api-and-interface-design
Use when defining a public API, CLI, webhook, or SDK surface — lock the contract first so compatibility, validation, and versioning stay intentional instead of accidental
Best use case
api-and-interface-design is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use when defining a public API, CLI, webhook, or SDK surface — lock the contract first so compatibility, validation, and versioning stay intentional instead of accidental
Teams using api-and-interface-design should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/api-and-interface-design/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How api-and-interface-design Compares
| Feature / Agent | api-and-interface-design | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use when defining a public API, CLI, webhook, or SDK surface — lock the contract first so compatibility, validation, and versioning stay intentional instead of accidental
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# API and Interface Design Define the contract before the implementation. This skill is for **public or cross-team interfaces** where downstream consumers can depend on every observable behavior, including the ones you did not mean to promise. ## When to Use - Designing a new public HTTP API, CLI command, webhook, SDK surface, or plugin contract - Changing an existing interface that other teams, tools, or customers already consume - Clarifying breaking-change policy before implementation starts - Tightening the interface section of `spec-driven-development` for a compatibility-sensitive feature ## When NOT to Use | Instead of api-and-interface-design | Use | |-------------------------------------|-----| | Internal implementation design inside one module | `spec-driven-development` | | Writing user-facing docs for a finished API | `api-documentation` | | Retiring or replacing an old interface | `deprecation-and-migration` | | Narrow bug fixes with no contract change | do the fix directly | ## Workflow ### 1. Identify the real contract boundary Write down: - **Who consumes this interface?** Humans, services, CLI users, integrations, third-party developers - **What is observable?** Inputs, outputs, error codes, ordering, timing, idempotency, pagination, retries - **What must stay stable?** Field names, response structure, exit codes, callback payloads, invariants If the consumer or stability target is unclear, you are not ready to implement. ### 2. Draft the contract before code Create a contract document or spec section before touching implementation: ```markdown ## Interface Contract: createWidget **Interface type**: REST API / CLI / SDK / webhook **Consumers**: Internal services + external customers **Stability**: stable / beta / experimental ### Inputs - Method / command / function name: - Required parameters: - Optional parameters: - Validation rules: ### Outputs - Success shape: - Error shape: - Ordering / pagination guarantees: ### Invariants - [Behavior that must remain true] ### Non-Goals - [What this interface deliberately does not promise] ``` ### 3. Run a Hyrum's Law review For every observable behavior, ask: - Is this behavior intentionally part of the contract? - If consumers start depending on it, can we support it long-term? - If not, should we remove it, hide it, or document that it is non-contractual? Common accidental contracts: - Stable ordering without documenting it - Error message wording used by scripts - Undocumented default values - Side effects triggered by read operations - Field presence that is only an implementation artifact ### 4. Design validation at the trust boundary Validation should happen where untrusted input enters the system: - HTTP body, query params, headers - CLI args and environment variables - Webhook payloads - Files or user-supplied configuration Do not scatter the same runtime validation through every internal layer. Define: - Accepted input shape - Rejection rules - Standard error envelope or exit code mapping - Which invariants are guaranteed after boundary validation succeeds ### 5. Choose the compatibility strategy | Change type | Default strategy | |-------------|------------------| | Additive field | Make optional first; define default behavior | | Renamed field | Add new field, deprecate old one, keep overlap window | | Semantic change | Version the interface or add a new endpoint/flag | | Removed capability | Publish a migration path before removal | If you cannot explain the migration path in two or three sentences, the change is not ready. ### 6. Hand off to implementation planning Once the contract is stable: 1. Feed it into `spec-driven-development` 2. Identify tests that prove the contract 3. Implement the smallest slice that honors the contract exactly ## Example ```markdown ## Interface Contract: `copilot skill install` **Interface type**: CLI **Consumers**: Developers using Copilot CLI **Stability**: beta ### Inputs - Command: `copilot skill install <url-or-path>` - Optional flags: `--dry-run`, `--force` - Validation rules: - URL must be HTTPS or GitHub shorthand - Local path must contain a valid skill directory ### Outputs - Exit code `0`: install succeeded - Exit code `1`: validation failure - Exit code `2`: network or fetch failure ### Invariants - Installed skill is validated before being written - `--dry-run` never mutates the filesystem ### Non-Goals - Private repository authentication - Version pinning ``` ## Common Mistakes | Mistake | Fix | |---------|-----| | Letting implementation details leak into the contract | Document only consumer-visible behavior | | Treating every internal helper as a public interface | Limit this skill to external or cross-team boundaries | | Adding validation everywhere "just in case" | Validate once at the boundary, then trust the normalized input | | Delaying breaking-change planning until after coding | Choose the migration strategy before implementation | ## Verification - [ ] Consumers and stability target are explicitly named - [ ] Inputs, outputs, invariants, and non-goals are written before coding - [ ] Observable but accidental behaviors were reviewed for Hyrum's Law risk - [ ] Boundary validation and error semantics are defined - [ ] Breaking changes have a migration or versioning strategy ## See Also - [`spec-driven-development`](../spec-driven-development/SKILL.md) — turn the contract into an implementation plan - [`api-documentation`](../../documentation/api-documentation/SKILL.md) — publish user-facing API docs - [`deprecation-and-migration`](../deprecation-and-migration/SKILL.md) — retire or replace old interfaces safely
Related Skills
verification-before-completion
Use before claiming any task is done — run the exact command that proves the fix works, read the output, and only then report success.
using-git-worktrees
Use when you need multiple branches checked out at once — create isolated working directories for parallel development without cloning the repository repeatedly
triage
Use when a single issue needs structured triage — classify it, reproduce if needed, request missing information, and leave a durable brief or close-out note in the tracker.
to-issues
Use when a plan, spec, or PRD must become an actionable backlog — break it into thin dependency-aware issues that each deliver a verifiable vertical slice
sprint-workflow
Use when starting a new feature, refactor, or multi-step dev task — runs the full sprint cycle (Think → Plan → Build → Review → Test → Ship → Monitor) using Copilot CLI's plan/autopilot modes.
sprint-retro
Use at the end of a sprint to run a data-driven retrospective — analyzes session history and git metrics to surface what shipped, what slowed you down, and concrete improvements.
security-audit
Use when a codebase needs a formal security audit beyond a quick scan — applies OWASP Top 10 and STRIDE threat modeling from a CSO perspective to surface systemic vulnerabilities.
release
Use when a sprint or feature is complete and ready to ship — tags the version, generates GitHub Release notes, runs rollout or smoke verification, and publishes to npm/PyPI/Docker registries.
prompt-optimizer
Use when a rough prompt, vague idea, or task description needs to become a finished copy-pasteable prompt for a chat-based LLM - rewrite it into one ready-to-send prompt with no blanks, no placeholders, and a clear output shape.
outside-voice
Use when you need an independent second opinion before, during, or after implementation — run challenge, consult, or review mode in a direct builder-to-builder voice
llm-wiki
Use when research or domain knowledge keeps getting rediscovered across sessions — build a supplementary markdown wiki that compounds synthesized knowledge without replacing GitHub or committed project guidance
interview-me
Use when a request is underspecified and you need to discover what the user actually wants before writing a plan, spec, or code - ask one question at a time, attach your current hypothesis, and stop only after the intent is explicitly confirmed.