Add OpenAPI contract generation and typed client

Author: linuxlewis

.gitignore

@@ -7,3 +7,5 @@ test-results/
 .env
 .env.local
 *.generated.*
+!src/generated/
+!src/generated/*.generated.*

AGENTS.md

@@ -14,6 +14,7 @@ This is a TypeScript monorepo using pnpm workspaces. The application follows a d
 | Architecture & dependency rules | [docs/architecture.md](./docs/architecture.md) |
 | Testing procedure | [docs/testing.md](./docs/testing.md) |
 | React conventions | [docs/react.md](./docs/react.md) |
+| OpenAPI and typed client generation | [docs/openapi.md](./docs/openapi.md) |
 | Core beliefs & principles | [docs/beliefs.md](./docs/beliefs.md) |
 | Quality tracking | [docs/quality.md](./docs/quality.md) |
 
@@ -38,6 +39,8 @@ pnpm · TypeScript · Fastify + React/Vite · TanStack Query · PostgreSQL + Dri
 | `pnpm start` | Start the local Docker Postgres, API, and web stack |
 | `pnpm preview` | Build the web app and run a pseudo-production stack |
 | `pnpm stop` | Stop the local stack and Docker resources |
+| `pnpm api:generate` | Regenerate the OpenAPI spec and typed frontend client |
+| `pnpm api:check` | Verify generated API artifacts are current |
 | `pnpm test:unit` | Run fast co-located unit tests |
 | `pnpm test:integration` | Start the stack and run database/runtime integration tests |
 | `pnpm test:e2e` | Start the stack and run browser e2e tests |

README.md

@@ -12,6 +12,7 @@ pnpm start      # Start Docker Compose Postgres, API, and web for this worktree
 pnpm health     # Print health checks and the allocated URLs
 pnpm preview    # Build and run a pseudo-production stack
 pnpm test:unit  # Fast unit tests
+pnpm api:generate # Regenerate OpenAPI spec and typed frontend client
 pnpm test       # Unit, integration, and e2e tests
 pnpm lint       # Biome + architectural linting
 pnpm check:docs # Verify doc freshness
@@ -24,7 +25,7 @@ Use `pnpm logs -- --service api --lines 120` to inspect API logs. Use `pnpm seed
 
 See [docs/architecture.md](./docs/architecture.md) for the full picture.
 
-Each business domain follows a strict layered model. The React UI uses TanStack Query for server-state fetching, mutation, caching, and invalidation.
+Each business domain follows a strict layered model. The React UI uses TanStack Query for server-state fetching, mutation, caching, and invalidation. HTTP route contracts generate the OpenAPI spec and typed frontend client; see [docs/openapi.md](./docs/openapi.md).
 
 ```
 Types → Config → Repo → Service → Runtime → UI
@@ -47,7 +48,7 @@ When an agent needs the running app URL, use `pnpm health` or read `.stack/<work
 3. Update this README with the product name and local setup notes.
 4. Replace or rename the example domain under `src/domains/example/`.
 5. Add your first real domain by starting at the `types/` layer, then move forward through config, repo, service, runtime, and UI as needed.
-6. Keep [AGENTS.md](./AGENTS.md), [docs/implementation.md](./docs/implementation.md), [docs/testing.md](./docs/testing.md), and [docs/react.md](./docs/react.md) current as the project develops.
+6. Keep [AGENTS.md](./AGENTS.md), [docs/implementation.md](./docs/implementation.md), [docs/testing.md](./docs/testing.md), [docs/openapi.md](./docs/openapi.md), and [docs/react.md](./docs/react.md) current as the project develops.
 7. Run `pnpm lint`, `pnpm test`, `pnpm build`, and `pnpm check:docs` before treating the template migration as complete.
 
 ## For Agents

docs/architecture.md

@@ -6,6 +6,11 @@ Every business domain is organized into six layers with **strict forward-only de
 
