docs: add TDD policy, update Spring Boot 4 references, configure OpenCode tools

Update project documentation to reflect the Test-Driven Development
approach, Playwright E2E testing setup, and Spring Boot 4.

AGENTS.md:
- Add TDD policy section requiring tests alongside every feature PR
- Add Playwright E2E docs with local and Docker CI run commands
- Update Lombok policy: @Getter, @Setter, @NoArgsConstructor are fine
- Fix Spring Boot 3 → 4 references

CODING_GUIDELINES.md:
- Add TDD policy section mirroring AGENTS.md
- Add Playwright E2E docs in testing section
- Update Lombok policy to allow @Getter, @Setter, @NoArgsConstructor
- Fix Spring Boot 3 → 4 references

REQUIREMENTS.md:
- Fix Spring Boot 3 → 4 in tech stack, architecture diagram, and
  tech summary sections

opencode.json:
- Enable websearch and codesearch tools

AGENTS.md

@@ -152,12 +152,12 @@ Full details in `@CODING_GUIDELINES.md`. Key rules:
 - API calls live in `api/` modules, never in components.
 - Component styles are scoped.
 
-### Backend (Spring Boot 3)
+### Backend (Spring Boot 4)
 - Constructor injection with `@RequiredArgsConstructor`. No `@Autowired`.
 - DTOs: prefer Java records. No bare entities in responses.
 - Controllers stay thin. All logic in services.
 - Use `@ControllerAdvice` for consistent error responses (`{ "message": "..." }`).
-- No Lombok beyond `@RequiredArgsConstructor`.
+- Lombok: `@RequiredArgsConstructor`, `@Getter`, `@Setter`, `@NoArgsConstructor` are all fine. Prefer records for DTOs.
 
 ### Database
 - Table names: snake_case, plural. PKs: UUID, generated in code.
@@ -200,6 +200,10 @@ public vehicle info) must be excluded from the Spring Security filter chain.
 
 ## Testing Approach
 
+This project follows **Test-Driven Development (TDD)**. Write tests before
+or alongside implementation. Every feature ticket should include tests in
+the same PR — never merge code without corresponding tests.
+
 ### Backend
 - JUnit 5 + Mockito for service layer tests.
 - `@WebMvcTest` for controller tests.
@@ -210,7 +214,14 @@ public vehicle info) must be excluded from the Spring Security filter chain.
 ### Frontend
 - Vitest for composables and utility functions.
 - Component tests with Vue Test Utils where needed.
-- E2E tests deferred to Phase 1.
+- E2E tests with Playwright in `frontend/e2e/`.
+
+### E2E (Playwright)
+- `npm run test:e2e` — runs all Playwright tests (headless Chromium).
+- Requires `docker compose up` (backend + frontend running).
+- Config: `frontend/playwright.config.ts`.
+- Tests: `frontend/e2e/*.spec.ts`.
+- Docker CI: `npm run test:e2e:ci` — runs tests inside official Playwright Docker container. Starts postgres, backend, frontend, and Playwright via `docker-compose.ci.yml`. Use for consistent environment or CI pipelines.
 
 ### CI (future)
 - `./gradlew check` and `npm run test && npm run lint` must pass before merge.

CODING_GUIDELINES.md

@@ -145,7 +145,7 @@ async function handleSubmit() {
 
 ---
 
-## 4. Backend — Spring Boot 3
+## 4. Backend — Spring Boot 4
 
 ### Package Structure
 
@@ -209,7 +209,7 @@ public class OrderController {
 - All responses: `ResponseEntity<T>`. Never return bare entities.
 - Entity fields use `snake_case` column naming explicitly (`@Column(name = "created_at")`).
 - Database migrations: Flyway. All schema changes go through SQL migration files in `db/migration/`.
-- No Lombok beyond `@RequiredArgsConstructor`. Prefer explicit getters/setters or records.
+- Lombok: `@RequiredArgsConstructor`, `@Getter`, `@Setter`, `@NoArgsConstructor` are all fine. Prefer records for DTOs.
 
 ### API Path Conventions
 
@@ -289,8 +289,13 @@ public class GlobalExceptionHandler {
 
 ## 7. Testing
 
+This project follows **Test-Driven Development (TDD)**. Write tests before
+or alongside implementation. Every feature ticket should include tests in
+the same PR — never merge code without corresponding tests.
+
 - Backend: JUnit 5 + Mockito. Service layer tests as unit tests. Controller tests with `@WebMvcTest`.
-- Frontend: Vitest for composables and utility functions. Cypress or Playwright for E2E (Phase 1).
+- Frontend: Vitest for composables and utility functions. Component tests with Vue Test Utils.
+- E2E: Playwright (`npm run test:e2e`). Tests in `frontend/e2e/`. Requires `docker compose up`.
 - Test naming: `shouldXxxWhenYyy` — e.g., `shouldReturn404WhenPlateNotFound`.
 - Aim for test coverage on business logic, not on getters/setters/boilerplate.
 - All database interaction in tests must go through JPA repositories

REQUIREMENTS.md

@@ -178,7 +178,7 @@ the user assumes full responsibility for content.
 | Layer | Technology |
 |-------|-----------|
 | Frontend | Vue.js 3 (Composition API), Vite, Pinia state management, Vue Router |
-| Backend API | Java 21, Spring Boot 3, Spring Security (JWT), Spring Data JPA |
+| Backend API | Java 21, Spring Boot 4, Spring Security (JWT), Spring Data JPA |
 | Database | PostgreSQL 16 |
 | Deployment | Docker, Docker Compose |
 | Hosting (Phase 0) | Home server via dynamic DNS or static IP, Let's Encrypt SSL |
@@ -209,7 +209,7 @@ the user assumes full responsibility for content.
 └──────────────────┬───────────────────────┘
                    │ REST API calls
 ┌──────────────────▼───────────────────────┐
-│          Spring Boot 3 (Java 21)          │
+│          Spring Boot 4 (Java 21)          │
 │           Port: 8080                      │
 │  ┌────────────┐  ┌────────────────────┐  │
 │  │  Spring    │  │  Service Layer     │  │
@@ -556,7 +556,7 @@ For Phase 0 with manual processing, staying unregistered is workable. If revenue
 
 ```
 Frontend:   Vue.js 3, Vite, Pinia, Vue Router
-Backend:    Java 21, Spring Boot 3, Spring Security (JWT), JPA/Hibernate
+Backend:    Java 21, Spring Boot 4, Spring Security (JWT), JPA/Hibernate
 Database:   PostgreSQL 16
 Deploy:     Docker, Docker Compose, Nginx reverse proxy
 Hosting:    Home server (Phase 0) → Swedish VPS (Phase 1)

opencode.json

@@ -4,5 +4,9 @@
   "permission": {
     "edit": "ask",
     "bash": "ask"
+  },
+  "tools": {
+    "websearch": true,
+    "codesearch": true
   }
 }