jamie-bitflight/python3-web
plugins/python-engineering/skills/python3-web/SKILL.md
Python web and API development enforcing strict route/domain/data layer separation, Pydantic v2 strict request-response models, edge-resolved auth, and async-safe HTTP clients. Use when working with FastAPI, Starlette, Django, Flask, HTTP endpoints, request models, authentication flows, async handlers, or any Python web framework task.
$ install --global
skillsauthnpx skillsauth add jamie-bitflight/claude_skills python3-webInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 28, 2026, 2:08 PM178.4s1 file scanned
SKILL.md
- name:
- python3-web
- description:
- Python web and API development enforcing strict route/domain/data layer separation, Pydantic v2 strict request-response models, edge-resolved auth, and async-safe HTTP clients. Use when working with FastAPI, Starlette, Django, Flask, HTTP endpoints, request models, authentication flows, async handlers, or any Python web framework task.
- user-invocable:
- false
Python Web
Load python3-core for standing defaults. Load python3-typing for request/response modeling. Load python3-testing for endpoint and auth tests.
Quality Checklist
- [ ] Route handlers contain NO business logic — only validation, delegation, response mapping
- [ ] No framework objects (
Request,Response, ORM models) leak into domain layer - [ ]
model_config = {"strict": True}on all request models - [ ] Separate request and response models per endpoint — never reuse ORM models as API schemas
- [ ] Auth resolved at edge; domain functions receive typed identity, never raw tokens
- [ ] Domain exceptions mapped to HTTP status codes at boundary, not scattered through handlers
- [ ] Async handlers use
httpx.AsyncClient— neverrequests(blocks event loop) - [ ] Background tasks hold no references to request-scoped objects
Gotchas
| Trap | What to do instead |
|---|---|
| FastAPI dep ordering assumptions | Dependencies resolve by graph, not definition order — chain explicitly if order matters |
| Pydantic v1/v2 method mixing | v2: model_dump(), model_dump_json(), model_validate() — never .dict() / .json() |
| import requests in async handler | requests blocks event loop; use httpx.AsyncClient with async with |
| Django ORM in async views | Bare Model.objects.get() blocks; use aget() (Django 4.1+) or sync_to_async |
| allow_origins=["*"] | Enumerate specific origins — * disables credential support, security risk |
| Single model for request + response + DB | Three separate models: CreateUserRequest, UserResponse, UserDB |
Decision Table: Sync vs Async
| Scenario | Use | Why |
|---|---|---|
| CPU-bound processing | Sync + thread pool | async doesn't help CPU work |
| Multiple external API calls | Async + httpx.AsyncClient | Concurrent I/O without threads |
| Simple CRUD with sync ORM | Sync handlers | Async adds complexity with no benefit |
| WebSocket connections | Async (required) | Inherently long-lived |
Layer Separation
HTTP Layer (routes) → validated typed request models
Domain Layer (logic) → typed domain objects
Data Layer (repo/ORM)
Related Skills
jamie-bitflight/xdg-base-directory
development
VerifiedTrustedCommunity
When an application needs to store config, data, cache, or state files. When designing where user-specific files should live. When code writes to ~/.appname or hardcoded home paths. When implementing cross-platform file storage with platformdirs.
39SKILL.mdUpdated Apr 30, 2026
jamie-bitflight/verification-gate
testing
VerifiedTrustedCommunity
Enforce mandatory pre-action verification checkpoints to prevent pattern-matching from overriding explicit reasoning. Use this skill when about to execute implementation actions (Bash, Write, Edit) to verify hypothesis-action alignment. Blocks execution when hypothesis unverified or action targets different system than hypothesis identified. Critical for preventing cognitive dissonance where correct diagnosis leads to wrong implementation.
39SKILL.mdUpdated Apr 30, 2026
jamie-bitflight/twelve-factor-app
tools
VerifiedTrustedCommunity
Reference guide for the Twelve-Factor App methodology — 15 principles (12 original + 3 modern extensions) for building portable, resilient, cloud-native applications. Use when evaluating application architecture, designing cloud-native services, reviewing codebases for methodology compliance, advising on configuration, scaling, observability, security, and deployment patterns. Incorporates the 2025 open-source community evolution and cloud-native reinterpretations of each factor.
39SKILL.mdUpdated Apr 30, 2026
jamie-bitflight/user-docs-to-ai-skill
tools
VerifiedTrustedCommunity
Converts user-facing documentation (how-to guides, tutorials, API references, examples) in any format — Markdown, PDF, DOCX, PPTX, XLSX, AsciiDoc, RST, HTML, Jupyter notebooks, man pages, TOML/YAML/JSON configs, and plain text — into Claude Code skill directories with SKILL.md plus thematically grouped references/*.md files. Use when given a docs directory or mixed-format documentation to transform into an AI skill. Uses MCP file-reader server for binary formats.
39SKILL.mdUpdated Apr 30, 2026