tessl-labs/fastapi-security-basics
Security defaults that belong in every FastAPI application from day one.
93
7.00x
Quality
90%
Does it follow best practices?
Impact
98%
7.00xAverage score across 5 eval scenarios
Securityby
Passed
No known issues
fastapi-input-validation.jsonverifiers/
{
"instruction": "Use Pydantic models with Field constraints and field_validator for all input",
"relevant_when": "Agent creates or modifies a FastAPI application that accepts user input, adds POST/PUT/PATCH endpoints",
"context": "FastAPI uses Pydantic for input validation, but agents often create models without field constraints. Every string must have min_length and max_length via Field(). Every integer must have range constraints (gt, ge, lt, le). Enum-like strings should use Field(pattern=). Complex validation uses @field_validator with @classmethod that raises ValueError.",
"sources": [
{
"type": "file",
"filename": "skills/fastapi-security-basics/SKILL.md",
"tile": "tessl-labs/fastapi-security-basics@0.2.0"
}
],
"checklist": [
{
"name": "pydantic-models-defined",
"rule": "Agent defines Pydantic BaseModel subclasses for all request bodies",
"relevant_when": "Agent creates FastAPI endpoints that accept input"
},
{
"name": "field-constraints-used",
"rule": "Agent uses Field() with constraints (min_length, max_length, gt, ge, lt, le, pattern) on model fields",
"relevant_when": "Agent creates Pydantic models for FastAPI"
},
{
"name": "string-length-constraints",
"rule": "Agent adds min_length and max_length constraints to string fields via Field()",
"relevant_when": "Agent creates Pydantic models with string fields"
},
{
"name": "integer-range-constraints",
"rule": "Agent adds range constraints (gt, ge, lt, le) to integer fields via Field()",
"relevant_when": "Agent creates Pydantic models with integer fields"
},
{
"name": "field-validator-used",
"rule": "Agent uses @field_validator decorator with @classmethod for complex validation logic that raises ValueError",
"relevant_when": "Agent creates Pydantic models that need validation beyond simple Field constraints"
},
{
"name": "endpoints-use-models",
"rule": "Agent uses Pydantic models as type annotations on route handler parameters (not raw dict or untyped)",
"relevant_when": "Agent creates FastAPI endpoints that accept input"
}
]
}evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
skills
fastapi-security-basics
verifiers