ApiVault

ApiVault is an in-game API browser and developer test lab for World of Warcraft addon authors.

Core API reference

• Browse documented Blizzard API functions.
• Browse documented Blizzard events.
• Browse documented API tables/structures.
• View function arguments.
• View function return values.
• View event payload metadata.
• View table fields.
• Search documented APIs by name.
• Filter API entries by function/event/table type.
• See risk labels such as safe, review, protected, metadata, restricted, and inspect-only.

Global developer search

• Search across all major ApiVault data layers from one place.
• Search APIs, events, tables, files, folders, modules, XML templates, source examples, secure patterns, symbols, catalogs, widgets and runtime metadata.
• View categorized search results.
• See result type badges.
• Open related detail views from search results.
• Use cross-link summaries between related metadata.

Source usage reference

• See where Blizzard source references an API.
• See where Blizzard source registers an event.
• View usage counts.
• View module names connected to usage.
• View source reference paths.
• View line-number metadata.
• View compact usage context labels.
• Distinguish documented API data from source-usage metadata.

Bundled Interface reference

• Use the bundled ApiVault/Examples/Interface/ reference tree.
• Browse Interface file/folder metadata in-game.
• View sourcePath and addonPath.
• See file type, size, line count and SHA256 metadata.
• See which files contain API usage.
• See which files contain event registrations.
• See which files contain XML templates.
• See which files contain secure patterns.
• Keep the bundled Interface files reference-only; they are not loaded by the TOC.

Interface Resource Browser

• Search Interface folders.
• Search Interface files.
• Filter by Lua/XML/TOC/XSD file types.
• Inspect file metadata.
• Inspect folder metadata.
• Inspect module-level file summaries.
• Link file entries to source usage, XML templates, secure patterns and modules.

XML Template Catalog

• Browse XML templates and frames.
• Search templates by name.
• View template type, such as Frame, Button, Texture, FontString, ScrollFrame, etc.
• View whether a template is virtual.
• View inheritance metadata.
• View inherits references.
• View inherited-by samples.
• View mixin references.
• View script handler names.
• View XML source path and addon path.
• Flag secure/reference-style template entries.
• Generate safe CreateFrame-style reference snippets where appropriate.

TOC Module Browser

• Browse Blizzard TOC module metadata.
• Search modules.
• View TOC paths.
• View module titles and notes.
• View interface version declared in TOC files.
• View dependencies.
• View required dependencies.
• View optional dependencies.
• View LoadOnDemand flags.
• View SavedVariables declarations.
• View SavedVariablesPerCharacter declarations.
• View secure/useSecureEnvironment metadata where present.
• View Lua/XML/other file counts.
• View linked API usage counts.
• View linked event usage counts.
• View linked XML template counts.
• View module-to-file and module-to-template relationships.

Source Example Index

• View generated source-backed examples for APIs and events.
• See source-backed context without copying full Blizzard source code.
• View generated snippets.
• View owner API/event/template/module metadata.
• View source path, addon path, module and line number.
• View risk class per example.
• View UNCERTAIN notes where behavior cannot be proven.
• Distinguish generated examples from copied source.
• Keep protected/restricted/review examples inspect-only.

Secure Pattern Reference Index

• Browse secure/taint-sensitive patterns.
• Search for SetAttribute.
• Search for GetAttribute.
• Search for secure templates.
• Search for RegisterStateDriver.
• Search for hooksecurefunc.
• Search for InCombatLockdown.
• Search for sec = "NotAllowed" metadata.
• Search for secret/restricted API metadata.
• View risk class per pattern.
• View auto-run policy.
• View linked API, template, module and source example metadata.
• Generate secure UI checklist-style notes.
• Keep secure-sensitive entries inspect-only.
• Avoid automatic protected/secure execution.

Complete Function & Symbol Coverage

• Browse documented API functions.
• Browse source global functions.
• Browse source local functions.
• Browse table functions.
• Browse method-style functions.
• Browse mixin methods.
• Browse XML script handlers.
• Browse slash command handler symbols.
• Distinguish documented API functions from source-only symbols.
• Distinguish callable, metadata-only, local-only, review-required and inspect-only entries.
• Search symbols via /av symbols.
• Inspect mixin-related symbols via /av mixins.