 ```
 Types → Config → Repo → Service → Runtime → UI
+   │                                      │       ▲
+   └── Zod request/response schemas ─────┘       │
+                         │                       │
+                         ▼                       │
+              OpenAPI spec + typed API client ───┘
 ```
 
 ### Layer Responsibilities
@@ -16,8 +21,10 @@ Types → Config → Repo → Service → Runtime → UI
 | **config/** | Domain configuration, defaults, env parsing | types |
 | **repo/** | Data access, database queries, external API clients | types, config |
 | **service/** | Business logic, orchestration, domain rules | types, config, repo |
-| **runtime/** | Server routes, background jobs, event handlers | types, config, repo, service |
-| **ui/** | React components, hooks, pages | types, config (client-safe only) |
+| **runtime/** | Server routes, route contracts, background jobs, event handlers | types, config, repo, service |
+| **ui/** | React components, hooks, pages; uses generated API client for HTTP | types, config (client-safe only), generated client |
+
+Route contracts live in `runtime/contract.ts` because they describe the HTTP boundary. They depend on lower-layer Zod schemas and provider contract types, then feed generated artifacts under `src/generated/`. UI code may import the generated client and exported client-safe types, but it must not import runtime route modules directly.
 
 ### Cross-Cutting Concerns (Providers)
 
@@ -26,6 +33,7 @@ Database, telemetry, auth, feature flags, and shared connectors (cache, queue) l
 ```
 src/providers/
 ├── database/      # Postgres client and lifecycle
+├── openapi/       # Route contract to OpenAPI document builder
 ├── telemetry/     # Structured Pino logging; metrics/traces are future work
 ├── auth/          # Authentication & authorization
 └── feature-flags/ # Feature flag evaluation
@@ -39,17 +47,20 @@ These rules are enforced by the custom linter at `lints/check-deps.ts`:
 2. **No cross-domain imports at lower layers.** `domainA/repo` cannot import `domainB/repo`. Cross-domain communication happens at the `service` layer or above.
 3. **No direct cross-cutting imports.** Use `src/providers/`, not raw `pino` or `@opentelemetry/*` imports in domain code.
 4. **UI only imports types and client-safe config.** No server-side code in the UI layer.
-5. **Co-located tests are required.** Source modules must have adjacent unit or integration tests unless they are approved entrypoints or barrel files.
-6. **Structured logging only.** Application code must not use `console.*`; use providers so stack logs stay queryable.
+5. **Generated API client is the UI HTTP boundary.** Browser code should call `src/generated/api-client.generated.ts`, not hand-written `fetch` wrappers for app routes.
+6. **Co-located tests are required.** Source modules must have adjacent unit or integration tests unless they are approved entrypoints, generated files, or barrel files.
+7. **Structured logging only.** Application code must not use `console.*`; use providers so stack logs stay queryable.
 
 ### Adding a New Domain
 
 1. Create `src/domains/<name>/` with all six layer directories
 2. Add types and Zod schemas first (types layer is the foundation)
-3. Register routes in the runtime layer
-4. Add co-located tests for every source module
-5. Add browser e2e coverage when the domain exposes user-visible flows
-6. Update [implementation.md](./implementation.md), [testing.md](./testing.md), or domain-specific docs when behavior changes
+3. Add route contracts and route handlers in the runtime layer
+4. Register domain contracts in `src/api-contracts.ts`
+5. Run `pnpm api:generate` when HTTP behavior changes
+6. Add co-located tests for every source module
+7. Add browser e2e coverage when the domain exposes user-visible flows
+8. Update [implementation.md](./implementation.md), [testing.md](./testing.md), [openapi.md](./openapi.md), or domain-specific docs when behavior changes
 
 ### File Conventions
 

docs/implementation.md

@@ -10,6 +10,7 @@ Use this process when adding or changing application behavior. Keep changes smal
 - Check [quality.md](./quality.md) for known gaps in the area you are touching.
 - Check [testing.md](./testing.md) before choosing test coverage.
 - Check [react.md](./react.md) before changing UI components or hooks.
+- Check [openapi.md](./openapi.md) before changing HTTP routes, API payloads, or generated client usage.
 - Prefer existing domain patterns over new abstractions.
 
