api-and-interface-design

Use when defining a public API, CLI, webhook, or SDK surface — lock the contract first so compatibility, validation, and versioning stay intentional instead of accidental

8 stars

Best use case

api-and-interface-design is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Use when defining a public API, CLI, webhook, or SDK surface — lock the contract first so compatibility, validation, and versioning stay intentional instead of accidental

Teams using api-and-interface-design should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/api-and-interface-design/SKILL.md --create-dirs "https://raw.githubusercontent.com/drvoss/everything-copilot-cli/main/skills/development/api-and-interface-design/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/api-and-interface-design/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How api-and-interface-design Compares

Feature / Agentapi-and-interface-designStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Use when defining a public API, CLI, webhook, or SDK surface — lock the contract first so compatibility, validation, and versioning stay intentional instead of accidental

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# API and Interface Design

Define the contract before the implementation. This skill is for **public or cross-team interfaces**
where downstream consumers can depend on every observable behavior, including the ones you did not
mean to promise.

## When to Use

- Designing a new public HTTP API, CLI command, webhook, SDK surface, or plugin contract
- Changing an existing interface that other teams, tools, or customers already consume
- Clarifying breaking-change policy before implementation starts
- Tightening the interface section of `spec-driven-development` for a compatibility-sensitive feature

## When NOT to Use

| Instead of api-and-interface-design | Use |
|-------------------------------------|-----|
| Internal implementation design inside one module | `spec-driven-development` |
| Writing user-facing docs for a finished API | `api-documentation` |
| Retiring or replacing an old interface | `deprecation-and-migration` |
| Narrow bug fixes with no contract change | do the fix directly |

## Workflow

### 1. Identify the real contract boundary

Write down:

- **Who consumes this interface?** Humans, services, CLI users, integrations, third-party developers
- **What is observable?** Inputs, outputs, error codes, ordering, timing, idempotency, pagination, retries
- **What must stay stable?** Field names, response structure, exit codes, callback payloads, invariants

If the consumer or stability target is unclear, you are not ready to implement.

### 2. Draft the contract before code

Create a contract document or spec section before touching implementation:

```markdown
## Interface Contract: createWidget

**Interface type**: REST API / CLI / SDK / webhook
**Consumers**: Internal services + external customers
**Stability**: stable / beta / experimental

### Inputs
- Method / command / function name:
- Required parameters:
- Optional parameters:
- Validation rules:

### Outputs
- Success shape:
- Error shape:
- Ordering / pagination guarantees:

### Invariants
- [Behavior that must remain true]

### Non-Goals
- [What this interface deliberately does not promise]
```

### 3. Run a Hyrum's Law review

For every observable behavior, ask:

- Is this behavior intentionally part of the contract?
- If consumers start depending on it, can we support it long-term?
- If not, should we remove it, hide it, or document that it is non-contractual?

Common accidental contracts:

- Stable ordering without documenting it
- Error message wording used by scripts
- Undocumented default values
- Side effects triggered by read operations
- Field presence that is only an implementation artifact

### 4. Design validation at the trust boundary

Validation should happen where untrusted input enters the system:

- HTTP body, query params, headers
- CLI args and environment variables
- Webhook payloads
- Files or user-supplied configuration

Do not scatter the same runtime validation through every internal layer. Define:

- Accepted input shape
- Rejection rules
- Standard error envelope or exit code mapping
- Which invariants are guaranteed after boundary validation succeeds

### 5. Choose the compatibility strategy

| Change type | Default strategy |
|-------------|------------------|
| Additive field | Make optional first; define default behavior |
| Renamed field | Add new field, deprecate old one, keep overlap window |
| Semantic change | Version the interface or add a new endpoint/flag |
| Removed capability | Publish a migration path before removal |

If you cannot explain the migration path in two or three sentences, the change is not ready.