Runtime Global Inspector

• Inspect _G runtime globals read-only.
• Refresh runtime globals on demand.
• Categorize globals by type:
  • function
  • table
  • string
  • number
  • boolean
  • frame/userdata
  • other
• Avoid calling discovered functions.
• Avoid forcing LoadOnDemand Blizzard modules to load.
• Mark runtime globals as session-specific.

Constants / Slash Commands / Bindings / Settings Catalog

• Browse indexed constants.
• Browse slash command metadata.
• Browse SLASH_* declarations.
• Browse SlashCmdList handler references.
• Browse binding metadata.
• Browse setting/CVar reference metadata.
• Browse GetCVar, SetCVar, C_CVar.* and settings-related references where indexed.
• Use catalog commands:
  • /av catalogs
  • /av constants
  • /av slash
  • /av bindings
  • /av settings

Widget / Frame / ScriptObject Method Explorer

• Browse widget-related method metadata.
• Browse frame/widget/script object references.
• Browse XML script handlers.
• Browse CreateFrame usage references.
• Browse SetScript and HookScript references.
• Browse widget categories such as frames, buttons, edit boxes, scroll frames, textures, font strings and status bars.
• Use commands:
  • /av widgets
  • /av frameapi
  • /av scripts
  • /av createframe
  • /av scriptobjects

Runtime Test Lab

• Run safe API examples through guarded execution.
• Build function arguments with an argument builder.
• Use explicit input prefixes such as string/number/boolean helpers.
• Serialize return values safely.
• Cap table depth.
• Cap table key count.
• Detect recursive tables.
• Summarize frame/userdata/function/thread values.
• Maintain test history.
• Show blocked reasons.
• Keep protected, metadata-only and review-required entries blocked by default.
• Use commands:
  • /av testlab
  • /av tests
  • /av testhistory
  • /av runtime
  • /av lab

Event Lab + Payload Recorder

• Manually listen to selected events.
• Stop individual event listeners.
• Stop all active event listeners.
• Record capped event payload history.
• Serialize event payloads safely.
• View event frequency/count metadata.
• Clear event logs.
• Generate/copy listener snippets.
• Avoid auto-registering all events.
• Use commands:
  • /av events
  • /av eventlab
  • /av payloads
  • /av recorder

Loaded Addon Runtime Inspector

• Inspect currently visible runtime addon metadata.
• View addon name, title, notes, version, author and interface metadata where available.
• View loaded/loadable status.
• View enable state.
• View dependencies and optional dependencies.
• View SavedVariables metadata.
• Avoid force-loading LoadOnDemand addons.
• Use commands:
  • /av addons
  • /av loaded

Addon Audit Mode

• Paste Lua, XML or TOC text into an audit panel.
• Generate checklist-style audit findings.
• Detect C_* API references.
• Detect event registrations.
• Detect XML template references.
• Detect TOC dependencies and metadata.
• Detect SavedVariables declarations.
• Detect secure-sensitive patterns such as SetAttribute, secure templates and state drivers.
• Detect OnUpdate and ticker-style performance patterns.
• Detect dynamic execution patterns such as loadstring or RunScript.
• Generate audit notes without rewriting code.
• Use commands:
  • /av audit
  • /av scan
  • /av addoncheck
  • /av auditmode

Build Diff Support

• View the current ApiVault build manifest.
• Compare against a pasted compact build manifest.
• Compare numeric manifest fields.
• View differences in counts such as APIs, events, XML templates, module TOCs and symbols.
• Mark real build-diff behavior as requiring a second uploaded/generated Interface manifest.
• Use commands:
  • /av diff
  • /av builddiff
  • /av manifest

Developer Checklists

• Generate API usage checklists.
• Generate Secure UI checklists.
• Generate Template usage checklists.
• Generate TOC dependency checklists.
• Generate Event listener checklists.
• Generate test checklists.
• Mark unsafe or uncertain behavior clearly.
• Use commands:
  • /av checklist
  • /av checklists

