API Contract And Release Checks

The backend owns the API contract. Swagger is generated from Go annotations, and the route-contract tool compares generated Swagger paths with the cahier-derived route backlog.

Contract Files

FilePurpose
backend/docs/api-routes.mdProduct route backlog extracted from the backend cahier.
backend/docs/swagger/swagger.jsonGenerated OpenAPI JSON.
backend/docs/swagger/swagger.yamlGenerated OpenAPI YAML.
backend/docs/api-contract-status.mdHuman-readable implemented/missing route comparison.
backend/docs/api-contract-status.jsonMachine-readable route comparison.
frontend/src/lib/api/clientGenerated frontend HeyAPI client.
dashboard/src/lib/api/clientGenerated dashboard HeyAPI client.

Current status: all 54 expected cahier backlog operations are represented in Swagger. Additional implemented routes include tenant admin CRUD, API keys, webhooks, audit, public verification aliases, agent campaign revocation, and ingest proof polling.

Refresh Commands

From backend/:

  make api-contract
  

Route comparison only:

  go run ./cmd/route-contract -write-docs
  

Backend tests:

  go test ./...
  

Frontend Client Refresh

The frontends should not hand-edit generated clients.

  cd frontend
npm run generate:api
npm run check
  
  cd dashboard
pnpm check
pnpm build
  

CI Expectations

The Gitea workflow is expected to cover:

GatePurpose
Migration disciplineSQL migration files are reviewed and migrator image can run.
Go testsUnit/integration coverage for backend services and HTTP behavior.
Swagger and HeyAPI freshnessPrevents stale clients and undocumented routes.
Security scansgovulncheck, gitleaks, Trivy, and dependency checks where configured.
SBOM/provenanceImage supply-chain evidence.
Image build/scan/publishBackend and frontend container delivery.
Compose E2EFull-stack smoke paths with parallel-safe ports.

Documentation Update Rule

When a change affects operator behavior, update the Hugo admin docs in the same change set. Examples:

ChangeDocs to update
New route or changed roleAccess-control and relevant admin runbook.
New worker or queueWorkers and queues, observability, incidents.
New environment variableConfiguration reference and deployment checklist.
New migration or storage key layoutMigrations/release and backup/restore.
Changed alertObservability and incident response.
Changed production gap stateBackend gap register.

Build docs before delivering:

  cd admin-docs
hugo --gc --minify