### 6. Hand off to implementation planning

Once the contract is stable:

1. Feed it into `spec-driven-development`
2. Identify tests that prove the contract
3. Implement the smallest slice that honors the contract exactly

## Example

```markdown
## Interface Contract: `copilot skill install`

**Interface type**: CLI
**Consumers**: Developers using Copilot CLI
**Stability**: beta

### Inputs
- Command: `copilot skill install <url-or-path>`
- Optional flags: `--dry-run`, `--force`
- Validation rules:
  - URL must be HTTPS or GitHub shorthand
  - Local path must contain a valid skill directory

### Outputs
- Exit code `0`: install succeeded
- Exit code `1`: validation failure
- Exit code `2`: network or fetch failure

### Invariants
- Installed skill is validated before being written
- `--dry-run` never mutates the filesystem

### Non-Goals
- Private repository authentication
- Version pinning
```

## Common Mistakes

| Mistake | Fix |
|---------|-----|
| Letting implementation details leak into the contract | Document only consumer-visible behavior |
| Treating every internal helper as a public interface | Limit this skill to external or cross-team boundaries |
| Adding validation everywhere "just in case" | Validate once at the boundary, then trust the normalized input |
| Delaying breaking-change planning until after coding | Choose the migration strategy before implementation |

## Verification

- [ ] Consumers and stability target are explicitly named
- [ ] Inputs, outputs, invariants, and non-goals are written before coding
- [ ] Observable but accidental behaviors were reviewed for Hyrum's Law risk
- [ ] Boundary validation and error semantics are defined
- [ ] Breaking changes have a migration or versioning strategy

## See Also

- [`spec-driven-development`](../spec-driven-development/SKILL.md) — turn the contract into an implementation plan
- [`api-documentation`](../../documentation/api-documentation/SKILL.md) — publish user-facing API docs
- [`deprecation-and-migration`](../deprecation-and-migration/SKILL.md) — retire or replace old interfaces safely

Related Skills

verification-before-completion

8
from drvoss/everything-copilot-cli

Use before claiming any task is done — run the exact command that proves the fix works, read the output, and only then report success.

using-git-worktrees

8
from drvoss/everything-copilot-cli

Use when you need multiple branches checked out at once — create isolated working directories for parallel development without cloning the repository repeatedly

triage

8
from drvoss/everything-copilot-cli

Use when a single issue needs structured triage — classify it, reproduce if needed, request missing information, and leave a durable brief or close-out note in the tracker.

to-issues

8
from drvoss/everything-copilot-cli

Use when a plan, spec, or PRD must become an actionable backlog — break it into thin dependency-aware issues that each deliver a verifiable vertical slice

sprint-workflow

8
from drvoss/everything-copilot-cli

Use when starting a new feature, refactor, or multi-step dev task — runs the full sprint cycle (Think → Plan → Build → Review → Test → Ship → Monitor) using Copilot CLI's plan/autopilot modes.

sprint-retro

8
from drvoss/everything-copilot-cli

Use at the end of a sprint to run a data-driven retrospective — analyzes session history and git metrics to surface what shipped, what slowed you down, and concrete improvements.

security-audit

8
from drvoss/everything-copilot-cli

Use when a codebase needs a formal security audit beyond a quick scan — applies OWASP Top 10 and STRIDE threat modeling from a CSO perspective to surface systemic vulnerabilities.

release

8
from drvoss/everything-copilot-cli

Use when a sprint or feature is complete and ready to ship — tags the version, generates GitHub Release notes, runs rollout or smoke verification, and publishes to npm/PyPI/Docker registries.

prompt-optimizer

8
from drvoss/everything-copilot-cli

Use when a rough prompt, vague idea, or task description needs to become a finished copy-pasteable prompt for a chat-based LLM - rewrite it into one ready-to-send prompt with no blanks, no placeholders, and a clear output shape.

outside-voice

8
from drvoss/everything-copilot-cli

Use when you need an independent second opinion before, during, or after implementation — run challenge, consult, or review mode in a direct builder-to-builder voice

llm-wiki

8
from drvoss/everything-copilot-cli

Use when research or domain knowledge keeps getting rediscovered across sessions — build a supplementary markdown wiki that compounds synthesized knowledge without replacing GitHub or committed project guidance

interview-me

8
from drvoss/everything-copilot-cli

Use when a request is underspecified and you need to discover what the user actually wants before writing a plan, spec, or code - ask one question at a time, attach your current hypothesis, and stop only after the intent is explicitly confirmed.