Export Panels

• Copy API summaries.
• Copy generated snippets.
• Copy module summaries.
• Copy secure warnings.
• Copy audit notes.
• Copy test checklists.
• Export text through an in-game EditBox for manual copy.
• Use command:
  • /av export

Favorites and Recent Items

• Favorite metadata entries.
• Track recently selected items.
• Track recent search queries.
• Open Favorites/Recent panel.
• Clear recent items.
• Clear favorites.
• Use commands:
  • /av favorites
  • /av favs
  • /av recent
  • /av history

Stable release/status tools

• View v1.0 stable release status.
• View present/remaining release checks.
• View safety policy notes.
• View stable release documentation.
• Use commands:
  • /av stable
  • /av about
  • /av release

UI/window utilities

• Open the main ApiVault window.
• Raise ApiVault windows above normal UI using managed strata.
• Clamp windows to screen.
• Use export panels and secondary panels without intended overlap.
• Toggle compact/polish utilities where implemented.
• Use commands:
  • /apivault
  • /av
  • /av polish
  • /av todo
  • /av actions
  • /av compact

Diagnostics and status

• Show API/source/resource/XML/module/example/secure/symbol/catalog/widget counts.
• Show runtime addon inspector status.
• Show event recorder status.
• Show build-diff manifest status.
• Show release status.
• Use command:
  • /av stats
  • /av compat

What ApiVault intentionally does not do

• It does not execute discovered functions automatically.
• It does not bypass Blizzard protected/secure execution.
• It does not automatically call protected APIs.
• It does not automatically call SetAttribute.
• It does not create secure buttons for automated tests.
• It does not runtime-read source files from Examples/Interface.
• It does not load Examples/Interface through the TOC.
• It does not display full Blizzard source code in-game.
• It does not force-load LoadOnDemand addons.
• It does not claim uncertain API behavior as fact.

Built for World of Warcraft: Midnight / Interface 120007, ApiVault provides a searchable interface for Blizzard API documentation data and helps developers inspect functions, events, tables, arguments, return values, and generated example snippets directly inside the game.

What ApiVault Does

ApiVault lets addon developers quickly look up API entries in-game without leaving the client. Search for a function, event, or table, select an entry, inspect its documented inputs and outputs, and test safe examples through a controlled runtime panel.

The addon is intended as a development and debugging companion, not as an automation tool.

Main Features

• In-game API browser

• Searchable function, event, and table index

• Detail view for arguments, returns, payloads, and fields

• Generated example snippets for selected API items

• Safe pcall-based test runner for suitable API calls

• Event listener panel for inspecting event payloads

• Risk classification for API entries

• Protected/restricted API awareness

• Deferred UI and index loading for safer startup behavior

• Slash command access through /apivault and /av

Developer-Focused Workflow

1. Open ApiVault with /apivault

2. Search for an API item

3. Select a function, event, or table

4. Review documented parameters and return values

5. Copy or inspect the generated example

6. Run safe API examples through the built-in test runner

7. Listen to selected events and inspect payload output

Safety Model

ApiVault is designed to avoid misleading developers into running unsafe code.

Protected, restricted, secure-sensitive, or unclear API entries are shown for inspection, but should not be treated as automatically executable. The test runner is intended for safe, developer-driven checks only and uses guarded execution to reduce hard runtime failures during testing.

ApiVault does not attempt to bypass Blizzard’s secure execution model, combat lockdown, hardware-event requirements, or protected UI restrictions.

Slash Commands

/apivault
/av
/av stats
/av compat

Intended Users

ApiVault is useful for:

• WoW addon developers

• UI engineers

• API auditors

• Debugging tool authors

• Developers learning Blizzard’s API structure

• Authors testing safe API examples inside the game client

Notes

ApiVault is generated from Blizzard API documentation data included with the target Interface build. API behavior can still depend on runtime context, item cache state, player state, combat lockdown, loaded Blizzard modules, and whether the relevant game system is currently available.

When in doubt, treat undocumented behavior as uncertain and test carefully in-game.