Gabriel Radureau
89f2b1ed15
First PR shipping after the new ~/.vibe/skills/verifier/ skill went live. Verifier ran on already-merged PRs and flagged 3 BLOCK doc gaps: - /api/healthz (PR #20) — 0 mentions in documentation/ - /api/admin/cache/flush (PR #29) — 0 mentions - BDD_SCHEMA_ISOLATION env var (PR #35) — 0 mentions Adds: - documentation/API.md — system + admin + v1 + v2 endpoint reference, curl examples, response schemas, ADR cross-refs, Swagger UI link - documentation/BDD_TEST_ENV.md — required + optional env vars (BDD_SCHEMA_ISOLATION, FEATURE, GODOG_TAGS, BDD_ENABLE_CLEANUP_LOGS), recommended local commands, 2.85x speedup note Both files use relative links per docs-homogeneity.md checklist. Closes the verifier feedback loop: skill produces actionable findings → findings get fixed in next PR. Demonstrates audit→fix loop on real diffs.
4.1 KiB
API endpoints
Reference document for all HTTP endpoints exposed by dance-lessons-coach server. The authoritative source is the swag-generated Swagger UI at /swagger/index.html (served by the Go binary). This markdown is the human-readable index, intentionally short — when in doubt, run the server and open Swagger.
Conventions
- All paths under
/api/(no other prefix is used) - Versioned API under
/api/v1/<resource>and/api/v2/<resource>(cf. ADR-0010 v2 feature flag) - System / Health / Version endpoints at root (
/api/<endpoint>, no version) - Admin endpoints under
/api/admin/<action>(require master admin password header) - Response Content-Type:
application/jsonunless documented otherwise - Error envelope:
{"error":"<code>","message":"<text>"}(HTTP 4xx/5xx)
System endpoints (no auth)
| Method | Path | Purpose | Cf. |
|---|---|---|---|
| GET | /api/health |
Liveness check (legacy, returns {"status":"healthy"}) |
pkg/server/server.go |
| GET | /api/healthz |
Kubernetes-style rich health: status / version / uptime_seconds / timestamp | PR #20 — handler with swag @Router /healthz [get] |
| GET | /api/ready |
Readiness check (DB connection + service deps) | pkg/server/server.go handleReadiness |
| GET | /api/version |
Version info (cached 60s, since PR #29) | pkg/server/server.go handleVersion |
/api/healthz body schema (HealthzResponse):
{
"status": "healthy",
"version": "1.4.0",
"uptime_seconds": 1234,
"timestamp": "2026-05-04T08:00:00Z"
}
Use /api/healthz for kubelet liveness probes — richer than /api/health and stable.
Admin endpoints (require X-Admin-Password header)
| Method | Path | Purpose | Cf. |
|---|---|---|---|
| POST | /api/admin/cache/flush |
Flush the entire in-memory cache. Returns {"flushed":true,"items_flushed":N,"timestamp":"..."} (200) or {"error":"unauthorized"} (401) or {"error":"cache_disabled"} (503) |
PR #29 — pkg/server/server.go handleAdminCacheFlush |
Auth: header X-Admin-Password: <master-password> (matches auth.admin_master_password in config / DLC_AUTH_ADMIN_MASTER_PASSWORD env var). Default admin123 for local dev — change in production.
v1 API (auth + greeting)
Mounted at /api/v1/... with the rate-limit middleware (cf. ADR-0022 Phase 1, since PR #22). Cached responses on greet (since PR #29).
Auth (/api/v1/auth/...)
| Method | Path | Purpose |
|---|---|---|
| POST | /api/v1/auth/register |
User registration |
| POST | /api/v1/auth/login |
Login with username + password, returns JWT |
| POST | /api/v1/auth/validate |
Validate a JWT token |
| POST | /api/v1/auth/password-reset/request |
Request password reset (admin-flagged users only) |
| POST | /api/v1/auth/password-reset/complete |
Complete password reset |
JWT secret rotation policies: cf. ADR-0021 + JWT secrets endpoints under /api/v1/admin/jwt/secrets (admin-only).
Greet (/api/v1/greet/...)
| Method | Path | Purpose |
|---|---|---|
| GET | /api/v1/greet?name=X |
Greeting (cached per name 60s, header X-Cache: HIT/MISS) |
| GET | /api/v1/greet/{name} |
Greeting (path param variant, same caching) |
Admin under v1 (/api/v1/admin/...)
JWT secret management endpoints. Cf. swag annotations in handlers + features/jwt/ BDD scenarios for the exact contract.
v2 API
Enabled via api.v2_enabled config (cf. ADR-0010 v2 feature flag).
| Method | Path | Purpose |
|---|---|---|
| POST | /api/v2/greet |
v2 greeting (JSON body, more validation) |
Swagger UI
Served at /swagger/index.html (and /swagger/doc.json for the embedded spec). Always reflects what the running binary exposes — when in doubt, prefer Swagger over this markdown.