home / skills / makfly / superpowers-symfony / api-platform-filters

api-platform-filters skill

safe

This skill helps define explicit Symfony API Platform contracts and filters, ensuring security, mapping, and validation align across operations.

npx playbooks add skill makfly/superpowers-symfony --skill api-platform-filters

Review the files below or copy the command above to add this skill to your agents.

Files (2)

SKILL.md

1.2 KB

---

name: symfony:api-platform-filters
allowed-tools:
  - Read
  - Write
  - Edit
  - Bash
  - Glob
  - Grep
description: Deliver robust API Platform contracts in Symfony with explicit operations, mapping, and policy-safe behavior. Use for api platform filters tasks.
---

# Api Platform Filters (Symfony)

## Use when
- Designing or evolving API Platform contracts and operations.
- Aligning serialization, validation, and security behavior.

## Default workflow
1. Define operation-level contract and payload boundaries.
2. Implement resource/DTO/provider/processor changes with explicit mapping.
2. Apply operation-specific validation and security constraints.
2. Validate functional behavior across happy and negative paths.

## Guardrails
- Keep API contract explicit and version-aware.
- Avoid exposing internal entity fields implicitly.
- Prevent drift between docs and actual serialization.

## Progressive disclosure
- Use this file for execution posture and risk controls.
- Open references when deep implementation details are needed.

## Output contract
- API artifacts changed (resource/DTO/provider/processor).
- Contract/security decisions and rationale.
- Functional verification results.

## References
- `reference.md`
- `docs/complexity-tiers.md`

Overview

This skill helps deliver robust API Platform contracts in Symfony by making operations, mappings, and policy behavior explicit. It guides defining operation-level payloads, implements resource/DTO/provider/processor changes, and enforces validation and security per operation. The goal is predictable serialization, documented contracts, and safe evolution.

How this skill works

It inspects requested API operations and recommends or generates operation-level contracts and DTO boundaries. It maps entity and DTO fields explicitly, suggests provider/processor wiring, and adds operation-specific validation and security constraints. It outputs changed artifacts and a short rationale for each contract decision, plus verification notes for happy and negative paths.

When to use it

Designing new API Platform endpoints with clear payload boundaries
Refactoring existing resources to avoid leaking internal entity fields
Aligning serialization groups, validation and security per operation
Preparing a contract-aware API version or breaking change
Adding operation-specific providers or processors for custom behavior

Best practices

Define operation-level DTOs instead of reusing entities for input/output
Keep contracts explicit and version-aware; document breaking changes
Apply validation and security rules at the operation level, not just globally
Map fields explicitly and avoid implicit serialization group coupling
Run functional checks for both success paths and expected failures

Example use cases

Create a POST operation that accepts a sanitized DTO and uses a processor to persist a domain object
Introduce a read-only GET operation exposing a subset of fields via an output DTO
Add a custom provider for a complex query while keeping serialization stable
Migrate an endpoint to a new version with explicit contract and transformation rules
Lock down sensitive fields by removing them from serialization groups and adding policy checks

FAQ

What outputs will I get after running this skill?

You receive the modified API artifacts (resource/DTO/provider/processor), a summary of contract and security choices, and functional verification notes.

How does it prevent exposing internal fields?

It recommends using DTOs and explicit mapping, removes implicit group-based exposure, and applies operation-level serialization rules.