQurlsField)` in `list()`.

### No action

- **#3 RFC 3339 client-side parse for `expires_at`.** Reviewer marked
  optional ("if you ever want a tiny sanity check"). Keeping the
  duration-parser stance: server is authoritative.
- **#6 `requireValidTags` empty-array semantics.** Reviewer noted as
  intentional and well-supported by existing test.
- **#7 `Number.isFinite` for `maxRetries` null-coverage.** Reviewer
  confirmed the `?? DEFAULT_MAX_RETRIES` chain already handles null.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>