메뉴
Use this skill when designing, reviewing, or refactoring REST APIs in WrongStack. Triggers: user says "API", "endpoint", "REST", "request", "response", "JSON", "HTTP", "status code", "pagination", "query params", "request body".
Use this skill when choosing, installing, or recommending packages, libraries, frameworks, or tooling — any decision that involves a version number or a technology name. This skill enforces latest-version verification, blocks dead/obsolete choices, and intervenes when the LLM hallucinates version numbers or suggests 5+ year-old technology. Triggers: user says "install", "package", "dependency", "upgrade", "latest version", "add package", "npm install", "pnpm add", "what version", "which library", "tech stack", "choose framework".
Use this skill when a task would benefit from parallel execution across multiple AI agents, or when orchestrating leader/worker patterns in WrongStack. Triggers: user says "fan out", "parallel", "delegate", "subagent", "fleet", "coordinator".
Use this skill when analyzing WrongStack session logs, event streams, or system traces to surface patterns, anomalies, or operational insights. Triggers: user says "audit", "session analysis", "log analysis", "usage patterns".
Use this skill when scanning source code for bugs, anti-patterns, code smells, or quality issues in a WrongStack project. Triggers: user says "bug", "bug hunt", "scan for issues", "find problems", "anti-pattern", "code smell", "static analysis".
Use this skill when building, containerizing, or deploying WrongStack with Docker. Triggers: user says "docker", "container", "dockerfile", "image", "docker-compose", "deploy", "containerize", "registry", "multi-stage", "distroless".
Use this skill when proposing, reviewing, or troubleshooting git commits, branches, pull requests, or merge strategies in a WrongStack project session. Triggers: user mentions "commit", "branch", "PR", "merge", "rebase", "stash", "diff".
| name | api-design |
| description | Use this skill when designing, reviewing, or refactoring REST APIs in WrongStack. Triggers: user says "API", "endpoint", "REST", "request", "response", "JSON", "HTTP", "status code", "pagination", "query params", "request body". |
| version | 1.0.0 |
Designs and reviews REST APIs for WrongStack services. WrongStack uses JSON over HTTPS, conventional HTTP status codes, and cursor-based pagination. APIs are consumed by the TUI, webui, and external integrations.
200 (ok), 201 (created), 400 (bad request), 401 (unauthorized), 403 (forbidden), 404 (not found), 500 (server error).{ "error": { "code": "ERROR_CODE", "message": "Human readable" } }./sessions not /session.400 with field-level errors.POST to /resources creates; PUT to /resources/:id replaces./v1/ when breaking changes are inevitable.// ✅ Consistent error shape
interface ErrorResponse {
error: {
code: string; // machine-readable: "VALIDATION_ERROR"
message: string; // human-readable: "name is required"
details?: unknown; // optional field-level errors
};
}
// ✅ Cursor-based pagination
interface PaginatedResponse<T> {
data: T[];
nextCursor: string | null; // null = last page
hasMore: boolean;
}
// GET /sessions?cursor=abc123&limit=20
// ✅ Proper status codes
if (!resource) return Response.json({ error: { code: 'NOT_FOUND', message: '...' } }, { status: 404 });
if (!auth) return Response.json({ error: { code: 'UNAUTHORIZED', message: '...' } }, { status: 401 });
// ❌ Inconsistent error shape
Response.json({ message: 'Not found' }); // no code, no standard shape
// ❌ Secrets in URL
GET /api/data?apiKey=sk-xxx // ❌ put in Authorization header
// ❌ Offset pagination (fragile on mutations)
GET /users?offset=100&limit=20 // ❌ gaps after insert/delete
// ❌ 200 for errors
Response.json({ error: '...' }, { status: 200 }); // lies about outcome
POST /sessions
Body: { "provider": "anthropic", "model": "claude-3-5-sonnet" }
201: { "id": "sess_abc", "provider": "anthropic", ... }
400: { "error": { "code": "VALIDATION_ERROR", "message": "model is required" } }
GET /sessions/sess_abc
200: { "id": "sess_abc", "status": "running", ... }
404: { "error": { "code": "NOT_FOUND", "message": "Session not found" } }
GET /sessions?cursor=sess_xyz&limit=20
200: {
"data": [...],
"nextCursor": "sess_aaa",
"hasMore": true
}
PUT /sessions/sess_abc
Body: { "status": "paused" }
200: { "id": "sess_abc", "status": "paused", ... }
400: { "error": { "code": "INVALID_STATUS", "message": "Must be running or paused" } }
| Code | HTTP | When |
|---|---|---|
VALIDATION_ERROR | 400 | Request body/params invalid |
UNAUTHORIZED | 401 | Missing or invalid auth |
FORBIDDEN | 403 | Auth valid but no permission |
NOT_FOUND | 404 | Resource doesn't exist |
CONFLICT | 409 | Duplicate resource |
RATE_LIMITED | 429 | Too many requests |
INTERNAL_ERROR | 500 | Server-side failure |
Authorization header: Authorization: Bearer <token>X-API-Key header for machine-to-machinesdd — for spec-driven API design with acceptance criteriatypescript-strict — for type-safe request/response typessecurity-scanner — for scanning API implementations for injection, auth, and secretstesting — for writing integration tests against API endpoints