fastapi_skill
- Python
0
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill yldgio/codereview-skills --skill fastapi- SKILL.md3.1 KB
Overview
This skill captures practical rules and patterns for designing FastAPI endpoints, Pydantic validation, dependency injection, and async patterns. It focuses on secure, maintainable API design and clear separation of concerns for production-ready applications. The guidance balances security, performance, and developer ergonomics.
How this skill works
The skill inspects endpoint design, input/output validation, dependency usage, and async behaviors to surface issues and recommend best practices. It evaluates security controls (auth, CORS, headers), correct HTTP semantics, Pydantic model usage, dependency lifecycle, and async safety. It flags risky patterns and suggests concrete fixes and improvements.
When to use it
- When reviewing FastAPI projects for security and correctness before release
- When designing new endpoints and deciding request/response models
- When migrating sync code to async or integrating async libraries
- When creating reusable dependencies like DB sessions or auth handlers
- When setting project structure, OpenAPI docs, and versioning strategy
Best practices
- Validate and sanitize all inputs; use Pydantic models and Field() constraints
- Use OAuth2PasswordBearer or similar and avoid logging sensitive data
- Group routes with APIRouter, document with OpenAPI metadata, and version APIs
- Implement dependencies with Depends(), manage DB sessions via context managers
- Prefer async def for I/O endpoints; avoid blocking calls and mixed sync/async DB calls
- Use startup/shutdown events and BackgroundTasks for shared resources and long-running work
Example use cases
- Code review checklist to ensure endpoints use correct methods, status codes, and models
- Refactoring a monolithic router into feature-based routers with clear dependencies
- Converting blocking database calls to async patterns and applying concurrency limits
- Hardening an API by adding CORS, CSRF for cookies, security headers, and rate limiting
- Designing response models that separate internal fields from client-facing data
FAQ
Prefer async def for I/O-bound work. If your stack or DB client is sync, either use sync endpoints or adopt async-compatible drivers to avoid blocking the event loop.
How do I prevent sensitive data leaks in logs and responses?
Never log secrets or tokens. Use separate output models for responses, redact sensitive fields, and sanitize any user-provided content before logging.
How to manage DB sessions correctly?
Provide DB sessions as Depends(), use context managers or try/finally to close sessions, and avoid global session objects.