---
name: bruno-api
description: >
Generate comprehensive API endpoint documentation from Bruno (.bru) files by
mapping requests to a Django4Lyfe/Diversio-style backend implementation
(Django REST Framework or Django Ninja), including auth/permissions,
multi-tenant filtering, request/response schemas, and line-numbered code
references. Use for single endpoints, directory scans of .bru files, or when
writing docs to a specific output path.
allowed-tools:
- Bash
- Read
- Edit
- Glob
- Grep
---
# Bruno API Documentation Generator Skill
## Inputs & Modes
This Skill expects one of:
- A path to a single Bruno file (usually `*.bru`), OR
- `--scan <dir>` to analyze all `.bru` files under a directory.
Optional flags:
- `--dry-run` – produce an analysis plan only (no deep codebase search).
- `--output <path>` – write the generated markdown documentation to a file.
If inputs are missing or ambiguous, ask the user to confirm:
- Which `.bru` file(s) to analyze.
- Whether they want `--dry-run` or full documentation.
- Whether an output file should be written.
## Output Shape & Severity Tags
### Dry-run output
Return a short plan containing:
- Endpoint summary: method, URL, auth, and any detected params/body.
- Where you will look in the Django codebase (specific file paths/directories).
- Which documentation sections will be generated.
- Complexity notes (e.g., “DRF ViewSet + serializer” vs “Ninja router + schema”).
### Full documentation output
Generate a single markdown document for each endpoint using this structure:
- `# <Endpoint Name>`
- ``<METHOD> <URL Pattern>``
- **Authentication**, **Permissions**, **Multi-tenant**
- `## Overview`
- `## Request` (headers + params/body with types/validation)
- `## Response` (success example + common error cases)
- `## Implementation Details` (URL config + view + serializer/schema; always with `file.py:line`)
- `## Business Logic` (step-by-step, include side effects like tasks/external calls)
- `## Frontend Integration` (TypeScript types + call example + React Query hook example)
- `## Testing` (Bruno tests + edge cases + required fixtures/data)
- `## Notes` (perf considerations, related endpoints, rollout notes)
Use severity tags only when something prevents correctness/completeness:
- `[BLOCKING]` – cannot locate the endpoint implementation or critical auth/permission logic.
- `[SHOULD_FIX]` – documentation gaps due to missing/incomplete source details (e.g., response shape unclear).
- `[NOTE]` – optional improvements, related endpoints, refactors, or performance observations.
## Workflow
### Step 1 — Parse the Bruno file(s)
For each `.bru` file:
- Extract:
- HTTP method
- URL / path pattern
- Headers
- Query parameters
- Path parameters (from the URL pattern)
- Request body (and infer a schema where possible)
- Detect authentication intent:
- JWT / token headers
- Session/cookie usage
- Explicit “no auth” signals
- Capture any Bruno test/assert blocks as testing hints.
### Step 2 — Locate the Django route & implementation
Treat these repo conventions as first-class when present:
- If the URL starts with `/api/v2/`:
- Check `dashboardapp/v2_urls.py`.
- Check `dashboardapp/views/v2/` for the view/viewset.
- If the URL starts with `/api/v2/pulse/`:
- Check `pulse_iq/api/` for Django Ninja routers/endpoints.
- Otherwise:
- Search app-level `urls.py` modules for the path prefix.
- If needed, `Grep` for a distinctive path segment from the Bruno URL.
Once the route is found, identify the implementation type:
- **DRF**
- View / ViewSet class and handler method (`list`, `retrieve`, `create`, custom actions).
- Serializer(s) used (including nested serializers) and validation rules.
- Permissions / authentication classes.
- Queryset and filtering (especially company/org scoping).
- **Ninja**
- Router and endpoint function.
- Pydantic schema(s) and validation.
- Auth configuration/decorators.
- Multi-tenant scoping and access control.
Always record code references with line numbers (`path/to/file.py:123`).
### Step 3 — Extract behavior and contracts
For the located endpoint:
- Summarize the business purpose and any key invariants.
- Document validation and error behavior:
- Common 400 reasons (schema/serializer validation).
- Auth failures (401) and permission failures (403).
- Not-found cases (404) and domain-specific error cases.
- Identify multi-tenant constraints:
- How company/org is inferred (JWT claims, request context, URL param).
- Which queryset filters enforce scoping.
- Note side effects:
- Background tasks (Celery), emails, webhooks, external service calls.
- Writes to critical models and any transactional boundaries.
### Step 4 — Generate documentation
Write the markdown doc per “Full documentation output”.
Rules:
- Prefer precise types over “string/number” when you can infer them.
- Include at least one realistic example request and success response.
- If response shape is dynamic or large, document the stable contract and
include a representative sample, not the entire universe of fields.
- When you’re unsure, be explicit about assumptions and mark with `[SHOULD_FIX]`.
### Step 5 — Handle `--output` and `--scan`
- If `--scan <dir>`:
- Find all `.bru` files recursively under that directory.
- Generate one markdown doc per file.
- If no `--output` is provided, return docs in the response (grouped by file).
- If `--output <path>` is provided:
- Write output to that path.
- If scanning multiple files, either:
- Write a single combined doc (with a clear table of contents), OR
- Write multiple files under an output directory (ask the user which they want).
## Compatibility Notes
This skill is designed to work with both **Claude Code** and **OpenAI Codex**.
For Codex users:
- Install via skill-installer with `--repo DiversioTeam/agent-skills-marketplace
--path plugins/bruno-api/skills/bruno-api`.
- Use `$skill bruno-api` to invoke.
For Claude Code users:
- Install via `/plugin install bruno-api@diversiotech`.
- Use `/bruno-api:docs` to invoke.
