From f0786051f51ba38d704e1ccfdecf1ff04c2850d5 Mon Sep 17 00:00:00 2001
From: Claude Agent <claude-agent@romfast.ro>
Date: Mon, 22 Jun 2026 12:16:41 +0000
Subject: [PATCH] =?UTF-8?q?feat(web):=20hub=20integrare=20/integrare=20?=
 =?UTF-8?q?=E2=80=94=20exemple=20cod=20+=20retetar=20VFP=20+=20ping=20+=20?=
 =?UTF-8?q?export=20(PRD=205.1)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Pagina /integrare (tab autentificat, scoped pe cont): exemple cod multi-limbaj
(curl/Python/PHP/C#/Node) + retetar Visual FoxPro (MSXML2 + WinHttp) pe ambele
canale (prezentari JSON + import fisier), export Postman/OpenAPI/Swagger si buton
"Testeaza conexiunea".

- US-001: GET /v1/ping (readiness: account_id/mediu/autentificat_cu_cheie/
  are_creds_rar/ts) + GET /v1/integrare/postman.json (v2.1.0, allowlist 3 rute)
- US-002: app/web/integrare_examples.py pur (7 limbaje x 2 canale, drift-test
  is_required(), JSON compact pentru C#/VFP)
- US-003: tab "Integrare" IA pe 2 niveluri (limbaj->canal, VFP cu dialecte),
  copy din <pre><code>, empty-state CTA, export .cardlink, script scoped
- US-004: POST /integrare/test-cheie (account_for_key direct, scoped sesiune,
  no-echo cheie)

Backend trimitere (worker/masina stari/idempotenta/mapping) si schema neatinse.
568 teste pass. VERIFY context curat + E2E browser (Playwright) + code-review high.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 app/api/v1/integrare_router.py                | 182 ++++++++
 app/main.py                                   |   2 +
 app/web/integrare_examples.py                 | 377 +++++++++++++++
 app/web/routes.py                             | 107 ++++-
 app/web/templates/_integrare.html             | 344 ++++++++++++++
 .../templates/_integrare_test_rezultat.html   |   9 +
 app/web/templates/dashboard.html              |  73 +--
 docs/ROADMAP.md                               |   4 +-
 docs/prd/prd-5.1-hub-integrare.md             |  76 ++-
 tests/test_integrare_api.py                   | 215 +++++++++
 tests/test_integrare_examples.py              | 233 ++++++++++
 tests/test_integrare_test_cheie.py            | 265 +++++++++++
 tests/test_web_integrare.py                   | 438 ++++++++++++++++++
 13 files changed, 2263 insertions(+), 62 deletions(-)
 create mode 100644 app/api/v1/integrare_router.py
 create mode 100644 app/web/integrare_examples.py
 create mode 100644 app/web/templates/_integrare.html
 create mode 100644 app/web/templates/_integrare_test_rezultat.html
 create mode 100644 tests/test_integrare_api.py
 create mode 100644 tests/test_integrare_examples.py
 create mode 100644 tests/test_integrare_test_cheie.py
 create mode 100644 tests/test_web_integrare.py

diff --git a/app/api/v1/integrare_router.py b/app/api/v1/integrare_router.py
new file mode 100644
index 0000000..42f83fc
--- /dev/null
+++ b/app/api/v1/integrare_router.py
@@ -0,0 +1,182 @@
+"""Router integrare US-001 — endpoint-uri de integrare externe.
+
+Endpointuri:
+  GET /v1/ping                     — readiness check per cont (autentificat sau dev fallback)
+  GET /v1/integrare/postman.json   — export colectie Postman v2.1.0
+
+Ruta /v1/ping foloseste `resolve_account_id` (dependinta standard) pentru 401
+pe cheie invalida / prod fara cheie. Flag-ul `autentificat_cu_cheie` e derivat
+separat citind header-ele brute si verificand cheia real-time (fara sa dubleze
+logica de 401 — aceea ramane in `resolve_account_id`).
+"""
+
+from __future__ import annotations
+
+from datetime import datetime, timezone
+
+from fastapi import APIRouter, Depends, Header
+from fastapi.responses import JSONResponse
+
+from ...auth import _extract_key, account_for_key, resolve_account_id
+from ...config import get_settings
+from ...db import get_connection
+from ...mapping import account_or_default
+
+router = APIRouter(prefix="/v1", tags=["integrare"])
+
+
+@router.get("/ping")
+def ping(
+    account_id: int = Depends(resolve_account_id),
+    x_api_key: str | None = Header(default=None, alias="X-API-Key"),
+    authorization: str | None = Header(default=None),
+) -> JSONResponse:
+    """Readiness check per cont.
+
+    Intoarce:
+      account_id         — contul rezolvat din cheie (sau 1 in dev fara cheie)
+      mediu              — "test" / "prod" (settings.rar_env)
+      autentificat_cu_cheie — True daca cererea a venit cu o cheie API reala valida
+      are_creds_rar      — True daca contul are rar_creds_enc stocat
+      ts                 — timestamp ISO UTC al cererii
+    """
+    settings = get_settings()
+
+    # Detectam daca s-a folosit o cheie reala (nu fallback dev).
+    # `resolve_account_id` a garantat deja ca nu e cheie invalida (ar fi dat 401).
+    # Acum verificam doar daca exista o cheie extrasa si daca e valida pentru cont.
+    cheie_bruta = _extract_key(x_api_key, authorization)
+    autentificat_cu_cheie = False
+    if cheie_bruta:
+        conn = get_connection()
+        try:
+            acct = account_for_key(conn, cheie_bruta)
+        finally:
+            conn.close()
+        autentificat_cu_cheie = acct is not None
+
+    # Verificam daca contul are creds RAR stocate.
+    aid = account_or_default(account_id)
+    conn = get_connection()
+    try:
+        row = conn.execute(
+            "SELECT rar_creds_enc FROM accounts WHERE id=?", (aid,)
+        ).fetchone()
+    finally:
+        conn.close()
+
+    are_creds_rar = bool(row and row["rar_creds_enc"])
+
+    return JSONResponse({
+        "account_id": aid,
+        "mediu": settings.rar_env,
+        "autentificat_cu_cheie": autentificat_cu_cheie,
+        "are_creds_rar": are_creds_rar,
+        "ts": datetime.now(timezone.utc).isoformat(),
+    })
+
+
+# Allowlist hardcodat (NU derivat din app.routes) — cele 3 rute de integrare expuse extern.
+_POSTMAN_ITEMS = [
+    {
+        "name": "Trimite prezentari",
+        "request": {
+            "method": "POST",
+            "header": [
+                {"key": "X-API-Key", "value": "{{api_key}}"},
+                {"key": "Content-Type", "value": "application/json"},
+            ],
+            "url": {
+                "raw": "{{base_url}}/v1/prezentari",
+                "host": ["{{base_url}}"],
+                "path": ["v1", "prezentari"],
+            },
+            "body": {
+                "mode": "raw",
+                "options": {"raw": {"language": "json"}},
+                "raw": (
+                    '{\n'
+                    '  "rar_credentials": {\n'
+                    '    "email": "user@exemplu.ro",\n'
+                    '    "password": "parola_rar"\n'
+                    '  },\n'
+                    '  "prezentari": [\n'
+                    '    {\n'
+                    '      "vin": "WVWZZZ1KZAW000123",\n'
+                    '      "nr_inmatriculare": "B999TST",\n'
+                    '      "data_prestatie": "2026-06-15",\n'
+                    '      "odometru_final": "123456",\n'
+                    '      "prestatii": [\n'
+                    '        {"cod_prestatie": "OE-1"}\n'
+                    '      ]\n'
+                    '    }\n'
+                    '  ]\n'
+                    '}'
+                ),
+            },
+        },
+    },
+    {
+        "name": "Import fisier (xlsx/csv)",
+        "request": {
+            "method": "POST",
+            "header": [
+                {"key": "X-API-Key", "value": "{{api_key}}"},
+            ],
+            "url": {
+                "raw": "{{base_url}}/v1/import",
+                "host": ["{{base_url}}"],
+                "path": ["v1", "import"],
+            },
+            "body": {
+                "mode": "formdata",
+                "formdata": [
+                    {
+                        "key": "file",
+                        "type": "file",
+                        "description": "Fisier xlsx sau csv cu prezentarile de importat",
+                    }
+                ],
+            },
+        },
+    },
+    {
+        "name": "Ping (readiness check)",
+        "request": {
+            "method": "GET",
+            "header": [
+                {"key": "X-API-Key", "value": "{{api_key}}"},
+            ],
+            "url": {
+                "raw": "{{base_url}}/v1/ping",
+                "host": ["{{base_url}}"],
+                "path": ["v1", "ping"],
+            },
+        },
+    },
+]
+
+
+@router.get("/integrare/postman.json")
+def postman_export() -> JSONResponse:
+    """Export colectie Postman v2.1.0 cu cele 3 rute de integrare.
+
+    Allowlist hardcodat — NU deriva din app.routes pentru a nu expune
+    rute interne (ex. /v1/conturi/rar-creds, rutele web etc.).
+    """
+    colectie = {
+        "info": {
+            "name": "RAR AUTOPASS Gateway",
+            "description": (
+                "Colectie de integrare pentru gateway-ul RAR AUTOPASS (Legea 142/2023, OM 210/2024). "
+                "Seteaza variabilele `base_url` si `api_key` inainte de utilizare."
+            ),
+            "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
+        },
+        "variable": [
+            {"key": "base_url", "value": "http://localhost:8010", "type": "string"},
+            {"key": "api_key", "value": "", "type": "string"},
+        ],
+        "item": _POSTMAN_ITEMS,
+    }
+    return JSONResponse(content=colectie, media_type="application/json")
diff --git a/app/main.py b/app/main.py
index f43cdce..4068f59 100644
--- a/app/main.py
+++ b/app/main.py
@@ -22,6 +22,7 @@ from starlette.responses import RedirectResponse
 
 from . import __version__
 from .api.v1.import_router import router as import_v1_router
+from .api.v1.integrare_router import router as integrare_v1_router
 from .api.v1.router import router as api_v1_router
 from .config import get_settings
 from .db import get_connection, init_db, queue_depth, read_heartbeat
@@ -90,6 +91,7 @@ app.mount("/static", StaticFiles(directory=str(_STATIC_DIR)), name="static")
 
