curiositech/model-serving-api-builder
skills/model-serving-api-builder/SKILL.md
Deploy ML models as production APIs with vLLM, TGI, ONNX Runtime, batching, autoscaling, and GPU optimization. Activate on: model serving, deploy LLM, vLLM setup, inference API, GPU serving. NOT for: model training (ai-engineer), prompt engineering (prompt-engineer).
development
Updated Apr 4, 2026
$ install --global
skillsauthnpx skillsauth add curiositech/windags-skills model-serving-api-builderInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 7:46 AM4.2s1 file scanned
SKILL.md
- license:
- Apache-2.0
- name:
- model-serving-api-builder
- description:
- Deploy ML models as production APIs with vLLM, TGI, ONNX Runtime, batching, autoscaling, and GPU optimization. Activate on: model serving, deploy LLM, vLLM setup, inference API, GPU serving. NOT for: model training (ai-engineer), prompt engineering (prompt-engineer).
- allowed-tools:
- Read,Write,Edit,Bash(python:*,pip:*,npm:*,npx:*)
- category:
- AI & Machine Learning
- - skill:
- llm-cost-optimizer
- reason:
- Serving optimization directly reduces inference cost
Model Serving API Builder
Deploy machine learning models as production APIs using vLLM, TGI, ONNX Runtime, and custom FastAPI services with batching, autoscaling, and GPU optimization.
Activation Triggers
Activate on: "deploy model API", "serve LLM", "vLLM setup", "inference server", "GPU serving", "model endpoint", "batch inference API", "TGI deployment", "ONNX serving", "autoscale inference"
NOT for: Model training or fine-tuning (ai-engineer), prompt design (prompt-engineer), or LLM application logic (ai-engineer)
Quick Start
- Choose serving framework — vLLM for LLMs (best throughput), TGI for HuggingFace models, ONNX Runtime for non-LLM models, Triton for multi-model.
- Configure resources — GPU type and count, memory limits, tensor parallelism for large models.
- Add batching — Continuous batching (vLLM native) for LLMs, dynamic batching for traditional ML models.
- Deploy with health checks — Kubernetes with GPU node pools, or managed services (Modal, Replicate, RunPod).
- Set up autoscaling — Scale on GPU utilization (70-80%), request queue depth, or custom latency targets.
Core Capabilities
| Domain | Technologies | Notes | |--------|-------------|-------| | LLM Serving | vLLM, TGI (HuggingFace), SGLang | PagedAttention, continuous batching, speculative decoding | | General ML | ONNX Runtime, Triton, TorchServe | Non-LLM models: vision, audio, tabular | | API Layer | FastAPI, gRPC, OpenAI-compatible endpoints | vLLM exposes OpenAI-compatible API natively | | Orchestration | Kubernetes + GPU operator, Docker, Modal, RunPod | GPU scheduling and resource management | | Quantization | AWQ, GPTQ, GGUF, bitsandbytes | 4-bit reduces VRAM 4x with < 2% quality loss | | Autoscaling | KEDA, HPA on GPU metrics, serverless (Modal) | Scale-to-zero for cost; scale-up for throughput |
Architecture Patterns
Pattern 1: vLLM Production Deployment
Client ──→ [Load Balancer] ──→ [vLLM Instance(s)] ──→ [GPU(s)]
│ │
health checks OpenAI-compatible API
rate limiting /v1/completions
API key auth /v1/chat/completions
│
continuous batching
PagedAttention
tensor parallelism
# vLLM serving with optimizations (2026 best practices)
pip install vllm
# Single GPU (e.g., A100 80GB, Llama 3.1 8B)
vllm serve meta-llama/Llama-3.1-8B-Instruct \
--host 0.0.0.0 --port 8000 \
--max-model-len 8192 \
--gpu-memory-utilization 0.90 \
--enable-prefix-caching \
--dtype auto
# Multi-GPU tensor parallelism (e.g., 2x A100 for 70B)
vllm serve meta-llama/Llama-3.1-70B-Instruct \
--tensor-parallel-size 2 \
--max-model-len 4096 \
--gpu-memory-utilization 0.90 \
--enable-prefix-caching
# Quantized serving (4-bit AWQ, fits 70B on single A100)
vllm serve TheBloke/Llama-3.1-70B-Instruct-AWQ \
--quantization awq \
--max-model-len 4096 \
--gpu-memory-utilization 0.95
Pattern 2: Multi-Model Serving Architecture
Requests ──→ [API Gateway / Router]
│
┌────────┼────────┐
│ │ │
▼ ▼ ▼
[vLLM] [ONNX] [Triton]
LLM Vision Ensemble
Llama 3 CLIP Multi-step
ResNet Pipeline
│ │ │
▼ ▼ ▼
GPU 0 GPU 1 GPU 2-3
Router logic:
/v1/chat/* → vLLM (LLM inference)
/v1/embeddings/* → ONNX (embedding model)
/v1/classify/* → Triton (vision classifier)
Pattern 3: Kubernetes GPU Deployment
# k8s deployment with GPU scheduling
apiVersion: apps/v1
kind: Deployment
metadata:
