michaelalber/python-feature-slice
skills/team/python-feature-slice/SKILL.md
Scaffolds feature-based Python architecture using FastAPI routers, Pydantic v2 models, and a service layer. Python analog of dotnet-vertical-slice — no mediator library, uses FastAPI Depends() for dependency injection and structural CQRS conventions. Use when creating feature-based Python projects, adding FastAPI features, scaffolding service layers, or organizing Python code by feature. Triggers on phrases like "scaffold python feature", "create python slice", "fastapi feature folder", "python vertical slice", "add python endpoint", "python feature architecture", "python service layer".
development
Updated Jun 4, 2026
$ install --global
skillsauthnpx skillsauth add michaelalber/ai-toolkit python-feature-sliceInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 4, 2026, 8:46 AM193.7s5 files scanned
SKILL.md
- name:
- python-feature-slice
- audience:
- team
- description:
- Scaffolds feature-based Python architecture using FastAPI routers, Pydantic v2 models, and a service layer. Python analog of dotnet-vertical-slice — no mediator library, uses FastAPI Depends() for dependency injection and structural CQRS conventions. Use when creating feature-based Python projects, adding FastAPI features, scaffolding service layers, or organizing Python code by feature. Triggers on phrases like "scaffold python feature", "create python slice", "fastapi feature folder", "python vertical slice", "add python endpoint", "python feature architecture", "python service layer".
Python Feature Slice Architecture
"Organize around business capabilities, not technical layers." -- Sam Newman, Building Microservices
Core Philosophy
Feature slice architecture organizes code by business capability, not technical layer: instead of
controllers/, services/, repositories/, you have features/orders/, features/users/ — each a
self-contained vertical slice. In Python with FastAPI, the mediator pattern (FreeMediator in .NET) is
replaced by FastAPI's native Depends(); service classes are injected directly into route handlers.
CQRS separation is a structural/naming convention — OrderReadService vs OrderWriteService — not a
library contract.
Non-Negotiable Constraints:
- FEATURE ISOLATION — no cross-feature imports; features communicate only through
shared/domain models. - SERVICE OWNS LOGIC — routers are thin (extract → call service → return); no business logic in handlers.
- PYDANTIC V2 EVERYWHERE — all request/response types are Pydantic models with
response_modelset; no baredictreturns. - PROTOCOL INTERFACES —
typing.Protocolfor service interfaces so tests run without concrete implementations. - ASYNC-FIRST — all I/O uses
async def; no blocking calls in async context (asyncio.to_thread()if unavoidable).
Full principle table, KB lookups, discipline rules, anti-patterns, and error recovery live in
references/conventions.md.
Workflow
DETECT Identify existing structure (flat/layered/feature-based), the FastAPI entry point
(main.py/app.py), the router registration pattern, the ORM setup, and the auth pattern.
(grep APIRouter/include_router; find main.py/app.py.)
SCAFFOLD Create the feature package:
features/<name>/{__init__.py, router.py, service.py, models.py, dependencies.py}
tests/features/<name>/{test_router.py, test_service.py}
(File-by-file content in references/feature-folder-template.md; read/write split in cqrs-conventions.md.)
REGISTER Wire the router: app.include_router(<name>_router, prefix="/api/v1", tags=["<name>"]).
VERIFY uvicorn starts; /docs renders the endpoints; pytest tests/features/<name>/ passes;
grep confirms no cross-feature imports.
Exit criteria: feature package created with thin router, Protocol-typed read/write services,
Pydantic v2 models, and tests; router registered under /api/v1; app starts, /docs renders, tests
pass, and no cross-feature imports exist.
State Block
<python-feature-slice-state>
phase: DETECT | SCAFFOLD | REGISTER | VERIFY | COMPLETE
feature_name: [name]
existing_structure: flat | layered | feature-based | unknown
app_entry_point: [file path]
router_registered: true | false
tests_scaffolded: true | false
read_service_created: true | false
write_service_created: true | false
last_action: [description]
next_action: [description]
</python-feature-slice-state>
Output Template
- Scaffold checklist, feature folder structure —
references/output-templates.md. - File-by-file scaffold content (router, service, models, dependencies, tests) —
references/feature-folder-template.md. - Read/write service separation conventions —
references/cqrs-conventions.md. - Principle table, KB lookups, discipline rules, anti-patterns, error recovery —
references/conventions.md.