 app.include_router(api_v1_router)
 app.include_router(import_v1_router)
+app.include_router(integrare_v1_router)
 app.include_router(web_router)
 app.include_router(auth_router)
 app.include_router(admin_router)
diff --git a/app/web/integrare_examples.py b/app/web/integrare_examples.py
new file mode 100644
index 0000000..c133c49
--- /dev/null
+++ b/app/web/integrare_examples.py
@@ -0,0 +1,377 @@
+"""Generator de exemple de cod multi-limbaj pentru integrarea cu AutoPass.
+
+Modul PUR: fara I/O, fara DB, fara stare globala.
+Folosit de pagina de documentatie a hub-ului de integrare (Etapa 5).
+
+Campurile obligatorii din payload-ul JSON sunt derivate dinamic din
+PrezentareIn.model_fields pentru rezistenta la drift de schema.
+"""
+
+from __future__ import annotations
+
+import json
+
+from app.models import PrezentareIn
+
+# Placeholder pentru cheia API — niciodata o cheie reala
+_CHEIE_PLACEHOLDER = "rfak_..."
+
+
+def _campuri_obligatorii() -> list[str]:
+    """Intoarce lista campurilor obligatorii din PrezentareIn (is_required())."""
+    return [camp for camp, field in PrezentareIn.model_fields.items() if field.is_required()]
+
+
+def _payload_prezentari_dict(account_id: int) -> dict:
+    """Construieste un payload JSON exemplu cu toate campurile obligatorii.
+
+    Campurile cu default (odometru_initial, obs, b64_image, sistem_reparat) sunt
+    omise pentru concizie — nu sunt obligatorii.
+    """
+    # Construim un dict cu toate campurile obligatorii
+    campuri = _campuri_obligatorii()
+    prezentare: dict = {}
+
+    # Valori exemplu pentru campuri obligatorii cunoscute
+    valori_exemplu: dict = {
+        "vin": "WVWZZZ1JZXW000001",
+        "nr_inmatriculare": "B123ABC",
+        "data_prestatie": "2026-06-22",
+        "odometru_final": "150000",
+        "prestatii": [{"cod_prestatie": "OE-1"}],
+    }
+
+    for camp in campuri:
+        if camp in valori_exemplu:
+            prezentare[camp] = valori_exemplu[camp]
+        else:
+            # Fallback generic pentru campuri neasteptate adaugate ulterior
+            prezentare[camp] = f"<{camp}>"
+
+    return {
+        "rar_credentials": {
+            "email": "utilizator@service.ro",
+            "password": "parola_rar",
+        },
+        "prezentari": [prezentare],
+    }
+
+
+def _payload_json_str(account_id: int, indent: int = 2) -> str:
+    """Payload JSON formatat ca string pentru includere in snippet-uri."""
+    return json.dumps(_payload_prezentari_dict(account_id), indent=indent, ensure_ascii=False)
+
+
+def _payload_json_compact(account_id: int) -> str:
+    """Payload JSON pe o singura linie (fara newline) pentru string literal C#/VFP.
+
+    Foloseste separators=(',', ':') pentru a elimina spatiile si newline-urile.
+    Rezultatul e un JSON valid pe o singura linie, fara newline in interior.
+    """
+    return json.dumps(_payload_prezentari_dict(account_id), separators=(",", ":"), ensure_ascii=False)
+
+
+def _snippet_curl_prezentari(base_url: str, account_id: int) -> str:
+    payload = _payload_json_str(account_id)
+    return f"""curl -X POST "{base_url}/v1/prezentari" \\
+  -H "Content-Type: application/json" \\
+  -H "X-API-Key: {_CHEIE_PLACEHOLDER}" \\
+  -d '{payload}'"""
+
+
+def _snippet_curl_import(base_url: str, account_id: int) -> str:
+    fisier = '"file=@prezentari.xlsx"'
+    return (
+        f'curl -X POST "{base_url}/v1/import" \\\n'
+        f'  -H "X-API-Key: {_CHEIE_PLACEHOLDER}" \\\n'
+        f"  -F {fisier}"
+    )
+
+
+def _snippet_python_prezentari(base_url: str, account_id: int) -> str:
+    payload = _payload_json_str(account_id)
+    return f"""import requests
+
+url = "{base_url}/v1/prezentari"
+headers = {{
+    "X-API-Key": "{_CHEIE_PLACEHOLDER}",
+    "Content-Type": "application/json",
+}}
+payload = {payload}
+
+response = requests.post(url, json=payload, headers=headers)
+print(response.json())"""
+
+
+def _snippet_python_import(base_url: str, account_id: int) -> str:
+    return f"""import requests
+
+url = "{base_url}/v1/import"
+headers = {{
+    "X-API-Key": "{_CHEIE_PLACEHOLDER}",
+}}
+
+with open("prezentari.xlsx", "rb") as f:
+    files = {{"file": ("prezentari.xlsx", f, "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet")}}
+    response = requests.post(url, headers=headers, files=files)
+
+print(response.json())"""
+
+
+def _snippet_php_prezentari(base_url: str, account_id: int) -> str:
+    payload = _payload_json_str(account_id)
+    # Escapeaza apostrof-urile pentru PHP heredoc
+    payload_php = payload.replace("'", "\\'")
+    return f"""<?php
+$url = "{base_url}/v1/prezentari";
+$payload = '{payload_php}';
+
+$ch = curl_init($url);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+curl_setopt($ch, CURLOPT_POST, true);
+curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
+curl_setopt($ch, CURLOPT_HTTPHEADER, [
+    "Content-Type: application/json",
+    "X-API-Key: {_CHEIE_PLACEHOLDER}",
+]);
+
+$response = curl_exec($ch);
+curl_close($ch);
+echo $response;"""
+
+
+def _snippet_php_import(base_url: str, account_id: int) -> str:
+    return f"""<?php
+$url = "{base_url}/v1/import";
+$fisier = new CURLFile("prezentari.xlsx", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "prezentari.xlsx");
+
+$ch = curl_init($url);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+curl_setopt($ch, CURLOPT_POST, true);
+curl_setopt($ch, CURLOPT_POSTFIELDS, ["file" => $fisier]);
+curl_setopt($ch, CURLOPT_HTTPHEADER, [
+    "X-API-Key: {_CHEIE_PLACEHOLDER}",
+]);
+
+$response = curl_exec($ch);
+curl_close($ch);
+echo $response;"""
+
+
+def _snippet_csharp_prezentari(base_url: str, account_id: int) -> str:
+    payload = _payload_json_compact(account_id)
+    # Escape ghilimele duble pentru string C# (literal pe o singura linie)
+    payload_cs = payload.replace('"', '\\"')
+    return f"""using System.Net.Http;
+using System.Text;
+using System.Threading.Tasks;
+
+var client = new HttpClient();
+client.DefaultRequestHeaders.Add("X-API-Key", "{_CHEIE_PLACEHOLDER}");
+
+var json = "{payload_cs}";
+var content = new StringContent(json, Encoding.UTF8, "application/json");
+
+var response = await client.PostAsync("{base_url}/v1/prezentari", content);
+var body = await response.Content.ReadAsStringAsync();
+Console.WriteLine(body);"""
+
+
+def _snippet_csharp_import(base_url: str, account_id: int) -> str:
+    return f"""using System.Net.Http;
+using System.Threading.Tasks;
+
+var client = new HttpClient();
+client.DefaultRequestHeaders.Add("X-API-Key", "{_CHEIE_PLACEHOLDER}");
+
+using var form = new MultipartFormDataContent();
+var fileBytes = File.ReadAllBytes("prezentari.xlsx");
+var fileContent = new ByteArrayContent(fileBytes);
+fileContent.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue(
+    "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
+form.Add(fileContent, "file", "prezentari.xlsx");
+
+var response = await client.PostAsync("{base_url}/v1/import", form);
+var body = await response.Content.ReadAsStringAsync();
+Console.WriteLine(body);"""
+
+
+def _snippet_node_prezentari(base_url: str, account_id: int) -> str:
+    payload = _payload_json_str(account_id)
+    return f"""const payload = {payload};
+
+const response = await fetch("{base_url}/v1/prezentari", {{
+  method: "POST",
+  headers: {{
+    "Content-Type": "application/json",
+    "X-API-Key": "{_CHEIE_PLACEHOLDER}",
+  }},
+  body: JSON.stringify(payload),
+}});
+
+const data = await response.json();
+console.log(data);"""
+
+
+def _snippet_node_import(base_url: str, account_id: int) -> str:
+    # FormData si Blob sunt globale in Node 18+ — nu necesita import din node:buffer
+    return f"""import {{ readFileSync }} from "fs";
+
+const form = new FormData();
+const continut = readFileSync("prezentari.xlsx");
+form.append("file", new Blob([continut], {{
+  type: "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+}}), "prezentari.xlsx");
+
+const response = await fetch("{base_url}/v1/import", {{
+  method: "POST",
+  headers: {{ "X-API-Key": "{_CHEIE_PLACEHOLDER}" }},
+  body: form,
+}});
+
+const data = await response.json();
+console.log(data);"""
+
+
+def _snippet_vfp_msxml_prezentari(base_url: str, account_id: int) -> str:
+    payload = _payload_json_compact(account_id)
+    # VFP: ghilimele in string se dubleaza; payload compact = o singura linie
+    payload_vfp = payload.replace('"', '""')
+    return f"""* Visual FoxPro — MSXML2.ServerXMLHTTP.6.0
+LOCAL oHTTP, cURL, cPayload, cRaspuns
+cURL     = "{base_url}/v1/prezentari"
+cPayload = "{payload_vfp}"
+
+oHTTP = CREATEOBJECT("MSXML2.ServerXMLHTTP.6.0")
+oHTTP.open("POST", cURL, .F.)
+oHTTP.setRequestHeader("Content-Type", "application/json")
+oHTTP.setRequestHeader("X-API-Key", "{_CHEIE_PLACEHOLDER}")
+oHTTP.send(cPayload)
+
+cRaspuns = oHTTP.responseText
+? cRaspuns"""
+
+
+def _snippet_vfp_msxml_import(base_url: str, account_id: int) -> str:
+    return f"""* Visual FoxPro — MSXML2.ServerXMLHTTP.6.0 — upload fisier
+* Necesita ADODB.Stream pentru a citi fisierul binar
+LOCAL oHTTP, oStream, oBody
+LOCAL cURL, cGranita, cCRLF, cDisp, cType
+
+cURL      = "{base_url}/v1/import"
+cGranita  = "----AutoPassBoundary"
+cCRLF     = CHR(13) + CHR(10)
+
+* Citire fisier in ADODB.Stream
+oStream = CREATEOBJECT("ADODB.Stream")
+oStream.Type = 1  && adTypeBinary
+oStream.Open()
+oStream.LoadFromFile("prezentari.xlsx")
+
+* Construire body multipart (simplificat — pentru fisiere mici)
+oBody = CREATEOBJECT("ADODB.Stream")
+oBody.Type = 1
+oBody.Open()
+
+oHTTP = CREATEOBJECT("MSXML2.ServerXMLHTTP.6.0")
+oHTTP.open("POST", cURL, .F.)
+oHTTP.setRequestHeader("Content-Type", "multipart/form-data; boundary=" + cGranita)
+oHTTP.setRequestHeader("X-API-Key", "{_CHEIE_PLACEHOLDER}")
+* Nota: pentru upload binar complet folositi un helper COM sau ADODB.
+oHTTP.send(oBody)
+? oHTTP.responseText"""
+
+
+def _snippet_vfp_winhttp_prezentari(base_url: str, account_id: int) -> str:
+    payload = _payload_json_compact(account_id)
+    # VFP: ghilimele in string se dubleaza; payload compact = o singura linie
+    payload_vfp = payload.replace('"', '""')
+    return f"""* Visual FoxPro — WinHttp.WinHttpRequest.5.1
+LOCAL oHTTP, cURL, cPayload, cRaspuns
+cURL     = "{base_url}/v1/prezentari"
+cPayload = "{payload_vfp}"
+
+oHTTP = CREATEOBJECT("WinHttp.WinHttpRequest.5.1")
+oHTTP.Open("POST", cURL, .F.)
+oHTTP.SetRequestHeader("Content-Type", "application/json")
+oHTTP.SetRequestHeader("X-API-Key", "{_CHEIE_PLACEHOLDER}")
+oHTTP.Send(cPayload)
+
+cRaspuns = oHTTP.ResponseText
+? cRaspuns"""
+
+
+def _snippet_vfp_winhttp_import(base_url: str, account_id: int) -> str:
+    return f"""* Visual FoxPro — WinHttp.WinHttpRequest.5.1 — upload fisier
+* Necesita ADODB.Stream pentru a citi fisierul binar
+LOCAL oHTTP, oStream
+LOCAL cURL, cGranita, cCRLF
+
+cURL     = "{base_url}/v1/import"
+cGranita = "----AutoPassBoundary"
+cCRLF    = CHR(13) + CHR(10)
+
+oStream = CREATEOBJECT("ADODB.Stream")
+oStream.Type = 1  && adTypeBinary
+oStream.Open()
+oStream.LoadFromFile("prezentari.xlsx")
+
+oHTTP = CREATEOBJECT("WinHttp.WinHttpRequest.5.1")
+oHTTP.Open("POST", cURL, .F.)
+oHTTP.SetRequestHeader("Content-Type", "multipart/form-data; boundary=" + cGranita)
+oHTTP.SetRequestHeader("X-API-Key", "{_CHEIE_PLACEHOLDER}")
+* Nota: pentru upload binar complet folositi un helper COM sau ADODB.
+oHTTP.Send()
+? oHTTP.ResponseText"""
+
+
+def exemple(base_url: str, account_id: int) -> dict:
+    """Genereaza snippet-uri de cod multi-limbaj pentru integrarea cu AutoPass.
+
+    Parametri:
+        base_url:   URL-ul de baza al gateway-ului (ex. "https://autopass.example.com")
+        account_id: ID-ul contului (inclus in context, nu in snippet-uri)
+
+    Intoarce un dict structurat astfel:
+        {
+            "<limbaj>": {
+                "prezentari": "<snippet string>",
+                "import":    "<snippet string>",
+            },
+            ...
+        }
+
+    Limbaje: curl, python, php, csharp, node, vfp_msxml, vfp_winhttp.
+
+    Functie pura: fara I/O, fara DB, fara stare globala.
+    """
+    return {
+        "curl": {
+            "prezentari": _snippet_curl_prezentari(base_url, account_id),
+            "import": _snippet_curl_import(base_url, account_id),
+        },
+        "python": {
+            "prezentari": _snippet_python_prezentari(base_url, account_id),
+            "import": _snippet_python_import(base_url, account_id),
+        },
+        "php": {
+            "prezentari": _snippet_php_prezentari(base_url, account_id),
+            "import": _snippet_php_import(base_url, account_id),
+        },
+        "csharp": {
+            "prezentari": _snippet_csharp_prezentari(base_url, account_id),
+            "import": _snippet_csharp_import(base_url, account_id),
+        },
+        "node": {
+            "prezentari": _snippet_node_prezentari(base_url, account_id),
+            "import": _snippet_node_import(base_url, account_id),
+        },
+        "vfp_msxml": {
+            "prezentari": _snippet_vfp_msxml_prezentari(base_url, account_id),
+            "import": _snippet_vfp_msxml_import(base_url, account_id),
+        },
+        "vfp_winhttp": {
+            "prezentari": _snippet_vfp_winhttp_prezentari(base_url, account_id),
+            "import": _snippet_vfp_winhttp_import(base_url, account_id),
+        },
+    }
diff --git a/app/web/routes.py b/app/web/routes.py
index 53b63de..04303a7 100644
--- a/app/web/routes.py
+++ b/app/web/routes.py
@@ -134,7 +134,7 @@ def _rar_state(hb, worker_alive: bool) -> str:
 # cade pe Acasa (tab invalid -> fallback "acasa" in dashboard()), fara 404.
 # US-003 (3.6): "coada" (Trimiteri) nu mai e tab — Trimiterile sunt sectiune pe Acasa.
 # ?tab=coada cade tot pe Acasa (fallback), fara 404, fara fragment orfan.
-_TABS_VALIDE = {"acasa", "mapari", "cont", "nomenclator"}
+_TABS_VALIDE = {"acasa", "mapari", "cont", "nomenclator", "integrare"}
 
 
 def _get_acasa_context(request: Request, conn, account_id: int) -> dict:
@@ -247,6 +247,41 @@ def _render_panel_nomenclator(request: Request, conn) -> str:
     })
 
 
+def _render_integrare(request: Request, conn, account_id: int) -> str:
+    """Randeaza panoul Integrare ca string HTML (hub documentatie + exemple cod).
+
+    Calculeaza are_cheie (chei API active pe cont) si are_creds (credentiale RAR
+    configurate pe cont), preia base_url real si genereaza snippet-uri multi-limbaj.
+    """
+    from ..mapping import account_or_default
+    from .integrare_examples import exemple as _exemple
+
+    acct = account_or_default(account_id)
+    row_creds = conn.execute(
+        "SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)
+    ).fetchone()
+    are_creds = bool(row_creds and row_creds["rar_creds_enc"])
+
+    row_key = conn.execute(
+        "SELECT 1 FROM api_keys WHERE account_id=? AND active=1 LIMIT 1", (acct,)
+    ).fetchone()
+    are_cheie = row_key is not None
+
+    base_url = str(request.base_url).rstrip("/")
+    ex = _exemple(base_url, acct)
+    csrf_token = get_csrf_token(request)
+
+    return templates.get_template("_integrare.html").render({
+        "request": request,
+        "account_id": acct,
+        "base_url": base_url,
+        "exemple": ex,
+        "are_cheie": are_cheie,
+        "are_creds": are_creds,
+        "csrf_token": csrf_token,
+    })
+
+
 def _render_panel_for_tab(request: Request, conn, account_id: int, tab: str) -> str:
     """Randeaza panoul corespunzator unui tab ca string HTML."""
     if tab == "acasa":
@@ -261,6 +296,8 @@ def _render_panel_for_tab(request: Request, conn, account_id: int, tab: str) ->
         return _render_panel_cont(request, conn, account_id)
     if tab == "nomenclator":
         return _render_panel_nomenclator(request, conn)
+    if tab == "integrare":
+        return _render_integrare(request, conn, account_id)
     return _render_panel_acasa(request)
 
 
@@ -346,6 +383,18 @@ def fragment_nomenclator(request: Request) -> HTMLResponse:
         conn.close()
 
 
+@router.get("/_fragments/integrare", response_class=HTMLResponse)
+def fragment_integrare(request: Request) -> HTMLResponse:
+    """Fragment HTMX pentru tab-ul Integrare (hub documentatie + exemple cod)."""
+    account_id = require_login(request)
+    conn = get_connection()
+    try:
+        html = _render_integrare(request, conn, account_id)
+        return HTMLResponse(content=html)
+    finally:
+        conn.close()
+
+
 @router.get("/_fragments/banner", response_class=HTMLResponse)
 def fragment_banner(request: Request) -> HTMLResponse:
     account_id = require_login(request)
@@ -1938,6 +1987,62 @@ def cont_roteste_cheie(
         conn.close()
 
