roninforge-fastapi

Cursor plugin for FastAPI and Pydantic v2. Prevents Pydantic v1 hallucinations, async event loop blocking, and teaches idiomatic async Python patterns.

The Problem

AI models generate FastAPI code with Pydantic v1 patterns by default:

• .dict() instead of .model_dump(), .json() instead of .model_dump_json()
• @validator instead of @field_validator, @root_validator instead of @model_validator
• class Config: orm_mode = True instead of model_config = ConfigDict(from_attributes=True)
• constr, conint, confloat instead of Annotated[type, Field(...)]
• from pydantic import BaseSettings (moved to pydantic-settings package)
• @app.on_event("startup") instead of lifespan context manager
• requests.get() in async endpoints (blocks the event loop)
• No response_model (exposes sensitive fields like hashed passwords)
• Sync database drivers in async applications

Install

Clone into your Cursor plugins directory:

git clone https://github.com/RoninForge/roninforge-fastapi.git ~/.cursor/plugins/local/roninforge-fastapi

Or copy rules/skills into your project:

git clone https://github.com/RoninForge/roninforge-fastapi.git
cp -r roninforge-fastapi/rules/* your-project/.cursor/rules/
cp -r roninforge-fastapi/skills/* your-project/.cursor/skills/
cp -r roninforge-fastapi/agents/* your-project/.cursor/agents/

What's Included

Rules (5 files, auto-attached)

Rule	Scope	What it does
fastapi-core	Always active	Endpoints, DI with Annotated, response models, lifespan, project structure
fastapi-anti-patterns	Always active	13 AI mistakes: v1 methods, v1 validators, v1 config, event loop blocking, session leaks
fastapi-pydantic-v2	Schema/model files	Complete v1-to-v2 migration: methods, validators, config, fields, serialization
fastapi-async	Route files	Event loop safety, blocking detection, async SQLAlchemy, eager loading
fastapi-security	Agent-requested	JWT/OAuth2, password hashing, file upload safety, CORS, rate limiting

Skills (4 commands)

Skill	Command	What it does
Endpoint	/fastapi-endpoint	Generate CRUD endpoint with v2 schemas, async queries, response models
Model	/fastapi-model	Generate SQLAlchemy model + Pydantic v2 schemas
Validate	/fastapi-validate	Scan for v1 leftovers, async blocking, security gaps
Settings	/fastapi-settings	Set up pydantic-settings with env vars and DI

Agent (1 subagent)

Agent	What it does
fastapi-reviewer	Reviews code for v1 patterns, async safety, response models, security

What Makes This Different

This is the first FastAPI plugin on the Cursor marketplace. There are also virtually zero community .cursorrules files for FastAPI - this is the emptiest slot in the ecosystem.

What it prevents:

• The complete Pydantic v1-to-v2 method rename table (13 methods)
• Event loop blocking (the #1 async performance killer)
• Database session leaks and N+1 queries in async SQLAlchemy
• Security gaps (exposed passwords, missing auth, CORS misconfiguration)
• Deprecated patterns (on_event, BaseSettings import, constrained types)

Test Fixtures

• tests/fixtures/anti-pattern-sample/ - Pydantic v1 patterns, blocking calls, missing response models
• tests/fixtures/correct-sample/ - Idiomatic FastAPI with Pydantic v2 and async patterns

Validation

chmod +x tests/validation/validate-plugin.sh
./tests/validation/validate-plugin.sh

License

MIT - see LICENSE

Links

• FastAPI Documentation
• Pydantic v2 Migration Guide
• Cursor Plugin Documentation
• RoninForge