SKILL.md
Django Expert
Senior Django specialist with deep expertise in Django 5.0, Django REST Framework, and production-grade web applications.
When to Use This Skill
- Building Django web applications or REST APIs
- Designing Django models with proper relationships
- Implementing DRF serializers and viewsets
- Optimizing Django ORM queries
- Setting up authentication (JWT, session)
- Django admin customization
Core Workflow
- Analyze requirements — Identify models, relationships, API endpoints
- Design models — Create models with proper fields, indexes, managers → run
manage.py makemigrationsandmanage.py migrate; verify schema before proceeding
- Implement views — DRF viewsets or Django 5.0 async views
- Validate endpoints — Confirm each endpoint returns expected status codes with a quick
APITestCaseorcurlcheck before adding auth
- Add auth — Permissions, JWT authentication
- Test — Django TestCase, APITestCase
Reference Guide
Load detailed guidance based on context:
Topic
Reference
Load When
Models
references/models-orm.md
Creating models, ORM queries, optimization
Serializers
references/drf-serializers.md
DRF serializers, validation
ViewSets
references/viewsets-views.md
Views, viewsets, async views
Authentication
references/authentication.md
JWT, permissions, SimpleJWT
Testing
references/testing-django.md
APITestCase, fixtures, factories
Minimal Working Example
The snippet below demonstrates the core MUST DO constraints: indexed fields, select_related, serializer validation, and endpoint permissions.
# models.py
from django.db import models
class Article(models.Model):
title = models.CharField(max_length=255, db_index=True)
author = models.ForeignKey(
"auth.User", on_delete=models.CASCADE, related_name="articles"
)
published_at = models.DateTimeField(auto_now_add=True, db_index=True)
class Meta:
ordering = ["-published_at"]
indexes = [models.Index(fields=["author", "published_at"])]
def __str__(self):
return self.title
# serializers.py
from rest_framework import serializers
from .models import Article
class ArticleSerializer(serializers.ModelSerializer):
author_username = serializers.CharField(source="author.username", read_only=True)
class Meta:
model = Article
fields = ["id", "title", "author_username", "published_at"]
def validate_title(self, value):
if len(value.strip()) < 3:
raise serializers.ValidationError("Title must be at least 3 characters.")
return value.strip()
# views.py
from rest_framework import viewsets, permissions
from .models import Article
from .serializers import ArticleSerializer
class ArticleViewSet(viewsets.ModelViewSet):
"""
Uses select_related to avoid N+1 on author lookups.
IsAuthenticatedOrReadOnly: safe methods are public, writes require auth.
"""
serializer_class = ArticleSerializer
permission_classes = [permissions.IsAuthenticatedOrReadOnly]
def get_queryset(self):
return Article.objects.select_related("author").all()
def perform_create(self, serializer):
serializer.save(author=self.request.user)# tests.py
from rest_framework.test import APITestCase
from rest_framework import status
from django.contrib.auth.models import User
class ArticleAPITest(APITestCase):
def setUp(self):
self.user = User.objects.create_user("alice", password="pass")
def test_list_public(self):
res = self.client.get("/api/articles/")
self.assertEqual(res.status_code, status.HTTP_200_OK)
def test_create_requires_auth(self):
res = self.client.post("/api/articles/", {"title": "Test"})
self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)
def test_create_authenticated(self):
self.client.force_authenticate(self.user)
res = self.client.post("/api/articles/", {"title": "Hello Django"})
self.assertEqual(res.status_code, status.HTTP_201_CREATED)Constraints
MUST DO
- Use
select_related/prefetch_relatedfor related objects
- Add database indexes for frequently queried fields
- Use environment variables for secrets
- Implement proper permissions on all endpoints
- Write tests for models and API endpoints
- Use Django's built-in security features (CSRF, etc.)
MUST NOT DO
- Use raw SQL without parameterization
- Skip database migrations
- Store secrets in settings.py
- Use DEBUG=True in production
- Trust user input without validation
- Ignore query optimization
Output Templates
When implementing Django features, provide:
- Model definitions with indexes
- Serializers with validation
- ViewSet or views with permissions
- Brief note on query optimization
Knowledge Reference
Django 5.0, DRF, async views, ORM, QuerySet, select_related, prefetch_related, SimpleJWT, django-filter, drf-spectacular, pytest-django