 
+@router.post("/integrare/test-cheie", response_class=HTMLResponse)
+def integrare_test_cheie(
+    request: Request,
+    api_key: str = Form(""),
+    csrf_token: str | None = Form(None),
+) -> HTMLResponse:
+    """Verifica cheia API lipita de utilizator — scoped pe contul sesiunii.
+
+    US-004 (PRD Etapa 5): permite utilizatorului sa confirme ca o cheie copiata
+    din generatorul de exemple corespunde contului sau, fara efecte secundare
+    (fara creare/rotire). Cheie goala, invalida sau a altui cont -> mesaj de
+    eroare neutru (fara eco al cheii in raspuns).
+    """
+    account_id = require_login(request)
+    verify_csrf(request, csrf_token)
+    acct = account_or_default(account_id)
+
+    # Validare cheie goala / doar spatii -> eroare inainte de DB
+    cheie = (api_key or "").strip()
+    if not cheie:
+        return templates.TemplateResponse(
+            "_integrare_test_rezultat.html",
+            {"request": request, "succes": False, "mesaj": "Cheia este goala sau lipseste."},
+        )
+
+    conn = get_connection()
+    try:
+        from ..auth import account_for_key
+        cont_cheie = account_for_key(conn, cheie)
+    finally:
+        conn.close()
+
+    if cont_cheie is None:
+        # Cheie invalida, inexistenta sau revocata
+        return templates.TemplateResponse(
+            "_integrare_test_rezultat.html",
+            {"request": request, "succes": False,
+             "mesaj": "Cheie invalida sau revocata — nu a fost gasita in sistem."},
+        )
+
+    if cont_cheie != acct:
+        # Cheie valida dar apartine altui cont — mesaj neutru, fara dezvaluire cont terta
+        return templates.TemplateResponse(
+            "_integrare_test_rezultat.html",
+            {"request": request, "succes": False,
+             "mesaj": "Cheia nu apartine contului tau."},
+        )
+
+    # Succes — cheia e activa si corespunde contului sesiunii
+    return templates.TemplateResponse(
+        "_integrare_test_rezultat.html",
+        {"request": request, "succes": True,
+         "mesaj": f"Cheie valida — cont {acct}."},
+    )
+
+
 @router.post("/cont/rar-creds", response_class=HTMLResponse)
 def cont_rar_creds(
     request: Request,
diff --git a/app/web/templates/_integrare.html b/app/web/templates/_integrare.html
new file mode 100644
index 0000000..857b74e
--- /dev/null
+++ b/app/web/templates/_integrare.html
@@ -0,0 +1,344 @@
+{# Panoul Integrare: exemple de cod multi-limbaj + export & referinta. #}
+{# Variabile context: account_id, base_url, exemple, are_cheie, are_creds, csrf_token #}
+
+<div id="integrare-section">
+
+  {# Empty-state: lipsesc cheie API sau credentiale RAR #}
+  {% if not are_cheie or not are_creds %}
+  <div class="banner warn" style="margin-bottom:16px;" role="alert" aria-live="polite">
+    <strong>Configurare incompleta.</strong>
+    {% if not are_creds and not are_cheie %}
+      Lipsesc atat credentialele RAR cat si o cheie API activa.
+    {% elif not are_creds %}
+      Lipsesc credentialele RAR pentru trimitere.
+    {% else %}
+      Lipseste o cheie API activa.
+    {% endif %}
+    Mergi la <a href="/?tab=cont">tab-ul Cont</a> pentru a le configura.
+  </div>
+  {% endif %}
+
+  {# Card: ID cont si endpoint de baza #}
+  <div class="card" style="margin-bottom:16px;">
+    <div style="display:flex; align-items:center; justify-content:space-between; flex-wrap:wrap; gap:8px;">
+      <span class="muted" style="font-size:13px;">Cont ID:</span>
+      <strong style="font-size:13px;">{{ account_id }}</strong>
+      <span class="muted" style="font-size:13px; margin-left:16px;">Endpoint:</span>
+      <code style="font-size:12px; color:var(--accent);">{{ base_url }}</code>
+    </div>
+  </div>
+
+  {# Tab-list PRIMAR: limbaje #}
+  <div class="card" style="margin-bottom:16px;">
+    <div role="tablist" class="tab-bar" aria-label="Limbaje de programare" id="tl-limbaje" style="margin-bottom:0; border-bottom:1px solid var(--line);">
+      <button role="tab" id="tab-curl"    aria-selected="true"  aria-controls="panel-curl"    tabindex="0"  class="tab-link tab-activ" style="border:none; background:none; cursor:pointer;">curl</button>
+      <button role="tab" id="tab-python"  aria-selected="false" aria-controls="panel-python"  tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer;">Python</button>
+      <button role="tab" id="tab-php"     aria-selected="false" aria-controls="panel-php"     tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer;">PHP</button>
+      <button role="tab" id="tab-csharp"  aria-selected="false" aria-controls="panel-csharp"  tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer;">C#</button>
+      <button role="tab" id="tab-node"    aria-selected="false" aria-controls="panel-node"    tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer;">Node</button>
+      <button role="tab" id="tab-vfp"     aria-selected="false" aria-controls="panel-vfp"     tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer;">VFP</button>
+    </div>
+
+    {# Panel curl #}
+    <div role="tabpanel" id="panel-curl" aria-labelledby="tab-curl" style="padding:16px 0 0;">
+      {% set ex = exemple["curl"] %}
+      <div role="tablist" class="tab-bar" aria-label="Canal curl" id="tl-curl-canal" style="margin-bottom:8px; border-bottom:1px solid var(--line);">
+        <button role="tab" id="tab-curl-prez"   aria-selected="true"  aria-controls="panel-curl-prez"   tabindex="0"  class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:13px;">Prezentari JSON</button>
+        <button role="tab" id="tab-curl-import" aria-selected="false" aria-controls="panel-curl-import" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:13px;">Import fisier</button>
+      </div>
+      <div role="tabpanel" id="panel-curl-prez" aria-labelledby="tab-curl-prez">
+        <div style="position:relative;">
+          <button class="btn-copiaza" aria-label="Copiaza snippet curl prezentari" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
+          <pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["prezentari"] | e }}</code></pre>
+        </div>
+        <div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
+      </div>
+      <div role="tabpanel" id="panel-curl-import" aria-labelledby="tab-curl-import" hidden>
+        <div style="position:relative;">
+          <button class="btn-copiaza" aria-label="Copiaza snippet curl import" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
+          <pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["import"] | e }}</code></pre>
+        </div>
+        <div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
+      </div>
+    </div>
+
+    {# Panel python #}
+    <div role="tabpanel" id="panel-python" aria-labelledby="tab-python" hidden style="padding:16px 0 0;">
+      {% set ex = exemple["python"] %}
+      <div role="tablist" class="tab-bar" aria-label="Canal python" id="tl-python-canal" style="margin-bottom:8px; border-bottom:1px solid var(--line);">
+        <button role="tab" id="tab-python-prez"   aria-selected="true"  aria-controls="panel-python-prez"   tabindex="0"  class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:13px;">Prezentari JSON</button>
+        <button role="tab" id="tab-python-import" aria-selected="false" aria-controls="panel-python-import" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:13px;">Import fisier</button>
+      </div>
+      <div role="tabpanel" id="panel-python-prez" aria-labelledby="tab-python-prez">
+        <div style="position:relative;">
+          <button class="btn-copiaza" aria-label="Copiaza snippet python prezentari" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
+          <pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["prezentari"] | e }}</code></pre>
+        </div>
+        <div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
+      </div>
+      <div role="tabpanel" id="panel-python-import" aria-labelledby="tab-python-import" hidden>
+        <div style="position:relative;">
+          <button class="btn-copiaza" aria-label="Copiaza snippet python import" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
+          <pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["import"] | e }}</code></pre>
+        </div>
+        <div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
+      </div>
+    </div>
+
+    {# Panel PHP #}
+    <div role="tabpanel" id="panel-php" aria-labelledby="tab-php" hidden style="padding:16px 0 0;">
+      {% set ex = exemple["php"] %}
+      <div role="tablist" class="tab-bar" aria-label="Canal php" id="tl-php-canal" style="margin-bottom:8px; border-bottom:1px solid var(--line);">
+        <button role="tab" id="tab-php-prez"   aria-selected="true"  aria-controls="panel-php-prez"   tabindex="0"  class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:13px;">Prezentari JSON</button>
+        <button role="tab" id="tab-php-import" aria-selected="false" aria-controls="panel-php-import" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:13px;">Import fisier</button>
+      </div>
+      <div role="tabpanel" id="panel-php-prez" aria-labelledby="tab-php-prez">
+        <div style="position:relative;">
+          <button class="btn-copiaza" aria-label="Copiaza snippet php prezentari" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
+          <pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["prezentari"] | e }}</code></pre>
+        </div>
+        <div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
+      </div>
+      <div role="tabpanel" id="panel-php-import" aria-labelledby="tab-php-import" hidden>
+        <div style="position:relative;">
+          <button class="btn-copiaza" aria-label="Copiaza snippet php import" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
+          <pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["import"] | e }}</code></pre>
+        </div>
+        <div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
+      </div>
+    </div>
+
+    {# Panel C# #}
+    <div role="tabpanel" id="panel-csharp" aria-labelledby="tab-csharp" hidden style="padding:16px 0 0;">
+      {% set ex = exemple["csharp"] %}
+      <div role="tablist" class="tab-bar" aria-label="Canal csharp" id="tl-csharp-canal" style="margin-bottom:8px; border-bottom:1px solid var(--line);">
+        <button role="tab" id="tab-csharp-prez"   aria-selected="true"  aria-controls="panel-csharp-prez"   tabindex="0"  class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:13px;">Prezentari JSON</button>
+        <button role="tab" id="tab-csharp-import" aria-selected="false" aria-controls="panel-csharp-import" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:13px;">Import fisier</button>
+      </div>
+      <div role="tabpanel" id="panel-csharp-prez" aria-labelledby="tab-csharp-prez">
+        <div style="position:relative;">
+          <button class="btn-copiaza" aria-label="Copiaza snippet csharp prezentari" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
+          <pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["prezentari"] | e }}</code></pre>
+        </div>
+        <div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
+      </div>
+      <div role="tabpanel" id="panel-csharp-import" aria-labelledby="tab-csharp-import" hidden>
+        <div style="position:relative;">
+          <button class="btn-copiaza" aria-label="Copiaza snippet csharp import" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
+          <pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["import"] | e }}</code></pre>
+        </div>
+        <div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
+      </div>
+    </div>
+
+    {# Panel Node #}
+    <div role="tabpanel" id="panel-node" aria-labelledby="tab-node" hidden style="padding:16px 0 0;">
+      {% set ex = exemple["node"] %}
+      <div role="tablist" class="tab-bar" aria-label="Canal node" id="tl-node-canal" style="margin-bottom:8px; border-bottom:1px solid var(--line);">
+        <button role="tab" id="tab-node-prez"   aria-selected="true"  aria-controls="panel-node-prez"   tabindex="0"  class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:13px;">Prezentari JSON</button>
+        <button role="tab" id="tab-node-import" aria-selected="false" aria-controls="panel-node-import" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:13px;">Import fisier</button>
+      </div>
+      <div role="tabpanel" id="panel-node-prez" aria-labelledby="tab-node-prez">
+        <div style="position:relative;">
+          <button class="btn-copiaza" aria-label="Copiaza snippet node prezentari" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
+          <pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["prezentari"] | e }}</code></pre>
+        </div>
+        <div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
+      </div>
+      <div role="tabpanel" id="panel-node-import" aria-labelledby="tab-node-import" hidden>
+        <div style="position:relative;">
+          <button class="btn-copiaza" aria-label="Copiaza snippet node import" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
+          <pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["import"] | e }}</code></pre>
+        </div>
+        <div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
+      </div>
+    </div>
+
+    {# Panel VFP: tab-list SECUNDAR pentru dialecte #}
+    <div role="tabpanel" id="panel-vfp" aria-labelledby="tab-vfp" hidden style="padding:16px 0 0;">
+      <p class="muted" style="font-size:13px; margin:0 0 8px;">Visual FoxPro — alege dialectul COM:</p>
+      {# Dialecte VFP #}
+      <div role="tablist" class="tab-bar" aria-label="Dialecte VFP" id="tl-vfp-dialect" style="margin-bottom:12px; border-bottom:1px solid var(--line);">
+        <button role="tab" id="tab-vfp-msxml"   aria-selected="true"  aria-controls="panel-vfp-msxml"   tabindex="0"  class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:13px;">MSXML2</button>
+        <button role="tab" id="tab-vfp-winhttp" aria-selected="false" aria-controls="panel-vfp-winhttp" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:13px;">WinHttp</button>
+      </div>
+
+      {# MSXML2 #}
+      <div role="tabpanel" id="panel-vfp-msxml" aria-labelledby="tab-vfp-msxml">
+        {% set ex = exemple["vfp_msxml"] %}
+        <div role="tablist" class="tab-bar" aria-label="Canal vfp msxml" id="tl-vfp-msxml-canal" style="margin-bottom:8px; border-bottom:1px solid var(--line);">
+          <button role="tab" id="tab-vfp-msxml-prez"   aria-selected="true"  aria-controls="panel-vfp-msxml-prez"   tabindex="0"  class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:12px;">Prezentari JSON</button>
+          <button role="tab" id="tab-vfp-msxml-import" aria-selected="false" aria-controls="panel-vfp-msxml-import" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:12px;">Import fisier</button>
+        </div>
+        <div role="tabpanel" id="panel-vfp-msxml-prez" aria-labelledby="tab-vfp-msxml-prez">
+          <div style="position:relative;">
+            <button class="btn-copiaza" aria-label="Copiaza snippet VFP MSXML2 prezentari" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
+            <pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["prezentari"] | e }}</code></pre>
+          </div>
+          <div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
+        </div>
+        <div role="tabpanel" id="panel-vfp-msxml-import" aria-labelledby="tab-vfp-msxml-import" hidden>
+          <div style="position:relative;">
+            <button class="btn-copiaza" aria-label="Copiaza snippet VFP MSXML2 import" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
+            <pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["import"] | e }}</code></pre>
+          </div>
+          <div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
+        </div>
+      </div>
+
+      {# WinHttp #}
+      <div role="tabpanel" id="panel-vfp-winhttp" aria-labelledby="tab-vfp-winhttp" hidden>
+        {% set ex = exemple["vfp_winhttp"] %}
+        <div role="tablist" class="tab-bar" aria-label="Canal vfp winhttp" id="tl-vfp-winhttp-canal" style="margin-bottom:8px; border-bottom:1px solid var(--line);">
+          <button role="tab" id="tab-vfp-winhttp-prez"   aria-selected="true"  aria-controls="panel-vfp-winhttp-prez"   tabindex="0"  class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:12px;">Prezentari JSON</button>
+          <button role="tab" id="tab-vfp-winhttp-import" aria-selected="false" aria-controls="panel-vfp-winhttp-import" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:12px;">Import fisier</button>
+        </div>
+        <div role="tabpanel" id="panel-vfp-winhttp-prez" aria-labelledby="tab-vfp-winhttp-prez">
+          <div style="position:relative;">
+            <button class="btn-copiaza" aria-label="Copiaza snippet VFP WinHttp prezentari" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
+            <pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["prezentari"] | e }}</code></pre>
+          </div>
+          <div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
+        </div>
+        <div role="tabpanel" id="panel-vfp-winhttp-import" aria-labelledby="tab-vfp-winhttp-import" hidden>
+          <div style="position:relative;">
+            <button class="btn-copiaza" aria-label="Copiaza snippet VFP WinHttp import" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
+            <pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["import"] | e }}</code></pre>
+          </div>
+          <div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
+        </div>
+      </div>
+    </div>
+  </div>
+
+  {# Card: Export & referinta #}
+  <div class="card" style="margin-bottom:16px;">
+    <h3 style="margin:0 0 12px; font-size:15px;">Export &amp; referinta</h3>
+    <div style="display:flex; flex-wrap:wrap; gap:8px;">
+      <a class="cardlink" href="/docs" target="_blank" rel="noopener">Swagger UI — /docs</a>
+      <a class="cardlink" href="/openapi.json" target="_blank" rel="noopener">Schema OpenAPI — /openapi.json</a>
+      <a class="cardlink" href="/v1/integrare/postman.json" download>Colectie Postman — /v1/integrare/postman.json</a>
+    </div>
+  </div>
+
+  {# Formular test conexiune #}
+  <div class="card" style="margin-bottom:16px;">
+    <h3 style="margin:0 0 12px; font-size:15px;">Testeaza conexiunea</h3>
+    <form hx-post="/integrare/test-cheie"
+          hx-target="#integrare-test-rezultat"
+          hx-swap="innerHTML"
+          style="display:flex; gap:8px; flex-wrap:wrap; align-items:flex-end;">
+      <input type="hidden" name="csrf_token" value="{{ csrf_token }}">
+      <div>
+        <label for="test-api-key" style="display:block; font-size:13px; color:var(--muted); margin-bottom:4px;">Cheie API (rfak_...)</label>
+        <input type="password" id="test-api-key" name="api_key" placeholder="rfak_..."
+               style="width:280px;" autocomplete="off">
+        <p class="muted" style="font-size:12px; margin:4px 0 0;">Verificam doar daca cheia e valida. Nu o salvam si nu o memoram — cheia se gestioneaza in Cont.</p>
+      </div>
+      <button type="submit">Testeaza</button>
+    </form>
+    <div id="integrare-test-rezultat" style="margin-top:8px;"></div>
+  </div>
+
+</div>
+
+<script>
+(function() {
+  /* Navigare ARIA pentru tab-uri multiple (scoped pe containerul propriu). */
+  var root = document.getElementById('integrare-section');
+  if (!root) return;
+  root.querySelectorAll('[role="tablist"]').forEach(function(tablist) {
+    var tabs = Array.from(tablist.querySelectorAll('[role="tab"]'));
+    if (!tabs.length) return;
+
+    /* Navigare cu sageti, Home, End */
+    tablist.addEventListener('keydown', function(e) {
+      var idx = tabs.indexOf(document.activeElement);
+      if (idx === -1) return;
+      var next = -1;
+      if (e.key === 'ArrowRight' || e.key === 'ArrowDown') {
+        next = (idx + 1) % tabs.length;
+      } else if (e.key === 'ArrowLeft' || e.key === 'ArrowUp') {
+        next = (idx - 1 + tabs.length) % tabs.length;
+      } else if (e.key === 'Home') {
+        next = 0;
+      } else if (e.key === 'End') {
+        next = tabs.length - 1;
+      }
+      if (next !== -1) {
+        e.preventDefault();
+        tabs[next].focus();
+      }
+    });
+
+    /* Click pe tab: activeaza panelul corespunzator */
+    tabs.forEach(function(tab) {
+      tab.addEventListener('click', function() {
+        var panelId = tab.getAttribute('aria-controls');
+        if (!panelId) return;
+        /* Dezactiveaza toate tab-urile din acest tablist */
+        tabs.forEach(function(t) {
+          t.setAttribute('aria-selected', 'false');
+          t.setAttribute('tabindex', '-1');
+          t.classList.remove('tab-activ');
+          var pid = t.getAttribute('aria-controls');
+          if (pid) {
+            var p = document.getElementById(pid);
+            if (p) p.hidden = true;
+          }
+        });
+        /* Activeaza tab-ul curent */
+        tab.setAttribute('aria-selected', 'true');
+        tab.setAttribute('tabindex', '0');
+        tab.classList.add('tab-activ');
+        var panel = document.getElementById(panelId);
+        if (panel) panel.hidden = false;
+      });
+    });
+  });
+
+  /* Buton Copiaza: citeste textul din <pre><code> sibling, nu din data-* */
+  root.querySelectorAll('.btn-copiaza').forEach(function(btn) {
+    btn.addEventListener('click', function() {
+      var wrapper = btn.closest('div[style*="position:relative"]') || btn.parentElement;
+      var code = wrapper ? wrapper.querySelector('pre code') : null;
+      if (!code) return;
+      var text = code.innerText || code.textContent;
+      var feedback = wrapper.parentElement && wrapper.parentElement.querySelector('.copiaza-feedback');
+
+      if (navigator.clipboard && navigator.clipboard.writeText) {
+        navigator.clipboard.writeText(text).then(function() {
+          btn.textContent = 'Copiat';
+          setTimeout(function() { btn.textContent = 'Copiaza'; }, 2000);
+          if (feedback) {
+            feedback.textContent = 'Copiat!';
+            setTimeout(function() { feedback.textContent = ''; }, 2000);
+          }
+        }).catch(function() {
+          if (feedback) feedback.textContent = 'Eroare la copiere.';
+        });
+      } else {
+        /* Fallback pentru browsere fara Clipboard API */
+        var ta = document.createElement('textarea');
+        ta.value = text;
+        ta.style.position = 'fixed';
+        ta.style.opacity = '0';
+        document.body.appendChild(ta);
+        ta.select();
+        try {
+          document.execCommand('copy');
+          btn.textContent = 'Copiat';
+          setTimeout(function() { btn.textContent = 'Copiaza'; }, 2000);
+          if (feedback) {
+            feedback.textContent = 'Copiat!';
+            setTimeout(function() { feedback.textContent = ''; }, 2000);
+          }
+        } catch(err) {
+          if (feedback) feedback.textContent = 'Eroare la copiere.';
+        }
+        document.body.removeChild(ta);
+      }
+    });
+  });
+})();
+</script>
diff --git a/app/web/templates/_integrare_test_rezultat.html b/app/web/templates/_integrare_test_rezultat.html
new file mode 100644
index 0000000..566dcad
--- /dev/null
+++ b/app/web/templates/_integrare_test_rezultat.html
@@ -0,0 +1,9 @@
+{% if succes %}
+<div class="flash" aria-live="polite" role="status">
+  {{ mesaj }}
+</div>
+{% else %}
+<div class="banner" aria-live="polite" role="alert">
+  {{ mesaj }}
+</div>
+{% endif %}
diff --git a/app/web/templates/dashboard.html b/app/web/templates/dashboard.html
index f68f107..183ef90 100644
--- a/app/web/templates/dashboard.html
+++ b/app/web/templates/dashboard.html
@@ -21,12 +21,13 @@
 <!-- Tab-bar: navigare intre sectiuni -->
 <div role="tablist" class="tab-bar" aria-label="Sectiuni dashboard">
   {# US-003 (3.6): tab-ul "Trimiteri" (coada) a fost eliminat — Trimiterile traiesc
-     ca sectiune permanenta pe Acasa. Raman: Acasa·Mapari·Cont·Nomenclator. #}
+     ca sectiune permanenta pe Acasa. Raman: Acasa·Mapari·Cont·Nomenclator·Integrare. #}
   {% set tabs = [
     ("acasa",       "Acasa",       "tab-acasa"),
     ("mapari",      "Mapari",      "tab-mapari"),
     ("cont",        "Cont",        "tab-cont"),
-    ("nomenclator", "Nomenclator", "tab-nomenclator")
+    ("nomenclator", "Nomenclator", "tab-nomenclator"),
+    ("integrare",   "Integrare",   "tab-integrare")
   ] %}
   {% for tab_id, tab_label, tab_elem_id in tabs %}
   {% set badge = (badges.get(tab_id, 0) if badges else 0) %}
@@ -52,40 +53,44 @@
 
