alti3/litestar-exception-handling
plugins/litestar/skills/litestar-exception-handling/SKILL.md
Implement Litestar exception handling with HTTPException, built-in exception subclasses, custom exception handlers, layered overrides, status-code mappings, and stable API error contracts. Use when translating domain failures, validation errors, middleware/dependency failures, or router-generated HTTP errors into deterministic Litestar responses. Do not use for authentication or authorization policy design that belongs in security layers.
$ install --global
skillsauthnpx skillsauth add alti3/litestar-skills litestar-exception-handlingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:21 PM2.2s1 file scanned
SKILL.md
- name:
- litestar-exception-handling
- description:
- Implement Litestar exception handling with HTTPException, built-in exception subclasses, custom exception handlers, layered overrides, status-code mappings, and stable API error contracts. Use when translating domain failures, validation errors, middleware/dependency failures, or router-generated HTTP errors into deterministic Litestar responses. Do not use for authentication or authorization policy design that belongs in security layers.
Exception Handling
Execution Workflow
- Separate startup and configuration failures from request-time failures.
- Decide whether the failure should be represented by raising
HTTPExceptionor by mapping another exception type through an exception handler. - Choose the narrowest layer that should own the handler: app, router, controller, or route handler.
- Keep the outbound error contract stable: status code, payload shape, media type, and safe detail level.
- Register app-level handlers for
404 Not Foundand405 Method Not Allowedwhen those responses must be customized. - Verify validation and server-failure paths separately so sensitive details do not leak unintentionally.
Core Rules
- Distinguish configuration/startup exceptions from request-handling exceptions.
- Use
HTTPExceptionor its subclasses when the handler should raise an HTTP-aware error directly. - Use exception handlers to translate domain or library exceptions into transport-safe responses.
- Keep error payload schemas stable across handlers and layers.
- Keep documented error behavior aligned with
litestar-openapiroute metadata and security docs. - Redact or replace validation and internal error details when exposing raw messages would leak implementation details.
- Prefer specific exception mappings over broad catch-alls that hide root causes.
- Keep handler registration close to the layer that owns the behavior, except for
404and405, which must be handled at app scope.
Decision Guide
- Raise
HTTPExceptionsubclasses directly for clear HTTP semantics such as401,403,404,429, or503. - Map domain exceptions with
exception_handlerswhen business logic should stay transport-agnostic. - Map by exception class when the exception type is the stable contract.
- Map by status code when multiple exceptions should share one response format for the same HTTP status.
- Use app-level defaults for generic
500handling and lower-level overrides only where behavior genuinely differs.
Reference Files
Read only the sections you need:
- For exception taxonomy, built-in subclasses,
HTTPExceptionconstructor behavior, validation warnings, headers,extra, and websocket-related exceptions, read references/built-in-exceptions.md. - For handler registration patterns, plain-text vs JSON responses, status-code mappings, layered overrides, and the app-only
404/405rule, read references/handler-patterns.md.
Recommended Defaults
- Standardize one JSON error envelope unless a route intentionally serves another media type.
- Treat
ValidationException.extraas potentially user-visible diagnostic data. - Keep
500responses generic for clients and detailed in logs. - Prefer class-based mappings for business exceptions and app-level status-code mappings for generic fallback behavior.
- Keep middleware and dependency failures covered by the same top-level error strategy as route handlers.
Anti-Patterns
- Returning raw exception text for internal server errors in production APIs.
- Exposing validation internals or stack-trace-like details to clients without intent.
- Registering a catch-all handler that collapses every failure into the same
400response. - Splitting identical error envelopes across many handlers without a clear reason.
- Trying to customize
404or405below the app layer. - Encoding authorization policy inside generic exception handlers instead of security layers.
Validation Checklist
- Confirm expected exception classes map to the intended status codes.
- Confirm app startup and configuration errors are not treated as request-time API responses.
- Confirm
404and405customization is registered on theLitestarapp instance. - Confirm payload shape is consistent across handlers, routes, and layers.
- Confirm documented error responses and raised exceptions match the real contract.
- Confirm validation failures do not leak more detail than intended.
- Confirm unhandled exceptions still surface as
500responses and remain observable in logs. - Confirm route-specific overrides do not accidentally shadow broader app policy.
- Confirm middleware and dependency exceptions follow the same contract as handler-raised exceptions.
Cross-Skill Handoffs
- Use
litestar-authenticationorlitestar-securityfor auth-specific401and403strategy. - Use
litestar-responseswhen the main task is response formatting rather than exception mapping. - Use
litestar-testingfor exhaustive failure-path assertions and override coverage. - Use
litestar-openapiwhen documented error responses or security-related failure docs need to match runtime behavior. - Use
litestar-loggingwhen exception observability, redaction, or structured logging is part of the task.
Litestar References
- https://docs.litestar.dev/latest/usage/exceptions.html
- https://docs.litestar.dev/latest/reference/exceptions.html
- https://docs.litestar.dev/latest/usage/middleware/using-middleware.html
Related Skills
alti3/litestar-websockets
development
VerifiedTrustedCommunity
Build Litestar WebSocket endpoints with low-level websocket handlers, websocket listeners, websocket streams, dependency injection, custom websocket classes, transport-mode control, and graceful connection lifecycle handling. Use when implementing bidirectional real-time communication, reactive websocket message handling, or proactive server push over WebSockets. Do not use for server-side pub/sub fanout that is better expressed with channels alone.
5SKILL.mdUpdated Apr 3, 2026
alti3/litestar-testing
tools
VerifiedTrustedCommunity
Test Litestar applications with TestClient, AsyncTestClient, create_test_client, websocket test helpers, dependency overrides, mocked dependencies, lifecycle-aware fixtures, and deterministic success and failure assertions. Use when adding or fixing Litestar test coverage, including exception contracts, override precedence, websocket behavior, event-bus side effects, or live-server-only response patterns. Do not use as a substitute for production observability or runtime debugging strategy.
5SKILL.mdUpdated Apr 3, 2026
alti3/litestar-templating
development
VerifiedTrustedCommunity
Configure Litestar templating with `TemplateConfig`, Jinja/Mako/MiniJinja engines, file-or-string `Template` responses, request and CSRF-aware context, template callables, and custom engine integration. Use when implementing or fixing server-rendered HTML in Litestar. Do not use for static asset serving or pure JSON API endpoints.
5SKILL.mdUpdated Apr 3, 2026
alti3/litestar-stores
development
VerifiedTrustedCommunity
Configure Litestar stores and the store registry for caching, server-side sessions, rate limiting, and other key-value state with explicit backend selection, bytes-safe data handling, TTL and renewal policy, namespacing, registry wiring, and lifecycle cleanup. Use when a Litestar app depends on `MemoryStore`, `FileStore`, `RedisStore`, `ValkeyStore`, or `StoreRegistry`. Do not use for relational persistence, domain repositories, or response-caching policy details that belong in database or caching-focused skills.
5SKILL.mdUpdated Apr 3, 2026