feat(backend): add Swagger UI and fix ENV var naming

[GRACENOBLE]

Summary

• Integrate swaggo/swag: annotate GET / and GET /health, generate docs/swagger/, mount Swagger UI at /swagger/index.html
• Add make swagger Makefile target to regenerate docs after annotation changes
• Add swagger_types.go type alias so swaggo can resolve domain.HealthStats from the handlers package
• Suppress [GIN-debug] banner and route table; log a single docs URL on startup instead
• Use gin.Logger() (colorful) locally and the structured slog middleware in staging/production
• Fix APP_ENV → ENV in .env.example and README to match os.Getenv("ENV") in code
• Document the Swagger annotation workflow in CLAUDE.md and backend/docs/swagger.md

Test plan

• cd backend && make docker-run && make watch — confirm no [GIN-debug] lines, only bootstrap logs + API docs url=http://localhost:8080/swagger/index.html
• Open http://localhost:8080/swagger/index.html — Swagger UI loads with GET / and GET /health documented
• cd backend && make swagger — regenerates docs/swagger/ cleanly with no errors
• cd backend && go build ./... — clean build
• Set ENV=staging in .env — confirm structured slog request logs replace Gin's colorful output

Summary by CodeRabbit

Release Notes

• New Features

  • API documentation through interactive Swagger UI is now available for developers to explore and test endpoints.
  • Added make swagger command to regenerate API documentation from source annotations.

• Documentation

  • Added comprehensive Swagger/OpenAPI setup documentation with configuration guidelines.

• Chores

  • Updated environment variable from APP_ENV to ENV with supported values: local, staging, production.
  • Added Swagger/OpenAPI library dependencies.

[coderabbitai]

Warning

Review limit reached

@GRACENOBLE, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 51 minutes and 1 second. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4fde8932-8c6f-4aba-a9d2-eb86251b959a

📥 Commits

Reviewing files that changed from the base of the PR and between c2eedeb and 84dcb83.

📒 Files selected for processing (1)

• backend/docs/swagger.md

📝 Walkthrough

Walkthrough

Adds Swagger/OpenAPI 2.0 support to the backend using swaggo: introduces handler annotations, a domain type alias for swaggo resolution, Gin route registration for Swagger UI, generated spec files (docs.go, swagger.json, swagger.yaml), a make swagger Makefile target, and supporting documentation. Also renames the APP_ENV environment variable to ENV.

Changes

Swagger/OpenAPI Integration

Layer / File(s)	Summary
Dependencies and Makefile target backend/go.mod, backend/Makefile	Adds swaggo/files, swaggo/gin-swagger, swaggo/swag direct dependencies and their transitive indirect modules; introduces swagger Makefile target running swag init.
Handler annotations and domain type alias backend/internal/transport/handlers/swagger_types.go, backend/internal/transport/handlers/health_handler.go, backend/internal/transport/handlers/hello_handler.go, backend/cmd/api/main.go	Creates HealthStats type alias pointing to domain.HealthStats for swaggo resolution; adds swaggo annotation comment blocks to HelloWorldHandler and HealthHandler; adds Blueprint API metadata header comments and a Swagger UI URL log statement to main.go.
Route registration and Gin debug suppression backend/internal/transport/handlers/routes.go, backend/internal/server/server.go	Registers /swagger/*any route via ginSwagger.WrapHandler; adds blank import of generated docs package; conditionally selects gin.Logger vs middleware.Logger by debug mode; suppresses Gin debug banner in NewServer.
Generated Swagger spec artifacts backend/docs/swagger/docs.go, backend/docs/swagger/swagger.json, backend/docs/swagger/swagger.yaml	Adds autogenerated SwaggerInfo, docTemplate, init() registration, and JSON/YAML spec files defining the Blueprint API with GET / and GET /health endpoints and the handlers.HealthStats schema.
Developer documentation backend/docs/swagger.md, CLAUDE.md	Adds docs/swagger.md with annotation placement rules, domain type aliasing guidance, regeneration instructions, and endpoint tag list; adds a Swagger/OpenAPI section to CLAUDE.md.

ENV Variable Rename

Layer / File(s)	Summary
APP_ENV → ENV rename README.md, backend/.env.example	Replaces APP_ENV with ENV in the README environment variables table and .env.example, documenting accepted values local/staging/production.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

backend, documentation, dependencies

Poem

🐇 Hippity-hop, the docs now appear,
Swagger UI blooms at /swagger/*any here!
Annotations sprout like carrots in spring,
make swagger regenerates everything.
ENV renamed, no APP_ENV in sight —
This bunny's API is documented right! 🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately captures the two main changes: adding Swagger UI to the backend and fixing the ENV variable naming convention.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch backend.swagger

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

backend/docs/swagger/swagger.json (1)

1-97: ⚖️ Poor tradeoff

Generated Swagger spec looks correct; consider adding security definitions when authentication is implemented.

The OpenAPI 2.0 spec is properly generated and matches the handler contracts. Checkov flags the absence of securityDefinitions and security requirements—these are valid observations for production APIs with authentication. Since the current API endpoints (GET / and GET /health) are intentionally unauthenticated, this is not a blocker.

When authentication is added to the API in the future, remember to:

1. Add @securityDefinitions annotations to cmd/api/main.go
2. Add @Security annotations to protected handlers
3. Regenerate the spec with make swagger

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/docs/swagger/swagger.json` around lines 1 - 97, The generated Swagger
specification is currently correct and no immediate changes are required since
the API endpoints are intentionally unauthenticated. However, when
authentication is implemented in the future, add `@securityDefinitions`
annotations to the Swagger comments in cmd/api/main.go to define the security
schemes, add `@Security` annotations to the protected endpoint handlers to specify
which security schemes they require, and regenerate the spec by running make
swagger to incorporate these security definitions into the generated
swagger.json file.

Source: MCP tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@backend/docs/swagger.md`:
- Around line 30-32: The fenced code block containing the swag command is
missing a language specifier, which causes a markdownlint warning. Add the
language identifier "bash" to the opening fence (change ``` to ```bash) to
explicitly declare the code block language and silence the linter.

---

Nitpick comments:
In `@backend/docs/swagger/swagger.json`:
- Around line 1-97: The generated Swagger specification is currently correct and
no immediate changes are required since the API endpoints are intentionally
unauthenticated. However, when authentication is implemented in the future, add
`@securityDefinitions` annotations to the Swagger comments in cmd/api/main.go to
define the security schemes, add `@Security` annotations to the protected endpoint
handlers to specify which security schemes they require, and regenerate the spec
by running make swagger to incorporate these security definitions into the
generated swagger.json file.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ca2df1a5-5a58-47e9-9e99-26ad1e5142ba

📥 Commits

Reviewing files that changed from the base of the PR and between 99935cb and c2eedeb.

⛔ Files ignored due to path filters (1)

• backend/go.sum is excluded by !**/*.sum

📒 Files selected for processing (15)

• CLAUDE.md
• README.md
• backend/.env.example
• backend/Makefile
• backend/cmd/api/main.go
• backend/docs/swagger.md
• backend/docs/swagger/docs.go
• backend/docs/swagger/swagger.json
• backend/docs/swagger/swagger.yaml
• backend/go.mod
• backend/internal/server/server.go
• backend/internal/transport/handlers/health_handler.go
• backend/internal/transport/handlers/hello_handler.go
• backend/internal/transport/handlers/routes.go
• backend/internal/transport/handlers/swagger_types.go