Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

chelch5/api-schema

Name: api-schema
Author: chelch5

02-generated-repo-core/api-schema/SKILL.md

npx skillsauth add chelch5/skilllibrary api-schema

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Purpose

Design API schemas using OpenAPI 3.1 and JSON Schema for type-safe contracts between services. Define versioning strategy, distinguish breaking from non-breaking changes, and enable code generation from specs. The schema IS the contract—disagreement about the schema means disagreement about the API.

When to use this skill

Use when:

Designing new REST/HTTP API
Adding endpoints to existing API
Generating client SDKs or server stubs
Documenting API for external consumers

Do NOT use when:

GraphQL APIs (different schema language)
Internal RPC/gRPC (use protobuf)
Simple scripts with no API consumers

Operating procedure

Create OpenAPI 3.1 specification:

openapi: 3.1.0
info:
  title: User Service API
  version: 1.0.0
  description: API for user management

servers:
  - url: https://api.example.com/v1
    description: Production
  - url: https://staging-api.example.com/v1
    description: Staging

paths:
  /users/{userId}:
    get:
      operationId: getUser
      summary: Get user by ID
      parameters:
        - name: userId
          in: path
          required: true
          schema:
            type: string
            format: uuid
      responses:
        '200':
          description: User found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'
        '404':
          description: User not found

Define reusable schemas in components:

components:
  schemas:
    User:
      type: object
      required:
        - id
        - email
        - createdAt
      properties:
        id:
          type: string
          format: uuid
          description: Unique user identifier
        email:
          type: string
          format: email
        displayName:
          type: string
          maxLength: 100
        createdAt:
          type: string
          format: date-time
      additionalProperties: false  # Strict schema
    
    Error:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          enum: [NOT_FOUND, VALIDATION_ERROR, INTERNAL_ERROR]
        message:
          type: string
        details:
          type: object

Classify changes as breaking or non-breaking:

BREAKING (requires major version bump):
─────────────────────────────────────
- Removing endpoint or method
- Removing required request field
- Adding required request field without default
- Changing field type
- Removing response field clients depend on
- Changing error response structure

NON-BREAKING (minor or patch version):
─────────────────────────────────────
- Adding new endpoint
- Adding optional request field
- Adding response field
- Adding new enum value (if clients ignore unknown)
- Relaxing validation (wider accepted range)

Choose versioning strategy:

# URL path versioning (most common, clearest)
servers:
  - url: https://api.example.com/v1
  - url: https://api.example.com/v2

# Header versioning (cleaner URLs)
# Client sends: Accept: application/vnd.api+json;version=1

# Query parameter (easy for debugging)
# GET /users?api-version=2024-01-15

Generate code from spec:

# Generate TypeScript client
npx openapi-typescript openapi.yaml -o types.ts

# Generate Python FastAPI server stub
pip install fastapi-code-generator
fastapi-codegen --input openapi.yaml --output app/

# Validate spec
npx @redocly/cli lint openapi.yaml

Add request validation:

# FastAPI automatically validates against OpenAPI schema
from pydantic import BaseModel, EmailStr
from uuid import UUID

class CreateUserRequest(BaseModel):
    email: EmailStr
    display_name: str | None = None

    class Config:
        extra = 'forbid'  # Reject unknown fields

@app.post("/users")
async def create_user(request: CreateUserRequest) -> User:
    # Request already validated against schema
    ...