 ## 2. Design The Change By Layer
@@ -26,19 +27,34 @@ For a new feature, usually work in this order:
 2. `config/`: add defaults or environment parsing when behavior needs configuration.
 3. `repo/`: add database or external data access and parse returned rows before leaving the layer.
 4. `service/`: add business rules and orchestration. Keep this testable with injected dependencies.
-5. `runtime/`: add routes, handlers, jobs, or adapters. Parse request input at the boundary.
-6. `ui/`: add React components and hooks for browser-visible behavior. Use `useState` for local interaction state and TanStack Query for server state. Do not use `useEffect`.
+5. `runtime/`: add route contracts, routes, handlers, jobs, or adapters. Parse request input at the boundary.
+6. `ui/`: add React components and hooks for browser-visible behavior. Use `useState` for local interaction state and TanStack Query for server state. Use the generated API client for HTTP calls. Do not use `useEffect`.
 
 Skip layers that do not apply. Do not bypass lower layers just to make the change faster.
 
-## 3. Write Tests With The Pyramid
+## 3. Keep API Contracts Generated
+
+When a feature adds or changes HTTP behavior:
+
+1. Define request, response, and path parameter schemas in the domain `types/` layer. Response schemas must describe JSON payloads, not internal service objects.
+2. Add or update the domain route contract in `runtime/contract.ts`, including `method`, `operationId`, `path`, `responses`, and `client` metadata for browser-callable routes.
+3. Register the contract from `src/api-contracts.ts`.
+4. Run `pnpm api:generate` to refresh `src/generated/openapi.generated.json` and `src/generated/api-client.generated.ts`.
+5. Use the generated client from UI code instead of hand-written `fetch` calls.
+
+Use [openapi.md](./openapi.md) for the exact contract shape, client metadata fields, and verification checklist.
+
+Generated API artifacts are committed source artifacts. `pnpm build` runs `pnpm api:check`, so stale OpenAPI/client output should fail validation before merge.
+
+## 4. Write Tests With The Pyramid
 
 - Add or update co-located unit tests for most logic.
 - Add integration tests when the behavior depends on Postgres, route wiring, provider behavior, migrations, or another real boundary.
 - Add e2e tests for critical browser journeys and visible failure states.
+- Add contract/generator tests when route metadata, generated OpenAPI output, or generated client behavior changes.
 - Avoid duplicating the same assertion at every layer. Unit tests should cover combinations; e2e tests should prove the journey works.
 
-## 4. Validate
+## 5. Validate
 
 For source-only changes:
 
@@ -52,16 +68,18 @@ For API, database, UI, or browser-visible changes:
 
 ```bash
 pnpm lint
+pnpm api:check
 pnpm test
 pnpm check:docs
 ```
 
 Use `pnpm start`, `pnpm seed`, `pnpm health`, `pnpm logs`, and `pnpm stop` when you need to inspect the running stack manually. Use `pnpm preview` for a built pseudo-production smoke check.
 
-## 5. Update Documentation
+## 6. Update Documentation
 
 - Update [testing.md](./testing.md) when commands or test expectations change.
 - Update [react.md](./react.md) when UI patterns or component rules change.
+- Update [openapi.md](./openapi.md) when API contract generation or generated client conventions change.
 - Update [quality.md](./quality.md) when you improve coverage or identify a durable gap.
 - Update [architecture.md](./architecture.md) only when the layer model or dependency rules change.
 - Add a focused design note only for decisions that future agents must understand to modify the feature safely.