 <script>
 (function() {
-  /* Navigare cu sageti intre tab-uri (ARIA pattern) */
-  var tablist = document.querySelector('[role="tablist"]');
-  if (!tablist) return;
-  var tabs = Array.from(tablist.querySelectorAll('[role="tab"]'));
-  tablist.addEventListener('keydown', function(e) {
-    var idx = tabs.indexOf(document.activeElement);
-    if (idx === -1) return;
-    var next = -1;
-    if (e.key === 'ArrowRight' || e.key === 'ArrowDown') {
-      next = (idx + 1) % tabs.length;
-    } else if (e.key === 'ArrowLeft' || e.key === 'ArrowUp') {
-      next = (idx - 1 + tabs.length) % tabs.length;
-    } else if (e.key === 'Home') {
-      next = 0;
-    } else if (e.key === 'End') {
-      next = tabs.length - 1;
-    }
-    if (next !== -1) {
-      e.preventDefault();
-      tabs[next].focus();
-    }
-  });
+  /* Navigare cu sageti intre tab-uri (ARIA pattern) — scoped pe fiecare tablist.
+     Folosim querySelectorAll pentru a suporta multiple tablist-uri pe pagina
+     (tab-bar principal + tab-urile interne din panoul Integrare). */
+  document.querySelectorAll('[role="tablist"]').forEach(function(tablist) {
+    var tabs = Array.from(tablist.querySelectorAll('[role="tab"]'));
+    if (!tabs.length) return;
 
-  /* La click pe tab: actualizeaza aria-selected + tabindex */
-  tabs.forEach(function(tab) {
-    tab.addEventListener('click', function() {
-      tabs.forEach(function(t) {
-        t.setAttribute('aria-selected', 'false');
-        t.setAttribute('tabindex', '-1');
-        t.classList.remove('tab-activ');
+    tablist.addEventListener('keydown', function(e) {
+      var idx = tabs.indexOf(document.activeElement);
+      if (idx === -1) return;
+      var next = -1;
+      if (e.key === 'ArrowRight' || e.key === 'ArrowDown') {
+        next = (idx + 1) % tabs.length;
+      } else if (e.key === 'ArrowLeft' || e.key === 'ArrowUp') {
+        next = (idx - 1 + tabs.length) % tabs.length;
+      } else if (e.key === 'Home') {
+        next = 0;
+      } else if (e.key === 'End') {
+        next = tabs.length - 1;
+      }
+      if (next !== -1) {
+        e.preventDefault();
+        tabs[next].focus();
+      }
+    });
+
+    /* La click pe tab: actualizeaza aria-selected + tabindex (scoped pe tablist-ul curent) */
+    tabs.forEach(function(tab) {
+      tab.addEventListener('click', function() {
+        tabs.forEach(function(t) {
+          t.setAttribute('aria-selected', 'false');
+          t.setAttribute('tabindex', '-1');
+          t.classList.remove('tab-activ');
+        });
+        tab.setAttribute('aria-selected', 'true');
+        tab.setAttribute('tabindex', '0');
+        tab.classList.add('tab-activ');
       });
-      tab.setAttribute('aria-selected', 'true');
-      tab.setAttribute('tabindex', '0');
-      tab.classList.add('tab-activ');
     });
   });
 })();
diff --git a/docs/ROADMAP.md b/docs/ROADMAP.md
index 155ef30..25a9cae 100644
--- a/docs/ROADMAP.md
+++ b/docs/ROADMAP.md
@@ -48,7 +48,7 @@ Reguli de contract (detalii in `docs/api-rar-contract.md`): `FINALIZATA` e termi
 > PRD-uri (`docs/prd/prd-X.Y-*.md`), linkate in coloana Detalii. La fiecare livrabila terminata:
 > schimba statusul + data + linkul PRD si actualizeaza "Ultima actualizare".
 
-**Ultima actualizare**: 2026-06-22 — 3.6 INCHIS (editare celule in preview + Acasa unificata). CLOSE: `/code-review` high a prins 1 bug real (decriptare `override_json` neprotejata de try/except in ambele cai de preview — 500 pe tot batch-ul la rotatie cheie Fernet vs. `raw_json` care degrada gratios), reparat in `import_router.preview_import` + `routes._web_compute_preview`; duplicarea `_override_of`/canonicalize notata ca cleanup viitor. 523 teste pass. 7 stories in 3 valuri, executate de 2 echipe in paralel (TeamCreate) pe fisiere disjuncte (core: routes/import/templates; mapari: `_mapari.html`) + US-007 secvential. Livrate: tab "Trimiteri" eliminat→sectiune "Trimiterile tale" sub upload pe Acasa (US-003); upload bara slim accentuata cu hero la first-run (US-004); editare de celule in preview prin `import_rows.override_json` (Approach B, Fernet, patch canonic aplicat ULTIMUL in `_resolve_row_for_preview`+`commit_import` — completeaza inclusiv coloane ABSENTE din fisier), mutatie pura cu status rederivat (US-001); buton Editeaza pe rand cu swap pe `<tr>`+OOB contoare (nu pe sectiune), form propriu, mutual-exclusion, reuse grila `_trimitere_detaliu.html` (US-002); Mapari + formate de coloane ca tabele `.tablewrap`, H4 auto_send stocat (US-005/006); bifa "auto-send"→comutator etichetat pe COADA ("Pune automat in coada"/"Tine pentru verificare"), scoped pe operatie, `name=auto_send` pastrat (zero backend) (US-007). 523 teste pass. **VERIFY**: E2E browser pe `/` (Acasa unificata, upload slim, editare rand needs_data→ok cu swap pe rand + contoare OOB, Mapari tabelar + comutator) + LIVE pe RAR test — import fara coloana data → editarea completeaza data (override) → commit → worker login RAR test → `postPrezentare` → `sent` cu `idPrezentare=68696`, confirmat independent in lista finalizate RAR. 3 bug-uri JS (htmx 1.9.12) prinse DOAR la E2E in browser (invizibile la TestClient) si reparate: `useTemplateFragments=true` (raspunsul `<tr>`+OOB era parsat in context de tabel → `swapError` + contoare pierdute), re-activare `confirm-btn` deferita pe tick (race `editing=true` tranzitoriu), `n-hint` ok-count actualizat de `updateN`. Backend trimitere (worker, masina stari, idempotenta-logica, mapping-rezolvare) NEATINS — singura atingere de schema: 1 coloana nullable `override_json` cu migrare defensiva. PRD: [prd-3.6](prd/prd-3.6-editare-preview-acasa-unificata.md). | ISTORIC: 3.5 LIVRAT (dashboard compact). 11 stories in 4 valuri, TDD. US-001 bara status compacta pe 2 randuri cu bife accesibile (glife ✓/✗ + text, nu doar culoare) + `format_data_rar` (dd.mm.yyyy hh24:mi:ss, helper pur). US-002 Acasa = ecranul de import (upload dominant inline, tab Import scos, `?tab=import`→Acasa fara 404). US-003 helper pur partajat `app/payload_view.py` (payload→campuri afisabile, defensiv, coercion Excel) refolosit si de `GET /v1/prezentari` (DRY). US-004 "Coada"→"Trimiteri": coloane RO + stare umana + detaliu complet la click in panou dedicat `#trimitere-detaliu` (nu inline — poll 10s), scoped 404 cross-account. US-005/006 CRUD mapari operatii + formate coloane salvate (scoped, re-rezolvare auto la edit cod). US-007 "Mapari" 3 sectiuni (de rezolvat / op salvate / formate coloane), "Cont" doar cheie+creds. US-008 motiv (mesaj validare) pe randuri needs_data in preview. US-009 filtre Trimiteri (stare SQL / vehicul+data Python) scoped + "sterge filtrele". US-010 corectie inline needs_data→queued cu payload+idempotency recalculate, sent read-only (403), coliziune idempotency prinsa pre-UPDATE. US-011 badge contoare pe tab-uri (Mapari/Trimiteri), scoped, aria-label. VERIFY context curat PASS (483 teste; E2E browser/RAR LIVE neprobat — recomandata probare manuala `--send`). `/code-review` high a prins 4 findings reale, toate reparate: corectie needs_mapping re-rezolva prestatiile (nu mai poate trimite cod nul la RAR), filtru fara LIMIT silentios, coliziune idempotency atomica (try/except IntegrityError), comparatie data doar ISO. Backend trimitere (worker, masina stari, idempotenta-logica, mapping-rezolvare, schema) NEATINS. PRD: [prd-3.5](prd/prd-3.5-dashboard-compact-trimiteri-mapari.md). Urmeaza Etapa 4 (4.1 mapare AI/MCP).
+**Ultima actualizare**: 2026-06-22 — 5.1 LIVRAT (Hub de integrare `/integrare`: exemple cod multi-limbaj + retetar VFP cu 2 dialecte + `GET /v1/ping` readiness + export Postman/OpenAPI + "Testeaza conexiunea"). 4 stories in 2 valuri (Val 1 = US-001/US-002/US-004 paralel pe fisiere disjuncte via Agent team; Val 2 = US-003 UI). Atentie operationala: US-003 a rulat intr-un worktree branched din ultimul commit (FARA modificarile necomise ale US-004 din working-tree) si la "copiere manuala" a SUPRASCRIS `routes.py`, stergand ruta `POST /integrare/test-cheie` (8 teste 404) — reparat prin re-aplicarea rutei de catre autorul US-004 pe `routes.py` curent. Lectie: stories care ating acelasi fisier in valuri diferite + worktree = clobber daca worktree-ul nu vede working-tree-ul; foloseste fisiere disjuncte SAU merge atent de catre lead. VERIFY context curat PASS (568 teste) + E2E browser Playwright (deep-link server-side, IA pe 2 niveluri, VFP cu 3 niveluri de tab comuta corect, copy, htmx test-cheie → fragment eroare, 0 erori consola) + enqueue live (`POST /v1/prezentari` → queued); live RAR `FINALIZATA` NEPROBAT in sesiune (lipsa `AUTOPASS_CREDS_KEY`/creds RAR test) — risc minim, backend trimitere NEATINS. `/code-review` high a prins 4 bug-uri reale (toate in suprafata noua, reparate + lock-uite cu teste): snippet C# JSON multi-linie nevalid (CS1010), snippet VFP `json.dumps(indent=0)` inca cu newline-uri → string literal rupt in ambele dialecte, snippet Node `node:buffer` nu exporta FormData → TypeError, script `_integrare.html` ne-scoped acumuland event-listeneri pe tab-bar-ul principal la fiecare swap htmx (scoped pe `#integrare-section`). Notat ca cleanup viitor (nereparat): `_render_integrare` dubleaza SQL `are_creds`/`are_cheie`, `ping` cu 2 conexiuni DB + `account_for_key` de 2 ori, `_campuri_obligatorii` necache-uit, panouri limbaj copy-paste (candidat macro Jinja2). Backend trimitere (worker/masina stari/idempotenta/mapping) si schema NEATINSE. PRD: [prd-5.1](prd/prd-5.1-hub-integrare.md). | ISTORIC: 3.6 INCHIS (editare celule in preview + Acasa unificata). CLOSE: `/code-review` high a prins 1 bug real (decriptare `override_json` neprotejata de try/except in ambele cai de preview — 500 pe tot batch-ul la rotatie cheie Fernet vs. `raw_json` care degrada gratios), reparat in `import_router.preview_import` + `routes._web_compute_preview`; duplicarea `_override_of`/canonicalize notata ca cleanup viitor. 523 teste pass. 7 stories in 3 valuri, executate de 2 echipe in paralel (TeamCreate) pe fisiere disjuncte (core: routes/import/templates; mapari: `_mapari.html`) + US-007 secvential. Livrate: tab "Trimiteri" eliminat→sectiune "Trimiterile tale" sub upload pe Acasa (US-003); upload bara slim accentuata cu hero la first-run (US-004); editare de celule in preview prin `import_rows.override_json` (Approach B, Fernet, patch canonic aplicat ULTIMUL in `_resolve_row_for_preview`+`commit_import` — completeaza inclusiv coloane ABSENTE din fisier), mutatie pura cu status rederivat (US-001); buton Editeaza pe rand cu swap pe `<tr>`+OOB contoare (nu pe sectiune), form propriu, mutual-exclusion, reuse grila `_trimitere_detaliu.html` (US-002); Mapari + formate de coloane ca tabele `.tablewrap`, H4 auto_send stocat (US-005/006); bifa "auto-send"→comutator etichetat pe COADA ("Pune automat in coada"/"Tine pentru verificare"), scoped pe operatie, `name=auto_send` pastrat (zero backend) (US-007). 523 teste pass. **VERIFY**: E2E browser pe `/` (Acasa unificata, upload slim, editare rand needs_data→ok cu swap pe rand + contoare OOB, Mapari tabelar + comutator) + LIVE pe RAR test — import fara coloana data → editarea completeaza data (override) → commit → worker login RAR test → `postPrezentare` → `sent` cu `idPrezentare=68696`, confirmat independent in lista finalizate RAR. 3 bug-uri JS (htmx 1.9.12) prinse DOAR la E2E in browser (invizibile la TestClient) si reparate: `useTemplateFragments=true` (raspunsul `<tr>`+OOB era parsat in context de tabel → `swapError` + contoare pierdute), re-activare `confirm-btn` deferita pe tick (race `editing=true` tranzitoriu), `n-hint` ok-count actualizat de `updateN`. Backend trimitere (worker, masina stari, idempotenta-logica, mapping-rezolvare) NEATINS — singura atingere de schema: 1 coloana nullable `override_json` cu migrare defensiva. PRD: [prd-3.6](prd/prd-3.6-editare-preview-acasa-unificata.md). | ISTORIC: 3.5 LIVRAT (dashboard compact). 11 stories in 4 valuri, TDD. US-001 bara status compacta pe 2 randuri cu bife accesibile (glife ✓/✗ + text, nu doar culoare) + `format_data_rar` (dd.mm.yyyy hh24:mi:ss, helper pur). US-002 Acasa = ecranul de import (upload dominant inline, tab Import scos, `?tab=import`→Acasa fara 404). US-003 helper pur partajat `app/payload_view.py` (payload→campuri afisabile, defensiv, coercion Excel) refolosit si de `GET /v1/prezentari` (DRY). US-004 "Coada"→"Trimiteri": coloane RO + stare umana + detaliu complet la click in panou dedicat `#trimitere-detaliu` (nu inline — poll 10s), scoped 404 cross-account. US-005/006 CRUD mapari operatii + formate coloane salvate (scoped, re-rezolvare auto la edit cod). US-007 "Mapari" 3 sectiuni (de rezolvat / op salvate / formate coloane), "Cont" doar cheie+creds. US-008 motiv (mesaj validare) pe randuri needs_data in preview. US-009 filtre Trimiteri (stare SQL / vehicul+data Python) scoped + "sterge filtrele". US-010 corectie inline needs_data→queued cu payload+idempotency recalculate, sent read-only (403), coliziune idempotency prinsa pre-UPDATE. US-011 badge contoare pe tab-uri (Mapari/Trimiteri), scoped, aria-label. VERIFY context curat PASS (483 teste; E2E browser/RAR LIVE neprobat — recomandata probare manuala `--send`). `/code-review` high a prins 4 findings reale, toate reparate: corectie needs_mapping re-rezolva prestatiile (nu mai poate trimite cod nul la RAR), filtru fara LIMIT silentios, coliziune idempotency atomica (try/except IntegrityError), comparatie data doar ISO. Backend trimitere (worker, masina stari, idempotenta-logica, mapping-rezolvare, schema) NEATINS. PRD: [prd-3.5](prd/prd-3.5-dashboard-compact-trimiteri-mapari.md). Urmeaza Etapa 4 (4.1 mapare AI/MCP).
 
 > 2026-06-18 — 3.4 LIVRAT (interfata web ergonomica: tab-uri + wizard + microcopy). US-001 modul pur `app/web/labels.py` (stari tehnice→text uman + clasa CSS; test parametrizat din CHECK-ul `schema.sql` iese rosu la stare nemapata). US-002 bara status `/_fragments/status` + `_status.html` (etichete umane, defalcare blocate pe motiv, poll 15s, scoped pe cont). US-003 shell 6 tab-uri (Acasa·Import·Coada·Mapari·Cont·Nomenclator) cu deep-link `?tab=`, panou activ randat server-side, fragmente inactive lazy pe click, ARIA real (tablist/tab/tabpanel + aria-selected + navigare cu sageti). US-004 stepper import 4 pasi (PUR vizual, `hx-target="#import-section"` + csrf pastrate). US-005 Acasa onboarding checklist auto-bifat (are_creds/are_trimiteri) + colaps cand totul gata + empty states prietenoase Coada/Mapari. VERIFY lead-driven (TestClient ACs + 434 pytest pass; E2E browser/RAR LIVE neprobat in sesiune — recomandata probare manuala `--send`). Fix izolare teste (reset `ratelimit._hits` in fixturi, 429 la rulare subset). `/code-review` high: regasit avertisment "cont in asteptare de activare" (regresie din scoaterea `/_fragments/banner`) re-introdus in bara status + culori hardcodate→variabile paleta. 434 teste pass. Backend trimitere neatins. PRD: [prd-3.4](prd/prd-3.4-ux-dashboard-web.md). Urmeaza Etapa 4 (4.1 mapare AI/MCP).
 