name: vllm-llama3
spec:
replicas: 2
template:
spec:
containers:
- name: vllm
image: vllm/vllm-openai:latest
args:
- --model=meta-llama/Llama-3.1-8B-Instruct
- --gpu-memory-utilization=0.90
- --enable-prefix-caching
resources:
limits:
nvidia.com/gpu: 1 # Request 1 GPU per pod
memory: "32Gi"
requests:
nvidia.com/gpu: 1
memory: "24Gi"
ports:
- containerPort: 8000
livenessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 120 # Model loading takes time
periodSeconds: 10
readinessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 120
tolerations:
- key: "nvidia.com/gpu"
operator: "Exists"
effect: "NoSchedule"
Anti-Patterns
- No health check grace period — LLM model loading takes 30-120 seconds. Setting
initialDelaySeconds: 5causes restart loops. Profile startup time and set accordingly. - Over-provisioning GPU memory — Setting
gpu-memory-utilizationto 1.0 leaves no room for request spikes. Use 0.85-0.92 as the safe range. - Synchronous inference without batching — Processing one request at a time wastes GPU cycles. vLLM's continuous batching handles this automatically; for custom serving, implement dynamic batching.
- No quantization evaluation — Serving a 70B FP16 model on 4x A100s when AWQ 4-bit on 1x A100 gives equivalent quality at 1/4 the cost. Always benchmark quantized variants.
- Missing graceful shutdown — Killing inference mid-generation corrupts responses. Implement drain mode: stop accepting new requests, finish in-flight, then terminate.
Quality Checklist
- [ ] Serving framework chosen based on model type (vLLM for LLMs, ONNX for traditional ML)
- [ ] GPU memory utilization set to 0.85-0.92 (not 1.0)
- [ ] Quantization benchmarked: quality vs. resource savings for target model
- [ ] Health check probes configured with sufficient startup delay
- [ ] Continuous batching enabled (vLLM default) or dynamic batching configured
- [ ] Prefix caching enabled for repeated prompt patterns
- [ ] Autoscaling configured: GPU utilization target 70-80%, or queue-depth based
- [ ] Graceful shutdown implemented: drain mode before termination
- [ ] Latency monitoring: P50, P95, P99 for time-to-first-token and total generation
- [ ] Load tested at 2x expected peak traffic before production deployment
Related Skills
curiositech/circuit-breakers-and-retries
tools
VerifiedTrustedCommunity
Building resilient distributed systems with circuit breakers, retries with full-jitter exponential backoff, retry budgets (per-request 3-attempt + per-client 10% ratio per Google SRE), deadline propagation, and the cascading-failure math (4 layers × 3 retries = 64x amplification). Grounded in Resilience4j, Microsoft Cloud Patterns, AWS Architecture Blog (Marc Brooker), and Google SRE Book.
4SKILL.mdUpdated May 6, 2026
curiositech/cdn-cache-control-headers
testing
VerifiedTrustedCommunity
Designing HTTP cache headers that work correctly across browsers, CDNs, and shared proxies — `Cache-Control` directives per RFC 9111, `stale-while-revalidate` and `stale-if-error` per RFC 5861, the Vary header for varying responses, and surrogate keys for tag-based purging. Grounded in IETF RFCs and Cloudflare/Fastly docs.
4SKILL.mdUpdated May 5, 2026
curiositech/content-security-policy-headers
development
VerifiedTrustedCommunity
Use when designing or fixing a Content Security Policy on a real site, choosing between nonce-based and hash-based CSP, adding strict-dynamic, debugging "Refused to execute inline script" errors, deploying CSP in report-only mode first, configuring report-to / report-uri, or auditing an existing policy for unsafe-inline / unsafe-eval / wildcards. Triggers: "CSP blocks legitimate inline script", strict-dynamic, nonce-{RANDOM}, sha256-{HASH}, object-src none, base-uri none, frame-ancestors, Trusted Types, X-Content-Security-Policy obsolete, report-only vs enforced. NOT for general HTTP security headers (HSTS, COOP/COEP), Trusted Types deep dive, CORS configuration, or building a WAF.
3SKILL.mdUpdated May 4, 2026
curiositech/api-versioning-strategy
tools
VerifiedTrustedCommunity
Choosing and operating an HTTP API versioning strategy that doesn't break clients — Stripe's date-based pinned versions, the Deprecation/Sunset header pair (RFC 9745 + RFC 8594), URI vs header vs media-type approaches, and the version-transformer pattern. Grounded in Stripe's published architecture and IETF RFCs.
3SKILL.mdUpdated May 4, 2026