Iii iii-http-middleware
install
source · Clone the upstream repo
git clone https://github.com/iii-hq/iii
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/iii-hq/iii "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/iii-http-middleware" ~/.claude/skills/iii-hq-iii-iii-http-middleware && rm -rf "$T"
manifest:
skills/iii-http-middleware/SKILL.mdsource content
HTTP Middleware
Comparable to: Express middleware, Fastify hooks, Django middleware
Key Concepts
Use the concepts below when they fit the task. Not every middleware setup needs all of them.
- Middleware functions are registered like normal functions but return
or{ action: 'continue' }
instead of a normal response{ action: 'respond', response } - Middleware is attached to HTTP triggers via
in the trigger configmiddleware_function_ids - The engine executes middleware in order — first middleware runs first, then the next, then the handler
- Middleware receives a
withMiddlewareFunctionInput
,phase
(path_params, query_params, headers, method), andrequest
from authcontext - Returning
short-circuits the chain — the handler never runs{ action: 'respond' } - Returning
passes to the next middleware or the handler{ action: 'continue' }
Architecture
HTTP request → iii-http (port 3111) → Middleware 1 (continue / respond) → Middleware 2 (continue / respond) → registerFunction handler → { status_code, body, headers } response
iii Primitives Used
| Primitive | Purpose |
|---|---|
| Define a middleware function |
| Attach middleware to an HTTP trigger |
| Pass to next middleware or handler |
| Short-circuit and return response immediately |
| Access request headers in middleware |
| Access auth context from RBAC auth function |
Reference Implementation
See ../references/http-middleware.js for the full working example — auth and logging middleware protecting HTTP endpoints.
Common Patterns
Code using this pattern commonly includes, when relevant:
— auth middleware checking headersiii.registerFunction('middleware::auth', async (req) => { ... })
— rate limiting middlewareiii.registerFunction('middleware::rate-limit', async (req) => { ... })
— request loggingiii.registerFunction('middleware::request-logger', async (req) => { ... })
— reading auth tokensreq.request?.headers?.authorization
— reject requestreturn { action: 'respond', response: { status_code: 401, body: { error: 'Unauthorized' } } }
— allow request throughreturn { action: 'continue' }
— attach to triggerconfig: { middleware_function_ids: ['middleware::auth', 'middleware::logger'] }
Adapting This Pattern
Use the adaptations below when they apply to the task.
- Chain multiple middleware for layered concerns (logging before auth before rate-limiting)
- Use middleware for cross-cutting concerns shared across multiple endpoints
- Combine with RBAC auth functions for role-based access control — auth context flows to middleware via
req.context - Keep middleware functions focused on one concern each for reusability
Pattern Boundaries
- If the task is just exposing HTTP endpoints without middleware, prefer
.iii-http-endpoints - If auth needs are complex (RBAC with function discovery control), combine this with RBAC worker auth functions.
- Stay with
when the primary need is pre-handler processing for HTTP routes.iii-http-middleware
When to Use
- Use this skill when the task is primarily about
in the iii engine.iii-http-middleware - Triggers when the request directly asks for this pattern or an equivalent implementation.
Boundaries
- Never use this skill as a generic fallback for unrelated tasks.
- You must not apply this skill when a more specific iii skill is a better fit.
- Always verify environment and safety constraints before applying examples from this skill.