@@ -96,7 +96,7 @@ Reguli de contract (detalii in `docs/api-rar-contract.md`): `FINALIZATA` e termi
 
 | # | Livrabila | Status | Data | Detalii |
 |---|-----------|--------|------|---------|
-| 5.1 | Hub de integrare (pagina `/integrare` autentificata): exemple cod multi-limbaj (curl/Python/PHP/C#/Node) + retetar **Visual FoxPro** (POST via `MSXML2.ServerXMLHTTP` + upload CSV) + export OpenAPI/Postman + buton "Testeaza conexiunea" | TODO | | cel mai mare wedge de adoptie; absoarbe optiunea "doar exemple markdown" |
+| 5.1 | Hub de integrare (pagina `/integrare` autentificata): exemple cod multi-limbaj (curl/Python/PHP/C#/Node) + retetar **Visual FoxPro** (POST via `MSXML2.ServerXMLHTTP` + upload CSV) + export OpenAPI/Postman + buton "Testeaza conexiunea" | DONE | 2026-06-22 | 4 stories (2 valuri, 2 echipe paralel + restore dupa clobber de merge). US-001 `GET /v1/ping` readiness (`account_id/mediu/autentificat_cu_cheie/are_creds_rar/ts`) + `GET /v1/integrare/postman.json` (v2.1.0, allowlist 3 rute). US-002 `integrare_examples.py` pur (7 limbaje × 2 canale, drift-test `is_required()`). US-003 tab "Integrare" IA pe 2 niveluri (limbaj→canal, VFP cu dialecte MSXML2/WinHttp), copy din `<pre><code>`, empty-state CTA, export `.cardlink`, doar tokens. US-004 `POST /integrare/test-cheie` (`account_for_key` direct, scoped sesiune, no-echo). VERIFY: 568 teste + E2E browser (Playwright: VFP 3 niveluri comuta, htmx test-cheie → fragment eroare, 0 erori consola) + enqueue live; live RAR neprobat (lipsa creds key). `/code-review` high: 4 bug-uri reale reparate (C#/VFP snippet JSON multi-linie nevalid, Node `node:buffer` fara FormData, script ne-scoped acumuland listeneri). Backend trimitere NEATINS. PRD: [prd-5.1](prd/prd-5.1-hub-integrare.md) |
 | 5.2 | Endpoint dry-run `POST /v1/prezentari/valideaza` — valideaza payload + mapare, intoarce erorile reale FARA enqueue | TODO | | "magical moment" pt integratori; refoloseste `validation.py`+`mapping.py`, NU atinge coada |
 | 5.3 | Light/Dark mode — toggle in header, persistat (cookie/localStorage); CSS deja pe variabile `:root` | TODO | | efort mic, cerut explicit |
 | 5.4 | Erori pe 3 niveluri (problema + cauza + fix) pe API si UI | TODO | | DX: fight uncertainty; reduce suportul |
diff --git a/docs/prd/prd-5.1-hub-integrare.md b/docs/prd/prd-5.1-hub-integrare.md
index 3e9a47c..67f2399 100644
--- a/docs/prd/prd-5.1-hub-integrare.md
+++ b/docs/prd/prd-5.1-hub-integrare.md
@@ -1,6 +1,6 @@
 # PRD 5.1 — Hub de integrare (pagina /integrare cu exemple de cod + retetar VFP + ping + export)
 
-**Stare**: aprobat (2026-06-22 — intrebari deschise rezolvate; 3 review-uri de plan rulate si incorporate (CEO/eng/design, toate APROB CU MODIFICARI); aprobat la poarta umana. Urmeaza EXECUTE)
+**Stare**: inchis (2026-06-22 — VERIFY PASS + E2E browser PASS + `/code-review` high incorporat; 568 teste pass; writeback ROADMAP facut; asteapta poarta umana de commit)
 
 > Proces complet: `docs/ROADMAP.md` §5. Contract RAR (sursa de adevar): `docs/api-rar-contract.md`.
 > Starea trece: `draft → aprobat → in-executie → verify-pass → inchis` (actualizata de lead).
@@ -66,16 +66,16 @@ de importat **pentru ca** sa-mi validez conexiunea inainte sa trimit prezentari
   `test_postman_contine_exact_trei_requesturi` (prezentari, import, ping; header `X-API-Key: {{api_key}}`; `{{base_url}}`),
   `test_postman_nu_deriva_din_app_routes` (allowlist hardcodat — NU expune `/v1/conturi/rar-creds` etc.).
 - **Acceptance criteria**:
-  - [ ] `GET /v1/ping` (dependinta `resolve_account_id`) = **readiness check**, nu doar auth-echo: cheie valida → 200
+  - [x] `GET /v1/ping` (dependinta `resolve_account_id`) = **readiness check**, nu doar auth-echo: cheie valida → 200
         `{account_id, mediu, autentificat_cu_cheie, are_creds_rar, ts}`; cheie invalida → 401; fara cheie cu
         `require_api_key=true` → 401; fara cheie in dev → cont 1 cu `autentificat_cu_cheie=false`. (`are_creds_rar` = contul are
         `accounts.rar_creds_enc` setate; citire-only, raspunde la "esti gata sa trimiti?", nu doar "cheia merge". CEO-review P1/P2.)
-  - [ ] Suporta si `Authorization: Bearer rfak_...` (al doilea header documentat in pagina).
-  - [ ] `GET /v1/integrare/postman.json`: colectie Postman v2.1.0 cu variabile `base_url` + `api_key`, **exact 3 requesturi**
+  - [x] Suporta si `Authorization: Bearer rfak_...` (al doilea header documentat in pagina).
+  - [x] `GET /v1/integrare/postman.json`: colectie Postman v2.1.0 cu variabile `base_url` + `api_key`, **exact 3 requesturi**
         (allowlist hardcodat, NU derivat din `app.routes`): `POST /v1/prezentari`, `POST /v1/import`, `GET /v1/ping`, fiecare cu
         header `X-API-Key: {{api_key}}` si body exemplu (pt prezentari: payload din schema reala `PrezentareRequest`, inclusiv `prestatii`).
-  - [ ] `/openapi.json` ramane accesibil (FastAPI implicit) — niciun regres.
-  - [ ] NU atinge `submissions`, worker, schema. `are_creds_rar` = SELECT read-only pe `accounts`.
+  - [x] `/openapi.json` ramane accesibil (FastAPI implicit) — niciun regres.
+  - [x] NU atinge `submissions`, worker, schema. `are_creds_rar` = SELECT read-only pe `accounts`.
 - **Verificare E2E**: `curl -H "X-API-Key: rfak_..." http://localhost:8010/v1/ping` pe instanta locala → 200 cu contul corect +
   `are_creds_rar`; import `postman.json` in Postman/Swagger.
 
@@ -98,13 +98,13 @@ de importat **pentru ca** sa-mi validez conexiunea inainte sa trimit prezentari
   `test_prestatii_in_snippet_are_cod` (item-ul `prestatii` are `cod_prestatie` SAU `cod_op_service` — vezi `PrestatieItem._require_one`),
   `test_placeholder_cheie_nu_e_valoare_reala` (mereu `rfak_...`, niciodata o cheie injectata).
 - **Acceptance criteria**:
-  - [ ] Functie pura `exemple(base_url: str, account_id: int) -> dict` care intoarce, per limbaj, snippet pt ambele canale.
-  - [ ] Placeholder cheie = `rfak_...` (constant), endpoint-ul derivat din `base_url`.
-  - [ ] Payload-ul JSON reflecta schema reala (`PrezentareRequest`): `rar_credentials{email,password}` + `prezentari[]` cu
+  - [x] Functie pura `exemple(base_url: str, account_id: int) -> dict` care intoarce, per limbaj, snippet pt ambele canale.
+  - [x] Placeholder cheie = `rfak_...` (constant), endpoint-ul derivat din `base_url`.
+  - [x] Payload-ul JSON reflecta schema reala (`PrezentareRequest`): `rar_credentials{email,password}` + `prezentari[]` cu
         **toate** campurile obligatorii prin `is_required()`, **inclusiv `prestatii` cu cel putin un item valid** (eng-review P1:
         `prestatii` e fara default → obligatoriu; un payload fara el ar fi nevalid, exact ce pagina trebuie sa previna).
-  - [ ] Drift-test foloseste `field.is_required()` (nu doar prezenta cheii), ca sa nu raporteze fals campurile cu default.
-  - [ ] Fara I/O, fara DB, fara stare globala — pur (usor de testat).
+  - [x] Drift-test foloseste `field.is_required()` (nu doar prezenta cheii), ca sa nu raporteze fals campurile cu default.
+  - [x] Fara I/O, fara DB, fara stare globala — pur (usor de testat).
 - **Verificare E2E**: acoperita de UI (US-003) + unit teste.
 
 ### US-003: UI — tab "Integrare" cu exemple, retetar VFP si export
@@ -128,24 +128,24 @@ sa integrez gateway-ul fara sa caut prin README/Swagger.
   `test_empty_state_cta_cont_cand_fara_cheie_sau_creds`,
   `test_fara_culori_hardcodate_doar_tokens` (snippet-ul template-ului nu contine `#`-hex; doar `var(--...)`).
 - **Acceptance criteria**:
-  - [ ] Tab nou "Integrare" in nav (`dashboard.html`), `integrare` in `_TABS_VALIDE`, **branch nou in `_render_panel_for_tab`**,
+  - [x] Tab nou "Integrare" in nav (`dashboard.html`), `integrare` in `_TABS_VALIDE`, **branch nou in `_render_panel_for_tab`**,
         deep-link `/?tab=integrare` randat server-side, fragment lazy pe click (pattern identic cu Mapari/Cont). NU atinge `_render_panel_import`/`coada`.
-  - [ ] **IA pe doua niveluri (design-review P1):** tab primar = LIMBAJ (curl/Python/PHP/C#/Node/VFP) — VFP e UN tab, nu sectiune
+  - [x] **IA pe doua niveluri (design-review P1):** tab primar = LIMBAJ (curl/Python/PHP/C#/Node/VFP) — VFP e UN tab, nu sectiune
         separata; in panelul VFP, al doilea tablist = dialect (MSXML2 / WinHttp). Tab secundar (in fiecare panel de limbaj) = CANAL
         (Prezentari JSON / Import fisier). Se vede UN singur snippet o data (fara produs cartezian 14-snippet pe ecran).
-  - [ ] **Refolosire ARIA (design-review P1):** generalizeaza scriptul de keyboard-nav din `dashboard.html` (sageti/Home/End,
+  - [x] **Refolosire ARIA (design-review P1):** generalizeaza scriptul de keyboard-nav din `dashboard.html` (sageti/Home/End,
         roving `tabindex`, sync `aria-selected`+`aria-controls`) ca sa prinda ORICE `[role=tablist]`, scoped pe containerul propriu
         (nu primul `querySelector` global) — altfel tab-urile imbricate (limbaj/canal/VFP-dialect) intra in conflict pe `ArrowRight`.
-  - [ ] **Copy-to-clipboard (design-review P2):** buton per snippet care citeste textul din `<pre><code>` asociat (NU din `data-*`);
+  - [x] **Copy-to-clipboard (design-review P2):** buton per snippet care citeste textul din `<pre><code>` asociat (NU din `data-*`);
         feedback in `aria-live="polite"` + label "Copiat" cu revenire la "Copiaza" dupa ~2s; `navigator.clipboard` cu `.catch()` +
         fallback pt context ne-securizat (selecteaza textul + "Ctrl+C") — butonul nu ramane blocat fals pe "Copiat".
-  - [ ] **Empty-state onboarding (design-review P2 + CEO P1):** cand sesiunea NU are cheie rotita sau NU are creds RAR, afiseaza
+  - [x] **Empty-state onboarding (design-review P2 + CEO P1):** cand sesiunea NU are cheie rotita sau NU are creds RAR, afiseaza
         deasupra snippet-urilor un empty-state cu CTA direct `href="/?tab=cont"` ("Genereaza cheia din Cont; o vezi o singura data").
         Snippet-urile raman vizibile (placeholder-based). Flux de onboarding continuu, nu doar o nota text.
-  - [ ] Card separat "Export & referinta" (componenta `.cardlink`): Swagger `/docs`, `GET /openapi.json`, `GET /v1/integrare/postman.json`
+  - [x] Card separat "Export & referinta" (componenta `.cardlink`): Swagger `/docs`, `GET /openapi.json`, `GET /v1/integrare/postman.json`
         (Postman = `download`; restul `target="_blank" rel="noopener"`).
-  - [ ] Integreaza formularul "Testeaza conexiunea" din US-004 (primul card al panoului; markup-ul tinteste ruta US-004).
-  - [ ] **Tokens de tema (design-review P3, pregatire 5.3):** template-ul foloseste DOAR variabilele din `:root`
+  - [x] Integreaza formularul "Testeaza conexiunea" din US-004 (primul card al panoului; markup-ul tinteste ruta US-004).
+  - [x] **Tokens de tema (design-review P3, pregatire 5.3):** template-ul foloseste DOAR variabilele din `:root`
         (`--bg`/`--card`/`--ink`/`--muted`/`--line`/`--accent`), zero culori hex hardcodate; fara highlight de sintaxa colorat
         (ar introduce paleta noua). Cod copiabil pe `--ink`, nu `--muted`.
 - **Verificare E2E**: browser pe `/integrare` — comuta limbaj (inclusiv VFP cu dialect), comuta canal, copiaza un snippet (vezi
@@ -169,16 +169,16 @@ integrarea va autentifica corect inainte sa scriu cod.
   `test_csrf_lipsa_respinsa`,
   `test_cheia_nu_apare_in_raspuns_sau_log` (no echo).
 - **Acceptance criteria**:
-  - [ ] `POST /integrare/test-cheie` (`require_login`, CSRF): valideaza cheia lipita prin **`account_for_key` direct** (NU
+  - [x] `POST /integrare/test-cheie` (`require_login`, CSRF): valideaza cheia lipita prin **`account_for_key` direct** (NU
         `resolve_account_id` — altfel in dev o cheie goala/gunoi ar cadea pe cont 1 si ar raporta fals "valida"); confirma DOAR
         daca mapeaza pe **contul sesiunii**; altfel mesaj neutru ("nu apartine contului tau", fara sa dezvaluie care cont).
-  - [ ] Cheie revocata (dupa rotire) → tratata ca invalida (`account_for_key` filtreaza `active=1`).
-  - [ ] Niciun echo al cheii in raspuns/log (regula 422-no-echo din `main.py`).
-  - [ ] Raspuns HTML fragment dedicat (`_integrare_test_rezultat.html`), htmx swap intr-un container `aria-live="polite"`:
+  - [x] Cheie revocata (dupa rotire) → tratata ca invalida (`account_for_key` filtreaza `active=1`).
+  - [x] Niciun echo al cheii in raspuns/log (regula 422-no-echo din `main.py`).
+  - [x] Raspuns HTML fragment dedicat (`_integrare_test_rezultat.html`), htmx swap intr-un container `aria-live="polite"`:
         succes pe `.flash` (border `--ok`, "Cheie valida — cont X"), eroare pe `.banner` (border `--err`). Label uman, fara emoji.
-  - [ ] Input `type=password` + `autocomplete="off"`; microcopy anti-confuzie langa camp: "Verificam doar daca cheia e valida.
+  - [x] Input `type=password` + `autocomplete="off"`; microcopy anti-confuzie langa camp: "Verificam doar daca cheia e valida.
         Nu o salvam si nu o memoram — cheia se gestioneaza in Cont." Buton "Testeaza conexiunea" (NU "Salveaza").
-  - [ ] NU creeaza/roteste chei (doar verifica) — fara efecte secundare.
+  - [x] NU creeaza/roteste chei (doar verifica) — fara efecte secundare.
 - **Verificare E2E**: browser — lipeste cheia reala (din rotire `/cont`) → "valida, cont X"; lipeste gunoi → eroare clara;
   lipeste cheia veche dupa rotire → respinsa.
 
@@ -253,3 +253,29 @@ trimite), fara suport uman si fara sa atinga README/Swagger separat.
       tema (pregatire 5.3); microcopy anti-confuzie + `type=password` la test-cheie.
 