Integration with Other Skills
| Skill | Relationship |
|-------|-------------|
| fastapi-scaffolder | Endpoint-level scaffolding (OpenAPI metadata, security, rate limiting). Use together for full endpoint quality within a feature. |
| alembic-migration-manager | When a feature needs schema changes, use it for the migration lifecycle. |
| python-security-review | After scaffolding, verify the feature's authentication, authorization, and input validation. |
| python-architecture-checklist | Quality gate — run after several features to verify isolation and coupling metrics. |
Related Skills
michaelalber/security-review-federal
development
VerifiedTrustedCommunity
Federal / government security overlay applied ON TOP OF a base language security review (dotnet/python/php/rust/react). Language-agnostic: adds NIST SP 800-53 control mapping, FIPS 140-2/3 cryptographic compliance (with a per-language crypto table), CUI handling, EO 14028 supply-chain requirements, and DOE Order 205.1B, and emits POA&M-ready findings with FIPS 199 impact levels. Use for federal/DOE/DOD/national-laboratory systems. Triggers on "federal security review", "NIST compliance", "NIST 800-53", "FISMA", "CUI", "FIPS audit", "DOE security", "POA&M", "ATO review". Do NOT use alone — run the matching <lang>-security-review FIRST; this overlay maps and extends it.
SKILL.mdUpdated Jun 4, 2026
michaelalber/react-security-review
tools
VerifiedTrustedCommunity
OWASP-based security review of React / TypeScript front-end applications. Detects the framework (Vite/CRA/Next), entry points, and data flows, scans against the OWASP Top 10 (2025) mapped to React client-side patterns (XSS via raw HTML, URL/protocol injection, secrets in the bundle, insecure token storage, dependency CVEs, missing CSP, open redirects), and produces a manager-friendly executive summary plus a graded technical findings table. Use to audit React code for vulnerabilities. Triggers on "react security review", "frontend security audit", "audit react for vulnerabilities", "owasp react", "react xss", "react security posture", "npm audit review". For federal / gov / DOE / NIST / FIPS / CUI context, run security-review-federal after this base review. Do NOT use to grade architecture/structure — use react-architecture-checklist.
SKILL.mdUpdated Jun 4, 2026
michaelalber/react-modernization-analyzer
tools
VerifiedTrustedCommunity
Analyzes legacy React codebases and produces actionable modernization plans. Primary migration paths include class components to function components + hooks, Create React App to Vite, React 16/17 to 18 to 19, JavaScript to TypeScript, Enzyme to React Testing Library, legacy Redux to Redux Toolkit / Zustand / Context, and deprecated lifecycle/API removal. Does NOT perform the migration — assesses, quantifies risk, and plans. Triggers on phrases like "modernize react", "class to hooks", "upgrade react", "migrate CRA to vite", "react legacy migration", "react 17 to 18", "react js to typescript", "react technical debt", "enzyme to RTL".
SKILL.mdUpdated Jun 4, 2026
michaelalber/react-feature-slice
development
VerifiedTrustedCommunity
Scaffolds feature-based React / TypeScript architecture using feature folders, presentational + container components, custom hooks, a typed data layer, and structural CQRS (query hooks vs mutation hooks). React analog of dotnet-vertical-slice and python-feature-slice — no DI framework; uses props/context for dependency injection and a query cache for server state. Use when creating feature-based React projects, adding React features, organizing components by feature rather than by technical type, or scaffolding a feature's data layer. Triggers on phrases like "scaffold react feature", "create react slice", "react feature folder", "react vertical slice", "add react feature", "react feature architecture", "organize react by feature".
SKILL.mdUpdated Jun 4, 2026