Output defaults

# openapi.yaml
openapi: 3.1.0
info:
  title: [Service Name] API
  version: 1.0.0
  description: |
    [Description]
    
    ## Versioning
    URL path versioning: /v1/, /v2/
    
    ## Authentication
    Bearer token in Authorization header

servers:
  - url: https://api.example.com/v1

paths:
  /[resource]:
    get:
      # ...
    post:
      # ...

components:
  schemas:
    # Reusable types
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

References

OpenAPI 3.1 Specification: https://swagger.io/specification/
https://spec.openapis.org/oas/v3.1.0
https://json-schema.org/learn/getting-started-step-by-step

Failure handling

Schema and implementation drift: Generate code from schema or validate implementation against schema in CI
Breaking change deployed accidentally: Add breaking-change detection to CI; tools like oasdiff can compare specs
Clients fail on new fields: Design clients to ignore unknown fields; use additionalProperties: true in response schemas
Validation too strict: Start permissive, tighten later; it's easier to reject more than to accept more
Large spec becomes unmaintainable: Split into multiple files using $ref to external files

chelch5/api-schema

02-generated-repo-core/api-schema/SKILL.md

Defines request/response shapes, versioning, validation, and compatibility rules for API-first work. Trigger on 'design API', 'OpenAPI spec', 'REST schema', 'API versioning', 'generate client SDK'. DO NOT USE for GraphQL schemas, gRPC/protobuf definitions (use stack-standards), auth endpoint logic (use auth-patterns), or external API client wrappers (use external-api-client).

tools

Updated Apr 20, 2026

$ install --global

skillsauth

npx skillsauth add chelch5/skilllibrary api-schema

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 20, 2026, 3:19 AM14.5s11 files scanned

SKILL.md

name:: api-schema
description:: Defines request/response shapes, versioning, validation, and compatibility rules for API-first work. Trigger on 'design API', 'OpenAPI spec', 'REST schema', 'API versioning', 'generate client SDK'. DO NOT USE for GraphQL schemas, gRPC/protobuf definitions (use stack-standards), auth endpoint logic (use auth-patterns), or external API client wrappers (use external-api-client).
license:: Apache-2.0
clients:: [openai-codex, gemini-cli, opencode, github-copilot]
owner:: codex
domain:: api-schema
maturity:: draft
risk:: low
tags:: [api, schema]

Purpose

When to use this skill

Use when:

Designing new REST/HTTP API
Adding endpoints to existing API
Generating client SDKs or server stubs
Documenting API for external consumers

Do NOT use when:

GraphQL APIs (different schema language)
Internal RPC/gRPC (use protobuf)
Simple scripts with no API consumers

Operating procedure

Create OpenAPI 3.1 specification:

openapi: 3.1.0
info:
  title: User Service API
  version: 1.0.0
  description: API for user management

servers:
  - url: https://api.example.com/v1
    description: Production
  - url: https://staging-api.example.com/v1
    description: Staging

paths:
  /users/{userId}:
    get:
      operationId: getUser
      summary: Get user by ID
      parameters:
        - name: userId
          in: path
          required: true
          schema:
            type: string
            format: uuid
      responses:
        '200':
          description: User found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'
        '404':
          description: User not found

Define reusable schemas in components:

components:
  schemas:
    User:
      type: object
      required:
        - id
        - email
        - createdAt
      properties:
        id:
          type: string
          format: uuid
          description: Unique user identifier
        email:
          type: string
          format: email
        displayName:
          type: string
          maxLength: 100
        createdAt:
          type: string
          format: date-time
      additionalProperties: false  # Strict schema
    
    Error:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          enum: [NOT_FOUND, VALIDATION_ERROR, INTERNAL_ERROR]
        message:
          type: string
        details:
          type: object

Classify changes as breaking or non-breaking:

BREAKING (requires major version bump):
─────────────────────────────────────
- Removing endpoint or method
- Removing required request field
- Adding required request field without default
- Changing field type
- Removing response field clients depend on
- Changing error response structure

NON-BREAKING (minor or patch version):
─────────────────────────────────────
- Adding new endpoint
- Adding optional request field
- Adding response field
- Adding new enum value (if clients ignore unknown)
- Relaxing validation (wider accepted range)

Choose versioning strategy:

# URL path versioning (most common, clearest)
servers:
  - url: https://api.example.com/v1
  - url: https://api.example.com/v2

# Header versioning (cleaner URLs)
# Client sends: Accept: application/vnd.api+json;version=1

# Query parameter (easy for debugging)
# GET /users?api-version=2024-01-15

Generate code from spec:

