API Index
The API Index is the source-derived contract for one App's HTTP surface.
It records discovered operations, handler identities, middleware, request inputs, response outputs, typed schemas, human-authored metadata, and deterministic diagnostics. GoForj projects that contract into OpenAPI output.
Generate the Contract
The normal path is:
forj buildforj build refreshes generated components, runs Wire, prepares the API artifacts, compiles the App, and publishes the prepared artifacts only after compilation succeeds.
Use the focused command when you only need the contract artifacts:
forj build:api-indexFor a named App, prefix either command:
forj marketplace build
forj marketplace build:api-indexApp-Scoped Outputs
The default App writes:
build/api_index.json
build/api_index.diagnostics.json
build/openapi.jsonA named App writes:
build/marketplace/api_index.json
build/marketplace/api_index.diagnostics.json
build/marketplace/openapi.jsonManifest version 2 keeps operations, typed schemas, metadata, and diagnostics in one canonical API index.
Apps without Web API support do not have an HTTP contract. Indexing a known CLI-only App removes stale App-scoped API artifacts instead of preserving an obsolete contract.
The focused command reports the selected App, whether the generation changed, and operation, schema, and diagnostic counts:
app marketplace, changed, 12 operations, 9 schemas, 0 diagnosticsDiagnostics and Strict Mode
Normal indexing publishes a valid contract when it contains warnings, and writes those warnings to the diagnostics artifact. Errors prevent publication.
Use strict mode in CI when warnings should also fail the command:
forj build:api-index --strict
forj marketplace build:api-index --strictThe complete build and source-run pipelines use a more specific flag:
forj build --api-index-strict
forj run --api-index-strictA strict failure does not replace the last successfully published artifact set.
Diagnostics include stable codes and source locations when GoForj cannot prove a route, input, response, schema, metadata, or middleware policy from source. Review api_index.diagnostics.json when an operation or schema is missing or less specific than expected.
Build Tags
The focused command accepts a comma-separated tag list:
forj build:api-index --tags dev,integrationFor a complete build, pass the normal Go build tag flag:
forj build --api-index-strict -tags=dev,integrationGoForj applies the same tag selection to route discovery and focused Go type loading. It rejects build modes it cannot mirror safely rather than publishing a contract for a different source surface than the binary.
What GoForj Infers
API indexing follows the App's route composition and conventional GoForj handlers. It can infer:
- HTTP method, path, handler, and middleware
- path, query, header, and cookie inputs
- request bodies bound through conventional
web.Contexthandlers - response status, media type, and body shape
- typed schemas and validation constraints that are statically visible
- handler prose, tags, and explicit OpenAPI metadata
The generated contract contains only behavior justified by source. Unresolved expressions become diagnostics or unconstrained output instead of guessed API claims.
Handler comments can refine human-facing OpenAPI metadata:
// Create provisions an account.
//
// @openapi.summary Register an account
// @openapi.description Creates the primary account record.
// @openapi.tag Accounts
func (c *Controller) Create(ctx web.Context) error {
// ...
}Supported directives include @openapi.summary, @openapi.description, @openapi.tag, @openapi.tags, and @openapi.security. Security directives must name a configured scheme, such as authAccess in an Auth-enabled App, or none for an intentionally public operation. Invalid or contradictory directives produce diagnostics.
Safe Publication
The three artifacts form one generation:
build:api-indexpublishes all three files under one coordinated writer operation after indexing succeeds.buildretains the previous generation until the App compiles.runretains the previous generation until the OS process-start boundary succeeds. It does not wait for runtime readiness.- identical output is left untouched.
- concurrent publishers cannot interleave artifact generations, and ordinary publication failures roll back files already replaced.
This means a failed compile or process-start attempt cannot replace the last working API contract with candidate output from a broken App.
Current Limits
API indexing analyzes source. It does not execute the runtime router or record traffic.
Dynamic route registration, computed status codes, indirect response construction, reflection-heavy contracts, and other behavior that is not statically visible can remain unresolved. Keep that behavior explicitly documented and tested.
WebSocket routes are visible to route tooling but are not projected as OpenAPI HTTP operations.
Common Mistakes
Common mistakes
- Do not hand-edit generated API artifacts.
- Do not assume API indexing replaces route or authorization tests.
- Do not ignore diagnostics when generated operations are missing or unconstrained.
- Do not index with different build tags than the binary.
