Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

d-subrahmanyam/api-gateway

Name: api-gateway
Author: d-subrahmanyam

.agents/skills/api-gateway/SKILL.md

npx skillsauth add d-subrahmanyam/deno-fresh-microservices api-gateway

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

API Gateway

Gateway Pattern

Client ──▶ API Gateway ──┬──▶ User Service
                         ├──▶ Order Service
                         ├──▶ Product Service
                         └──▶ Payment Service

AWS API Gateway

// CDK definition
const api = new apigateway.RestApi(this, 'MyApi', {
  restApiName: 'My Service',
  deployOptions: { stageName: 'prod', throttlingRateLimit: 1000, throttlingBurstLimit: 500 },
});

const orders = api.root.addResource('orders');
orders.addMethod('GET', new apigateway.LambdaIntegration(listOrdersFn));
orders.addMethod('POST', new apigateway.LambdaIntegration(createOrderFn), {
  authorizer: cognitoAuthorizer,
  authorizationType: apigateway.AuthorizationType.COGNITO,
});

// Usage plan with API key
const plan = api.addUsagePlan('BasicPlan', {
  throttle: { rateLimit: 100, burstLimit: 50 },
  quota: { limit: 10000, period: apigateway.Period.MONTH },
});

Kong (Declarative Config)

# kong.yml
_format_version: "3.0"

services:
  - name: user-service
    url: http://user-svc:3000
    routes:
      - name: users-route
        paths: ["/api/users"]
        strip_path: true
    plugins:
      - name: rate-limiting
        config: { minute: 100, policy: redis, redis_host: redis }
      - name: jwt
      - name: cors
        config:
          origins: ["https://myapp.com"]
          methods: ["GET", "POST", "PUT", "DELETE"]

  - name: order-service
    url: http://order-svc:3000
    routes:
      - name: orders-route
        paths: ["/api/orders"]
    plugins:
      - name: rate-limiting
        config: { minute: 50 }

NGINX as Gateway

upstream user_service { server user-svc:3000; }
upstream order_service { server order-svc:3000; }

server {
    listen 443 ssl;

    location /api/users/ {
        proxy_pass http://user_service/;
        proxy_set_header X-Request-ID $request_id;
        limit_req zone=api burst=20 nodelay;
    }

    location /api/orders/ {
        proxy_pass http://order_service/;
        proxy_set_header X-Request-ID $request_id;
    }
}

BFF (Backend for Frontend)

// BFF aggregates multiple services for the frontend
app.get('/api/bff/dashboard', auth, async (req, res) => {
  const [user, orders, notifications] = await Promise.all([
    userService.getProfile(req.user.id),
    orderService.getRecent(req.user.id, 5),
    notificationService.getUnread(req.user.id),
  ]);

  res.json({ user, recentOrders: orders, unreadCount: notifications.length });
});

Anti-Patterns

| Anti-Pattern | Fix | |--------------|-----| | Business logic in gateway | Gateway only routes, auth, rate limits | | No rate limiting | Configure per-route limits | | Single point of failure | Deploy gateway with redundancy | | No request ID propagation | Add X-Request-ID header for tracing | | Gateway handles data transformation | Keep transformations in BFF or services |

Production Checklist

[ ] Rate limiting configured per route
[ ] Authentication offloaded to gateway
[ ] Request ID propagation for tracing
[ ] Health check endpoints for upstream services
[ ] Circuit breaker on upstream failures
[ ] TLS termination at gateway

d-subrahmanyam/api-gateway

.agents/skills/api-gateway/SKILL.md

API gateway patterns and implementations. Kong, AWS API Gateway, NGINX as gateway, rate limiting, request routing, authentication offloading, and request/response transformation. USE WHEN: user mentions "API gateway", "Kong", "AWS API Gateway", "NGINX gateway", "gateway pattern", "request routing", "BFF" DO NOT USE FOR: reverse proxy basics - use infrastructure skills; service mesh - use `service-mesh`; rate limiting in app - use `rate-limiting`

development

Updated Apr 16, 2026

$ install --global

skillsauth

npx skillsauth add d-subrahmanyam/deno-fresh-microservices api-gateway

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 24, 2026, 8:53 PM1.8s1 file scanned

SKILL.md

name:: api-gateway
description:: |
USE WHEN:: user mentions "API gateway", "Kong", "AWS API Gateway",
DO NOT USE FOR:: reverse proxy basics - use infrastructure skills;
allowed-tools:: Read, Grep, Glob, Write, Edit

API Gateway

Gateway Pattern

Client ──▶ API Gateway ──┬──▶ User Service
                         ├──▶ Order Service
                         ├──▶ Product Service
                         └──▶ Payment Service

