Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

alti3/litestar-dto

Name: litestar-dto
Author: alti3

plugins/litestar/skills/litestar-dto/SKILL.md

npx skillsauth add alti3/litestar-skills litestar-dto

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

DTO

Use this skill when request and response payloads need explicit shape control, field-level policy, or DTO factory customization.

Execution Workflow

Start with the handler contract: define inbound (dto) and outbound (return_dto) behavior explicitly.
Choose DTO factory type for your model ecosystem (for example, DataclassDTO, SQLAlchemyDTO, or plugin-provided DTOs).
Define policy with DTOConfig (exclude, rename, nesting depth, unknown-field handling, PATCH behavior).
Apply DTOs at the correct layer (handler, controller, router, or app) and rely on closest-layer precedence.
Use DTOData[T] in write/update handlers when you need controlled instantiation and patching semantics.
Validate wrappers and envelopes (Response[T], pagination, generic wrappers) to ensure DTO transformation is still applied.
Implement a custom AbstractDTO only when factory DTOs cannot express required behavior.

Implementation Rules

Keep read and write DTOs separate when policies differ.
Keep DTO configuration explicit and reviewable; avoid implicit field exposure.
Treat nested serialization depth as an API and performance control, not a default.
Reject unknown fields (forbid_unknown_fields=True) in stricter API surfaces.
Use DTOs to enforce immutability and server-owned fields (id, audit fields).
Keep handler logic focused on business behavior, not ad-hoc payload transformation.

DTO Basics: Layering and Parameters

Litestar exposes two DTO parameters on each app layer:

dto: inbound parsing for handler data; if return_dto is not set, this is also used for outbound serialization.
return_dto: outbound serialization policy only.

DTOs can be declared on handler, controller, router, or application. The DTO closest to the handler in the ownership chain applies.

Common pattern:

dto=WriteDTO to parse inbound payloads.
return_dto=ReadDTO to serialize outbound payloads.
return_dto=None on handlers where DTO serialization should be disabled (for example, DELETE -> None).

`DTOConfig` Policy Guide

Use DTOConfig to define stable contract rules:

exclude={...}: remove fields (supports nested paths, including list-item paths such as "pets.0.id").
rename_fields={...}: rename specific fields.
rename_strategy="camel" (or callback): apply systematic renaming.
max_nested_depth: control nested parsing/serialization depth (1 default shown in docs).
forbid_unknown_fields=True: reject extra payload fields instead of silently ignoring them.
partial=True: PATCH-friendly DTO behavior.
leading_underscore_private=False only when you intentionally want underscore-prefixed fields treated as public.
experimental_codegen_backend=False to selectively disable codegen backend behavior.

Important behavior:

Explicit rename_fields mappings are not further transformed by rename_strategy.

Field Marking and Access Control

Use dto_field(...) metadata to mark model fields with DTO semantics:

"private": not parsed from inbound data and never serialized in outbound data.
"read-only": not parsed from inbound data.

Also note:

Fields with leading underscores are implicitly private by default.

`DTOData[T]`: Controlled Create and Update Flows

Use DTOData[T] for create/update handlers that need controlled model mutation:

data.create_instance(...) creates model instances from validated input and can inject server-side values.
Nested values can be supplied with double-underscore paths (for example, address__id=...) when excluded nested fields must still be set.
data.update_instance(existing) supports partial updates cleanly for PATCH workflows when partial=True.

PATCH pattern:

Exclude immutable/server-owned fields (for example, id) in DTO config.
Use DTOData.update_instance() to apply only submitted fields.

Wrapper and Envelope Handling

DTO factory types can transform data inside supported wrappers:

Generic wrapper dataclasses (for example, WithCount[T]) when one type parameter maps to DTO-supported model data.
Litestar pagination wrappers such as ClassicPagination[T] (DTO applies to items).
Response[T] wrappers (DTO applies to content).

Performance Notes

DTO codegen backend:

Introduced in 2.2.0, stabilized and enabled by default in 2.8.0.
Can be toggled per DTO with DTOConfig(experimental_codegen_backend=...).

Use selective override only when debugging compatibility or behavior differences.

AbstractDTO and Custom DTO Classes

Use built-in DTO factories first. Create custom DTO classes only when required behavior is not expressible via existing DTO factories + DTOConfig.

When implementing custom DTOs, you must implement AbstractDTO methods:

generate_field_definitions(model_type): yield DTOFieldDefinition objects for DTO-visible fields.
detect_nested_field(field_definition): return whether the field represents nested model data.

This is the minimal protocol Litestar requires for custom DTO implementations.

