0xDarkMatter/python-fastapi-ops
skills/python-fastapi-ops/SKILL.md
FastAPI web framework patterns. Triggers on: fastapi, api endpoint, dependency injection, pydantic model, openapi, swagger, starlette, async api, rest api, uvicorn.
$ install --global
skillsauthnpx skillsauth add 0xDarkMatter/claude-mods python-fastapi-opsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 26, 2026, 1:21 PM23.6s1 file scanned
SKILL.md
- name:
- python-fastapi-ops
- description:
- FastAPI web framework patterns. Triggers on: fastapi, api endpoint, dependency injection, pydantic model, openapi, swagger, starlette, async api, rest api, uvicorn.
- license:
- MIT
- compatibility:
- FastAPI 0.100+, Pydantic v2, Python 3.10+. Requires uvicorn for production.
- allowed-tools:
- Read Write Bash
- author:
- claude-mods
- depends-on:
- python-typing-ops, python-async-ops
- related-skills:
- python-database-ops, python-observability-ops, python-pytest-ops
FastAPI Patterns
Modern async API development with FastAPI.
Basic Application
from fastapi import FastAPI
from contextlib import asynccontextmanager
@asynccontextmanager
async def lifespan(app: FastAPI):
"""Application lifespan - startup and shutdown."""
# Startup
app.state.db = await create_db_pool()
yield
# Shutdown
await app.state.db.close()
app = FastAPI(
title="My API",
version="1.0.0",
lifespan=lifespan,
)
@app.get("/")
async def root():
return {"message": "Hello World"}
Request/Response Models
from pydantic import BaseModel, Field, EmailStr
from datetime import datetime
class UserCreate(BaseModel):
"""Request model with validation."""
name: str = Field(..., min_length=1, max_length=100)
email: EmailStr
age: int = Field(..., ge=0, le=150)
class UserResponse(BaseModel):
"""Response model."""
id: int
name: str
email: EmailStr
created_at: datetime
model_config = {"from_attributes": True} # Enable ORM mode
@app.post("/users", response_model=UserResponse, status_code=201)
async def create_user(user: UserCreate):
db_user = await create_user_in_db(user)
return db_user
Path and Query Parameters
from fastapi import Query, Path
from typing import Annotated
@app.get("/users/{user_id}")
async def get_user(
user_id: Annotated[int, Path(..., ge=1, description="User ID")],
):
return await fetch_user(user_id)
@app.get("/users")
async def list_users(
skip: Annotated[int, Query(ge=0)] = 0,
limit: Annotated[int, Query(ge=1, le=100)] = 10,
search: str | None = None,
):
return await fetch_users(skip=skip, limit=limit, search=search)
Dependency Injection
from fastapi import Depends
from typing import Annotated
async def get_db():
"""Database session dependency."""
async with async_session() as session:
yield session
async def get_current_user(
token: Annotated[str, Depends(oauth2_scheme)],
db: Annotated[AsyncSession, Depends(get_db)],
) -> User:
"""Authenticate and return current user."""
user = await authenticate_token(db, token)
if not user:
raise HTTPException(status_code=401, detail="Invalid token")
return user
# Annotated types for reuse
DB = Annotated[AsyncSession, Depends(get_db)]
CurrentUser = Annotated[User, Depends(get_current_user)]
@app.get("/me")
async def get_me(user: CurrentUser):
return user
Exception Handling
from fastapi import HTTPException
from fastapi.responses import JSONResponse
# Built-in HTTP exceptions
@app.get("/items/{item_id}")
async def get_item(item_id: int):
item = await fetch_item(item_id)
if not item:
raise HTTPException(status_code=404, detail="Item not found")
return item
# Custom exception handler
class ItemNotFoundError(Exception):
def __init__(self, item_id: int):
self.item_id = item_id
@app.exception_handler(ItemNotFoundError)
async def item_not_found_handler(request, exc: ItemNotFoundError):
return JSONResponse(
status_code=404,
content={"detail": f"Item {exc.item_id} not found"},
)
Router Organization
from fastapi import APIRouter
# users.py
router = APIRouter(prefix="/users", tags=["users"])
@router.get("/")
async def list_users():
return []
@router.get("/{user_id}")
async def get_user(user_id: int):
return {"id": user_id}
# main.py
from app.routers import users, items
app.include_router(users.router)
app.include_router(items.router, prefix="/api/v1")
Quick Reference
| Feature | Usage |
|---------|-------|
| Path param | @app.get("/items/{id}") |
| Query param | def f(q: str = None) |
| Body | def f(item: ItemCreate) |
| Dependency | Depends(get_db) |
| Auth | Depends(get_current_user) |
| Response model | response_model=ItemResponse |
| Status code | status_code=201 |
Additional Resources
./references/dependency-injection.md- Advanced DI patterns, scopes, caching./references/middleware-patterns.md- Middleware chains, CORS, error handling./references/validation-serialization.md- Pydantic v2 patterns, custom validators./references/background-tasks.md- Background tasks, async workers, scheduling
Scripts
./scripts/scaffold-api.sh- Generate API endpoint boilerplate
Assets
./assets/fastapi-template.py- Production-ready FastAPI app skeleton
See Also
Prerequisites:
python-typing-ops- Pydantic models and type hintspython-async-ops- Async endpoint patterns
Related Skills:
python-database-ops- SQLAlchemy integrationpython-observability-ops- Logging, metrics, tracing middlewarepython-pytest-ops- API testing with TestClient
Related Skills
0xDarkMatter/supply-chain-defense
tools
VerifiedTrustedCommunity
Behavioural-first software supply chain defense - catches poisoned npm/PyPI packages in the publish-to-advisory window that CVE tools miss. Use BEFORE every install or version bump (not only when an attack is suspected) - the 7-day cooldown gate + behavioural score catches freshly-published malware that CVE tools won't see for days. Socket.dev integration (free CLI + GitHub app + depscore MCP for Claude Code), stale-OIDC audit, dependency cooldown policy, publish-token rotation, VS Code extension audit, and a self-integrity scan that detects worm persistence hooks injected into Claude Code / VS Code settings. Triggers on: pip install, uv add, uv tool install, npm install, pnpm add, yarn add, cargo add, go get, composer require, gem install, upgrade dependency, dependency upgrade, version bump, bump version, bump package, adding dependency, new dependency, vetting a dependency, vet package, is this package safe, safe to install, should I install, before installing, pre-install check, preinstall scan, preinstall-check, PyPI cooldown, npm cooldown, release cooldown, minimumReleaseAge, score a package, package score, depscore, socket score, supply chain, supply chain attack, malicious package, poisoned dependency, npm worm, Shai-Hulud, behavioural scanning, Socket.dev, socket scan, dependency security, postinstall malware, OIDC token theft, compromised maintainer, typosquat, dependency confusion, package provenance, SLSA, persistence hook, malicious VS Code extension.
22SKILL.mdUpdated May 25, 2026
0xDarkMatter/github-ops
testing
VerifiedTrustedCommunity
GitHub remote operations — repo creation, metadata (description/homepage/topics), releases, README 'Recent Updates' enforcement, and issue / PR management with preview-before-send discipline. Companion to git-ops (local) and push-gate (pre-push safety). Three modes: new (first publish), update (subsequent release), audit (read-only checklist), plus atomic operations for issues and PRs. Triggers on: push to github, publish repo, ship release, cut release, gh release, set topics, repo description, github metadata, recent updates section, audit github repo, repo visibility, make repo public, gh repo create, gh issue, gh pr, create issue, comment on issue, close issue, triage issue, create PR, review PR, merge PR, pre-merge check, pr checks.
20SKILL.mdUpdated Apr 27, 2026
0xDarkMatter/prompt-injection-defense
tools
VerifiedTrustedCommunity
Defend the agent's instruction surface against adversarial content - hidden-Unicode prompt injection (Trojan Source bidi reordering, U+E0000 tag-block ASCII smuggling, zero-width text), homoglyph confusables, and poisoned context that a human reviewer can't see but the model obeys. Scan CLAUDE.md / AGENTS.md / SKILL.md / .cursorrules and MCP tool descriptions; sanitize fetched web pages, issue/PR bodies, and dependency READMEs before they enter context. Triggers on: prompt injection, hidden unicode, invisible characters, zero-width space, bidi override, Trojan Source, ASCII smuggling, tag characters, homoglyph, confusable, unicode steganography, poisoned CLAUDE.md, malicious tool description, MCP tool poisoning, instruction injection, jailbreak in file, is this file safe, sanitize untrusted content, scan for hidden text.
19SKILL.mdUpdated May 26, 2026
0xDarkMatter/setperms
tools
VerifiedTrustedCommunity
Set tool permissions for Claude Code. Configures allowed commands, rules, and preferences in .claude/ directory. Triggers on: setperms, init tools, configure permissions, setup project, set permissions, init claude.
19SKILL.mdUpdated Apr 25, 2026