AWS API Gateway

// CDK definition
const api = new apigateway.RestApi(this, 'MyApi', {
  restApiName: 'My Service',
  deployOptions: { stageName: 'prod', throttlingRateLimit: 1000, throttlingBurstLimit: 500 },
});

const orders = api.root.addResource('orders');
orders.addMethod('GET', new apigateway.LambdaIntegration(listOrdersFn));
orders.addMethod('POST', new apigateway.LambdaIntegration(createOrderFn), {
  authorizer: cognitoAuthorizer,
  authorizationType: apigateway.AuthorizationType.COGNITO,
});

// Usage plan with API key
const plan = api.addUsagePlan('BasicPlan', {
  throttle: { rateLimit: 100, burstLimit: 50 },
  quota: { limit: 10000, period: apigateway.Period.MONTH },
});

Kong (Declarative Config)

# kong.yml
_format_version: "3.0"

services:
  - name: user-service
    url: http://user-svc:3000
    routes:
      - name: users-route
        paths: ["/api/users"]
        strip_path: true
    plugins:
      - name: rate-limiting
        config: { minute: 100, policy: redis, redis_host: redis }
      - name: jwt
      - name: cors
        config:
          origins: ["https://myapp.com"]
          methods: ["GET", "POST", "PUT", "DELETE"]

  - name: order-service
    url: http://order-svc:3000
    routes:
      - name: orders-route
        paths: ["/api/orders"]
    plugins:
      - name: rate-limiting
        config: { minute: 50 }

NGINX as Gateway

upstream user_service { server user-svc:3000; }
upstream order_service { server order-svc:3000; }

server {
    listen 443 ssl;

    location /api/users/ {
        proxy_pass http://user_service/;
        proxy_set_header X-Request-ID $request_id;
        limit_req zone=api burst=20 nodelay;
    }

    location /api/orders/ {
        proxy_pass http://order_service/;
        proxy_set_header X-Request-ID $request_id;
    }
}

BFF (Backend for Frontend)

// BFF aggregates multiple services for the frontend
app.get('/api/bff/dashboard', auth, async (req, res) => {
  const [user, orders, notifications] = await Promise.all([
    userService.getProfile(req.user.id),
    orderService.getRecent(req.user.id, 5),
    notificationService.getUnread(req.user.id),
  ]);

  res.json({ user, recentOrders: orders, unreadCount: notifications.length });
});

Anti-Patterns

Production Checklist

[ ] Rate limiting configured per route
[ ] Authentication offloaded to gateway
[ ] Request ID propagation for tracing
[ ] Health check endpoints for upstream services
[ ] Circuit breaker on upstream failures
[ ] TLS termination at gateway

Related Skills

d-subrahmanyam/fastify-typescript

development

VerifiedTrustedCommunity

Guidelines for building high-performance APIs with Fastify and TypeScript, covering validation, Prisma integration, and testing best practices

SKILL.mdUpdated Apr 17, 2026

d-subrahmanyam/fastify-typescript

d-subrahmanyam/fastapi

development

VerifiedTrustedCommunity

FastAPI modern Python web framework. Covers routing, Pydantic models, dependency injection, and async support. Use when building Python APIs. USE WHEN: user mentions "fastapi", "pydantic", "async python api", "python rest api", asks about "dependency injection python", "python openapi", "python swagger", "async endpoints", "python api validation", "fastapi middleware" DO NOT USE FOR: Django apps - use `django` instead, Flask apps - use `flask` instead, synchronous Python APIs without type hints, GraphQL-only APIs

SKILL.mdUpdated Apr 16, 2026

d-subrahmanyam/fastapi

d-subrahmanyam/fastapi-testing

tools

VerifiedTrustedCommunity

FastAPI integration testing specialist. Covers synchronous TestClient, async httpx AsyncClient, dependency injection overrides, auth testing (JWT, OAuth2, API keys), WebSocket testing, file uploads, background tasks, middleware testing, and HTTP mocking with respx, responses, and pytest-httpserver. USE WHEN: user mentions "FastAPI test", "TestClient", "httpx async test", "dependency override test", "respx mock", asks about testing FastAPI endpoints, authentication in tests, or HTTP client mocking. DO NOT USE FOR: Django - use `pytest-django`; pytest internals - use `pytest`; Container infrastructure - use `testcontainers-python`

SKILL.mdUpdated Apr 16, 2026

d-subrahmanyam/fastapi-testing

d-subrahmanyam/fastapi-python

development

VerifiedTrustedCommunity

Expert in FastAPI Python development with best practices for APIs and async operations

SKILL.mdUpdated Apr 16, 2026

d-subrahmanyam/fastapi-python

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/d-subrahmanyam/deno-fresh-microservices.git

# Copy into Claude Code skills folder (global)
cp -r deno-fresh-microservices/.agents/skills/api-gateway ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

d-subrahmanyam/deno-fresh-microservices

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT