API
The backend exposes two distinct API surfaces:
| Surface | Section | Protocol | Primary consumer |
|---|---|---|---|
| REST | rest/ | HTTP/JSON over HTTPS | Electron client, office-router Worker |
| WebSocket | websocket/ | WebSocket + JWT | office-router Worker (Cloudflare Durable Objects) |
REST (rest/)
A Gin HTTP API documented via OpenAPI (Swagger). All endpoints require authentication except the health check. The OpenAPI spec is auto-generated from source annotations and lives at rest/openapi.yaml.
rest/ also contains per-endpoint reference pages for endpoints that need more context than the spec alone provides.
Tier 2 note:
rest/is a Tier 2 auto-generation target for the OpenAPI spec. The doc-bot must never editrest/openapi.yamlorrest/openapi.mdx— those are generated. Hand-written pages (per-endpoint.mdfiles) are fair game.
WebSocket (websocket/)
The backend issues short-lived JWTs that the Electron client presents to the Cloudflare office-router Worker to open a WebSocket connection. The backend itself does not handle WebSocket connections — it only mints and validates the tokens.
websocket/ documents the token format, signing key setup, and the handshake flow between client, office-router Worker, and backend.