diff --git a/backend/src/__tests__/contacts.test.js b/backend/src/__tests__/contacts.test.js
index 3f29263..dd0ccb8 100644
--- a/backend/src/__tests__/contacts.test.js
+++ b/backend/src/__tests__/contacts.test.js
@@ -52,4 +52,34 @@ test('GET /contacts should return 401 for unauthorized access', async () => {
   });
 
   assert.strictEqual(response.statusCode, 401);
+});
+
+// Test for contacts request endpoint
+test('POST /contacts/request should validate dealId and targetUserId', async () => {
+  const response = await app.inject({
+    method: 'POST',
+    url: '/contacts/request',
+    payload: { dealId: -1, targetUserId: 2 }
+  });
+
+  assert.strictEqual(response.statusCode, 400);
+});
+
+test('POST /contacts/respond should validate requestId and accept', async () => {
+  const response = await app.inject({
+    method: 'POST',
+    url: '/contacts/respond',
+    payload: { requestId: -1, accept: 'not-a-boolean' }
+  });
+
+  assert.strictEqual(response.statusCode, 400);
+});
+
+test('GET /contacts/deal/:dealId should validate dealId', async () => {
+  const response = await app.inject({
+    method: 'GET',
+    url: '/contacts/deal/invalid'
+  });
+
+  assert.strictEqual(response.statusCode, 400);
 });
\ No newline at end of file
diff --git a/docs/runtime/pick_next_task_state.env b/docs/runtime/pick_next_task_state.env
index a9ac853..9424a92 100644
--- a/docs/runtime/pick_next_task_state.env
+++ b/docs/runtime/pick_next_task_state.env
@@ -1,2 +1,2 @@
-LAST_ROUTE=auth.js
-UPDATED_AT=2026-03-06T19:53:13Z
+LAST_ROUTE=contacts.js
+UPDATED_AT=2026-03-06T19:54:59Z