alti3/litestar-requests
plugins/litestar/skills/litestar-requests/SKILL.md
Handle Litestar request parsing and access for path, query, header, cookie, JSON body, form, multipart, and raw request inputs with explicit typing, `Parameter`, `Body`, `Request`, and upload handling. Use when implementing or fixing inbound HTTP contracts, request metadata access, or transport-side validation in Litestar. Do not use for response serialization, exception mapping, or broker-style messaging concerns.
$ install --global
skillsauthnpx skillsauth add alti3/litestar-skills litestar-requestsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:21 PM2.2s1 file scanned
SKILL.md
- name:
- litestar-requests
- description:
- Handle Litestar request parsing and access for path, query, header, cookie, JSON body, form, multipart, and raw request inputs with explicit typing, `Parameter`, `Body`, `Request`, and upload handling. Use when implementing or fixing inbound HTTP contracts, request metadata access, or transport-side validation in Litestar. Do not use for response serialization, exception mapping, or broker-style messaging concerns.
Requests
Execution Workflow
- Choose the narrowest input mechanism that matches the contract: typed parameters, structured body data, or raw
Requestaccess. - Type every path, query, header, and cookie input explicitly.
- Use
Parameter(...)andBody(...)metadata when aliases, constraints, content type, or documentation need to be explicit. - Reach for
Requestonly when you need raw body access, connection metadata, auth context, or request-scoped state. - Handle forms, multipart, and uploads with explicit media type and size/security expectations.
- Keep transport validation separate from business-domain validation.
Core Rules
- Prefer typed handler parameters over manual parsing from
request. - Prefer structured body models over untyped
dict[str, object]payloads when the schema is known. - Keep aliases and constraints close to the parameter definition with
Parameter(...)orBody(...). - Use precise domain types such as
UUID, enums, dataclasses, and validated models where possible. - Use raw
Requestaccess only when the handler genuinely needs request metadata or raw-body methods. - Treat multipart and file uploads as explicit transport choices with bounded resource usage.
- Keep malformed-input behavior deterministic and consistent with the exception-handling strategy.
Decision Guide
- Use normal function parameters for path, query, header, and cookie data.
- Use
Parameter(...)when aliasing, validation constraints, or source selection must be explicit. - Use a structured
dataparameter for JSON or other modeled body content. - Use
Body(...)when body metadata or request encoding must be declared explicitly. - Use
Requestwhen you needheaders,cookies,query_params,url,client,user,auth,state, or raw body methods. - Use multipart plus
UploadFileonly when the endpoint actually needs file transport.
Reference Files
Read only the sections you need:
- For path, query, header, cookie, and structured body patterns, read references/parameter-and-body-patterns.md.
- For raw
Requestaccess, request metadata, raw-body methods, forms, multipart, and uploads, read references/request-object-and-upload-patterns.md.
Recommended Defaults
- Use explicit aliases only when the wire contract requires them.
- Prefer keyword arguments and readable parameter names over transport-parsing logic in the handler body.
- Keep request metadata access minimal and intentional.
- Validate file size and content expectations before reading large uploads fully into memory.
- Keep request parsing behavior aligned with documented OpenAPI contracts.
Anti-Patterns
- Parsing every input manually from
requestwhen typed parameters already express the contract. - Accepting opaque untyped payloads when the body schema is known.
- Mixing unrelated query, header, and cookie parsing logic deep inside the handler body.
- Reading large uploads eagerly without a size or processing plan.
- Hiding transport aliases or validation rules away from the route signature.
- Letting request parsing decisions leak into response-shaping concerns.
Validation Checklist
- Confirm every client-supplied input has an explicit source and type.
- Confirm aliases, defaults, and constraints match the public API contract.
- Confirm body parsing uses the intended media type and payload model.
- Confirm raw
Requestaccess is only used where the typed API is insufficient. - Confirm multipart and file handling cannot exhaust memory unintentionally.
- Confirm malformed input produces the expected validation or client-error behavior.
- Confirm auth, user, and state access from
Requestare used intentionally, not as hidden globals.
Cross-Skill Handoffs
- Use
litestar-responsesfor outbound contract design. - Use
litestar-exception-handlingfor validation and client-error response strategy. - Use
litestar-dtoandlitestar-custom-typesfor advanced transformation or custom parsing. - Use
litestar-file-uploadsfor deeper upload security and storage workflows.
Litestar References
- https://docs.litestar.dev/2/usage/requests.html
- https://docs.litestar.dev/2/usage/routing/parameters.html
Related Skills
alti3/litestar-websockets
development
VerifiedTrustedCommunity
Build Litestar WebSocket endpoints with low-level websocket handlers, websocket listeners, websocket streams, dependency injection, custom websocket classes, transport-mode control, and graceful connection lifecycle handling. Use when implementing bidirectional real-time communication, reactive websocket message handling, or proactive server push over WebSockets. Do not use for server-side pub/sub fanout that is better expressed with channels alone.
5SKILL.mdUpdated Apr 3, 2026
alti3/litestar-testing
tools
VerifiedTrustedCommunity
Test Litestar applications with TestClient, AsyncTestClient, create_test_client, websocket test helpers, dependency overrides, mocked dependencies, lifecycle-aware fixtures, and deterministic success and failure assertions. Use when adding or fixing Litestar test coverage, including exception contracts, override precedence, websocket behavior, event-bus side effects, or live-server-only response patterns. Do not use as a substitute for production observability or runtime debugging strategy.
5SKILL.mdUpdated Apr 3, 2026
alti3/litestar-templating
development
VerifiedTrustedCommunity
Configure Litestar templating with `TemplateConfig`, Jinja/Mako/MiniJinja engines, file-or-string `Template` responses, request and CSRF-aware context, template callables, and custom engine integration. Use when implementing or fixing server-rendered HTML in Litestar. Do not use for static asset serving or pure JSON API endpoints.
5SKILL.mdUpdated Apr 3, 2026
alti3/litestar-stores
development
VerifiedTrustedCommunity
Configure Litestar stores and the store registry for caching, server-side sessions, rate limiting, and other key-value state with explicit backend selection, bytes-safe data handling, TTL and renewal policy, namespacing, registry wiring, and lifecycle cleanup. Use when a Litestar app depends on `MemoryStore`, `FileStore`, `RedisStore`, `ValkeyStore`, or `StoreRegistry`. Do not use for relational persistence, domain repositories, or response-caching policy details that belong in database or caching-focused skills.
5SKILL.mdUpdated Apr 3, 2026