AGENTS.md TemplatesAGENTS.md Template

AGENTS.md Template for API Design at Scale

AGENTS.md Template for API Design at Scale — a copyable AGENTS.md template to govern AI coding agents, multi-agent orchestration, tool governance, and human review in scalable API design.

AGENTS.md templateAI coding agentsAPI design at scalemulti-agent orchestrationagent handoff rulestool governancehuman reviewsecurity rulestesting checklistdeployment rulesworkflow operating model

Target User

Developers, founders, engineering leaders, platform teams

Use Cases

  • Define operating model for AI coding agents coordinating API design at scale
  • Coordinate multi-agent API design and implementation
  • Govern tool access, approvals, and handoffs in API workflows
  • Audit and reproduce API design decisions

Markdown Template

AGENTS.md Template for API Design at Scale

# AGENTS.md

Project role
- Owner: API Design at Scale Program Lead
- Objective: Coordinate AI coding agents to design, implement, and govern scalable APIs with auditable decisions.

Agent roster and responsibilities
- Planner: defines API goals, selects required domains, prioritizes tasks, and sequences work for handoffs.
- Implementer: translates plans into concrete API contracts, schemas, and code scaffolding.
- Reviewer: validates API design against requirements, constraints, and risk controls.
- Tester: builds and runs contract tests, integration tests, and validation checks.
- Researcher: sources known-good patterns, references, and standards; maintains design rationales.
- Domain Specialist: provides domain-specific constraints and conformance checks (auth, rates, scopes).

Supervisor or orchestrator behavior
- The Planner acts as the orchestrator coordinating handoffs and monitoring progress.
- The Planner validates completion criteria before advancing to the next handoff stage.
- The Orchestrator enforces memory rules, ensures source-of-truth is updated, and logs decisions.

Handoff rules between agents
- Planner -> Implementer: hand off API goals, required endpoints, and data models with acceptance criteria.
- Implementer -> Reviewer: present API contracts, schemas, and rationale for approval or rejection.
- Reviewer -> Implementer: provide feedback, required changes, and rationale.
- Implementer -> Tester: provide test plans, mocks, and contracts to verify.
- Tester -> Planner: report test results and residual risks; Planner decides on rollout or rollback.

Context, memory, and source-of-truth rules
- All decisions must reference a single Design Ledger stored in docs/design-ledger.md.
- Keep a memory section for assumptions, constraints, and rationale.
- Use OpenAPI 3.0 specifications as the primary source of truth for contracts.

Tool access and permission rules
- Agents may call API endpoints only within defined API scopes and environments.
- Secrets must be retrieved from a secure vault; avoid plaintext storage.
- Code edits must go through version control with required reviews.
- Production calls require explicit approvals.

Architecture rules
- Prefer contract-first API design; generate mocks from OpenAPI specs.
- Use RESTful principles with clear resource naming and stable paths.
- Idempotent operations where applicable; document retry semantics.
- Version APIs; deprecate gradually with clear timelines.

File structure rules
- Root:
  - AGENTS.md
- api-design/
  - contracts/
  - schemas/
  - endpoints/
- docs/
- tests/
- tools/

Data, API, or integration rules
- All data models must be defined in OpenAPI; schemas must be versioned.
- Use contract tests to validate endpoint behavior against contracts.
- Integrations must respect security and rate-limiting policies.

Validation rules
- Acceptance criteria are defined in the Planner step; implementers must meet all criteria before handoff.
- Validation includes schema conformance, error handling, and performance constraints.

Security rules
- Secrets in vault, never in code; rotate keys regularly.
- Enforce TLS, proper scopes, and access controls for each endpoint.
- Audit trails for design changes and handoffs.

Testing rules
- Unit tests for business logic, contract tests for API contracts, integration tests for downstream services.
- Run end-to-end tests in a staging environment before promotion to production.

Deployment rules
- CI/CD gates with approvals from security and product owners.
- Rollout via feature flags when possible; monitor metrics post-deploy.

Human review and escalation rules
- If a decision cannot be made within defined SLA, escalate to a human-enabled governance board.
- All重大 design decisions documented in the Design Ledger.

Failure handling and rollback rules
- If API design fails validation, revert changes to last approved contract.
- Switch to a safe fallback path and notify stakeholders.