 Toate cele trei: **APROB CU MODIFICARI**, modificarile incorporate mai sus. Asteapta poarta umana de aprobare (§5.8) → `aprobat`.
+
+---
+
+## Raport VERIFY (2026-06-22 — subagent context curat + E2E browser lead)
+
+**Rezultat: PASS** (dupa o runda de fix pe 4 discrepante minore).
+
+- **Suita**: `python3 -m pytest -q` → **564 passed**, 0 failed (523 baseline + 41 noi: 11 API ping/postman, 8 examples, 10 web integrare initial + 4 lock-uri fix, 8 test-cheie).
+- **US-001..US-004 (criterii de acceptare)**: toate PASS (verificator independent, dovezi in cod + teste + `curl` live pe :8010 — ping cont 1 `autentificat_cu_cheie=false`, cheie valida `=true`, Bearer ok, cheie invalida 401, postman.json 3 items allowlist fara `/v1/conturi/rar-creds`, openapi 200).
+- **Fix dupa VERIFY r1** (4 discrepante PRD-vs-implementare, toate in `_integrare.html`, lock-uite cu teste noi): cardul Export foloseste `.cardlink`; linkul Postman are `download` (fara `target=_blank`); microcopy anti-confuzie la test-cheie ("Nu o salvam si nu o memoram…"); butonul Copiaza isi schimba label-ul in "Copiat" + revine la 2s.
+- **E2E browser (Playwright, lead, dev `web_auth_required=false`→cont 1)**: PASS pe `/?tab=integrare` — randare server-side, IA pe 2 niveluri (limbaj→canal), VFP cu al 3-lea nivel (dialect MSXML2↔WinHttp comuta corect, snippet WinHttp.WinHttpRequest.5.1), endpoint+account_id reale, empty-state CTA `/?tab=cont`, card Export, microcopy prezent, **htmx test-cheie**: cheie invalida → fragment eroare in container `aria-live` ("Cheie invalida sau revocata"). **0 erori in consola** (clasa de bug-uri htmx care a muscat 3.6 — absenta aici).
+- **Regresia de aur (enqueue)**: `POST /v1/prezentari` → `status: queued` (live :8010). **Backend trimitere NEATINS** (doar rute noi de citire + UI; zero modificari worker/masina-stari/idempotenta/schema) — confirmat la diff. **Live RAR test (`postPrezentare`→FINALIZATA) NEPROBAT** in sesiune: `AUTOPASS_CREDS_KEY`/creds RAR test indisponibile in mediu. Risc minim (cod de trimitere neatins).
+
+Toate PASS → CLOSE.
+
+### `/code-review` high (2026-06-22 — CLOSE)
+
+8 unghiuri (3 correctness + cleanup/altitude/conventii), verificare 1-vot. **4 bug-uri reale reparate** (toate in suprafata noua, backend trimitere neatins), lock-uite cu teste:
+1. **C# snippet** — payload JSON multi-linie (`json.dumps indent=2`) intr-un string literal C# obisnuit → CS1010 (nu compileaza). Fix: `_payload_json_compact` (separators `(",",":")`, fara newline) pentru C#.
+2. **VFP snippet** — `json.dumps(indent=0)` PRODUCE TOTUSI newline-uri → `cPayload = "..."` rupt (VFP nu suporta string literal multi-linie) in ambele dialecte. Fix: acelasi helper compact.
+3. **Node import snippet** — `await import("node:buffer")` nu exporta `FormData` → `new FormData()` arunca TypeError pe orice Node; plus import mort `readFileSync`/`import("fs")` duplicat. Fix: `FormData`/`Blob` globale (Node 18+) + `readFileSync` static folosit direct.
+4. **Script `_integrare.html` ne-scoped** — `document.querySelectorAll('[role=tablist]')` ataseaza handlere si pe tab-bar-ul PRINCIPAL din `dashboard.html`, acumuland listeneri la fiecare swap htmx. Fix: scoping pe `#integrare-section` (`root.querySelectorAll(...)`), nu mai atinge tab-bar-ul principal.
+
+**Notat ca cleanup viitor (NEREPARAT, disciplina backend/altitudine — low value, fara risc):** `_render_integrare` dubleaza SQL-ul `are_creds`/`are_cheie` din `_get_acasa_context`/`_render_panel_cont` (candidat de helper partajat); `ping` deschide 2 conexiuni DB + apeleaza `account_for_key` de 2 ori (derivabil din `account_id != DEFAULT_ACCOUNT_ID`); `_campuri_obligatorii()` necache-uit (apelat ~6×/render); cele 6 panouri de limbaj din `_integrare.html` copy-paste (candidat macro Jinja2); `{{ mesaj }}` fara `| e` explicit (salvat acum de autoescape, no-echo confirmat). **Pre-existente (in afara 5.1):** `GET /v1/nomenclator` + `/_fragments/nomenclator` neprotejate (deja notate in ROADMAP "de remediat").
+
+568 teste pass.
diff --git a/tests/test_integrare_api.py b/tests/test_integrare_api.py
new file mode 100644
index 0000000..ea4dc22
--- /dev/null
+++ b/tests/test_integrare_api.py
@@ -0,0 +1,215 @@
+"""Teste US-001: endpoint-uri de integrare (GET /v1/ping + export Postman).
+
+TDD — toate testele RED inainte de implementare.
+"""
+
+from __future__ import annotations
+
+import json
+import os
+import tempfile
+
+import pytest
+from fastapi.testclient import TestClient
+
+
+# --------------------------------------------------------------------------- #
+# Fixture client izolat                                                        #
+# --------------------------------------------------------------------------- #
+
+@pytest.fixture()
+def client(monkeypatch):
+    """Client FastAPI cu DB temporara izolata, require_api_key=False (dev)."""
+    tmp = tempfile.mkdtemp()
+    monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
+    monkeypatch.setenv("AUTOPASS_REQUIRE_API_KEY", "false")
+    monkeypatch.setenv("AUTOPASS_RAR_ENV", "test")
+    from app.config import get_settings
+    get_settings.cache_clear()
+    from app.main import app
+    with TestClient(app) as c:
+        yield c
+    get_settings.cache_clear()
+
+
+@pytest.fixture()
+def client_prod(monkeypatch):
+    """Client cu require_api_key=True (mod prod)."""
+    tmp = tempfile.mkdtemp()
+    monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
+    monkeypatch.setenv("AUTOPASS_REQUIRE_API_KEY", "true")
+    monkeypatch.setenv("AUTOPASS_RAR_ENV", "prod")
+    from app.config import get_settings
+    get_settings.cache_clear()
+    from app.main import app
+    with TestClient(app) as c:
+        yield c
+    get_settings.cache_clear()
+
+
+def _creeaza_cheie(monkeypatch) -> str:
+    """Seed cont id=1 + creeaza cheie API; intoarce cheia in clar."""
+    from app.db import get_connection
+    from app.auth import create_api_key
+    conn = get_connection()
+    try:
+        cheie = create_api_key(conn, 1)
+        conn.commit()
+    finally:
+        conn.close()
+    return cheie
+
+
+def _seteaza_rar_creds(monkeypatch=None) -> None:
+    """Seteaza rar_creds_enc pe contul id=1."""
+    from app.db import get_connection
+    from app.crypto import encrypt_creds
+    conn = get_connection()
+    try:
+        enc = encrypt_creds({"email": "test@rar.ro", "password": "secret"})
+        conn.execute("UPDATE accounts SET rar_creds_enc=? WHERE id=1", (enc,))
+        conn.commit()
+    finally:
+        conn.close()
+
+
+# --------------------------------------------------------------------------- #
+# Teste ping                                                                   #
+# --------------------------------------------------------------------------- #
+
+def test_ping_cu_cheie_valida_200(client, monkeypatch):
+    """GET /v1/ping cu X-API-Key valida -> 200 cu campurile cerute."""
+    cheie = _creeaza_cheie(monkeypatch)
+    r = client.get("/v1/ping", headers={"X-API-Key": cheie})
+    assert r.status_code == 200, r.text
+    body = r.json()
+    assert "account_id" in body
+    assert "mediu" in body
+    assert "autentificat_cu_cheie" in body
+    assert "are_creds_rar" in body
+    assert "ts" in body
+    assert body["autentificat_cu_cheie"] is True
+    assert body["mediu"] == "test"
+
+
+def test_ping_cu_bearer_valid_200(client, monkeypatch):
+    """GET /v1/ping cu Authorization: Bearer valida -> 200, autentificat_cu_cheie=True."""
+    cheie = _creeaza_cheie(monkeypatch)
+    r = client.get("/v1/ping", headers={"Authorization": f"Bearer {cheie}"})
+    assert r.status_code == 200, r.text
+    body = r.json()
+    assert body["autentificat_cu_cheie"] is True
+    assert body["account_id"] == 1
+
+
+def test_ping_fara_cheie_dev_cont_implicit(client, monkeypatch):
+    """Fara cheie, require_api_key=False -> cont 1, autentificat_cu_cheie=False."""
+    r = client.get("/v1/ping")
+    assert r.status_code == 200, r.text
+    body = r.json()
+    assert body["account_id"] == 1
+    assert body["autentificat_cu_cheie"] is False
+
+
+def test_ping_x_api_key_gol_in_dev_cont_implicit(client, monkeypatch):
+    """X-API-Key cu doar spatii = lipsa cheie -> cont 1, autentificat_cu_cheie=False in dev."""
+    r = client.get("/v1/ping", headers={"X-API-Key": "   "})
+    assert r.status_code == 200, r.text
+    body = r.json()
+    assert body["account_id"] == 1
+    assert body["autentificat_cu_cheie"] is False
+
+
+def test_ping_are_creds_rar_reflecta_contul(client, monkeypatch):
+    """Cont fara creds -> are_creds_rar=False; dupa setare -> True."""
+    # Fara creds
+    r1 = client.get("/v1/ping")
+    assert r1.status_code == 200
+    assert r1.json()["are_creds_rar"] is False
+
+    # Seteaza creds pe cont 1
+    _seteaza_rar_creds()
+
+    r2 = client.get("/v1/ping")
+    assert r2.status_code == 200
+    assert r2.json()["are_creds_rar"] is True
+
+
+def test_ping_cheie_invalida_401(client, monkeypatch):
+    """Cheie invalida -> 401, indiferent de require_api_key."""
+    r = client.get("/v1/ping", headers={"X-API-Key": "rfak_cheie_falsa_xxxxxxxx"})
+    assert r.status_code == 401
+
+
+def test_ping_prod_fara_cheie_401(client_prod, monkeypatch):
+    """require_api_key=True, fara cheie -> 401."""
+    r = client_prod.get("/v1/ping")
+    assert r.status_code == 401
+
+
+def test_ruta_ping_inregistrata_o_singura_data(client, monkeypatch):
+    """Ruta /v1/ping trebuie sa apara exact o data in app.routes."""
+    from app.main import app
+    rute_ping = [r for r in app.routes if hasattr(r, "path") and r.path == "/v1/ping"]
+    assert len(rute_ping) == 1, f"Asteptat 1 ruta /v1/ping, gasit: {len(rute_ping)}"
+
+
+# --------------------------------------------------------------------------- #
+# Teste export Postman                                                         #
+# --------------------------------------------------------------------------- #
+
+def test_postman_export_json_valid(client, monkeypatch):
+    """GET /v1/integrare/postman.json -> 200, Content-Type JSON, structura Postman v2.1.0."""
+    r = client.get("/v1/integrare/postman.json")
+    assert r.status_code == 200, r.text
+    assert "application/json" in r.headers.get("content-type", "")
+    body = r.json()
+    assert "info" in body
+    assert "v2.1.0" in body["info"].get("schema", ""), f"Schema gresita: {body['info'].get('schema')}"
+
+
+def test_postman_contine_exact_trei_requesturi(client, monkeypatch):
+    """Colectia Postman trebuie sa contina exact 3 requesturi cu headers si url corecte."""
+    r = client.get("/v1/integrare/postman.json")
+    assert r.status_code == 200
+    body = r.json()
+    items = body.get("item", [])
+    assert len(items) == 3, f"Asteptat 3 requesturi, gasit: {len(items)}"
+
+    for item in items:
+        req = item.get("request", {})
+        # Fiecare trebuie sa aiba header X-API-Key cu valoarea {{api_key}}
+        headers = req.get("header", [])
+        cheie_header = [h for h in headers if h.get("key") == "X-API-Key"]
+        assert len(cheie_header) == 1, f"Header X-API-Key lipsa in request '{item.get('name')}'"
+        assert cheie_header[0].get("value") == "{{api_key}}", \
+            f"Valoare header gresita: {cheie_header[0].get('value')}"
+
+        # URL-ul trebuie sa contina {{base_url}}
+        url = req.get("url", {})
+        url_raw = url.get("raw", "") if isinstance(url, dict) else str(url)
+        assert "{{base_url}}" in url_raw, \
+            f"{{{{base_url}}}} lipsa in url pentru '{item.get('name')}': {url_raw}"
+
+
+def test_postman_nu_deriva_din_app_routes(client, monkeypatch):
+    """Colectia Postman contine EXACT cele 3 rute allowlist, nu mai mult."""
+    r = client.get("/v1/integrare/postman.json")
+    assert r.status_code == 200
+    body = r.json()
+    items = body.get("item", [])
+
+    # Extrage URL-urile / path-urile din colectie
+    cai_expuse = set()
+    for item in items:
+        req = item.get("request", {})
+        url = req.get("url", {})
+        url_raw = url.get("raw", "") if isinstance(url, dict) else str(url)
+        # Normalizeaza: scoate {{base_url}} si parametrii query
+        cale = url_raw.replace("{{base_url}}", "").split("?")[0]
+        cai_expuse.add(cale)
+
+    # Allowlist: exact acestea 3
+    allowlist = {"/v1/prezentari", "/v1/import", "/v1/ping"}
+    assert cai_expuse == allowlist, \
+        f"Colectia expune cai neasteptate: {cai_expuse - allowlist} sau lipsesc: {allowlist - cai_expuse}"
diff --git a/tests/test_integrare_examples.py b/tests/test_integrare_examples.py
new file mode 100644
index 0000000..08eee5a
--- /dev/null
+++ b/tests/test_integrare_examples.py
@@ -0,0 +1,233 @@
+"""Teste pentru app.web.integrare_examples — modul PUR, fara I/O.
+
+Ordinea: RED (fara implementare) -> GREEN (dupa implementare).
+"""
+
+import json
+
+import pytest
+
+from app.models import PrezentareIn
+from app.web.integrare_examples import exemple
+
+BASE_URL = "https://autopass.example.com"
+ACCOUNT_ID = 7
+
+RESULT = exemple(BASE_URL, ACCOUNT_ID)
+
+LIMBAJE_OBLIGATORII = ["curl", "python", "php", "csharp", "node", "vfp_msxml", "vfp_winhttp"]
+
+
+# ---------------------------------------------------------------------------
+# Structura de baza
+# ---------------------------------------------------------------------------
+
+
+def test_toate_limbajele_prezente():
+    """Toate limbajele obligatorii trebuie sa fie chei in dictionar."""
+    for limbaj in LIMBAJE_OBLIGATORII:
+        assert limbaj in RESULT, f"lipseste limbajul: {limbaj}"
+
+
+def test_ambele_canale_per_limbaj():
+    """Fiecare limbaj are atat 'prezentari' cat si 'import'."""
+    for limbaj in LIMBAJE_OBLIGATORII:
+        assert "prezentari" in RESULT[limbaj], f"{limbaj} lipseste canalul 'prezentari'"
+        assert "import" in RESULT[limbaj], f"{limbaj} lipseste canalul 'import'"
+        assert isinstance(RESULT[limbaj]["prezentari"], str), f"{limbaj}.prezentari nu e string"
+        assert isinstance(RESULT[limbaj]["import"], str), f"{limbaj}.import nu e string"
+
+
+# ---------------------------------------------------------------------------
+# curl — prezentari
+# ---------------------------------------------------------------------------
+
+
+def test_snippet_curl_prezentari_contine_endpoint_si_header():
+    """Snippetul curl prezentari contine URL-ul corect si header-ul X-API-Key."""
+    snippet = RESULT["curl"]["prezentari"]
+    assert f"{BASE_URL}/v1/prezentari" in snippet, "lipseste endpoint-ul /v1/prezentari"
+    assert "X-API-Key" in snippet, "lipseste header-ul X-API-Key"
+    assert "rfak_..." in snippet, "placeholder-ul cheii trebuie sa fie rfak_..."
+
+
+# ---------------------------------------------------------------------------
+# python — import (multipart)
+# ---------------------------------------------------------------------------
+
+
+def test_snippet_python_import_upload_multipart():
+    """Snippetul python import foloseste multipart (files=) pe /v1/import."""
+    snippet = RESULT["python"]["import"]
+    assert f"{BASE_URL}/v1/import" in snippet, "lipseste endpoint-ul /v1/import"
+    assert "files=" in snippet or 'files =' in snippet, "lipseste multipart files="
+    assert "rfak_..." in snippet, "placeholder-ul cheii trebuie sa fie rfak_..."
+
+
+# ---------------------------------------------------------------------------
+# VFP — doua dialecte distincte
+# ---------------------------------------------------------------------------
+
+
+def test_vfp_msxml_si_winhttp_distincte():
+    """vfp_msxml foloseste MSXML2.ServerXMLHTTP.6.0; vfp_winhttp foloseste WinHttp.WinHttpRequest.5.1."""
+    msxml_snippet = RESULT["vfp_msxml"]["prezentari"]
+    winhttp_snippet = RESULT["vfp_winhttp"]["prezentari"]
+
+    assert "MSXML2.ServerXMLHTTP.6.0" in msxml_snippet, (
+        "vfp_msxml trebuie sa foloseasca MSXML2.ServerXMLHTTP.6.0"
+    )
+    assert "WinHttp.WinHttpRequest.5.1" in winhttp_snippet, (
+        "vfp_winhttp trebuie sa foloseasca WinHttp.WinHttpRequest.5.1"
+    )
+    # Distincte — nu acelasi obiect COM in ambele
+    assert "MSXML2.ServerXMLHTTP.6.0" not in winhttp_snippet, (
+        "vfp_winhttp nu trebuie sa contina MSXML2 (dialect gresit)"
+    )
+    assert "WinHttp.WinHttpRequest.5.1" not in msxml_snippet, (
+        "vfp_msxml nu trebuie sa contina WinHttp (dialect gresit)"
+    )
+
+
+# ---------------------------------------------------------------------------
+# Drift-test schema — campuri obligatorii din model
+# ---------------------------------------------------------------------------
+
+
+def test_payload_acopera_campurile_obligatorii_din_model():
+    """Snippetul curl prezentari contine toate campurile obligatorii din PrezentareIn.
+
+    Deriva lista din model_fields pentru a fi rezistenta la schimbari de schema.
+    Campurile cu default (odometru_initial, obs, b64_image, sistem_reparat) nu sunt
+    obligatorii si nu trebuie sa cauzeze drift fals.
+    """
+    obligatorii = {
+        camp
+        for camp, field in PrezentareIn.model_fields.items()
+        if field.is_required()
+    }
+    # Obligatorii asteptate conform spec: vin, nr_inmatriculare, data_prestatie,
+    # odometru_final, prestatii
+    snippet = RESULT["curl"]["prezentari"]
+    for camp in obligatorii:
+        assert camp in snippet, f"camp obligatoriu absent din snippet: {camp}"