Example Patterns

from litestar import get, patch
from litestar.dto import DTOConfig, DTOData, DataclassDTO

class UserReadDTO(DataclassDTO[User]):
    config = DTOConfig(exclude={"password_hash"})

class UserPatchDTO(DataclassDTO[User]):
    # Patch DTO excludes immutable id and accepts partial payloads.
    config = DTOConfig(exclude={"id"}, partial=True)

@get("/users/{user_id:int}", return_dto=UserReadDTO)
async def get_user(user_id: int) -> User:
    return ...

@patch("/users/{user_id:int}", dto=UserPatchDTO, return_dto=UserReadDTO)
async def patch_user(user_id: int, data: DTOData[User]) -> User:
    user = ...
    return data.update_instance(user)

from litestar.dto import DTOConfig
from litestar.plugins.sqlalchemy import SQLAlchemyDTO

class PublicUserDTO(SQLAlchemyDTO[User]):
    config = DTOConfig(exclude={"password_hash"})

Validation Checklist

Confirm dto and return_dto are intentionally selected (or explicitly disabled) per handler.
Confirm layer precedence does not accidentally override handler-level DTO intent.
Confirm exclude/rename/nesting config generates expected payload shape.
Confirm unknown field behavior matches API strictness (forbid_unknown_fields).
Confirm private/read-only/underscore fields are not writable by clients.
Confirm PATCH handlers use partial=True + DTOData.update_instance() where appropriate.
Confirm wrapper responses (Response, pagination, generic envelopes) still apply DTO transformations.
Confirm OpenAPI output matches the DTO-shaped contract.

Cross-Skill Handoffs

Use litestar-dataclasses, litestar-plugins, or litestar-custom-types for model ecosystem specifics.
Use litestar-databases when DTO behavior couples to SQLAlchemy or Piccolo persistence design.
Use litestar-openapi to verify generated schema accuracy after DTO changes.
Use litestar-requests and litestar-responses for transport-level behavior outside DTO transformation.

Litestar References

https://docs.litestar.dev/2/usage/dto/index.html
https://docs.litestar.dev/2/usage/dto/0-basic-use.html
https://docs.litestar.dev/2/usage/dto/1-abstract-dto.html
https://docs.litestar.dev/2/usage/dto/2-creating-custom-dto-classes.html

alti3/litestar-dto

plugins/litestar/skills/litestar-dto/SKILL.md

Configure Litestar DTO behavior for inbound parsing and outbound serialization, including layer-scoped `dto`/`return_dto`, `DTOConfig` policies, `DTOData` update workflows, and custom `AbstractDTO` implementations. Use when API payload contracts differ from internal model structures. Do not use when internal models can be exposed safely without transformation.

5 stars

development

Updated Apr 3, 2026

$ install --global

skillsauth

npx skillsauth add alti3/litestar-skills litestar-dto

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 20, 2026, 3:21 PM1.8s1 file scanned

SKILL.md

name:: litestar-dto
description:: Configure Litestar DTO behavior for inbound parsing and outbound serialization, including layer-scoped `dto`/`return_dto`, `DTOConfig` policies, `DTOData` update workflows, and custom `AbstractDTO` implementations. Use when API payload contracts differ from internal model structures. Do not use when internal models can be exposed safely without transformation.

DTO

Use this skill when request and response payloads need explicit shape control, field-level policy, or DTO factory customization.

Execution Workflow

Start with the handler contract: define inbound (dto) and outbound (return_dto) behavior explicitly.
Choose DTO factory type for your model ecosystem (for example, DataclassDTO, SQLAlchemyDTO, or plugin-provided DTOs).
Define policy with DTOConfig (exclude, rename, nesting depth, unknown-field handling, PATCH behavior).
Apply DTOs at the correct layer (handler, controller, router, or app) and rely on closest-layer precedence.
Use DTOData[T] in write/update handlers when you need controlled instantiation and patching semantics.
Validate wrappers and envelopes (Response[T], pagination, generic wrappers) to ensure DTO transformation is still applied.
Implement a custom AbstractDTO only when factory DTOs cannot express required behavior.

Implementation Rules

Keep read and write DTOs separate when policies differ.
Keep DTO configuration explicit and reviewable; avoid implicit field exposure.
Treat nested serialization depth as an API and performance control, not a default.
Reject unknown fields (forbid_unknown_fields=True) in stricter API surfaces.
Use DTOs to enforce immutability and server-owned fields (id, audit fields).
Keep handler logic focused on business behavior, not ad-hoc payload transformation.