Things Agents must not do
- Do not bypass approvals or use production credentials.
- Do not omit required design rationales or design ledger entries.
- Do not perform non-governed changes to contracts or schemas.

Overview

AGENTS.md Template for API Design at Scale defines a rigorous operating manual for AI coding agents to design, implement, and govern scalable APIs. It supports both single-agent work and multi-agent orchestration with clear memory, a single source of truth, and explicit escalation paths. Direct answer: this template provides concrete roles, handoffs, governance, and operational constraints that make scalable API design reproducible and auditable across agents.

When to Use This AGENTS.md Template

  • When coordinating API design tasks across multiple AI agents to ensure consistent interfaces and contracts.
  • When you need explicit handoffs between planner, implementer, reviewer, tester, and domain specialists.
  • When establishing tool governance, secrets handling, and environment boundaries for API workflows.
  • When you require a reproducible project structure and a clear memory/source-of-truth model for API design decisions.
  • When onboarding teams to a scalable API design workflow that includes human review and escalation.

Copyable AGENTS.md Template

# AGENTS.md

Project role
- Owner: API Design at Scale Program Lead
- Objective: Coordinate AI coding agents to design, implement, and govern scalable APIs with auditable decisions.

Agent roster and responsibilities
- Planner: defines API goals, selects required domains, prioritizes tasks, and sequences work for handoffs.
- Implementer: translates plans into concrete API contracts, schemas, and code scaffolding.
- Reviewer: validates API design against requirements, constraints, and risk controls.
- Tester: builds and runs contract tests, integration tests, and validation checks.
- Researcher: sources known-good patterns, references, and standards; maintains design rationales.
- Domain Specialist: provides domain-specific constraints and conformance checks (auth, rates, scopes).

Supervisor or orchestrator behavior
- The Planner acts as the orchestrator coordinating handoffs and monitoring progress.
- The Planner validates completion criteria before advancing to the next handoff stage.
- The Orchestrator enforces memory rules, ensures source-of-truth is updated, and logs decisions.

Handoff rules between agents
- Planner -> Implementer: hand off API goals, required endpoints, and data models with acceptance criteria.
- Implementer -> Reviewer: present API contracts, schemas, and rationale for approval or rejection.
- Reviewer -> Implementer: provide feedback, required changes, and rationale.
- Implementer -> Tester: provide test plans, mocks, and contracts to verify.
- Tester -> Planner: report test results and residual risks; Planner decides on rollout or rollback.

Context, memory, and source-of-truth rules
- All decisions must reference a single Design Ledger stored in docs/design-ledger.md.
- Keep a memory section for assumptions, constraints, and rationale.
- Use OpenAPI 3.0 specifications as the primary source of truth for contracts.

Tool access and permission rules
- Agents may call API endpoints only within defined API scopes and environments.
- Secrets must be retrieved from a secure vault; avoid plaintext storage.
- Code edits must go through version control with required reviews.
- Production calls require explicit approvals.

Architecture rules
- Prefer contract-first API design; generate mocks from OpenAPI specs.
- Use RESTful principles with clear resource naming and stable paths.
- Idempotent operations where applicable; document retry semantics.
- Version APIs; deprecate gradually with clear timelines.

File structure rules
- Root:
  - AGENTS.md
- api-design/
  - contracts/
  - schemas/
  - endpoints/
- docs/
- tests/
- tools/

Data, API, or integration rules
- All data models must be defined in OpenAPI; schemas must be versioned.
- Use contract tests to validate endpoint behavior against contracts.
- Integrations must respect security and rate-limiting policies.

Validation rules
- Acceptance criteria are defined in the Planner step; implementers must meet all criteria before handoff.
- Validation includes schema conformance, error handling, and performance constraints.

Security rules
- Secrets in vault, never in code; rotate keys regularly.
- Enforce TLS, proper scopes, and access controls for each endpoint.
- Audit trails for design changes and handoffs.

Testing rules
- Unit tests for business logic, contract tests for API contracts, integration tests for downstream services.
- Run end-to-end tests in a staging environment before promotion to production.

Deployment rules
- CI/CD gates with approvals from security and product owners.
- Rollout via feature flags when possible; monitor metrics post-deploy.

