Diagnose FastAPI codebases for best practices
Project description
fastapi-therapist
Diagnose FastAPI codebases for security, performance, correctness, and architecture issues. Outputs a 0–100 health score.
Installation
pip install fastapi-therapist
Usage
# Full scan with verbose output
fastapi-therapist . --verbose
# Only scan changed files (git diff vs main)
fastapi-therapist . --diff
# Only scan staged files (pre-commit hook)
fastapi-therapist . --staged
# Output only the score (useful for CI)
fastapi-therapist . --score
# Install skill for AI coding agents (OpenCode, Claude, Cursor, etc.)
fastapi-therapist install
Configuration
Suppress rules or skip files via pyproject.toml or fastapi-doctor.config.json:
# pyproject.toml
[tool.fastapi-doctor.ignore]
rules = ["fastapi-doctor/FASTT012", "fastapi-doctor/FASTT016"]
files = ["migrations/**", "seed.py"]
[[tool.fastapi-doctor.ignore.overrides]]
files = ["app/routers/health.py"]
rules = ["fastapi-doctor/FASTT001"]
[[tool.fastapi-doctor.ignore.overrides]]
files = ["tests/**"]
# omit 'rules' to suppress all rules for these files
Rules
Async/Sync Correctness
| Rule | Severity | Detects |
|---|---|---|
| FASTT001 | ERROR | Sync blocking IO (requests.get, time.sleep) in async endpoint |
| FASTT002 | ERROR | Sync SQLAlchemy calls in async endpoint |
| FASTT003 | WARN/ERROR | async def endpoint with no await |
| FASTT004 | ERROR | asyncio.run() inside async context — nested event loop |
| FASTT005 | ERROR | open() blocking file I/O in async endpoint |
| FASTT006 | WARNING | subprocess.run() / os.system() in async endpoint |
Security & Data Leaks
| Rule | Severity | Detects |
|---|---|---|
| FASTT010 | ERROR | ORM model returned directly (data leakage) |
| FASTT011 | ERROR | response_model=None with sensitive data |
| FASTT012 | WARNING | GET endpoint missing response_model |
| FASTT013 | ERROR/WARN | Hardcoded secrets: API keys, tokens, passwords |
| FASTT014 | WARNING | debug=True in production (FastAPI + uvicorn) |
| FASTT015 | ERROR | CORS wildcard origins with credentials |
| FASTT016 | WARNING | Missing HTTPSRedirectMiddleware |
| FASTT017 | ERROR | SQL f-string injection |
HTTP Correctness
| Rule | Severity | Detects |
|---|---|---|
| FASTT070 | WARNING | POST/PUT/PATCH/DELETE missing explicit status_code |
Agent Installer
# Install skill for all detected AI agents
fastapi-therapist install
# Non-interactive mode
fastapi-therapist install --yes
# Preview without writing files
fastapi-therapist install --dry-run
Score
The health score formula:
100 - (unique error rules × 1.5) - (unique warning rules × 0.75)
- 75–100 Great
- 50–74 Needs work
- 0–49 Critical
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
fastapi_therapist-0.2.0.tar.gz
(34.0 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fastapi_therapist-0.2.0.tar.gz.
File metadata
- Download URL: fastapi_therapist-0.2.0.tar.gz
- Upload date:
- Size: 34.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.3 {"installer":{"name":"uv","version":"0.11.3","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
15b6997d0ddd963362e4e38746019ab1c9d085f6dbacb39b364a70c7e81879d2
|
|
| MD5 |
834a0b086f1a05d67b7e751d1412d0e2
|
|
| BLAKE2b-256 |
de801ab2bc8956cc753bae1359a6d4de2b31cac3b5fa009589bfd485ac61a822
|
File details
Details for the file fastapi_therapist-0.2.0-py3-none-any.whl.
File metadata
- Download URL: fastapi_therapist-0.2.0-py3-none-any.whl
- Upload date:
- Size: 38.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.3 {"installer":{"name":"uv","version":"0.11.3","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
df104966029a59f616308b3d2da35450e7de36acefbcc851287e91fa244552ab
|
|
| MD5 |
f31336d2fc59e2487663a1a9e198a1b9
|
|
| BLAKE2b-256 |
09f693f5babfc67b8c00a691360ba0a340205cce14b18b6b6685fb0bc8c01339
|
