express-api-development
Express Api Development
Overview
Use this skill to design and implement Express services with explicit middleware ordering, stable API errors, and operationally debuggable behavior.
Scope Boundaries
- Use this skill when the task matches the trigger condition described in
description. - Do not use this skill when the primary task falls outside this skill's domain.
Shared References
- Middleware ordering guidance:
references/express-middleware-ordering-guidance.md
- Error handling guidance:
references/express-error-handling-guidance.md
Templates And Assets
- Route module starter:
assets/express-route-module-template.js
- Error catalog template:
assets/express-error-catalog-template.md
- Verification checklist:
assets/express-api-verification-checklist.md
Inputs To Gather
- Endpoint requirements and validation rules.
- AuthN/AuthZ and rate-limit requirements.
- Logging and observability expectations.
- Existing middleware stack and error contract conventions.
- Request/response shape contracts for boundary-safe handoff to service layer.
Deliverables
- Route and middleware composition plan.
- Validation and error response contract.
- Security and observability integration plan.
- Verification checklist with critical-path coverage.
Workflow
- Define route modules by domain and resource responsibility.
- Apply middleware ordering from
references/express-middleware-ordering-guidance.md. - Implement route handlers using
assets/express-route-module-template.js. - Parse and validate
req.params/req.query/req.bodyonce, then map to explicit domain input objects. - Centralize and normalize error handling using
references/express-error-handling-guidance.mdandassets/express-error-catalog-template.md. - Validate behavior with
assets/express-api-verification-checklist.md.
Quality Standard
- Middleware order is explicit, deterministic, and testable.
- Validation failures are client-actionable and consistent.
- Error responses use stable codes and correlation IDs.
- Operational signals are sufficient for incident triage.
- Route handlers do not pass raw request objects or untyped payload bags into core domain services.
Failure Conditions
- Stop when middleware side effects are order-dependent and undocumented.
- Stop when endpoints bypass centralized error mapping.
- Escalate when error contracts diverge across routes without policy approval.
More from kentoshimizu/sw-agent-skills
graph-algorithms
Graph algorithm workflow for modeling entities/relations and selecting traversal, path, ordering, or flow strategies. Use when correctness or performance depends on graph representation and algorithm choice; do not use for schema-only modeling or deployment topology planning.
14bash-style-guide
Style, review, and refactoring standards for Bash shell scripting. Trigger when `.sh` files, files with `#!/usr/bin/env bash` or `#!/bin/bash`, or CI workflow blocks with `shell: bash` are created, modified, or reviewed and Bash-specific quality controls (quoting safety, error handling, portability, readability) must be enforced. Do not use for generic POSIX `sh`, PowerShell, or language-specific application style rules. In multi-language pull requests, run together with other applicable `*-style-guide` skills.
11architecture-clean-architecture
Clean Architecture workflow for enforcing dependency direction, stable domain boundaries, and use-case-centered application design. Use when teams must separate business rules from frameworks and delivery mechanisms; do not use for isolated module cleanup without boundary implications.
11powershell-style-guide
Style, review, and refactoring standards for PowerShell scripting. Trigger when `.ps1`, `.psm1`, `.psd1` files, or CI workflow blocks with `shell: pwsh` or `shell: powershell` are created, modified, or reviewed and PowerShell-specific quality controls (error handling, parameter validation, readability, operational safety) must be enforced. Do not use for Bash, generic POSIX `sh`, or language-specific application style rules. In multi-language pull requests, run together with other applicable `*-style-guide` skills.
10github-codeowners-management
Govern CODEOWNERS rules so review routing reflects real ownership and risk boundaries on GitHub. Use when repository ownership mapping or mandatory reviewer rules must be defined, updated, or audited; do not use for non-GitHub runtime architecture or data-layer design.
9security-authentication
Security workflow for authentication architecture, credential lifecycle, and session/token assurance. Use when login, identity proofing, MFA, or session security decisions are required; do not use for authorization policy design or non-security quality tuning.
9