go-zero
go-zero is a production-grade Go microservices framework with code generation tooling (goctl) that handles REST APIs, RPC services, and gRPC gateways. It bundles resilience patterns like circuit breakers, rate limiting, and timeout control out-of-the-box.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | zeromicro/go-zero |
| Owner | zeromicro |
| Primary language | Go |
| License | MIT — OSI-approved |
| Stars | 33.2k |
| Forks | 4.3k |
| Open issues | 271 |
| Latest release | v1.10.2 (2026-05-31) |
| Last updated | 2026-07-06 |
| Source | https://github.com/zeromicro/go-zero |
What go-zero is
Go-based web/RPC framework using spec-driven development with .api DSL files. Goctl generates production code for Go, iOS, Android, Kotlin, Dart, TypeScript, and JavaScript. Built-in middleware support, service discovery, load balancing, and adaptive protection mechanisms (circuit breaker, load shedding, concurrency control).
Get the go-zero source
Clone the repository and explore it locally.
git clone https://github.com/zeromicro/go-zero.gitcd go-zero# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Goctl code generation requires maintaining .api specifications in sync with code; drift can cause runtime issues. Plan for code review workflows that include DSL changes.
- Framework is opinionated on directory structure and separation of concerns (handler/logic/svc). Teams must adopt this pattern consistently or lose framework benefits.
- Built-in resilience features are configurable but require understanding of timeout, concurrency, and load-shedding parameters for your workload. Defaults may not suit all use cases.
- Service discovery integration depends on external systems (e.g., Consul, etcd, Kubernetes). Plan infrastructure setup alongside framework adoption.
- Latest release (v1.10.2, May 2026) with active maintenance; evaluate breaking changes and migration guides when upgrading between major versions.
When to avoid it — and what to weigh
- Simple monolithic or hobby projects — Framework adds architectural overhead (service context, config management, separate logic layer). Overkill for single-service applications or proof-of-concepts.
- Heavy reliance on non-Go ecosystems — Primary benefits are in Go codebases. Multi-language code generation covers clients but server-side is Go-only. Integration with Java/Node.js backends may require custom adapters.
- Custom or exotic storage/protocol needs — Goctl generates common patterns. Highly specialized requirements (custom protocols, obscure databases) may require manual code or fork maintenance.
- Teams unfamiliar with Go or microservices — Learning curve combines Go language, microservices patterns, and framework idioms. Requires upfront investment in team training and architecture design.
License & commercial use
MIT License permits commercial use, modification, and distribution with attribution and no liability. No proprietary restrictions on derivatives or closed-source projects.
MIT is a permissive OSI-approved license. Commercial use is permitted without restrictions or vendor approval. Verify your legal/compliance team agrees for production deployments, especially if incorporating modifications.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
Framework includes request parameter auto-validation and built-in timeout/rate-limit primitives that mitigate common DoS vectors. No explicit data regarding vulnerability disclosure, security audits, or encryption defaults. Review error handling to avoid leaking sensitive information in logs/responses. Validate goctl-generated code does not introduce injection vulnerabilities. Assess service discovery and inter-service auth requirements for your threat model.
Alternatives to consider
Gin
Popular lightweight HTTP framework; lacks built-in resilience patterns and code generation. Better for simple REST APIs; requires manual middleware for circuit breakers, rate limiting.
gRPC + gRPC-gateway
Raw gRPC + gateway offers fine-grained control over Protocol Buffers and service definitions. More flexible but requires manual boilerplate for resilience, validation, and configuration management.
Micro (CNCF)
Service mesh and microservices framework with polyglot support. Less opinionated than go-zero; may offer better integration with existing heterogeneous stacks.
Build on go-zero with DEV.co software developers
Review the architecture guide, run the quick-start example, and assess goctl DSL fit for your team's coding style and API patterns.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
go-zero FAQ
Can I use go-zero for REST APIs only, without microservices?
Does goctl code generation require modifying generated files?
What monitoring/metrics does go-zero provide?
Is go-zero suitable for teams new to Go?
Software developers & web developers for hire
DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If go-zero is part of your ai coding agents roadmap, our team can implement, customize, migrate, and maintain it.
Evaluate go-zero for your microservices?
Review the architecture guide, run the quick-start example, and assess goctl DSL fit for your team's coding style and API patterns.