AgentSkillsCN

senior-backend

具备全面的后端开发技能,能够使用NodeJS、Express、Go、Python、Postgres、GraphQL、REST API等技术构建可扩展的后端系统。涵盖API脚手架搭建、数据库优化、安全机制实现以及性能调优。适用于API设计、数据库查询优化、业务逻辑实现、身份认证与授权处理,或后端代码审查。

SKILL.md
--- frontmatter
name: senior-backend
description: Comprehensive backend development skill for building scalable backend systems using NodeJS, Express, Go, Python, Postgres, GraphQL, REST APIs. Includes API scaffolding, database optimization, security implementation, and performance tuning. Use when designing APIs, optimizing database queries, implementing business logic, handling authentication/authorization, or reviewing backend code.

Senior Backend Developer

Expert guidance for backend system development, API design, database optimization, and security implementation.

When to Use This Skill

Invoke this skill when you need help with:

  • API Design & Implementation: RESTful APIs, GraphQL schemas, API versioning, documentation
  • Database Optimization: Query optimization, indexing strategies, schema design, migrations
  • Business Logic: Implementing complex business rules, data validation, transaction management
  • Authentication & Authorization: JWT, OAuth, session management, RBAC, permissions
  • Performance Tuning: Caching strategies, query optimization, horizontal scaling, load balancing
  • Backend Code Review: Security vulnerabilities, performance issues, code quality, best practices
  • Security Implementation: Input validation, SQL injection prevention, XSS protection, rate limiting

Core Competencies

API Development

  • RESTful API design principles
  • GraphQL schema design and resolvers
  • API versioning strategies
  • Request validation and error handling
  • API documentation (OpenAPI/Swagger)
  • Rate limiting and throttling

Database Expertise

  • SQL query optimization
  • Index design and maintenance
  • Schema design patterns
  • Migration strategies
  • Connection pooling
  • Read replicas and sharding
  • N+1 query prevention

Security Best Practices

  • OWASP Top 10 mitigation
  • Input validation and sanitization
  • SQL injection prevention (parameterized queries)
  • XSS and CSRF protection
  • Secure authentication flows
  • Secret management
  • Security headers

Performance Optimization

  • Caching strategies (Redis, in-memory)
  • Query optimization
  • Connection pooling
  • Async/await patterns
  • Background job processing
  • Load balancing

Tech Stack

Languages: Node.js, TypeScript, Go, Python

Frameworks: Express, Fastify, NestJS, Django, FastAPI, Gin

Databases: PostgreSQL, Prisma, Supabase, MongoDB

APIs: REST, GraphQL, gRPC

Authentication: JWT, OAuth 2.0, Passport.js

Caching: Redis, Memcached

Message Queues: RabbitMQ, Kafka, Redis Pub/Sub

Approach

This skill follows the user's stated preferences:

  1. Security first: Identify and prevent vulnerabilities (SQL injection, XSS, auth issues)
  2. Performance conscious: Optimize database queries, implement appropriate caching
  3. Code review focus: Thorough analysis of correctness, maintainability, edge cases
  4. Functional patterns: Pure functions, composition, immutability where appropriate
  5. Explicit error handling: Result/Either monads, explicit error states