api-integration-patternslisted

Subprocess safety, GitHub CLI integration, retry logic, authentication, rate limiting, and timeout handling. Use when integrating external APIs or CLI tools. TRIGGER when: subprocess, gh cli, API call, retry logic, rate limiting, authentication. DO NOT TRIGGER when: internal function calls, pure Python logic, config file edits.
akaszubski/autonomous-dev · ★ 29 · API & Backend · score 68

Install: claude install-skill akaszubski/autonomous-dev

# API Integration Patterns Skill Standardized patterns for integrating external APIs and CLI tools in the autonomous-dev plugin ecosystem. Focuses on safety, reliability, and security when calling external services. ## When This Skill Activates - Integrating external APIs (GitHub, etc.) - Executing subprocess commands safely - Implementing retry logic - Handling authentication - Managing rate limits - Keywords: "api", "subprocess", "github", "gh cli", "retry", "authentication" --- ## Core Patterns ### 1. Subprocess Safety (CWE-78 Prevention) **Definition**: Execute external commands safely without command injection vulnerabilities. **Critical Rules**: - ✅ ALWAYS use argument arrays: `["gh", "issue", "create"]` - ❌ NEVER use shell=True with user input - ✅ ALWAYS whitelist allowed commands - ✅ ALWAYS set timeouts **Pattern**: ```python import subprocess from typing import List def safe_subprocess( command: List[str], *, allowed_commands: List[str], timeout: int = 30 ) -> subprocess.CompletedProcess: """Execute subprocess with CWE-78 prevention. Args: command: Command and arguments as list (NOT string!) allowed_commands: Whitelist of allowed commands timeout: Maximum execution time in seconds Returns: Completed subprocess result Raises: SecurityError: If command not in whitelist subprocess.TimeoutExpired: If timeout exceeded Security: - CWE-78 Prevention: Argument arrays (no