6529-collections/api-skill
.agentconf/skills/api-skill/SKILL.md
Build or modify API endpoints in this repository by driving changes from openapi.yaml, regenerating API models, implementing routes manually, and wiring validation/auth/timing correctly. Use when creating new APIs, changing existing APIs, or updating API request/response models.
$ install --global
skillsauthnpx skillsauth add 6529-collections/6529seize-backend api-skillInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Error
VirusTotalMulti-engine malware detection
70%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 25, 2026, 2:26 PM47.4s1 file scanned
SKILL.md
- name:
- api-skill
- description:
- Build or modify API endpoints in this repository by driving changes from openapi.yaml, regenerating API models, implementing routes manually, and wiring validation/auth/timing correctly. Use when creating new APIs, changing existing APIs, or updating API request/response models.
API Development Workflow
Follow this workflow for any API change in this repository.
Core Rules
- Define API contract first in
src/api-serverless/openapi.yaml. - Start every new schema/model name with
Api. - After editing
openapi.yaml, run:cd src/api-serverless && npm run generate - Treat
src/api-serverless/src/generatedas generated-only.- Never edit files in this folder manually.
- Remember generation scope:
- Generates request/response body models.
- Does not generate routes.
- Does not generate query/path param types.
Route Implementation Rules
- Implement routes manually in files ending with
.routes.ts. - Ensure routes align 100% with
openapi.yaml(paths, params, payloads, responses). - If query/path param typing is needed, define those types manually in the route file (or nearby file as appropriate).
- Wire every new route file into
src/api-serverless/src/app.ts. - Validate route input with Joi using
getValidatedByJoiOrThrow(getValidatedByJoi) and a schema (typically defined in the route file). - Never mark routes as cached unless explicitly instructed.
Auth and Request Context Rules
- Use
needsAuthenticatedUser()when authentication is required. - Use
maybeAuthenticatedUser()when authentication is optional. - Use
getAuthenticationContext(req)after auth middleware when auth context is needed. - In routes, always initialize timer:
const timer = Timer.getFromRequest(req); - Pass
timerto downstream service calls and use it to time work as needed.
Route Layer Responsibilities
Keep routes thin:
- Validate input with Joi.
- Do only very light request preparation.
- Call an appropriate service class for business logic.
- Await the service result and return it.
Do not place heavy business logic in routes.
Practical Checklist
- [ ] Updated
src/api-serverless/openapi.yamlfirst. - [ ] All new schemas/models in OpenAPI start with
Api. - [ ] Ran
cd src/api-serverless && npm run generate. - [ ] Did not manually edit
src/api-serverless/src/generated/*. - [ ] Implemented/updated
.routes.tsfile(s) manually. - [ ] Added manual query/path param types where needed.
- [ ] Added Joi schema validation via
getValidatedByJoiOrThrow. - [ ] Applied auth middleware (
needsAuthenticatedUser/maybeAuthenticatedUser) correctly. - [ ] Used
getAuthenticationContext(req)where needed. - [ ] Wired
const timer = Timer.getFromRequest(req);and passed timer onward. - [ ] Kept route handler logic light and service-driven.
- [ ] Wired route file in
src/api-serverless/src/app.ts. - [ ] Verified route contract matches
openapi.yamlexactly.
Related Skills
6529-collections/identity-notifications
development
VerifiedTrustedCommunity
Create new identity notification types by adding enum values, type definitions, notifier methods, push handlers, and API integration. Use when adding new notification types, creating notifications, or extending the notification system.
6SKILL.mdUpdated Mar 25, 2026
6529-collections/database-skill
data-ai
VerifiedTrustedCommunity
Implement database-related changes in this repository, including schema changes via entities, repository/query patterns, transactions, and data migrations. Use when working on migrations, DB schema updates, or app logic that touches the database.
6SKILL.mdUpdated Mar 25, 2026
6529-collections/community-metrics
development
VerifiedTrustedCommunity
Create new community metrics by adding enum values, recording functions, wiring, backfill migrations, and API integration. Use when adding new community metrics, creating metrics, or tracking community activity.
6SKILL.mdUpdated Mar 25, 2026
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026