DTO Basics: Layering and Parameters

Litestar exposes two DTO parameters on each app layer:

dto: inbound parsing for handler data; if return_dto is not set, this is also used for outbound serialization.
return_dto: outbound serialization policy only.

DTOs can be declared on handler, controller, router, or application. The DTO closest to the handler in the ownership chain applies.

Common pattern:

dto=WriteDTO to parse inbound payloads.
return_dto=ReadDTO to serialize outbound payloads.
return_dto=None on handlers where DTO serialization should be disabled (for example, DELETE -> None).

`DTOConfig` Policy Guide

Use DTOConfig to define stable contract rules:

exclude={...}: remove fields (supports nested paths, including list-item paths such as "pets.0.id").
rename_fields={...}: rename specific fields.
rename_strategy="camel" (or callback): apply systematic renaming.
max_nested_depth: control nested parsing/serialization depth (1 default shown in docs).
forbid_unknown_fields=True: reject extra payload fields instead of silently ignoring them.
partial=True: PATCH-friendly DTO behavior.
leading_underscore_private=False only when you intentionally want underscore-prefixed fields treated as public.
experimental_codegen_backend=False to selectively disable codegen backend behavior.

Important behavior:

Explicit rename_fields mappings are not further transformed by rename_strategy.

Field Marking and Access Control

Use dto_field(...) metadata to mark model fields with DTO semantics:

"private": not parsed from inbound data and never serialized in outbound data.
"read-only": not parsed from inbound data.

Also note:

Fields with leading underscores are implicitly private by default.

`DTOData[T]`: Controlled Create and Update Flows

Use DTOData[T] for create/update handlers that need controlled model mutation:

data.create_instance(...) creates model instances from validated input and can inject server-side values.
Nested values can be supplied with double-underscore paths (for example, address__id=...) when excluded nested fields must still be set.
data.update_instance(existing) supports partial updates cleanly for PATCH workflows when partial=True.

PATCH pattern:

Exclude immutable/server-owned fields (for example, id) in DTO config.
Use DTOData.update_instance() to apply only submitted fields.

Wrapper and Envelope Handling

DTO factory types can transform data inside supported wrappers:

Generic wrapper dataclasses (for example, WithCount[T]) when one type parameter maps to DTO-supported model data.
Litestar pagination wrappers such as ClassicPagination[T] (DTO applies to items).
Response[T] wrappers (DTO applies to content).

Performance Notes

DTO codegen backend:

Introduced in 2.2.0, stabilized and enabled by default in 2.8.0.
Can be toggled per DTO with DTOConfig(experimental_codegen_backend=...).

Use selective override only when debugging compatibility or behavior differences.

AbstractDTO and Custom DTO Classes

Use built-in DTO factories first. Create custom DTO classes only when required behavior is not expressible via existing DTO factories + DTOConfig.

When implementing custom DTOs, you must implement AbstractDTO methods:

generate_field_definitions(model_type): yield DTOFieldDefinition objects for DTO-visible fields.
detect_nested_field(field_definition): return whether the field represents nested model data.

This is the minimal protocol Litestar requires for custom DTO implementations.

Example Patterns

from litestar import get, patch
from litestar.dto import DTOConfig, DTOData, DataclassDTO

class UserReadDTO(DataclassDTO[User]):
    config = DTOConfig(exclude={"password_hash"})

class UserPatchDTO(DataclassDTO[User]):
    # Patch DTO excludes immutable id and accepts partial payloads.
    config = DTOConfig(exclude={"id"}, partial=True)

@get("/users/{user_id:int}", return_dto=UserReadDTO)
async def get_user(user_id: int) -> User:
    return ...

@patch("/users/{user_id:int}", dto=UserPatchDTO, return_dto=UserReadDTO)
async def patch_user(user_id: int, data: DTOData[User]) -> User:
    user = ...
    return data.update_instance(user)

from litestar.dto import DTOConfig
from litestar.plugins.sqlalchemy import SQLAlchemyDTO

class PublicUserDTO(SQLAlchemyDTO[User]):
    config = DTOConfig(exclude={"password_hash"})

Validation Checklist

Confirm dto and return_dto are intentionally selected (or explicitly disabled) per handler.
Confirm layer precedence does not accidentally override handler-level DTO intent.
Confirm exclude/rename/nesting config generates expected payload shape.
Confirm unknown field behavior matches API strictness (forbid_unknown_fields).
Confirm private/read-only/underscore fields are not writable by clients.
Confirm PATCH handlers use partial=True + DTOData.update_instance() where appropriate.
Confirm wrapper responses (Response, pagination, generic envelopes) still apply DTO transformations.
Confirm OpenAPI output matches the DTO-shaped contract.

