fastapi_skill

This skill helps design and review FastAPI endpoints with Pydantic, DI, and async patterns for secure, scalable APIs.
  • Python

0

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill yldgio/codereview-skills --skill fastapi

  • SKILL.md3.1 KB

Overview

This skill captures practical rules and patterns for designing FastAPI endpoints, Pydantic validation, dependency injection, and async patterns. It focuses on secure, maintainable API design and clear separation of concerns for production-ready applications. The guidance balances security, performance, and developer ergonomics.

How this skill works

The skill inspects endpoint design, input/output validation, dependency usage, and async behaviors to surface issues and recommend best practices. It evaluates security controls (auth, CORS, headers), correct HTTP semantics, Pydantic model usage, dependency lifecycle, and async safety. It flags risky patterns and suggests concrete fixes and improvements.

When to use it

  • When reviewing FastAPI projects for security and correctness before release
  • When designing new endpoints and deciding request/response models
  • When migrating sync code to async or integrating async libraries
  • When creating reusable dependencies like DB sessions or auth handlers
  • When setting project structure, OpenAPI docs, and versioning strategy

Best practices

  • Validate and sanitize all inputs; use Pydantic models and Field() constraints
  • Use OAuth2PasswordBearer or similar and avoid logging sensitive data
  • Group routes with APIRouter, document with OpenAPI metadata, and version APIs
  • Implement dependencies with Depends(), manage DB sessions via context managers
  • Prefer async def for I/O endpoints; avoid blocking calls and mixed sync/async DB calls
  • Use startup/shutdown events and BackgroundTasks for shared resources and long-running work

Example use cases

  • Code review checklist to ensure endpoints use correct methods, status codes, and models
  • Refactoring a monolithic router into feature-based routers with clear dependencies
  • Converting blocking database calls to async patterns and applying concurrency limits
  • Hardening an API by adding CORS, CSRF for cookies, security headers, and rate limiting
  • Designing response models that separate internal fields from client-facing data

FAQ

Prefer async def for I/O-bound work. If your stack or DB client is sync, either use sync endpoints or adopt async-compatible drivers to avoid blocking the event loop.

How do I prevent sensitive data leaks in logs and responses?

Never log secrets or tokens. Use separate output models for responses, redact sensitive fields, and sanitize any user-provided content before logging.

How to manage DB sessions correctly?

Provide DB sessions as Depends(), use context managers or try/finally to close sessions, and avoid global session objects.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational