levnikolaevich/ln-775-api-docs-generator
skills-catalog/ln-775-api-docs-generator/SKILL.md
Configures Swagger/OpenAPI documentation for backend APIs. Use when adding interactive API docs to a project.
$ install --global
skillsauthnpx skillsauth add levnikolaevich/claude-code-skills ln-775-api-docs-generatorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 6, 2026, 8:22 PM72.9s1 file scanned
SKILL.md
- name:
- ln-775-api-docs-generator
- description:
- Configures Swagger/OpenAPI documentation for backend APIs. Use when adding interactive API docs to a project.
- license:
- MIT
ln-775-api-docs-generator
Type: L3 Worker Category: 7XX Project Bootstrap
Configures API documentation with Swagger/OpenAPI.
Overview
| Aspect | Details | |--------|---------| | Input | Context Store from ln-770 | | Output | Swagger/OpenAPI configuration | | Stacks | .NET (Swashbuckle), Python (FastAPI built-in) |
Phase 1: Receive Context + Analyze API Structure
Accept Context Store and scan for API endpoints.
Required Context:
STACK: .NET or PythonPROJECT_ROOT: Project directory path
Idempotency Check:
- .NET: Grep for
AddSwaggerGenorUseSwagger - Python: FastAPI has built-in OpenAPI, check for custom configuration
- If found: Return
{ "status": "skipped" }
API Analysis:
- Scan for controller/router files
- Identify authentication method (JWT, OAuth2, API Key)
- Check for API versioning
Phase 2: Research Documentation Standards
Use MCP tools for current documentation.
For .NET:
MCP ref: "Swashbuckle ASP.NET Core OpenAPI Swagger configuration"
Context7: /domaindrivendev/Swashbuckle.AspNetCore
For Python:
MCP ref: "FastAPI OpenAPI documentation customization"
Context7: /tiangolo/fastapi
Key Patterns to Research:
- OpenAPI 3.0/3.1 specification
- Security scheme definitions
- XML comments integration (.NET)
- Response examples and schemas
- API versioning documentation
Phase 3: Decision Points
Q1: API Information
| Field | Description | Required | |-------|-------------|----------| | Title | API name | ✓ Yes | | Version | API version (v1, v2) | ✓ Yes | | Description | Brief description | Optional | | Contact | Support contact | Optional | | License | API license | Optional |
Q2: Security Scheme
| Scheme | Use Case | OpenAPI Type |
|--------|----------|--------------|
| JWT Bearer (Recommended) | Token in Authorization header | http + bearer |
| API Key | Key in header or query | apiKey |
| OAuth2 | Full OAuth2 flow | oauth2 |
| None | Public API | No security |
Q3: Documentation Features
| Feature | .NET | Python | Default | |---------|------|--------|---------| | XML Comments | ✓ Supported | N/A | ✓ Enable | | Response Examples | ✓ Manual | ✓ Pydantic | ✓ Enable | | Request Validation | ✓ Annotations | ✓ Pydantic | ✓ Enable | | Try It Out | ✓ Yes | ✓ Yes | ✓ Enable |
Phase 4: Generate Configuration
.NET Output Files
| File | Purpose |
|------|---------|
| Extensions/SwaggerExtensions.cs | Swagger service registration |
| *.csproj (update) | Enable XML documentation |
Generation Process:
- Use MCP ref for current Swashbuckle API
- Generate SwaggerExtensions with:
- AddEndpointsApiExplorer
- AddSwaggerGen with OpenApiInfo
- Security definition (if auth detected)
- XML comments inclusion
- Update csproj for documentation generation
Packages to Add:
Swashbuckle.AspNetCore
Registration Code:
builder.Services.AddSwaggerServices();
// ...
app.UseSwaggerServices();
csproj Update:
<PropertyGroup>
<GenerateDocumentationFile>true</GenerateDocumentationFile>
<NoWarn>$(NoWarn);1591</NoWarn>
</PropertyGroup>
Python Output Files
| File | Purpose |
|------|---------|
| core/openapi_config.py | OpenAPI customization |
Generation Process:
- Use MCP ref for FastAPI OpenAPI customization
- Generate openapi_config.py with:
- Custom OpenAPI schema
- Security scheme definitions
- Tags and descriptions
- FastAPI generates OpenAPI automatically
Note: FastAPI has built-in OpenAPI support. This worker customizes the default configuration.
