Add v2 discovery API
A Frappe site can now describe its own RPC surface — the primitive that self-configuring clients and AI agents need, even if the contract still says "expect no guarantees."
Until now, finding out which whitelisted methods a Frappe site actually exposes meant grepping app source for @frappe.whitelist or reading each app's docs — there was no way for an API client (or an AI agent) to ask the site itself. This PR adds a native discovery surface to the v2 API that answers exactly that question, machine-readably.
What changed
- New
frappe/api/discovery.pywired into four routes:/api/v2/discovery(root document),/discovery/search?q=,/discovery/method(full index), and/discovery/method/{path}(per-method detail with HTTP verbs, params, defaults, type annotations, and docstring). - The index is built by AST-scanning every installed app for module-level
@frappe.whitelistfunctions in a background job, then cached in Redis for an hour — a cold cache returns 503 with "try again in a few seconds" instead of blocking the request. - API-type Server Scripts are listed too, but only for users who can read Server Script; the whole surface is gated to the Developer role via
frappe.only_for. - Explicitly unstable and undocumented (
no-docs): internal plumbing for v2, with OpenAPI output deliberately left to apps like frappe_openapi.
GET /api/v2/discovery
{
"type": "discovery",
"resources": {"methods": 1450},
"links": {
"search": "/api/v2/discovery/search?q={query}",
"methods": "/api/v2/discovery/method",
"method": "/api/v2/discovery/method/{method}"
}
}