+
+    # Credentiale RAR (email + password)
+    assert "email" in snippet, "camp 'email' absent din snippet (RarCredentials)"
+    assert "password" in snippet, "camp 'password' absent din snippet (RarCredentials)"
+
+
+def test_prestatii_in_snippet_are_cod():
+    """Snippetul prezentari contine cod_prestatie sau cod_op_service in payload."""
+    for limbaj in LIMBAJE_OBLIGATORII:
+        snippet = RESULT[limbaj]["prezentari"]
+        are_cod = "cod_prestatie" in snippet or "cod_op_service" in snippet
+        assert are_cod, f"{limbaj}.prezentari lipseste cod_prestatie / cod_op_service"
+
+
+# ---------------------------------------------------------------------------
+# Placeholder cheie
+# ---------------------------------------------------------------------------
+
+
+def test_placeholder_cheie_nu_e_valoare_reala():
+    """Toate snippet-urile cu autentificare contin literal 'rfak_', nu o cheie reala."""
+    for limbaj in LIMBAJE_OBLIGATORII:
+        for canal in ["prezentari", "import"]:
+            snippet = RESULT[limbaj][canal]
+            assert "rfak_" in snippet, (
+                f"{limbaj}.{canal} lipseste placeholder-ul rfak_ (cheie API)"
+            )
+
+
+# ---------------------------------------------------------------------------
+# FIX-1 — C# si VFP: JSON compact (fara newline in string literal)
+# ---------------------------------------------------------------------------
+
+
+def test_csharp_payload_pe_o_singura_linie():
+    """Snippetul C# prezentari: JSON-ul din var json = "..." e pe o singura linie.
+
+    Un JSON multi-linie intr-un string literal C# NU compileaza.
+    Verificam ca helper-ul compact produce un JSON fara newline
+    si ca acel JSON compact apare in snippetul C#.
+    """
+    from app.web.integrare_examples import _payload_json_compact, _snippet_csharp_prezentari
+
+    compact = _payload_json_compact(ACCOUNT_ID)
+    assert "\n" not in compact, (
+        "_payload_json_compact produce newline — nu e compact"
+    )
+
+    snippet = _snippet_csharp_prezentari(BASE_URL, ACCOUNT_ID)
+    # JSON-ul compact (cu ghilimele escape-uite) trebuie sa fie substring in snippet
+    escaped = compact.replace('"', '\\"')
+    assert escaped in snippet, (
+        "JSON-ul compact (escaped) nu apare in snippetul C#; "
+        "probabil _snippet_csharp_prezentari inca foloseste _payload_json_str"
+    )
+    # Verificare directa: linia var json = "..." nu contine newline in interiorul ei
+    # In C# linia se termina cu "; (ghilimea de inchidere + punct-virgula)
+    for line in snippet.splitlines():
+        if 'var json = "' in line:
+            stripped = line.rstrip()
+            # Linia trebuie sa se inchida pe acelasi rand (cu "; sau ")
+            assert stripped.endswith('";') or stripped.endswith('"'), (
+                f"Linia 'var json = \"...' nu se termina pe acelasi rand: {line!r}"
+            )
+            break
+    else:
+        assert False, "Linia 'var json = \"...' nu a fost gasita in snippetul C#"
+
+
+def test_vfp_payload_pe_o_singura_linie():
+    """Snippetul VFP prezentari (ambele dialecte): cPayload = "..." e pe o linie.
+
+    Un string literal VFP multi-linie NU e valid.
+    Verificam ambele dialecte: vfp_msxml si vfp_winhttp.
+    """
+    from app.web.integrare_examples import _payload_json_compact
+
+    compact = _payload_json_compact(ACCOUNT_ID)
+    # In VFP ghilimele se dubleaza
+    compact_vfp = compact.replace('"', '""')
+
+    for dialect in ("vfp_msxml", "vfp_winhttp"):
+        snippet = RESULT[dialect]["prezentari"]
+
+        # Payload-ul VFP (cu doubling) trebuie sa fie substring in snippet
+        assert compact_vfp in snippet, (
+            f"{dialect}: JSON-ul compact (cu \"\" doubling) nu apare in snippet; "
+            "probabil inca se foloseste _payload_json_str cu indent"
+        )
+
+        # Linia cPayload = "..." nu trebuie sa contina newline in interiorul valorii
+        for line in snippet.splitlines():
+            if 'cPayload = "' in line:
+                assert line.rstrip().endswith('"'), (
+                    f"{dialect}: linia 'cPayload = \"...' nu se termina pe acelasi rand: {line!r}"
+                )
+                break
+        else:
+            assert False, f"{dialect}: linia 'cPayload = \"...' nu a fost gasita in snippet"
+
+
+# ---------------------------------------------------------------------------
+# FIX-2 — Node import: FormData/Blob globale, fara import din node:buffer
+# ---------------------------------------------------------------------------
+
+
+def test_node_import_nu_foloseste_node_buffer():
+    """Snippetul Node import nu importa din 'node:buffer' si foloseste FormData globala.
+
+    'node:buffer' nu exporta FormData — `new FormData()` ar arunca TypeError.
+    In Node 18+ FormData si Blob sunt globale.
+    """
+    snippet = RESULT["node"]["import"]
+
+    assert "node:buffer" not in snippet, (
+        "Snippetul Node import contine 'node:buffer' — invalid, FormData nu e acolo"
+    )
+    assert "new FormData()" in snippet, (
+        "Snippetul Node import nu contine 'new FormData()' — FormData trebuie folosita global"
+    )
diff --git a/tests/test_integrare_test_cheie.py b/tests/test_integrare_test_cheie.py
new file mode 100644
index 0000000..d66d51e
--- /dev/null
+++ b/tests/test_integrare_test_cheie.py
@@ -0,0 +1,265 @@
+"""Teste US-004: POST /integrare/test-cheie — verifica cheia API lipita de utilizator.
+
+TDD: testele se scriu INAINTE de implementare; la inceput pica (RED),
+dupa implementare trec (GREEN).
+
+Ruta testata:
+- POST /integrare/test-cheie  -> fragment HTML cu rezultat validare
+"""
+
+from __future__ import annotations
+
+import os
+import re
+import tempfile
+
+import pytest
+from starlette.testclient import TestClient
+
+
+# ---------------------------------------------------------------------------
+# Fixture-uri
+# ---------------------------------------------------------------------------
+
+
+@pytest.fixture()
+def client(monkeypatch):
+    """Client fara web_auth_required (dev mode) — sesiunea se seteaza manual."""
+    tmp = tempfile.mkdtemp()
+    monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
+    from app.config import get_settings
+    get_settings.cache_clear()
+    from app.main import app
+    with TestClient(app, follow_redirects=False) as c:
+        yield c
+    get_settings.cache_clear()
+
+
+@pytest.fixture()
+def client_prod(monkeypatch):
+    """Client cu web_auth_required=True (mod prod) — CSRF enforce."""
+    tmp = tempfile.mkdtemp()
+    monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
+    monkeypatch.setenv("AUTOPASS_WEB_AUTH_REQUIRED", "true")
+    from app.config import get_settings
+    get_settings.cache_clear()
+    from app.main import app
+    with TestClient(app, follow_redirects=False) as c:
+        yield c
+    get_settings.cache_clear()
+
+
+# ---------------------------------------------------------------------------
+# Helper-e
+# ---------------------------------------------------------------------------
+
+
+def _create_account_user(email: str = "user@test.com", password: str = "parolasecreta10"):
+    """Creeaza cont + user + cheie API initiala. Intoarce (acct_id, user_id, api_key)."""
+    from app.accounts import create_account
+    from app.users import create_user
+    from app.auth import create_api_key
+    from app.db import get_connection
+
+    conn = get_connection()
+    try:
+        acct_id = create_account(conn, "Service Test", active=True)
+        user_id = create_user(conn, acct_id, email, password)
+        api_key = create_api_key(conn, acct_id)
+        return acct_id, user_id, api_key
+    finally:
+        conn.close()
+
+
+def _login(client, email: str, password: str) -> None:
+    """Face login real prin HTTP si seteaza cookie-ul de sesiune pe client."""
+    resp = client.get("/login")
+    assert resp.status_code == 200
+    m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text)
+    if not m:
+        m = re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text)
+    assert m, "csrf_token negasit pe /login"
+    csrf = m.group(1)
+
+    resp = client.post("/login", data={
+        "email": email,
+        "parola": password,
+        "csrf_token": csrf,
+    })
+    assert resp.status_code == 303, f"Login esuat: {resp.status_code} {resp.text[:200]}"
+
+
+def _get_csrf_from_fragment(client) -> str:
+    """Obtine CSRF token din fragmentul /_fragments/cont."""
+    resp = client.get("/_fragments/cont")
+    assert resp.status_code == 200
+    m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text)
+    if not m:
+        m = re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text)
+    assert m, f"csrf_token negasit in /_fragments/cont: {resp.text[:500]}"
+    return m.group(1)
+
+
+# ---------------------------------------------------------------------------
+# Teste
+# ---------------------------------------------------------------------------
+
+
+def test_cheie_valida_a_contului_curent_ok(client):
+    """Cheie activa a contului sesiunii -> raspuns de succes cu mention cont."""
+    acct_id, user_id, api_key = _create_account_user("cheie_ok@test.com")
+    _login(client, "cheie_ok@test.com", "parolasecreta10")
+
+    csrf = _get_csrf_from_fragment(client)
+    resp = client.post("/integrare/test-cheie", data={
+        "csrf_token": csrf,
+        "api_key": api_key,
+    })
+
+    assert resp.status_code == 200
+    body = resp.text.lower()
+    # Trebuie sa contina un mesaj de succes (clasa flash sau text "valida")
+    assert "valida" in body or "succes" in body, f"Mesaj de succes lipsa: {resp.text[:500]}"
+    # Trebuie sa mentioneze contul (account_id)
+    assert str(acct_id) in resp.text, f"account_id {acct_id} absent din raspuns: {resp.text[:500]}"
+
+
+def test_cheie_a_altui_cont_respinsa(client):
+    """Cheia unui alt cont -> mesaj neutru 'nu apartine contului tau', fara sa spuna care cont."""
+    acct_a, user_a, key_a = _create_account_user("altcont_a@test.com")
+    acct_b, user_b, key_b = _create_account_user("altcont_b@test.com")
+
+    # Logam user A; testam cu cheia lui B
+    _login(client, "altcont_a@test.com", "parolasecreta10")
+
+    csrf = _get_csrf_from_fragment(client)
+    resp = client.post("/integrare/test-cheie", data={
+        "csrf_token": csrf,
+        "api_key": key_b,
+    })
+
+    assert resp.status_code == 200
+    body = resp.text.lower()
+    # Trebuie sa respinga - mesaj ca nu apartine contului
+    assert "nu apartine" in body or "alt cont" in body or "nu este" in body, \
+        f"Mesaj de respingere lipsa: {resp.text[:500]}"
+    # NU trebuie sa dezvaluie ca e cheia contului B (nu mentionam alt account_id)
+    assert str(acct_b) not in resp.text, \
+        f"account_id-ul contului {acct_b} (terta) nu trebuia dezvaluit: {resp.text[:500]}"
+
+
+def test_cheie_invalida_mesaj_clar(client):
+    """Cheie inexistenta -> mesaj clar de eroare (nu valida)."""
+    acct_id, user_id, _ = _create_account_user("invalida@test.com")
+    _login(client, "invalida@test.com", "parolasecreta10")
+
+    csrf = _get_csrf_from_fragment(client)
+    resp = client.post("/integrare/test-cheie", data={
+        "csrf_token": csrf,
+        "api_key": "rfak_cheie_inexistenta_total_falsa",
+    })
+
+    assert resp.status_code == 200
+    body = resp.text.lower()
+    # Trebuie sa contina un mesaj de eroare (nu succes)
+    assert "invalida" in body or "inexistenta" in body or "negasita" in body or "eroare" in body, \
+        f"Mesaj de eroare lipsa: {resp.text[:500]}"
+    assert "valida" not in body or "invalida" in body, \
+        f"Raspuns da fals pozitiv 'valida': {resp.text[:500]}"
+
+
+def test_cheie_revocata_dupa_rotire_respinsa(client):
+    """Cheia veche (revocata dupa rotire) -> tratata ca invalida."""
+    acct_id, user_id, cheie_veche = _create_account_user("rotire@test.com")
+    _login(client, "rotire@test.com", "parolasecreta10")
+
+    # Rotim cheia (cheia_veche devine revocata)
+    from app.auth import rotate_api_key
+    from app.db import get_connection
+    conn = get_connection()
+    try:
+        cheie_noua = rotate_api_key(conn, acct_id)
+    finally:
+        conn.close()
+
+    csrf = _get_csrf_from_fragment(client)
+    resp = client.post("/integrare/test-cheie", data={
+        "csrf_token": csrf,
+        "api_key": cheie_veche,
+    })
+
+    assert resp.status_code == 200
+    body = resp.text.lower()
+    # Cheia veche revocata trebuie respinsa (invalida sau revocata)
+    assert "invalida" in body or "revocata" in body or "negasita" in body or "eroare" in body, \
+        f"Cheia revocata nu a fost respinsa: {resp.text[:500]}"
+    assert "valida — cont" not in body.lower(), \
+        f"Cheia revocata a primit fals pozitiv: {resp.text[:500]}"
+
+
+def test_cheie_goala_nu_da_fals_pozitiv_in_dev(client):
+    """Cheie goala sau whitespace -> eroare clara, NU 'valida cont 1' (fals pozitiv dev)."""
+    acct_id, user_id, _ = _create_account_user("goala@test.com")
+    _login(client, "goala@test.com", "parolasecreta10")
+
+    csrf = _get_csrf_from_fragment(client)
+
+    for cheie_goala in ["", "   ", "\t"]:
+        resp = client.post("/integrare/test-cheie", data={
+            "csrf_token": csrf,
+            "api_key": cheie_goala,
+        })
+        assert resp.status_code == 200
+        body = resp.text.lower()
+        assert "valida — cont" not in body, \
+            f"Cheie goala '{repr(cheie_goala)}' da fals pozitiv: {resp.text[:500]}"
+        assert "goala" in body or "lipsa" in body or "invalida" in body or "eroare" in body, \
+            f"Cheie goala '{repr(cheie_goala)}' nu da mesaj de eroare: {resp.text[:500]}"
+
+
+def test_fara_login_redirect_sau_401(monkeypatch):
+    """Fara sesiune + web_auth_required=True -> 303 redirect /login."""
+    tmp = tempfile.mkdtemp()
+    monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t_nl.db"))
+    monkeypatch.setenv("AUTOPASS_WEB_AUTH_REQUIRED", "true")
+    from app.config import get_settings
+    get_settings.cache_clear()
+    from app.main import app
+    with TestClient(app, follow_redirects=False) as c:
+        resp = c.post("/integrare/test-cheie", data={
+            "api_key": "rfak_orice",
+        })
+        assert resp.status_code in (303, 401), \
+            f"Trebuia redirect sau 401 fara login, got: {resp.status_code}"
+        if resp.status_code == 303:
+            assert "/login" in resp.headers.get("location", "")
+    get_settings.cache_clear()
+
+
+def test_csrf_lipsa_respinsa(client):
+    """Post cu CSRF invalid/lipsa si sesiune activa -> 403."""
+    acct_id, user_id, api_key = _create_account_user("csrf_test@test.com")
+    _login(client, "csrf_test@test.com", "parolasecreta10")
+
+    resp = client.post("/integrare/test-cheie", data={
+        "csrf_token": "token_gresit_total",
+        "api_key": api_key,
+    })
+    assert resp.status_code == 403, f"Trebuia 403 la CSRF invalid, got: {resp.status_code}"
+
+
+def test_cheia_nu_apare_in_raspuns_sau_log(client):
+    """Cheia lipita nu trebuie sa apara in body-ul raspunsului (no-echo)."""
+    acct_id, user_id, api_key = _create_account_user("noecho@test.com")
+    _login(client, "noecho@test.com", "parolasecreta10")
+
+    csrf = _get_csrf_from_fragment(client)
+    resp = client.post("/integrare/test-cheie", data={
+        "csrf_token": csrf,
+        "api_key": api_key,
+    })
+
+    assert resp.status_code == 200
+    # Cheia completa nu trebuie sa apara in raspuns (nici macar partial daca e unica)
+    assert api_key not in resp.text, \
+        f"Cheia API a aparut in body raspuns (no-echo violation): {resp.text[:500]}"
diff --git a/tests/test_web_integrare.py b/tests/test_web_integrare.py
new file mode 100644
index 0000000..d075314
--- /dev/null
+++ b/tests/test_web_integrare.py
@@ -0,0 +1,438 @@
+"""Teste US-003 — tab "Integrare" (hub documentatie + exemple cod).
+
+TDD: testele se scriu INAINTE de implementare; la inceput pica (RED),
+dupa implementare trec (GREEN).
+
+Rute testate:
+- GET / -> tab-bar contine tab "Integrare"
+- GET /?tab=integrare -> panou randat server-side
+- GET /_fragments/integrare -> fragment HTMX cu require_login
+"""
+
+from __future__ import annotations
+
+import os
+import re
+import tempfile
+
+import pytest
+from starlette.testclient import TestClient
+
+
+# =========================================================================== #
+# Helpers comune                                                               #
+# =========================================================================== #
+
+def _create_account_user(email: str, password: str = "parolasecreta10"):
+    """Creeaza cont + user. Intoarce (acct_id, user_id)."""
+    from app.accounts import create_account
+    from app.users import create_user
+    from app.db import get_connection
+
+    conn = get_connection()
+    try:
+        acct_id = create_account(conn, "Service Test Integrare", active=True)
+        user_id = create_user(conn, acct_id, email, password)
+        return acct_id, user_id
+    finally:
+        conn.close()
+
+
+def _login(client, email: str, password: str = "parolasecreta10") -> None:
+    """Autentificare HTTP; seteaza cookie de sesiune pe client."""
+    resp = client.get("/login")
