MIMICORE is a high-performance, declarative API Gateway and API Mocking Platform written in Go. It uses an Intermediate Representation (IR) engine to decouple configuration from execution.
It is designed for scale and developer experience, featuring zero-downtime hot-reloading, upstream proxying, parallel execution, distributed caching, and dynamic user code execution via WebAssembly (WASM).
I mainly work with Python and C/C++. Go is new to me. I built this with support from AI assistants and online resources. Since this project has user code execution and API chaining, these features can be misused. If you plan to run untrusted code, use caution and double-check all code for exploits. It is recommended to run this in a restricted environment like Docker or a hardened kernel, behind a DMZ. This project is intended for demonstration and testing purposes.
- Declarative Configuration: Define endpoints, validation, logic, and responses entirely in JSON.
- Zero-Downtime Hot Reload: The system detects file changes and recompiles specific routes/WASM binaries without dropping active connections.
- Parallel Execution: Transformation steps (like upstream HTTP calls) are batched and executed concurrently using
errgroup. - High Performance: Uses
goccy/go-jsonfor fast parsing and a global connection pool for low-latency HTTP chaining.
- Dynamic User Code (WASM): Write Go code directly in your JSON. It is compiled to WASM on-the-fly and executed in a sandboxed, pooled runtime (Wazero).
- Distributed Caching (S3/MinIO): Compiled WASM binaries are hashed and stored in S3/MinIO. This enables instant startup for clusters and prevents "thundering herd" compilation spikes.
- Observability: Built-in Prometheus metrics (
/metrics) tracking RPS, Latency, and WASM execution time. - Traffic Control: Integrated Rate Limiting (Token Bucket) and CORS middleware to protect the gateway.
- Robust Validation: Full support for JSON Schema validation for request bodies, plus Regex patterns for Headers/Query params.
- Network Simulation: Built-in support for Fixed Latency and Jitter.
- Go 1.22+
- TinyGo: Required for the Dynamic Compiler service.
- Docker & Docker Compose: Recommended for running the full stack (Gateway + MinIO + Prometheus + Grafana).
-
Clone the repository
git clone https://github.com/axis0047/mimicore.git cd mimicore -
Install Dependencies
go mod tidy
-
Start the Gateway (Standalone Mode)
go run cmd/gateway/*.goServer listens on port
:8080.
Here is the updated text for your README.md. You can append these sections or replace the existing "Installation & Run" section to make it more comprehensive.
For the best experience, run the full stack including MinIO (Caching), Prometheus (Metrics), and Grafana (Dashboards).
-
Prepare your environment: Ensure you have a
docker-compose.ymland aconfigs/directory with at least one JSON config. -
Start the Stack:
docker-compose up -d
-
Access Services:
| Service | URL | Credentials | Description |
|---|---|---|---|
| Gateway | http://localhost:8080 |
N/A | The API traffic entry point. |
| Metrics | http://localhost:9090 |
N/A | Raw Prometheus metrics (Internal). |
| Grafana | http://localhost:3000 |
admin / admin |
Visual dashboards. |
| MinIO | http://localhost:9001 |
admin / password |
S3 Object Browser. |
| Prometheus | http://localhost:9091 |
N/A | Metrics database UI. |
-
Environment Variables: The gateway is configured via
docker-compose.yml. Key variables include:MINIO_ENDPOINT: Address of the S3 store (e.g.,minio:9000).MINIO_ACCESS_KEY: S3 Username.MINIO_SECRET_KEY: S3 Password.
When deploying MockingGOD to a production environment (Kubernetes, AWS ECS, DigitalOcean), follow these best practices to ensure security and stability.
- Reverse Proxy (SSL/TLS): MockingGOD serves HTTP. In production, place it behind Nginx, Traefik, or an AWS ALB to handle SSL termination (HTTPS).
- Port Exposure: Only expose port
8080(Traffic) to the public. Keep ports9090(Metrics),9000(MinIO API), and9001(MinIO Console) inside your private network (VPC/Cluster IP). - Credentials: Change the default MinIO
admin/passwordcredentials immediately. Use Docker Secrets or Kubernetes Secrets to inject them. - CORS: While the included middleware permits
*(all origins) for development convenience, you may want to restrict this to specific domains in theinternal/middleware/cors.gologic for stricter environments.
- WASM Memory: User code runs in a sandboxed runtime. While efficient, heavy usage requires RAM. Monitor the Avg WASM Execution Time in Grafana.
- Tip: Adjust
max_instancesin your API config to prevent a single API from consuming all server memory.
- Tip: Adjust
- CPU: WASM compilation (on the first request/cache miss) is CPU intensive. Ensure your deployment has enough CPU burst capacity for startup/reloads.
- Persistence: Ensure your MinIO container uses a Persistent Volume. If MinIO loses data, the Gateway will have to recompile all WASM binaries on the next restart (slower startup).
- Shared Cache: If running multiple replicas of MockingGOD (e.g., 5 pods in K8s), point them all to the same MinIO instance. This ensures that if one pod compiles the code, all other pods get the binary instantly from the cache.
- Golden Signals: Use the provided Grafana dashboard to monitor Request Rate, Error Rate, and Latency.
- Alerting: Set up Prometheus alerts for:
- High Error Rates (
status=5xx). - WASM Timeouts (Execution time > configured
timeout_ms). - Rate Limit Throttling (Spikes in
status=429).
- High Error Rates (
-
Create a configuration file
configs/my_api.json.{ "api": "my_api", "mode": "ir", "version": "v2", "rate_limit": { "requests_per_second": 10, "burst": 20 }, "user_code": { "inline_source": "package main\n\n//export double\nfunc double(x uint64) uint64 { return x * 2 }\n\nfunc main() {}", "timeout_ms": 100 }, "routes": [ { "method": "GET", "path": "/calc/{val}", "transform": { "extract": { "num": { "from": "path.val", "as": "x", "type": "int" } } }, "response": { "status": 200, "body": { "result": "{{double(x)}}" } } } ] } -
Test the Endpoint: Routing is based on the Host header matching the
apifield.curl -H "Host:my_api.localhost" http://localhost:8080/calc/5Response:
{ "result": "10" }
graph TD
User[Client Request] --> Gateway
Watcher[File Watcher] --> Builder
subgraph Compiler_Service [Compiler Service]
Builder -- "Go Source" --> Compiler
Compiler -- "Check Hash" --> L1_Memory[L1 Memory Cache]
Compiler -- "Check Hash" --> L2_S3[L2 MinIO/S3]
Compiler -- "Compile (TinyGo)" --> WASM_Bin
WASM_Bin --> L2_S3
end
Compiler -- "WASM Bytes" --> Builder
Builder --> Registry[Handler Registry]
Gateway -- "Host Matching" --> Registry
Registry -- "Get Handler" --> Middleware
subgraph Middleware [Middleware Chain]
Metrics --> CORS --> RateLimiter
end
RateLimiter --> V2Engine
subgraph V2Engine [Parallel Request Lifecycle]
Validation[JSON Schema / Headers] --> Transformation
Transformation -- "Extract" --> Context
Transformation -- "ErrGroup: Parallel HTTP" --> Upstream[Upstream APIs]
Transformation -- "WASM (Pooled)" --> Runtime[Wazero Runtime]
Upstream --> Context
Runtime --> Context
Context --> ResponseBuilder
ResponseBuilder -- "Latency Simulation" --> User
end
.
βββ cmd/gateway/ # Entry point, Hot-reload, GC, Build orchestration
βββ configs/ # API JSON Configurations
βββ internal/
β βββ adapters/ # Config Parsers (V1/V2)
β βββ config/ # Loader & Version Detection
β βββ engine/ # Core Runtime (Router, HTTP, Validation, SafeContext)
β βββ ir/ # Intermediate Representation Definitions
β βββ middleware/ # Rate Limiting, CORS, and Prometheus Metrics
β βββ services/
β β βββ compiler/ # Dynamic TinyGo Compiler & Hash Logic
β β βββ storage/ # S3/MinIO Client
β β βββ wasm/ # Wazero Pool Manager & Memory Bridge
β βββ utils/ # Helpers
For a detailed guide on all available configuration parameters, please see the Configuration Guide.
Run unit tests and the End-to-End (E2E) test suite which compiles a real binary and hits it with requests:
go test ./... -v