api-http-test
API HTTP Test
Goal
Use this skill to run real HTTP requests with reusable project configuration and authentication.
Script location
<project-root>/.skills/api-http-test/is config-only and storeshttp.toml.- Helper scripts live in the installed skill directory under
scripts/. - If the current directory is not the target project, set
HTTP_PROJECT_ROOT=/path/to/repo.
First-time setup (required)
- Trigger setup with
/api-http-test install. - The install action must call:
HTTP_PROJECT_ROOT=/path/to/repo /path/to/api-http-test/scripts/api_http_test.sh install
- This creates
.skills/api-http-test/http.tomlin the target project.
Fast path
- Install/bootstrap profile:
HTTP_PROJECT_ROOT=/path/to/repo /path/to/api-http-test/scripts/api_http_test.sh install
- Run request:
HTTP_PROJECT_ROOT=/path/to/repo HTTP_PROFILE=local /path/to/api-http-test/scripts/api_http_test.sh request GET /health
- Run POST with JSON:
HTTP_PROJECT_ROOT=/path/to/repo HTTP_PROFILE=local /path/to/api-http-test/scripts/api_http_test.sh request POST /auth/login --body '{"username":"demo","password":"demo"}'
Workflow
- Ensure project config exists:
- If
.skills/api-http-test/http.tomlis missing, run bootstrap (installflow).
- If
- Resolve auth mode:
- Prefer autodetect suggestion during bootstrap.
- If unclear, use explicit
auth_modein TOML (bearer|basic|api_key|none).
- Resolve endpoint from docs when available:
- If
<project-root>/docs/exists and contains OpenAPI YAML files, treat them as source of truth for method/path/params. - Use documented path prefix and required params exactly as defined in YAML.
- Only fallback to controller-derived routes when docs are missing or clearly stale.
- If
- Execute request:
- Use
run_http.shwith profile selection (HTTP_PROFILEor--profile). - Support custom headers, query params, and raw/body-file payload.
- Persist session cookies from
Set-Cookieand reuse them automatically on next requests.
- Use
- Report outcome:
- Return status, URL, auth mode used, and response body.
Trigger rules (summary)
- If user explicitly asks to initialize config or says install, run bootstrap flow.
- If user asks to run/test an endpoint realistically, use
run_http.sh. - If
docs/OpenAPI YAML exists, read docs first and build the request from documented method/path. - If auth errors occur (401/403), verify profile auth fields and re-run.
- If no profile is specified and multiple are present, ask user which profile to use.
Security guardrails
- Do not commit credentials; ensure
.skills/api-http-test/http.tomlis gitignored. - Do not commit cookie jars; ensure
.skills/api-http-test/.cookies/is gitignored. - Mask secrets in explanations when reporting logs.
- Use project-scoped config only for the target repository.
References
- Usage and examples:
references/http_usage.md - TOML schema:
references/http_toml_schema.md
More from marco-meini/cursor
yn-be-developer-typescript
Best practices, coding conventions, and patterns for backend projects using TypeScript. Use when writing code, tests, or new features in TypeScript backends with src/, Express, PostgreSQL/MongoDB, and Mocha+tsx.
33test-from-target
Generates or updates Mocha-style test suites (.test.ts) from a target class or method. Use when writing tests from controller/model/lib code, when the user asks to test a class or method, or when adding test coverage for a specific target. Assumes TypeScript, ESM, Mocha with tsx/cjs, source under src/, tests under test/.
4openapi-doc-from-controller
Creates or updates one OpenAPI YAML fragment from a single controller method. Use when documenting API endpoints, adding OpenAPI path items from Express routes, or when the user asks to document an endpoint or update docs from controller code.
2