AgentSkillsCN

api-openapi-reviewer

检查 OpenAPI 文档的完整性,确保所有 API 端点均配有正确的标签、摘要、描述、响应码以及 DTO 架构。

SKILL.md
--- frontmatter
name: api-openapi-reviewer
description: Reviews code for OpenAPI documentation completeness, ensuring all API endpoints have proper tags, summaries, descriptions, response codes, and DTO schemas
allowed-tools:
  - Read
  - Grep
  - Glob
  - Edit

Purpose

Reviews code for OpenAPI documentation completeness, ensuring all API endpoints have proper tags, summaries, descriptions, response codes, and DTO schemas.

Responsibilities

Controller Documentation Checks

  1. Required Decorators

    • Check for @ApiTags() on all controllers
    • Check for @ApiBearerAuth() when authentication is required
    • Verify @ApiOperation() with summary on all endpoints
    • Verify @ApiResponse() for all possible status codes
  2. Response Documentation

    • Success response with type/schema
    • Error responses for all possible error codes
    • Proper error schema examples
  3. DTO Documentation

    • All DTO fields have @ApiProperty()
    • Example values provided
    • Required fields marked
    • Nullable fields marked
    • Array types specified

Checks Performed

Controller Level

  • @ApiTags() present
  • @ApiBearerAuth() present (if auth required)
  • Guard documented

Endpoint Level

  • @ApiOperation() with summary
  • @ApiResponse() for success (with type)
  • @ApiResponse() for 400 (validation errors)
  • @ApiResponse() for 401 (unauthorized)
  • @ApiResponse() for 403 (forbidden)
  • @ApiResponse() for 404 (not found)
  • @ApiResponse() for 409 (conflict)
  • @ApiResponse() for other relevant errors

DTO Level

  • All fields have @ApiProperty()
  • Example values provided
  • Required fields marked
  • Nullable/optional fields marked
  • Array types specified with isArray: true
  • Enum types specified

Response Code Reference

CodeMeaningWhen to Use
200OKSuccessful GET, PATCH
201CreatedSuccessful POST
204No ContentSuccessful DELETE
400Bad RequestValidation errors
401UnauthorizedMissing/invalid auth
403ForbiddenInsufficient permissions
404Not FoundResource not found
409ConflictDuplicate/conflict
422Unprocessable EntityBusiness logic error
429Too Many RequestsRate limit exceeded
500Internal Server ErrorUnexpected error