Skip to content

tx2z/claude-code-api-validator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
api
api
 
 
commands
commands
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Claude Code API Validator

A comprehensive API validation command for Claude Code that validates APIs against industry best practices using specialized AI agents.

Features

  • REST Best Practices - HTTP methods, resource naming, URL structure, status codes
  • GraphQL Best Practices - Schema design, query complexity, N+1 detection
  • OpenAPI/Swagger Validation - Spec completeness, documentation quality
  • API Security - Authentication, authorization, input validation, rate limiting
  • Performance Analysis - Caching, compression, query efficiency
  • Consistency Checking - Naming patterns, response structure, error formats
  • Versioning Analysis - Strategy validation, backward compatibility

Requirements

Installation

  1. Clone or download this repository
  2. Copy the folders to your project's .claude/ directory:
# From your project root
cp -r path/to/claude-code-api-validator/commands .claude/
cp -r path/to/claude-code-api-validator/api .claude/

Your project structure should look like:

your-project/
├── .claude/
│   ├── commands/
│   │   └── api-validator.md
│   └── api/
│       ├── agents/
│       │   ├── rest-practices.md
│       │   ├── graphql-practices.md
│       │   ├── openapi-spec.md
│       │   ├── api-security.md
│       │   ├── api-performance.md
│       │   ├── api-consistency.md
│       │   └── api-versioning.md
│       └── templates/
│           └── api-validation-report.md
├── src/
└── ...
  1. (Optional) Add api-reports/ to your .gitignore:
echo "api-reports/" >> .gitignore

Optional: Optimize for Your Tech Stack

After installation, you can optimize the API validator for your specific codebase. This improves validation accuracy by focusing on your API framework's conventions and patterns.

Run this prompt in Claude Code:

I just installed the api-validator command in .claude/. Please:

1. Analyze my codebase to detect my API stack (framework, API style, authentication method, database)
2. Read the command files in .claude/commands/api-validator.md and .claude/api/agents/
3. Optimize each validation agent by:
   - Removing checks for API styles I don't use (REST vs GraphQL)
   - Adding validation rules specific to my framework (NestJS decorators, FastAPI patterns, etc.)
   - Configuring security checks based on my auth implementation
   - Adjusting performance checks based on my ORM/database
4. Keep the agent structure, validation categories, and output format unchanged

Show me what you'll change before applying.

Usage

In Claude Code, run the API validation command:

/api-validator

Validation Modes

Command Description
/api-validator Full validation (all checks)
/api-validator rest REST API best practices only
/api-validator graphql GraphQL best practices only
/api-validator openapi OpenAPI/Swagger spec validation
/api-validator security API security validation only
/api-validator performance Performance analysis only
/api-validator versioning Versioning strategy validation
/api-validator consistency Consistency checking only

Validation Categories

API01 - REST Best Practices

Check Description
HTTP Methods Correct usage of GET, POST, PUT, PATCH, DELETE
Resource Naming Plural nouns, kebab-case, clear hierarchy
URL Structure Proper nesting, query parameters
Status Codes Appropriate response codes
Response Format Consistent JSON structure
Pagination Cursor/offset implementation
HATEOAS Hypermedia links
Idempotency Safe operation guarantees

API02 - GraphQL Best Practices

Check Description
Schema Design Type structure, relationships
Query Complexity Depth/complexity limits
N+1 Detection DataLoader usage
Mutations Input types, return values
Error Handling Error types, extensions
Pagination Relay-style connections
Subscriptions Real-time patterns

API03 - OpenAPI/Swagger

Check Description
Spec Completeness Required fields, descriptions
Schema Definitions Proper types, refs
Examples Request/response examples
Security Schemes Auth documentation
Error Responses Error documentation
Versioning API version info

API04 - Security

Check Description
Authentication JWT, OAuth, API keys
Authorization RBAC, scopes
Rate Limiting Throttling configuration
Input Validation Schema validation, sanitization
CORS Cross-origin configuration
Error Exposure Sensitive info leakage

API05 - Performance

Check Description
Caching ETags, Cache-Control
Compression gzip, brotli
Payload Size Response optimization
N+1 Queries Database efficiency
Async Operations Background processing
Connection Pooling Resource management

API06 - Consistency

Check Description
Naming Conventions camelCase/snake_case
Response Structure Envelope patterns
Error Format Standard error objects
Date Formats ISO 8601 compliance
Null Handling Consistent null/undefined

API07 - Versioning

Check Description
Version Strategy URL, header, or query
Backward Compatibility Breaking change detection
Deprecation Sunset headers, notices
Migration Guides Version transition docs

Supported Tech Stacks

The validator auto-detects and adapts to:

Node.js/TypeScript:

  • Express.js
  • NestJS
  • Fastify
  • Hapi

Python:

  • FastAPI
  • Django REST Framework
  • Flask

PHP:

  • Laravel
  • Lumen

.NET:

  • ASP.NET Core
  • ASP.NET Web API

Go:

  • Gin
  • Echo
  • Chi

Java:

  • Spring Boot
  • JAX-RS
  • Quarkus

How It Works

  1. Tech Stack Detection - Automatically detects your API framework and patterns
  2. Agent Execution - Spawns specialized agents for each validation domain
  3. Pattern Analysis - Analyzes code against best practice patterns
  4. Finding Collection - Aggregates and deduplicates findings
  5. Report Generation - Creates a markdown report in api-reports/
  6. Fix Mode - Optionally offers to fix Critical/High issues

Output

Reports are saved to api-reports/YYYY-MM-DD-HHmm-validation.md with:

  • API Health Score (0-100)
  • Executive Summary (severity counts)
  • Endpoints Analyzed
  • Critical Findings (full details + remediation)
  • High Findings (full details + remediation)
  • Medium Findings (abbreviated)
  • Low Findings (list format)
  • Best Practice Recommendations

Severity Levels

Level Description Action
Critical Breaks API contract or security Fix immediately
High Significant deviation from standards Fix this sprint
Medium Best practice violation Plan to fix
Low Minor improvement opportunity Fix when convenient
Info Informational/suggestion Consider

Customization

To adapt for your specific needs:

  1. Tech stack detection - Modify Step 1 in api-validator.md
  2. Agent behavior - Edit individual agents in api/agents/
  3. Report format - Modify api/templates/api-validation-report.md
  4. Severity thresholds - Adjust in agent files

Contributing

Contributions welcome! Please:

  1. Fork the repository
  2. Create a feature branch
  3. Submit a pull request

License

MIT License - see LICENSE file.

Disclaimer

This tool performs static analysis and pattern matching. It provides guidance based on industry best practices but cannot guarantee detection of all issues. Always perform manual API reviews and testing for production systems.

References

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •