home / skills / makfly / superpowers-symfony / api-platform-dto-resources

api-platform-dto-resources skill

safe

This skill helps you design and evolve API Platform contracts in Symfony by enforcing explicit DTO resources, mappings, and policy-safe behavior.

npx playbooks add skill makfly/superpowers-symfony --skill api-platform-dto-resources

Review the files below or copy the command above to add this skill to your agents.

Files (2)

SKILL.md

1.3 KB

---
name: symfony:api-platform-dto-resources
allowed-tools:
  - Read
  - Write
  - Edit
  - Bash
  - Glob
  - Grep
description: Deliver robust API Platform contracts in Symfony with explicit operations, mapping, and policy-safe behavior. Use for api platform dto resources tasks.
---

# Api Platform Dto Resources (Symfony)

## Use when
- Designing or evolving API Platform contracts and operations.
- Aligning serialization, validation, and security behavior.

## Default workflow
1. Define operation-level contract and payload boundaries.
2. Implement resource/DTO/provider/processor changes with explicit mapping.
2. Apply operation-specific validation and security constraints.
2. Validate functional behavior across happy and negative paths.

## Guardrails
- Keep API contract explicit and version-aware.
- Avoid exposing internal entity fields implicitly.
- Prevent drift between docs and actual serialization.

## Progressive disclosure
- Use this file for execution posture and risk controls.
- Open references when deep implementation details are needed.

## Output contract
- API artifacts changed (resource/DTO/provider/processor).
- Contract/security decisions and rationale.
- Functional verification results.

## References
- `reference.md`
- `docs/complexity-tiers.md`

Overview

This skill helps deliver robust API Platform DTO-based resources in Symfony by making operation contracts, mapping, and security explicit. It focuses on clear payload boundaries, predictable serialization, and policy-safe behavior to avoid accidental data leaks. Use it to align implementation with declared API contracts and to document rationale for contract decisions.

How this skill works

The skill inspects API operation definitions and maps them to DTOs, resources, providers, and processors to ensure serialization and validation match the declared contract. It enforces operation-specific validation and security constraints, reviews mapping layers for leaks, and produces a concise output of changed artifacts and rationale. Functional verification covers both happy paths and negative scenarios to detect contract drift.

When to use it

Designing or evolving API Platform operations and contracts.
Introducing DTOs to decouple internal entities from public payloads.
Adding or tightening security and validation rules per operation.
Preparing a versioned API change to avoid accidental breaking behavior.
Ensuring documentation and serialization stay synchronized.

Best practices

Define operation-level contracts first, including allowed fields and payload shapes.
Map DTOs explicitly to providers/processors; avoid implicit entity exposure.
Apply validation and security at the operation level, not only at the entity layer.
Keep contract changes version-aware and document rationale for each change.
Run functional tests for both positive and negative paths after implementation.

Example use cases

Replace direct entity exposure with DTOs for read and write operations to prevent leaking internal fields.
Add a custom operation with a different input/output contract and enforce operation-scoped validation.
Introduce a new API version where some fields are renamed or removed while preserving older contracts.
Audit existing resources to detect serialization differences between docs and runtime output.

FAQ

What artifacts will change when applying this skill?

Expect changes to resources, DTOs, providers, and processors, plus updated validation and security rules.

How does this prevent exposing internal fields?

By requiring explicit mapping between DTOs and entities and enforcing operation-level serialization rules instead of relying on implicit entity serialization.