Human review and escalation rules
- If a decision cannot be made within defined SLA, escalate to a human-enabled governance board.
- All重大 design decisions documented in the Design Ledger.

Failure handling and rollback rules
- If API design fails validation, revert changes to last approved contract.
- Switch to a safe fallback path and notify stakeholders.

Things Agents must not do
- Do not bypass approvals or use production credentials.
- Do not omit required design rationales or design ledger entries.
- Do not perform non-governed changes to contracts or schemas.

Recommended Agent Operating Model

The recommended operating model defines clear roles, decision boundaries, and escalation paths to support API design at scale. Each agent type has explicit responsibilities and triggers for escalation to the Planner or human reviewer. Coordination patterns include planner-led handoffs, parallel validation where safe, and synchronized rollout decisions to production through controlled gates.

Recommended Project Structure

/.                # Root
|-- AGENTS.md       # Copyable agent operating manual (this file)
|-- api-design/
|   |-- contracts/
|   |-- schemas/
|   |-- endpoints/
|-- docs/
|   |-- design-ledger.md
|-- tests/
|   |-- unit/
|   |-- integration/
|-- tools/
|-- README.md

Core Operating Principles

  • Single source of truth for API design decisions (Design Ledger).
  • Idempotent, contract-first workflow with clear acceptance criteria.
  • Explicit handoffs with documented criteria and rationale.
  • Strict tool governance and secret management.
  • Auditable, reproducible change processes with human review when needed.

Agent Handoff and Collaboration Rules

  • Planner defines goals and orchestrates all handoffs; triggers escalation when criteria are not met.
  • Implementer produces API contracts and scaffolds based on Planner directives.
  • Reviewer validates semantics, contracts, and security constraints; approves or requests changes.
  • Tester executes contract and integration tests; reports pass/fail with logs and traces.
  • Researcher sources standards and trade-offs; Domain Specialist validates domain-specific constraints.

Tool Governance and Permission Rules

  • Access granted by role and environment; production access requires approvals.
  • Secrets stored in a vault; never embedded in code or messages.
  • Code edits go through PRs with mandatory reviews and CI checks.
  • API calls constrained by defined scopes; audit logging enabled for all calls.
  • Handoff artifacts carry explicit acceptance criteria and link to the Design Ledger.

Code Construction Rules

  • Follow contract-first design; generate mocks from OpenAPI specs.
  • Use clear, stable endpoint names and versioning strategies.
  • Ensure idempotency and deterministic behavior where applicable.
  • Document all changes and link to design rationales in the ledger.

Security and Production Rules

  • All secrets in vault; rotation and access controls enforced.
  • End-to-end encryption and proper authentication/authorization for APIs.
  • Audit logs for design changes, handoffs, and production deployments.

Testing Checklist

  • Unit tests for business logic and validators.
  • Contract tests ensuring API contracts match OpenAPI specs.
  • Integration tests against dependent services.
  • End-to-end tests in staging with data parity to production.
  • Performance tests for API design under expected load.

Common Mistakes to Avoid

  • Skipping design ledger updates after decisions.
  • Overloading agents with non-governed tasks or bypassing approvals.
  • Ambiguous acceptance criteria leading to handoff friction.
  • Uncontrolled access to production systems or secrets.

Related implementation resources: AI Use Case for Content Marketers Using Wordpress To Auto-Translate Blog Posts Into Multiple Languages and AI Use Case for Xero Reports and Business Performance Insights.

FAQ

What is the purpose of the AGENTS.md Template for API Design at Scale?

The template defines an operating manual for AI coding agents to cooperate on scalable API design, including roles, handoffs, governance, and security rules.

Who should use this template?

Development teams building API programs that require coordinated multi-agent workflows, governance, and auditable decisions.

How does multi-agent orchestration work in this template?

A Planner coordinates tasks, sets acceptance criteria, and sequences handoffs to Implementers, Reviewers, and Testers with escalation to humans when needed.

What should be included in the Design Ledger?

Rationale, decisions, assumptions, constraints, and links to contracts, schemas, and rationale for each design choice.

What happens if an agent fails or a design change is rejected?

Follow rollback and remediation steps, re-run validation, and escalate to governance if required.