alti3/litestar-middleware
plugins/litestar/skills/litestar-middleware/SKILL.md
Design and apply Litestar middleware for cross-cutting concerns such as CORS, CSRF, allowed-host checks, compression, rate limiting, logging, sessions, request enrichment, policy enforcement, and custom ASGI pipeline control. Use when behavior must wrap broad route sets consistently across the ASGI stack. Do not use for route-specific business rules, simple response mutation better handled by lifecycle hooks, or auth/guard policy work that belongs in security-focused skills.
$ install --global
skillsauthnpx skillsauth add alti3/litestar-skills litestar-middlewareInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:21 PM1.9s1 file scanned
SKILL.md
- name:
- litestar-middleware
- description:
- Design and apply Litestar middleware for cross-cutting concerns such as CORS, CSRF, allowed-host checks, compression, rate limiting, logging, sessions, request enrichment, policy enforcement, and custom ASGI pipeline control. Use when behavior must wrap broad route sets consistently across the ASGI stack. Do not use for route-specific business rules, simple response mutation better handled by lifecycle hooks, or auth/guard policy work that belongs in security-focused skills.
Middleware
Execution Workflow
- Confirm the requirement is really middleware-worthy: broad ASGI wrapping, not route business logic.
- Prefer built-in config-based middleware first.
- Choose the right layer and ordering deliberately.
- Decide whether the concern belongs in middleware, lifecycle hooks, or route logic.
- For custom middleware, choose the simplest correct implementation style.
- Validate both success and exception-generated responses, plus exclusions and scope handling.
Core Rules
- Keep middleware focused on one cross-cutting concern.
- Prefer built-in middleware/config objects before creating custom implementations.
- Treat middleware order as part of API behavior.
- Keep middleware scope-aware for
http,websocket, andlifespanas needed. - Use lifecycle hooks when the job is response-object mutation rather than ASGI message wrapping.
- Keep middleware non-blocking and ASGI-compliant.
- Keep
404and405expectations explicit because those router-generated exceptions occur before the middleware stack.
Decision Guide
- Use built-in config middleware for CORS, CSRF, compression, rate limiting, logging, sessions, and allowed hosts.
- Use a middleware factory for very small wrappers.
- Use
ASGIMiddlewarefor configurable production custom middleware. - Use
MiddlewareProtocolfor minimal low-level behavior. - Use
AbstractMiddlewareonly for compatibility or migration scenarios. - Use
DefineMiddlewarewhen constructor-style args must be supplied to a middleware factory or class. - Use
litestar-lifecycle-hooksinstead when the behavior belongs toafter_request,before_send, or related hook stages.
Reference Files
Read only the sections you need:
- For middleware fundamentals, ordering, exclusions, and built-in middleware selection, read references/builtin-and-ordering.md.
- For custom middleware implementation styles,
ASGIMiddleware,MiddlewareProtocol,AbstractMiddleware, andDefineMiddleware, read references/custom-middleware-patterns.md.
Recommended Defaults
- Start with one middleware concern at a time.
- Keep built-in config values explicit and reviewed.
- Keep exclusions and
opt-based skips narrow and tested. - Make ordering assumptions visible in code comments only when they are truly non-obvious.
- Test middleware against both successful and failing downstream handlers.
Anti-Patterns
- Putting route-specific business rules into middleware.
- Creating custom middleware when a built-in config or lifecycle hook already fits.
- Ignoring middleware order when several wrappers interact.
- Mutating request or response state at the wrong ASGI stage.
- Assuming router-generated
404and405pass through middleware. - Letting middleware silently depend on undocumented
optexclusions or path patterns.
Validation Checklist
- Confirm middleware is attached at the intended layer only.
- Confirm order matches both layer precedence and list order.
- Confirm exclusions via path patterns,
exclude_opt_key, or scopes behave as intended. - Confirm behavior is correct for both success and exception-generated responses.
- Confirm
404and405behavior is handled at the right boundary. - Confirm custom middleware remains ASGI-compliant and non-blocking.
- Confirm built-in security and logging middleware settings align with deployment expectations.
Cross-Skill Handoffs
- Use
litestar-lifecycle-hooksfor hook-stage logic rather than raw ASGI wrapping. - Use
litestar-authentication,litestar-security,litestar-logging, andlitestar-metricsfor domain-specific middleware outcomes. - Use
litestar-debuggingwhen middleware interactions are the source of a runtime defect. - Use
litestar-routingwhen middleware behavior depends on layer placement oroptstrategy.
Litestar References
- https://docs.litestar.dev/latest/usage/middleware/index.html
- https://docs.litestar.dev/latest/usage/middleware/using-middleware.html
- https://docs.litestar.dev/latest/usage/middleware/builtin-middleware.html
- https://docs.litestar.dev/latest/usage/middleware/creating-middleware.html
Related Skills
alti3/litestar-websockets
development
VerifiedTrustedCommunity
Build Litestar WebSocket endpoints with low-level websocket handlers, websocket listeners, websocket streams, dependency injection, custom websocket classes, transport-mode control, and graceful connection lifecycle handling. Use when implementing bidirectional real-time communication, reactive websocket message handling, or proactive server push over WebSockets. Do not use for server-side pub/sub fanout that is better expressed with channels alone.
5SKILL.mdUpdated Apr 3, 2026
alti3/litestar-testing
tools
VerifiedTrustedCommunity
Test Litestar applications with TestClient, AsyncTestClient, create_test_client, websocket test helpers, dependency overrides, mocked dependencies, lifecycle-aware fixtures, and deterministic success and failure assertions. Use when adding or fixing Litestar test coverage, including exception contracts, override precedence, websocket behavior, event-bus side effects, or live-server-only response patterns. Do not use as a substitute for production observability or runtime debugging strategy.
5SKILL.mdUpdated Apr 3, 2026
alti3/litestar-templating
development
VerifiedTrustedCommunity
Configure Litestar templating with `TemplateConfig`, Jinja/Mako/MiniJinja engines, file-or-string `Template` responses, request and CSRF-aware context, template callables, and custom engine integration. Use when implementing or fixing server-rendered HTML in Litestar. Do not use for static asset serving or pure JSON API endpoints.
5SKILL.mdUpdated Apr 3, 2026
alti3/litestar-stores
development
VerifiedTrustedCommunity
Configure Litestar stores and the store registry for caching, server-side sessions, rate limiting, and other key-value state with explicit backend selection, bytes-safe data handling, TTL and renewal policy, namespacing, registry wiring, and lifecycle cleanup. Use when a Litestar app depends on `MemoryStore`, `FileStore`, `RedisStore`, `ValkeyStore`, or `StoreRegistry`. Do not use for relational persistence, domain repositories, or response-caching policy details that belong in database or caching-focused skills.
5SKILL.mdUpdated Apr 3, 2026