Coding & Refactoringlow risk

fastapi-deps

Use when the user wants to upgrade the project's dependencies safely — bump versions, read changelogs for breaking changes, and verify the suite still passes. Upgrades incrementally and stops on the first break; it does not add new dependencies (that's a design decision to raise separately).

steph-dove/klaussy-agents·examples/fastapi/.github/skills/fastapi-deps/SKILL.md
39/ 100推荐值

导入这个 Skill

选择你的 coding agent,复制项目级或个人级安装命令。

固定到平台收录的 commit
导入当前项目.agents/skills/fastapi-deps
npx skills add https://github.com/steph-dove/klaussy-agents/tree/cd63ff9bef3ee4714551249748cf9c466f69640f/examples/fastapi/.github/skills/fastapi-deps -a codex -y
导入个人环境~/.agents/skills/fastapi-deps
npx skills add https://github.com/steph-dove/klaussy-agents/tree/cd63ff9bef3ee4714551249748cf9c466f69640f/examples/fastapi/.github/skills/fastapi-deps -a codex -g -y
手动放置目录.agents/skills/fastapi-depsOfficial docs ↗
导入当前项目.claude/skills/fastapi-deps
npx skills add https://github.com/steph-dove/klaussy-agents/tree/cd63ff9bef3ee4714551249748cf9c466f69640f/examples/fastapi/.github/skills/fastapi-deps -a claude-code -y
导入个人环境~/.claude/skills/fastapi-deps
npx skills add https://github.com/steph-dove/klaussy-agents/tree/cd63ff9bef3ee4714551249748cf9c466f69640f/examples/fastapi/.github/skills/fastapi-deps -a claude-code -g -y
手动放置目录.claude/skills/fastapi-depsOfficial docs ↗
导入当前项目.agents/skills/fastapi-deps
npx skills add https://github.com/steph-dove/klaussy-agents/tree/cd63ff9bef3ee4714551249748cf9c466f69640f/examples/fastapi/.github/skills/fastapi-deps -a github-copilot -y
导入个人环境~/.copilot/skills/fastapi-deps
npx skills add https://github.com/steph-dove/klaussy-agents/tree/cd63ff9bef3ee4714551249748cf9c466f69640f/examples/fastapi/.github/skills/fastapi-deps -a github-copilot -g -y
手动放置目录.agents/skills/fastapi-depsOfficial docs ↗
导入当前项目.agents/skills/fastapi-deps
npx skills add https://github.com/steph-dove/klaussy-agents/tree/cd63ff9bef3ee4714551249748cf9c466f69640f/examples/fastapi/.github/skills/fastapi-deps -a cursor -y
导入个人环境~/.cursor/skills/fastapi-deps
npx skills add https://github.com/steph-dove/klaussy-agents/tree/cd63ff9bef3ee4714551249748cf9c466f69640f/examples/fastapi/.github/skills/fastapi-deps -a cursor -g -y
手动放置目录.agents/skills/fastapi-depsOfficial docs ↗
导入当前项目.agents/skills/fastapi-deps
npx skills add https://github.com/steph-dove/klaussy-agents/tree/cd63ff9bef3ee4714551249748cf9c466f69640f/examples/fastapi/.github/skills/fastapi-deps -a gemini-cli -y
导入个人环境~/.gemini/skills/fastapi-deps
npx skills add https://github.com/steph-dove/klaussy-agents/tree/cd63ff9bef3ee4714551249748cf9c466f69640f/examples/fastapi/.github/skills/fastapi-deps -a gemini-cli -g -y
Native Gemini CLIgemini skills install https://github.com/steph-dove/klaussy-agents.git --scope workspace --path examples/fastapi/.github/skills/fastapi-deps
手动放置目录.agents/skills/fastapi-depsOfficial docs ↗
⚠ 安装命令使用开源 skills CLI。执行前请检查来源、脚本和权限。
Upgrade dependencies without breaking the build. Move in small, verifiable steps — one batch at a time, tests green after each — rather than bumping everything at once and debugging the pile.

## Phase 1: Survey

1. **Read CLAUDE.md** for the package manager, the install command, and the test command.
2. **Read the manifest** (`pyproject.toml`, `package.json`, `go.mod`, `Cargo.toml`, …) and the lockfile. Note which versions are pinned exactly vs. ranged, and which deps are runtime vs. dev.
3. **List what's outdated.** Use the ecosystem's own tool (`pip list --outdated`, `npm outdated`, `go list -m -u all`, `cargo outdated`). Separate the upgrades into:
   - **patch/minor** — low risk, batchable.
   - **major** — has breaking changes; handle one at a time.
4. **Confirm a green baseline first.** Run the test suite *before* changing anything. If it's already red, stop — you can't attribute a later failure to an upgrade.