# Generate TypeScript client
npx openapi-typescript openapi.yaml -o types.ts

# Generate Python FastAPI server stub
pip install fastapi-code-generator
fastapi-codegen --input openapi.yaml --output app/

# Validate spec
npx @redocly/cli lint openapi.yaml

Add request validation:

# FastAPI automatically validates against OpenAPI schema
from pydantic import BaseModel, EmailStr
from uuid import UUID

class CreateUserRequest(BaseModel):
    email: EmailStr
    display_name: str | None = None

    class Config:
        extra = 'forbid'  # Reject unknown fields

@app.post("/users")
async def create_user(request: CreateUserRequest) -> User:
    # Request already validated against schema
    ...

Output defaults

# openapi.yaml
openapi: 3.1.0
info:
  title: [Service Name] API
  version: 1.0.0
  description: |
    [Description]
    
    ## Versioning
    URL path versioning: /v1/, /v2/
    
    ## Authentication
    Bearer token in Authorization header

servers:
  - url: https://api.example.com/v1

paths:
  /[resource]:
    get:
      # ...
    post:
      # ...

components:
  schemas:
    # Reusable types
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

References

OpenAPI 3.1 Specification: https://swagger.io/specification/
https://spec.openapis.org/oas/v3.1.0
https://json-schema.org/learn/getting-started-step-by-step

Failure handling

Schema and implementation drift: Generate code from schema or validate implementation against schema in CI
Breaking change deployed accidentally: Add breaking-change detection to CI; tools like oasdiff can compare specs
Clients fail on new fields: Design clients to ignore unknown fields; use additionalProperties: true in response schemas
Validation too strict: Start permissive, tighten later; it's easier to reject more than to accept more
Large spec becomes unmaintainable: Split into multiple files using $ref to external files

Related Skills

chelch5/context-intelligence

testing

VerifiedTrustedCommunity

Manages context window budgets, loading strategies, and compaction techniques for AI-assisted coding sessions. Trigger on 'context window', 'what to load', 'context management', 'context overflow', 'token budget'. DO NOT USE for loading specific project docs into agent context (use project-context) or prompt wording and optimization (use prompt-crafting).

SKILL.mdUpdated Apr 20, 2026

chelch5/context-intelligence

chelch5/auth-patterns

development

VerifiedTrustedCommunity

Implements authentication, session, token, and authorization patterns for the current stack. Trigger on 'add auth', 'JWT', 'OAuth', 'login endpoint', 'session management', 'API key auth'. DO NOT USE for OWASP hardening checklists (use security-hardening), threat modeling (use security-threat-model), or secret rotation/storage (use security-best-practices).

SKILL.mdUpdated Apr 20, 2026

chelch5/auth-patterns

chelch5/ticket-pack-builder

development

VerifiedTrustedCommunity

Create a repo-local ticket system with an index, machine-readable manifest, board, and individual ticket files. Use when a repo needs task decomposition that autonomous agents can follow without re-planning the whole project each session. Do not use for executing tickets (use ticket-execution) or quick fixes that don't warrant formal tickets.

SKILL.mdUpdated Apr 20, 2026

chelch5/ticket-pack-builder

chelch5/stack-profile-detector

development

VerifiedTrustedCommunity

Detect a project's language, framework, runtime, testing setup, and deployment target from repository contents and produce a structured STACK-PROFILE.md. Use when scaffolding a new project and need to determine stack from code evidence, onboarding to an existing repo with unknown stack, or generating stack-specific skills. Do not use when stack is already documented in STACK-PROFILE.md or for repos with no code (infer from specs instead).

SKILL.mdUpdated Apr 20, 2026

chelch5/stack-profile-detector

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/chelch5/skilllibrary.git

# Copy into Claude Code skills folder (global)
cp -r skilllibrary/02-generated-repo-core/api-schema ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

chelch5/skilllibrary

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT