admin-baked/api-patterns
.agent/skills/skills/api-patterns/SKILL.md
API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination.
$ install --global
skillsauthnpx skillsauth add admin-baked/bakedbot-for-brands api-patternsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 29, 2026, 12:42 PM37.0s12 files scanned
SKILL.md
- name:
- api-patterns
- description:
- API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination.
- allowed-tools:
- Read, Write, Edit, Glob, Grep
API Patterns
API design principles and decision-making for 2025. Learn to THINK, not copy fixed patterns.
🎯 Selective Reading Rule
Read ONLY files relevant to the request! Check the content map, find what you need.
📑 Content Map
| File | Description | When to Read |
|------|-------------|--------------|
| api-style.md | REST vs GraphQL vs tRPC decision tree | Choosing API type |
| rest.md | Resource naming, HTTP methods, status codes | Designing REST API |
| response.md | Envelope pattern, error format, pagination | Response structure |
| graphql.md | Schema design, when to use, security | Considering GraphQL |
| trpc.md | TypeScript monorepo, type safety | TS fullstack projects |
| versioning.md | URI/Header/Query versioning | API evolution planning |
| auth.md | JWT, OAuth, Passkey, API Keys | Auth pattern selection |
| rate-limiting.md | Token bucket, sliding window | API protection |
| documentation.md | OpenAPI/Swagger best practices | Documentation |
| security-testing.md | OWASP API Top 10, auth/authz testing | Security audits |
🔗 Related Skills
| Need | Skill |
|------|-------|
| API implementation | @[skills/backend-development] |
| Data structure | @[skills/database-design] |
| Security details | @[skills/security-hardening] |
✅ Decision Checklist
Before designing an API:
- [ ] Asked user about API consumers?
- [ ] Chosen API style for THIS context? (REST/GraphQL/tRPC)
- [ ] Defined consistent response format?
- [ ] Planned versioning strategy?
- [ ] Considered authentication needs?
- [ ] Planned rate limiting?
- [ ] Documentation approach defined?
❌ Anti-Patterns
DON'T:
- Default to REST for everything
- Use verbs in REST endpoints (/getUsers)
- Return inconsistent response formats
- Expose internal errors to clients
- Skip rate limiting
DO:
- Choose API style based on context
- Ask about client requirements
- Document thoroughly
- Use appropriate status codes
Script
| Script | Purpose | Command |
|--------|---------|---------|
| scripts/api_validator.py | API endpoint validation | python scripts/api_validator.py <project_path> |
Related Skills
admin-baked/skills/shared/executive-brief
testing
VerifiedTrustedCommunity
--- name: executive-brief description: Produce a concise executive brief or portfolio digest for a super user or operator — use when summarizing multi-account performance, cross-org anomalies, top actions needed, or weekly business status for leadership review. Trigger phrases: "executive summary", "weekly brief", "portfolio digest", "top actions this week", "what needs my attention", "board update", "cross-account summary". version: 0.1.0 owner: platform agent_owner: pops allowed_roles: - sup
2SKILL.mdUpdated Apr 1, 2026
admin-baked/skills/shared/anomaly-to-action-memo
development
VerifiedTrustedCommunity
--- name: anomaly-to-action-memo description: Interpret a detected anomaly or signal and produce a decision-ready action memo — use when an alert, metric deviation, or operational signal needs to be turned into a prioritized recommendation with evidence, owner, and next step. Trigger phrases: "what does this anomaly mean", "something looks off", "explain this alert", "revenue is down", "traffic dropped", "flag this for review", "what should we do about this". version: 0.1.0 owner: ops-intelligen
2SKILL.mdUpdated Apr 1, 2026
admin-baked/skills/org/brand-voice
testing
VerifiedTrustedCommunity
--- name: brand-voice description: Apply BakedBot brand voice standards to any customer-facing content — use when generating or reviewing copy that must match a dispensary or brand's approved tone, language patterns, and messaging constraints. Trigger phrases: "does this match our voice", "write in our brand voice", "on-brand copy", "brand guidelines", "tone check". version: 0.1.0 owner: platform agent_owner: craig allowed_roles: - super_user - dispensary_operator - brand_operator outputs:
2SKILL.mdUpdated Apr 1, 2026
admin-baked/skills/grower/sell-through-partner-analysis
testing
VerifiedTrustedCommunity
--- name: sell-through-partner-analysis description: Analyze which retail dispensary partners are selling through a grower's products effectively, identify top performers and laggards, and produce a prioritized partner action plan. Use when a grower wants to know where their products move fastest, which partners need attention, and where to focus wholesale sales effort. Trigger phrases: "which partners are selling our product", "sell-through analysis", "partner performance", "where is inventory
2SKILL.mdUpdated Apr 1, 2026