home / skills / makfly / superpowers-symfony / api-platform-tests

api-platform-tests skill

safe

This skill helps you design and validate API Platform contracts in Symfony, enforcing explicit operations, mapping, and security for robust tests.

npx playbooks add skill makfly/superpowers-symfony --skill api-platform-tests

Review the files below or copy the command above to add this skill to your agents.

Files (2)

SKILL.md

1.2 KB

---

name: symfony:api-platform-tests
allowed-tools:
  - Read
  - Write
  - Edit
  - Bash
  - Glob
  - Grep
description: Deliver robust API Platform contracts in Symfony with explicit operations, mapping, and policy-safe behavior. Use for api platform tests tasks.
---

# Api Platform Tests (Symfony)

## Use when
- Designing or evolving API Platform contracts and operations.
- Aligning serialization, validation, and security behavior.

## Default workflow
1. Define operation-level contract and payload boundaries.
2. Implement resource/DTO/provider/processor changes with explicit mapping.
2. Apply operation-specific validation and security constraints.
2. Validate functional behavior across happy and negative paths.

## Guardrails
- Keep API contract explicit and version-aware.
- Avoid exposing internal entity fields implicitly.
- Prevent drift between docs and actual serialization.

## Progressive disclosure
- Use this file for execution posture and risk controls.
- Open references when deep implementation details are needed.

## Output contract
- API artifacts changed (resource/DTO/provider/processor).
- Contract/security decisions and rationale.
- Functional verification results.

## References
- `reference.md`
- `docs/complexity-tiers.md`

Overview

This skill helps deliver robust API Platform contracts in Symfony by making operations, payload mapping, and policy behavior explicit. It focuses on test-driven verification of serialization, validation, and security across happy and negative paths. The goal is predictable, version-aware API behavior with clear artifacts and rationale.

How this skill works

You define operation-level contracts and explicit payload boundaries, then implement resources, DTOs, providers, and processors with deliberate mapping. Operation-specific validation and security constraints are applied and exercised by functional tests that verify both expected success and failure scenarios. The skill outputs changed API artifacts, documented contract and security decisions, and verification results for each operation.

When to use it

Designing or evolving API Platform operations and contracts
Aligning serialization, validation, and and security behavior between code and docs
Introducing DTOs or explicit mapping to prevent entity leakage
Hardening API behavior before a public version or breaking change
Writing or reviewing functional tests that cover negative paths and policy enforcement

Best practices

Keep contracts explicit and version-aware; treat operation signatures as API surface
Never expose internal entity fields implicitly; use DTOs or explicit serialization groups
Apply validation and security rules at the operation level, not only on entities
Map incoming and outgoing payloads explicitly in providers/processors to avoid drift
Write tests for both happy paths and negative/security paths; capture rationale for decisions

Example use cases

Add a new POST operation with a DTO, provider, and processor and verify mapping and validation
Replace implicit serialization groups with explicit DTOs to prevent leaking fields
Enforce operation-specific security rules and prove denial cases with functional tests
Version an existing GET operation and validate backward-compatible serialization behavior
Document contract and policy decisions alongside test results for review and audit

FAQ

What outputs should I include after tests?

Include changed API artifacts (resources, DTOs, providers, processors), the contract and security decisions with rationale, and functional verification results for each operation.

How do I prevent mismatch between docs and behavior?

Make payloads and serialization explicit, version operation contracts, and keep tests that assert documented responses and error shapes.