Cross-Skill Handoffs

Use litestar-dataclasses, litestar-plugins, or litestar-custom-types for model ecosystem specifics.
Use litestar-databases when DTO behavior couples to SQLAlchemy or Piccolo persistence design.
Use litestar-openapi to verify generated schema accuracy after DTO changes.
Use litestar-requests and litestar-responses for transport-level behavior outside DTO transformation.

Litestar References

https://docs.litestar.dev/2/usage/dto/index.html
https://docs.litestar.dev/2/usage/dto/0-basic-use.html
https://docs.litestar.dev/2/usage/dto/1-abstract-dto.html
https://docs.litestar.dev/2/usage/dto/2-creating-custom-dto-classes.html

Related Skills

alti3/litestar-websockets

development

VerifiedTrustedCommunity

Build Litestar WebSocket endpoints with low-level websocket handlers, websocket listeners, websocket streams, dependency injection, custom websocket classes, transport-mode control, and graceful connection lifecycle handling. Use when implementing bidirectional real-time communication, reactive websocket message handling, or proactive server push over WebSockets. Do not use for server-side pub/sub fanout that is better expressed with channels alone.

5SKILL.mdUpdated Apr 3, 2026

alti3/litestar-websockets

alti3/litestar-testing

tools

VerifiedTrustedCommunity

Test Litestar applications with TestClient, AsyncTestClient, create_test_client, websocket test helpers, dependency overrides, mocked dependencies, lifecycle-aware fixtures, and deterministic success and failure assertions. Use when adding or fixing Litestar test coverage, including exception contracts, override precedence, websocket behavior, event-bus side effects, or live-server-only response patterns. Do not use as a substitute for production observability or runtime debugging strategy.

5SKILL.mdUpdated Apr 3, 2026

alti3/litestar-testing

alti3/litestar-templating

development

VerifiedTrustedCommunity

Configure Litestar templating with `TemplateConfig`, Jinja/Mako/MiniJinja engines, file-or-string `Template` responses, request and CSRF-aware context, template callables, and custom engine integration. Use when implementing or fixing server-rendered HTML in Litestar. Do not use for static asset serving or pure JSON API endpoints.

5SKILL.mdUpdated Apr 3, 2026

alti3/litestar-templating

alti3/litestar-stores

development

VerifiedTrustedCommunity

Configure Litestar stores and the store registry for caching, server-side sessions, rate limiting, and other key-value state with explicit backend selection, bytes-safe data handling, TTL and renewal policy, namespacing, registry wiring, and lifecycle cleanup. Use when a Litestar app depends on `MemoryStore`, `FileStore`, `RedisStore`, `ValkeyStore`, or `StoreRegistry`. Do not use for relational persistence, domain repositories, or response-caching policy details that belong in database or caching-focused skills.

5SKILL.mdUpdated Apr 3, 2026

alti3/litestar-stores

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/alti3/litestar-skills.git

# Copy into Claude Code skills folder (global)
cp -r litestar-skills/plugins/litestar/skills/litestar-dto ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

alti3/litestar-skills

5 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT

Adoption

alti3/litestar-dto

$ install --global

Security Scan Results

SKILL.md

DTO

Execution Workflow

Implementation Rules

DTO Basics: Layering and Parameters

DTOConfig Policy Guide

Field Marking and Access Control

DTOData[T]: Controlled Create and Update Flows

Wrapper and Envelope Handling

Performance Notes

AbstractDTO and Custom DTO Classes

Example Patterns

Validation Checklist

Cross-Skill Handoffs

Litestar References

Related Skills

alti3/litestar-websockets

alti3/litestar-testing

alti3/litestar-templating

alti3/litestar-stores

alti3/litestar-dto

$ install --global

Security Scan Results

SKILL.md

DTO

Execution Workflow

Implementation Rules

DTO Basics: Layering and Parameters

DTOConfig Policy Guide

Field Marking and Access Control

DTOData[T]: Controlled Create and Update Flows

Wrapper and Envelope Handling

Performance Notes

AbstractDTO and Custom DTO Classes

Example Patterns

Validation Checklist

Cross-Skill Handoffs

Litestar References

Related Skills

alti3/litestar-websockets

alti3/litestar-testing

alti3/litestar-templating

alti3/litestar-stores

`DTOConfig` Policy Guide

`DTOData[T]`: Controlled Create and Update Flows

`DTOConfig` Policy Guide

`DTOData[T]`: Controlled Create and Update Flows