REST API Endpoint Generator

---
description: Generate a REST API endpoint with validation, types, and tests
allowed-tools: Write, Read, Bash(ls), Bash(cat *), Glob
---

# REST API Endpoint Generator

Create a complete, production-ready API endpoint following the project's patterns.

## Arguments

- `$ARGUMENTS` — description of the endpoint (e.g. "GET /api/users/:id - fetch user by ID")

## Steps

1. Parse the HTTP method, path, and purpose from `$ARGUMENTS`.
2. Explore the existing API structure (`src/app/api/` for Next.js or `src/routes/` for Express) to understand conventions.
3. Read an existing endpoint to identify patterns: error handling, response format, middleware usage, validation library.
4. Create the endpoint files:

### Route Handler
- Parse and validate request parameters, query strings, and body.
- Implement proper error handling with appropriate HTTP status codes:
  - `400` for validation errors
  - `401` for authentication failures
  - `403` for authorization failures
  - `404` for missing resources
  - `500` for unexpected errors (log details, return generic message)
- Return consistent JSON response shape: `{ data, error, meta }`.

### Validation Schema
- Use the project's validation library (Zod, Joi, Yup, etc.).
- Define request schema (params, query, body) and response schema.
- Export schemas for reuse in tests and client-side code.

### TypeScript Types
- Derive types from validation schemas where possible (`z.infer<>`).
- Export request and response types.

### Integration Test
- Test the happy path with valid input.
- Test each validation rule with invalid input.
- Test error cases (not found, unauthorized).
- Use the project's test setup (supertest, fetch, etc.).

## Rules

- Never hardcode secrets or connection strings.
- Always validate untrusted input before processing.
- Use parameterized queries — never interpolate user input into SQL.
- Follow REST conventions: proper status codes, plural resource names, consistent URL structure.