## Phase 2: Upgrade in order of risk

1. **Patch/minor first, as one batch.** Bump them, reinstall, run the full suite. If green, keep going. If red, narrow to the culprit (bisect the batch) before proceeding.
2. **Then majors, one at a time.** For each major bump:
   - **Read its changelog / migration notes** for the version range you're crossing — grep the codebase for the APIs it says changed, and check whether you use them.
   - Apply the bump and any required code changes together.
   - Run the suite. Only move to the next major once green.
3. **Respect the pinning style.** If the repo pins exact versions, pin the new exact version; if it uses ranges, keep the range form. Update the lockfile with the manager's own command — never hand-edit a lockfile.

## Phase 3: Verify and summarize

1. **Run the full suite, lint, and build** one final time on the fully-upgraded tree.
2. **Summarize** what moved: package, old → new version, and for any major bump, the one-line reason it was safe (or the code change it required). Flag anything you couldn't fully verify.

### Write like a person, not a chatbot

Whatever you output for the user (comments, descriptions, messages) must read as if a human engineer wrote it. These rules mirror klaussy's deterministic humanizer (klaussy-desktop `humanize-comment.js`):

- **No em-dashes or en-dashes** (`—` / `–`) in prose. Use a comma or rewrite. This is the single biggest AI tell.
- **No filler openers.** Cut "It's worth noting that", "It's important to note that", "I noticed that", "I wanted to point out that", "Please note that", "Just to mention", "Worth noting", "Note that". State the point directly.
- **No chatbot scaffolding.** No "Let me know if...", "Hope this helps", "Feel free to...", "Happy to help", "Let me know your thoughts".
- **Tighten hedges.** "in order to" → "to"; "could potentially" → "could"; "may potentially" → "may". Drop stacked qualifiers.
- **No emoji, no exclamatory enthusiasm, no "Certainly"/"Great question".**
- **Don't let trimming tip into terse.** Cutting filler shouldn't make prose read as curt or dismissive. Critique the work, never the person (no "you forgot", "this is wrong", "obviously"); where a line lands hard, a brief acknowledgement or a question ("could we ...?", "one risk is ...") takes the edge off. A light touch only, not filler praise or "great job" boilerplate.
- **Don't mirror the thread's tone.** When you reply to an existing comment, review note, or message, read it for substance but not for temperature: neutralize any rudeness or bluntness in it before you draft. Hostile or curt input must not prime a hostile or curt reply, answer as if the other person had phrased it civilly.
- **Be short, then cut more.** Lead with the point. Keep the decision and the one fact that justifies it, then stop. A reply in a thread is usually one sentence; a single review comment one to five. Don't pad to sound thorough or stack throat-clearing ahead of the point.
- **Cut detail, not just words.** The verbose tell isn't long words, it's over-explaining. Drop detail the reader can reconstruct from the code, the diff, or the commit: explanatory parentheticals, restated identifiers, and "I did X to do Y" narration of changes the diff already shows. Keep the load-bearing fact; drop what's merely supporting. This is the one place humanizing may drop content, never reverse or invent meaning, but you need not preserve every clause.
- Vary sentence shape; don't open every line the same way. Never reword code, identifiers, or anything inside backticks or fences. Humanize prose only.

**Same decision, half the words, dropping detail the reader can reconstruct:**

> Verbose: Good call, done. attachment.reason already embeds the decline reason for declined envelopes (built in checkEnvelopeStatus as {name} declined on {date} - {declinedReason}), so I dropped the new declinedReason signer field and reverted NotificationService to use the existing reason field. Pushed in 1e9e938404.

> Human: Good call. `attachment.reason` already carries the decline reason, so I dropped the new field and reverted NotificationService. Pushed in 1e9e938404.

## Rules

- Do NOT add new dependencies or remove existing ones — this skill upgrades what's already declared. A new dependency is a decision to raise with the user, not to slip into an upgrade.
- Do NOT bump past a major boundary without reading that library's breaking-change notes and checking your usage against them.
- Never hand-edit the lockfile; regenerate it through the package manager so the resolution stays consistent.
- If an upgrade needs code changes beyond a trivial rename, make the minimal change to adapt — don't refactor surrounding code while you're in there.
- If a security advisory is the reason for the upgrade, prioritize that package and call it out explicitly.

## When NOT to use

- The user wants to add a brand-new dependency — that's a design choice; discuss the trade-off first, don't route it through here.
- A single dependency needs a deep, involved migration (a framework major with wide surface) — treat that as its own planned task with the plan/implement skills.
- The "upgrade" is really a lockfile refresh with no version changes — just regenerate the lockfile; you don't need this flow.