Registration Code:
from core.openapi_config import custom_openapi
app.openapi = lambda: custom_openapi(app)
Phase 5: Validate
Validation Steps:
-
Syntax check:
- .NET:
dotnet build --no-restore - Python:
python -m py_compile core/openapi_config.py
- .NET:
-
Access documentation: | Stack | URL | |-------|-----| | .NET | http://localhost:5000/swagger | | Python | http://localhost:5000/docs | | Python (ReDoc) | http://localhost:5000/redoc |
-
Verify content:
- [ ] All endpoints visible
- [ ] Request/response schemas displayed
- [ ] Security scheme shown (if configured)
- [ ] Try It Out functional
-
OpenAPI spec validation:
# .NET curl http://localhost:5000/swagger/v1/swagger.json | jq . # Python curl http://localhost:5000/openapi.json | jq .
Security Scheme Examples
JWT Bearer (.NET)
// Structure only - actual code generated via MCP ref
options.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
Description = "JWT Authorization header using Bearer scheme",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.Http,
Scheme = "bearer",
BearerFormat = "JWT"
});
JWT Bearer (Python/FastAPI)
# Structure only - actual code generated via MCP ref
from fastapi.security import HTTPBearer
security = HTTPBearer()
Return to Coordinator
{
"status": "success",
"files_created": [
"Extensions/SwaggerExtensions.cs"
],
"packages_added": [
"Swashbuckle.AspNetCore"
],
"registration_code": "builder.Services.AddSwaggerServices();",
"message": "Configured Swagger/OpenAPI documentation"
}
Reference Links
- Swashbuckle.AspNetCore
- FastAPI OpenAPI
- OpenAPI Specification
Critical Rules
- Use MCP ref for current Swashbuckle/FastAPI API — do not hardcode configuration from memory
- Auto-detect auth scheme — scan for JWT, OAuth2, or API Key and configure security definition accordingly
- Enable XML documentation in .NET — update csproj with
GenerateDocumentationFileand suppress warning 1591 - FastAPI: customize, not replace — built-in OpenAPI works by default, only add custom schema/security
- Idempotent — if
AddSwaggerGen/UseSwaggerexists, returnstatus: "skipped"
Definition of Done
- [ ] Context Store received (stack, project root)
- [ ] API structure analyzed (controllers/routers, auth method, versioning)
- [ ] Documentation standards researched via MCP tools
- [ ] Swagger/OpenAPI configuration generated with API info and security scheme
- [ ] XML comments enabled (.NET) or custom OpenAPI schema configured (Python)
- [ ] Syntax validated (
dotnet buildorpy_compile) - [ ] Structured JSON response returned to ln-770 coordinator
Version: 2.0.0 Last Updated: 2026-01-10
Related Skills
levnikolaevich/ln-629-runtime-lifecycle-config-auditor
testing
VerifiedTrustedCommunity
Checks runtime lifecycle and config validation: bootstrap, shutdown, probes, cleanup, env sync, and fail-fast startup. Use for runtime readiness.
479SKILL.mdUpdated May 30, 2026
levnikolaevich/ln-628-concurrency-correctness-auditor
testing
VerifiedTrustedCommunity
Checks races, deadlocks, async hazards, TOCTOU, blocking I/O, and shared resource contention. Use when auditing concurrency correctness.
479SKILL.mdUpdated May 30, 2026
levnikolaevich/ln-627-diagnosability-auditor
testing
VerifiedTrustedCommunity
Checks diagnosability through structured logs, metrics, traces, correlation IDs, and useful log levels. Use when auditing incident visibility.
479SKILL.mdUpdated May 30, 2026
levnikolaevich/ln-626-dead-code-pruning-auditor
development
VerifiedTrustedCommunity
Finds code that can be safely deleted: unreachable, unused, obsolete compatibility, and commented-out code. Use when pruning dead code.
479SKILL.mdUpdated May 30, 2026