Diagnose FastAPI codebases for best practices
Project description
fastapi-therapist
Diagnose FastAPI codebases for security, performance, correctness, and architecture issues. Outputs a 0–100 health score.
Installation
pip install fastapi-therapist
Usage
# Full scan with verbose output
fastapi-therapist . --verbose
# Only scan changed files (git diff vs main)
fastapi-therapist . --diff
# Only scan staged files (pre-commit hook)
fastapi-therapist . --staged
# Output only the score (useful for CI)
fastapi-therapist . --score
# Audit mode — ignore all inline suppressions, reveal hidden issues
fastapi-therapist . --audit
# Audit mode — ignore all inline suppressions, reveal hidden issues
fastapi-therapist . --audit
# Install skill for AI coding agents (OpenCode, Claude, Cursor, etc.)
fastapi-therapist install
Configuration
Suppress rules or skip files via pyproject.toml or fastapi-doctor.config.json:
# pyproject.toml
[tool.fastapi-doctor.ignore]
rules = ["fastapi-doctor/FASTT012", "fastapi-doctor/FASTT016"]
files = ["migrations/**", "seed.py"]
[[tool.fastapi-doctor.ignore.overrides]]
files = ["app/routers/health.py"]
rules = ["fastapi-doctor/FASTT001"]
[[tool.fastapi-doctor.ignore.overrides]]
files = ["tests/**"]
# omit 'rules' to suppress all rules for these files
Inline Suppression
Suppress specific rules on specific lines without touching config:
@app.post("/items") # fastapi-doctor-disable-line FASTT070
# fastapi-doctor-disable-next-line FASTT002
@router.put("/items/{id}")
async def update_item(...):
...
Or skip all rules on a line:
return user # fastapi-doctor-disable-line
File Ignores
Respects existing project ignore files automatically:
| Source | Example |
|---|---|
.gitignore |
*.pyc, secrets.py |
ruff.toml / .ruff.toml |
exclude = ["migrations/*"] |
pyproject.toml ([tool.ruff]) |
exclude = ["generated/*"] |
.gitattributes |
vendor/** linguist-vendored |
Rules
Async/Sync Correctness
| Rule | Severity | Detects |
|---|---|---|
| FASTT001 | ERROR | Sync blocking IO (requests.get, time.sleep) in async endpoint |
| FASTT002 | ERROR | Sync SQLAlchemy calls in async endpoint |
| FASTT003 | WARN/ERROR | async def endpoint with no await |
| FASTT004 | ERROR | asyncio.run() inside async context — nested event loop |
| FASTT005 | ERROR | open() blocking file I/O in async endpoint |
| FASTT006 | WARNING | subprocess.run() / os.system() in async endpoint |
Security & Data Leaks
| Rule | Severity | Detects |
|---|---|---|
| FASTT010 | ERROR | ORM model returned directly (data leakage) |
| FASTT011 | ERROR | response_model=None with sensitive data |
| FASTT012 | WARNING | GET endpoint missing response_model |
| FASTT013 | ERROR/WARN | Hardcoded secrets: API keys, tokens, passwords |
| FASTT014 | WARNING | debug=True in production (FastAPI + uvicorn) |
| FASTT015 | ERROR | CORS wildcard origins with credentials |
| FASTT016 | WARNING | Missing HTTPSRedirectMiddleware |
| FASTT017 | ERROR | SQL f-string injection |
HTTP Correctness
| Rule | Severity | Detects |
|---|---|---|
| FASTT070 | WARNING | POST/PUT/PATCH/DELETE missing explicit status_code |
Agent Installer
# Install skill for all detected AI agents
fastapi-therapist install
# Non-interactive mode
fastapi-therapist install --yes
# Preview without writing files
fastapi-therapist install --dry-run
Score
The health score formula:
100 - (unique error rules × 1.5) - (unique warning rules × 0.75)
- 75–100 Great
- 50–74 Needs work
- 0–49 Critical
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
fastapi_therapist-0.3.0.tar.gz
(38.5 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fastapi_therapist-0.3.0.tar.gz.
File metadata
- Download URL: fastapi_therapist-0.3.0.tar.gz
- Upload date:
- Size: 38.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.3 {"installer":{"name":"uv","version":"0.11.3","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c0edc7dc410b0f825a6c4b4f1f02f89e1aa0da98a17d7caa045ba8768c51df91
|
|
| MD5 |
093bd270f425b941a90d5a912bccacb5
|
|
| BLAKE2b-256 |
bab35e4fe9e3740a0ea54d7955d7cfd6a9dd0e522f825c650095926610600975
|
File details
Details for the file fastapi_therapist-0.3.0-py3-none-any.whl.
File metadata
- Download URL: fastapi_therapist-0.3.0-py3-none-any.whl
- Upload date:
- Size: 42.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.3 {"installer":{"name":"uv","version":"0.11.3","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
48fabd368ebfdcd90d0d1417a8904ef0a4e3496769125c63107379880f1e3b58
|
|
| MD5 |
3d4a06ec9cc42b236e9809c3a5b618e3
|
|
| BLAKE2b-256 |
84f7e18a4b9326e0e5a2f2cb5e6c1c7b4f245b1f912805115d5ed233cbc024b7
|