docs/openapi.md

@@ -0,0 +1,175 @@
+# OpenAPI And Typed Client
+
+Last verified: 2026-05-05
+
+The HTTP contract is generated from TypeScript route contract metadata and Zod schemas. Domain runtime layers own their route contracts because routes are the HTTP boundary, and the generated frontend client imports only client-safe domain types.
+
+## Files
+
+| What | Where |
+|------|-------|
+| OpenAPI document builder | `src/providers/openapi/` |
+| App route contract registry | `src/api-contracts.ts` |
+| Example domain route contracts | `src/domains/example/runtime/contract.ts` |
+| Generated OpenAPI spec | `src/generated/openapi.generated.json` |
+| Generated frontend client | `src/generated/api-client.generated.ts` |
+
+## Commands
+
+| Command | Purpose |
+|---------|---------|
+| `pnpm api:generate` | Regenerate the OpenAPI JSON document and frontend client |
+| `pnpm api:check` | Fail when generated API artifacts are stale |
+
+`pnpm build` runs `pnpm api:check` before TypeScript and Vite so stale generated API artifacts fail CI.
+
+## Adding Or Changing Routes
+
+1. Add or update request, response, and parameter schemas in the domain `types/` layer. Use JSON-serializable response schemas for HTTP payloads; for example, date-time fields should be strings in response schemas even if service-layer domain entities use `Date`.
+2. Add or update the route contract in the domain `runtime/contract.ts`.
+3. Implement the Fastify route in the domain `runtime/routes.ts`.
+4. Run `pnpm api:generate`.
+5. Use `src/generated/api-client.generated.ts` from UI code instead of hand-written `fetch` calls.
+
+## Contract Shape
+
+Each domain that exposes HTTP routes should have a `runtime/contract.ts` file that exports one readonly array named after the domain, such as `itemRouteContracts`. The array must satisfy `readonly ApiRouteContract[]`.
+
+```ts
+import type { ApiRouteContract } from "@providers/openapi/index.js";
+import { z } from "zod";
+import {
+	CreateThingSchema,
+	ThingIdSchema,
+	ThingResponseSchema,
+} from "../types/index.js";
+
+const ErrorResponseSchema = z.object({
+	error: z.string(),
+});
+
+const ThingParamsSchema = z.object({
+	id: ThingIdSchema,
+});
+
+const thingTypeImports = [
+	{
+		kind: "type",
+		module: "../domains/example/types/index.js",
+		names: ["CreateThing", "ThingResponse"],
+	},
+] as const;
+
+const thingResponseSchemaImports = [
+	{
+		kind: "value",
+		module: "../domains/example/types/index.js",
+		names: ["ThingResponseSchema"],
+	},
+] as const;
+
+export const thingRouteContracts = [
+	{
+		method: "post",
+		operationId: "createThing",
+		path: "/api/things",
+		requestBody: CreateThingSchema,
+		responses: {
+			201: { description: "Created thing", schema: ThingResponseSchema },
+			400: { description: "Invalid thing data", schema: ErrorResponseSchema },
+		},
+		summary: "Create thing",
+		tags: ["things"],
+		client: {
+			functionName: "createThing",
+			imports: [...thingTypeImports, ...thingResponseSchemaImports],
+			requestBodyType: "CreateThing",
+			responseParser: "ThingResponseSchema",
+			responseType: "ThingResponse",
+		},
+	},
+] as const satisfies readonly ApiRouteContract[];
+```
+
+## Contract Fields
+
+| Field | Required | Purpose |
+|-------|----------|---------|
+| `method` | Yes | Lowercase HTTP method: `get`, `post`, `put`, `patch`, or `delete`. |
+| `operationId` | Yes | Stable OpenAPI operation name. Use a verb phrase like `createItem`; do not reuse within the app. |
+| `path` | Yes | Fastify-style route path. Use `:id` path parameters; the OpenAPI builder converts them to `{id}`. |
+| `pathParams` | When the path has params | Zod object for path params. Keys must match every `:param` segment in `path`. |
+| `requestBody` | For JSON body routes | Zod schema for the request JSON body. Omit for bodyless routes. |
+| `responses` | Yes | Map of HTTP status codes to response descriptions and optional Zod response schemas. Omit `schema` for empty responses like `204`. |
+| `summary` | Yes | Short human-readable OpenAPI summary. |
+| `tags` | Recommended | OpenAPI grouping tags, usually the domain or resource name. |