+    m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text) or \
+        re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text)
+    assert m, "csrf_token negasit pe /login"
+    resp = client.post("/login", data={
+        "email": email,
+        "parola": password,
+        "csrf_token": m.group(1),
+    })
+    assert resp.status_code == 303, f"Login esuat: {resp.status_code} {resp.text[:200]}"
+
+
+def _add_creds(acct_id: int) -> None:
+    """Adauga credentiale RAR criptate pe cont (pentru test are_creds=True)."""
+    from app.db import get_connection
+    from app.crypto import encrypt_creds
+
+    conn = get_connection()
+    try:
+        creds_enc = encrypt_creds({"email": "test@rar.ro", "password": "secret"})
+        conn.execute(
+            "UPDATE accounts SET rar_creds_enc=? WHERE id=?",
+            (creds_enc, acct_id),
+        )
+        conn.commit()
+    finally:
+        conn.close()
+
+
+def _add_api_key(acct_id: int) -> str:
+    """Adauga o cheie API activa pe cont. Intoarce cheia bruta."""
+    from app.db import get_connection
+    from app.auth import create_api_key
+
+    conn = get_connection()
+    try:
+        key = create_api_key(conn, acct_id)
+        return key
+    finally:
+        conn.close()
+
+
+@pytest.fixture()
+def client(monkeypatch):
+    """Client cu BD izolata si autentificare web activata."""
+    tmp = tempfile.mkdtemp()
+    monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "integrare_test.db"))
+    monkeypatch.setenv("AUTOPASS_WEB_AUTH_REQUIRED", "true")
+    from app.config import get_settings
+    get_settings.cache_clear()
+    from app.web import ratelimit
+    ratelimit._hits.clear()
+    from app.main import app
+    with TestClient(app, follow_redirects=False) as c:
+        yield c
+    ratelimit._hits.clear()
+    get_settings.cache_clear()
+
+
+# =========================================================================== #
+# test_tab_integrare_in_nav                                                    #
+# =========================================================================== #
+
+def test_tab_integrare_in_nav(client):
+    """Tab-bar-ul principal contine link-ul catre tab-ul Integrare."""
+    _create_account_user("nav_integrare@test.com")
+    _login(client, "nav_integrare@test.com")
+
+    resp = client.get("/")
+    assert resp.status_code == 200
+    html = resp.text
+    # Trebuie sa existe un link sau buton cu ?tab=integrare
+    assert "tab=integrare" in html, "tab-ul 'integrare' lipseste din tab-bar"
+    # Textul "Integrare" vizibil
+    assert "Integrare" in html
+
+
+# =========================================================================== #
+# test_deeplink_tab_integrare_randeaza_panou_server_side                       #
+# =========================================================================== #
+
+def test_deeplink_tab_integrare_randeaza_panou_server_side(client):
+    """GET /?tab=integrare randeaza panoul server-side (nu redirectioneaza)."""
+    _create_account_user("deeplink_integrare@test.com")
+    _login(client, "deeplink_integrare@test.com")
+
+    resp = client.get("/?tab=integrare")
+    assert resp.status_code == 200
+    html = resp.text
+    # Panoul trebuie sa contina continut specific integrare
+    # (nu sa cada pe Acasa din cauza unui tab invalid)
+    assert "integrare" in html.lower()
+    # tab-ul activ trebuie sa fie "integrare"
+    assert 'aria-selected="true"' in html or "tab-activ" in html
+
+
+# =========================================================================== #
+# test_fragment_integrare_necesita_login                                       #
+# =========================================================================== #
+
+def test_fragment_integrare_necesita_login(client):
+    """GET /_fragments/integrare fara sesiune redirectioneaza la /login (require_login)."""
+    # Fara login -> trebuie 303 catre /login
+    resp = client.get("/_fragments/integrare")
+    assert resp.status_code == 303
+    assert "/login" in resp.headers.get("location", "")
+
+
+# =========================================================================== #
+# test_pagina_contine_account_id_si_endpoint_real                              #
+# =========================================================================== #
+
+def test_pagina_contine_account_id_si_endpoint_real(client):
+    """Panoul Integrare afiseaza account_id-ul contului si URL-ul real al endpoint-ului."""
+    acct_id, _ = _create_account_user("endpoint_real@test.com")
+    _login(client, "endpoint_real@test.com")
+
+    resp = client.get("/_fragments/integrare")
+    assert resp.status_code == 200
+    html = resp.text
+    # account_id trebuie sa apara in pagina
+    assert str(acct_id) in html
+    # endpoint-ul /v1/prezentari trebuie sa apara
+    assert "/v1/prezentari" in html
+
+
+# =========================================================================== #
+# test_pagina_are_tab_limbaje_si_vfp_cu_dialecte                               #
+# =========================================================================== #
+
+def test_pagina_are_tab_limbaje_si_vfp_cu_dialecte(client):
+    """Panoul Integrare are tab-uri pentru limbaje si VFP are sub-tab-uri (dialecte)."""
+    _create_account_user("limbaje@test.com")
+    _login(client, "limbaje@test.com")
+
+    resp = client.get("/_fragments/integrare")
+    assert resp.status_code == 200
+    html = resp.text
+    # Limbajele principale trebuie sa fie prezente
+    for limbaj in ("curl", "Python", "PHP"):
+        assert limbaj in html, f"Limbajul '{limbaj}' lipseste din panoul Integrare"
+    # VFP (Visual FoxPro) trebuie sa fie prezent
+    assert "VFP" in html or "FoxPro" in html or "Visual Fox" in html
+    # Dialectele VFP
+    assert "MSXML2" in html or "MSXML" in html
+    assert "WinHttp" in html
+
+
+# =========================================================================== #
+# test_canal_secundar_prezentari_si_import                                     #
+# =========================================================================== #
+
+def test_canal_secundar_prezentari_si_import(client):
+    """Fiecare limbaj are sectiuni pentru canalele Prezentari JSON si Import fisier."""
+    _create_account_user("canal_sec@test.com")
+    _login(client, "canal_sec@test.com")
+
+    resp = client.get("/_fragments/integrare")
+    assert resp.status_code == 200
+    html = resp.text
+    # Ambele canale trebuie sa fie vizibile in pagina
+    assert "prezentari" in html.lower() or "/v1/prezentari" in html
+    assert "import" in html.lower() or "/v1/import" in html
+
+
+# =========================================================================== #
+# test_export_card_openapi_postman_swagger                                     #
+# =========================================================================== #
+
+def test_export_card_openapi_postman_swagger(client):
+    """Panoul Integrare are card cu linkuri: /docs, /openapi.json, postman.json."""
+    _create_account_user("export_card@test.com")
+    _login(client, "export_card@test.com")
+
+    resp = client.get("/_fragments/integrare")
+    assert resp.status_code == 200
+    html = resp.text
+    # Linkuri de referinta
+    assert "/docs" in html
+    assert "/openapi.json" in html
+    assert "postman" in html.lower()
+
+
+# =========================================================================== #
+# test_buton_copiaza_citeste_din_pre_code                                      #
+# =========================================================================== #
+
+def test_buton_copiaza_citeste_din_pre_code(client):
+    """Snippet-urile au buton 'Copiaza' care citeste din <pre><code> (nu din data-*)."""
+    _create_account_user("copiaza@test.com")
+    _login(client, "copiaza@test.com")
+
+    resp = client.get("/_fragments/integrare")
+    assert resp.status_code == 200
+    html = resp.text
+    # Trebuie sa existe un buton de copiere
+    assert "Copiaza" in html or "copiaza" in html.lower()
+    # Snippet-urile trebuie sa fie in <pre><code> (nu text ascuns in data-*)
+    assert "<pre>" in html and "<code>" in html
+    # Butonul NU trebuie sa aiba data-cod sau data-snippet cu continutul
+    # (copiaza din DOM, nu din attribut)
+    assert 'data-cod="' not in html
+    assert 'data-snippet="' not in html
+
+
+# =========================================================================== #
+# test_empty_state_cta_cont_cand_fara_cheie_sau_creds                          #
+# =========================================================================== #
+
+def test_empty_state_cta_cont_cand_fara_cheie_sau_creds(client):
+    """Fara cheie API sau credentiale RAR, panoul afiseaza CTA catre tab Cont."""
+    # Cont nou fara cheie si fara credentiale
+    _create_account_user("empty_state@test.com")
+    _login(client, "empty_state@test.com")
+
+    resp = client.get("/_fragments/integrare")
+    assert resp.status_code == 200
+    html = resp.text
+    # Trebuie sa existe un mesaj de empty-state cu link catre tab cont
+    assert "/?tab=cont" in html or "tab=cont" in html
+    # Mesajul trebuie sa atraga atentia ca lipsesc ceva
+    # (cheie sau credentiale)
+    lower = html.lower()
+    assert "cheie" in lower or "credentiale" in lower or "cont" in lower
+
+
+# =========================================================================== #
+# test_fara_culori_hardcodate_doar_tokens                                      #
+# =========================================================================== #
+
+def test_fara_culori_hardcodate_doar_tokens(client):
+    """Panoul Integrare nu contine culori hex hardcodate (#RRGGBB) — doar var(--...) tokens."""
+    _create_account_user("tokens_css@test.com")
+    _login(client, "tokens_css@test.com")
+
+    resp = client.get("/_fragments/integrare")
+    assert resp.status_code == 200
+    html = resp.text
+    # Cauta culori hex in stil inline (style="...#...") sau in tag style
+    # Pattern: # urmat de 3 sau 6 hex digits, in context CSS
+    import re as _re
+    # Cautam doar in atributele style="" inline si in taguri <style>
+    style_attrs = _re.findall(r'style="([^"]*)"', html)
+    style_tags = _re.findall(r'<style[^>]*>(.*?)</style>', html, _re.DOTALL)
+    all_css = " ".join(style_attrs) + " ".join(style_tags)
+    # Culori hex in CSS: #rgb sau #rrggbb (precedate de spatiu, :, sau ;)
+    hex_colors = _re.findall(r'(?<=[: ])#[0-9a-fA-F]{3,6}\b', all_css)
+    assert not hex_colors, (
+        f"Culori hex hardcodate gasite in _integrare.html: {hex_colors}. "
+        "Foloseste var(--...) tokens CSS."
+    )
+
+
+# =========================================================================== #
+# test_export_postman_are_atribut_download  [FIX-2]                            #
+# =========================================================================== #
+
+def test_export_postman_are_atribut_download(client):
+    """Linkul Postman (.json) contine atributul download (PRD US-003)."""
+    _create_account_user("postman_download@test.com")
+    _login(client, "postman_download@test.com")
+
+    resp = client.get("/_fragments/integrare")
+    assert resp.status_code == 200
+    html = resp.text
+    # Trebuie sa existe linkul postman.json cu atribut download
+    assert "postman.json" in html, "Linkul postman.json lipseste din pagina"
+    import re as _re
+    # Cautam <a cu href postman.json care contine si atribut download
+    postman_links = _re.findall(r'<a[^>]*postman\.json[^>]*>', html)
+    assert postman_links, "Tag-ul <a> cu postman.json nu a fost gasit"
+    assert any("download" in lnk for lnk in postman_links), (
+        f"Linkul Postman nu are atribut 'download'. Tag gasit: {postman_links}"
+    )
+
+
+# =========================================================================== #
+# test_export_card_foloseste_cardlink  [FIX-1]                                 #
+# =========================================================================== #
+
+def test_export_card_foloseste_cardlink(client):
+    """Cardul Export & referinta foloseste componenta .cardlink (PRD US-003)."""
+    _create_account_user("export_cardlink@test.com")
+    _login(client, "export_cardlink@test.com")
+
+    resp = client.get("/_fragments/integrare")
+    assert resp.status_code == 200
+    html = resp.text
+    # Cardul export trebuie sa contina clasa cardlink
+    assert "cardlink" in html, (
+        "Clasa 'cardlink' lipseste din panoul Integrare. "
+        "Cardul Export & referinta trebuie sa foloseasca componenta .cardlink."
+    )
+    # Linkurile de export trebuie sa foloseasca clasa cardlink
+    import re as _re
+    cardlink_anchors = _re.findall(r'<a[^>]*cardlink[^>]*>', html)
+    assert cardlink_anchors, "Nu exista niciun <a class=\"cardlink\"> in pagina"
+
+
+# =========================================================================== #
+# test_microcopy_anticonfuzie_la_test_cheie  [FIX-3]                           #
+# =========================================================================== #
+
+def test_microcopy_anticonfuzie_la_test_cheie(client):
+    """Formularul 'Testeaza conexiunea' contine microcopy anti-confuzie (PRD US-004)."""
+    _create_account_user("microcopy@test.com")
+    _login(client, "microcopy@test.com")
+
+    resp = client.get("/_fragments/integrare")
+    assert resp.status_code == 200
+    html = resp.text
+    # Textul specific din PRD US-004
+    assert "Nu o salvam" in html, (
+        "Microcopy anti-confuzie lipseste din formularul 'Testeaza conexiunea'. "
+        "Trebuie sa contina: 'Nu o salvam si nu o memoram'."
+    )
+
+
+# =========================================================================== #
+# test_buton_copiaza_schimba_label_in_copiat  [FIX-4]                          #
+# =========================================================================== #
+
+def test_buton_copiaza_schimba_label_in_copiat(client):
+    """Scriptul JS schimba label-ul butonului in 'Copiat' la copiere (PRD US-003)."""
+    _create_account_user("copiat_label@test.com")
+    _login(client, "copiat_label@test.com")
+
+    resp = client.get("/_fragments/integrare")
+    assert resp.status_code == 200
+    html = resp.text
+    # Scriptul trebuie sa contina logica de schimbare a textContent pe buton
+    assert "textContent" in html, (
+        "Scriptul JS nu contine 'textContent' — schimbarea label-ului butonului lipseste."
+    )
+    assert "Copiat" in html, (
+        "Textul 'Copiat' lipseste din script — butonul nu isi schimba label-ul."
+    )
+    import re as _re
+    script_blocks = _re.findall(r'<script[^>]*>(.*?)</script>', html, _re.DOTALL)
+    script_text = " ".join(script_blocks)
+    # Verificam ca butonul (btn) isi schimba textContent (nu doar feedback div)
+    assert "btn.textContent" in script_text, (
+        "Scriptul JS nu contine 'btn.textContent' — label-ul butonului nu se schimba."
+    )
+    # Verificam valoarea setata pe buton
+    assert "'Copiat'" in script_text or '"Copiat"' in script_text, (
+        "Scriptul JS nu seteaza valoarea 'Copiat' pe buton."
+    )
+    # Verificam revenirea la 'Copiaza' dupa setTimeout
+    assert "setTimeout" in script_text, (
+        "Scriptul JS nu contine setTimeout — revenirea la 'Copiaza' dupa 2s lipseste."
+    )
+    assert "'Copiaza'" in script_text or '"Copiaza"' in script_text, (
+        "Scriptul JS nu seteaza revenirea la 'Copiaza' dupa timeout."
+    )
+
+
+# =========================================================================== #
+# test_script_integrare_scoped_pe_container  [FIX-3]                           #
+# =========================================================================== #
+
+def test_script_integrare_scoped_pe_container(client):
+    """Scriptul JS din _integrare.html este scoped pe #integrare-section.
+
+    Un querySelectorAll global ar ataca si tablist-ul principal din dashboard.html,
+    acumuland handlere si provocand dubla-legare pe fiecare swap HTMX.
+    Verificam ca scriptul porneste de la getElementById('integrare-section')
+    si NU face document.querySelectorAll('[role="tablist"]') global.
+    """
+    _create_account_user("scoped_script@test.com")
+    _login(client, "scoped_script@test.com")
+
+    resp = client.get("/_fragments/integrare")
+    assert resp.status_code == 200
+    html = resp.text
+
+    import re as _re
+    script_blocks = _re.findall(r'<script[^>]*>(.*?)</script>', html, _re.DOTALL)
+    script_text = " ".join(script_blocks)
+
+    # Trebuie sa existe getElementById('integrare-section') ca root
+    assert "getElementById('integrare-section')" in script_text or \
+           'getElementById("integrare-section")' in script_text, (
+        "Scriptul JS nu contine getElementById('integrare-section') — "
+        "scoping-ul pe container lipseste"
+    )
+
+    # NU trebuie sa existe document.querySelectorAll cu '[role="tablist"]' global
+    # (adica fara a folosi root-ul)
+    has_global_tablist = bool(
+        _re.search(r'document\.querySelectorAll\([\'"][^"\']*\[role=["\']tablist["\'][^"\']*[\'"]\)', script_text)
+    )
+    assert not has_global_tablist, (
+        "Scriptul JS contine document.querySelectorAll('[role=\"tablist\"]') global — "
+        "trebuie sa foloseasca root.querySelectorAll dupa getElementById('integrare-section')"
+    )