+| `client` | For browser-callable routes | Metadata used to generate the frontend client function. Omit only for routes that should not be called from browser UI. |
+
+## Client Metadata
+
+`client` controls the generated function in `src/generated/api-client.generated.ts`.
+
+| Field | Required | Purpose |
+|-------|----------|---------|
+| `functionName` | Yes | Method name on `apiClient`, such as `apiClient.createItem`. |
+| `imports` | When client types or parsers are referenced | Type/value imports emitted into the generated client. Paths are relative to `src/generated/api-client.generated.ts`. |
+| `pathParamsType` | When the path has params | TypeScript type for the generated `params` argument, usually `{ id: string }`. |
+| `requestBodyType` | When `requestBody` exists | TypeScript type for the generated `body` argument. |
+| `responseType` | Yes | Promise result type for the generated client method. Use `void` for `204`-only success responses. |
+| `responseParser` | For JSON responses | Zod parser expression used by the generated client at the browser boundary, such as `ItemResponseSchema` or `ItemResponseSchema.array()`. |
+
+Use `kind: "type"` imports for TypeScript-only names and `kind: "value"` imports for Zod schemas referenced by `responseParser`.
+
+```ts
+client: {
+	functionName: "listItems",
+	imports: [...itemTypeImports, ...itemResponseSchemaImports],
+	responseParser: "ItemResponseSchema.array()",
+	responseType: "ItemResponse[]",
+}
+```
+
+For a `DELETE` route that returns `204`, omit `responseParser` and use `responseType: "void"`.
+
+## Schema Rules
+
+- Request schemas should describe the raw JSON sent by clients.
+- Response schemas should describe the JSON returned over HTTP, not necessarily the service-layer domain entity. If the service uses `Date`, the response schema should usually use `z.iso.datetime()` because JSON carries strings.
+- Error responses should use explicit schemas, commonly `z.object({ error: z.string() })`, so OpenAPI documents failure shapes too.
+- Path parameter schemas should reuse domain value schemas such as `ItemIdSchema`.
+- Do not import `repo`, `service`, or `ui` code from `runtime/contract.ts`; contracts should depend on `types` and provider contract types only.
+
+## Registration
+
+After adding a domain contract, register it in `src/api-contracts.ts`.
+
+```ts
+import { itemRouteContracts } from "./domains/example/runtime/contract.js";
+import { thingRouteContracts } from "./domains/thing/runtime/contract.js";
+
+export const apiRouteContracts = [...itemRouteContracts, ...thingRouteContracts] as const;
+```
+
+The server and generator both consume `apiRouteContracts`, so this is the single app-level registry for OpenAPI and client generation.
+
+## Route Implementation
+
+The contract does not register Fastify handlers. Keep handler implementation in the domain `runtime/routes.ts`, and make sure the actual route behavior matches the contract:
+
+- same `method` and `path`
+- same success status codes
+- same request body validation
+- same path parameter validation
+- same error response shape
+
+`/openapi.json` is served by `src/app-server.ts` from the registered contracts.
+
+## Verification Checklist
+
+When changing contracts, verify all of the following:
+
+1. `runtime/contract.ts` has co-located tests for operation IDs, client function names, and any serialization-sensitive schemas.
+2. `runtime/routes.ts` has tests or integration coverage for boundary validation and status codes.
+3. `pnpm api:generate` updates both generated files.
+4. `pnpm api:check` passes without rewriting artifacts.
+5. UI code imports `apiClient` or generated exported types from `src/generated/api-client.generated.ts`.

docs/quality.md

@@ -23,6 +23,7 @@ Track the health of each domain and architectural layer. Update this when you im
 | auth | D | Placeholder |
 | database | B | Postgres provider wired through Docker Compose stack |
 | telemetry | B | Pino logger, request IDs, route timings, and stack log files are wired; metrics/traces are future work |
+| openapi | B | Route contracts generate `openapi.generated.json` and a typed frontend client; broader coverage should grow as domains are added |
 | feature-flags | D | Placeholder |
 
 ## Known Gaps