AgentSkillsCN

backend-development

开发生产后端系统。技术栈包括:Node.js/TypeScript、Python、Go、Rust | NestJS、FastAPI、Django、Express | PostgreSQL、MongoDB、Redis。具备 REST/GraphQL/gRPC API、OAuth 2.1/JWT 认证、OWASP 安全标准、微服务架构、缓存机制、负载均衡、Docker/K8s 部署等能力。行动包括:设计、构建、实现、保障安全、优化、部署、测试 API 与服务。关键词:API 设计、REST、GraphQL、gRPC、认证、OAuth、JWT、RBAC、数据库、PostgreSQL、MongoDB、Redis、缓存、微服务、Docker、Kubernetes、CI/CD、OWASP、安全、性能、可扩展性、NestJS、FastAPI、Express、中间件、速率限制。适用场景:设计 API、实现认证/授权、优化查询、构建微服务、保护端点、部署容器、搭建 CI/CD 流程。

SKILL.md
--- frontmatter
name: backend-development
description: "Production backend systems development. Stack: Node.js/TypeScript, Python, Go, Rust | NestJS, FastAPI, Django, Express | PostgreSQL, MongoDB, Redis. Capabilities: REST/GraphQL/gRPC APIs, OAuth 2.1/JWT auth, OWASP security, microservices, caching, load balancing, Docker/K8s deployment. Actions: design, build, implement, secure, optimize, deploy, test APIs and services. Keywords: API design, REST, GraphQL, gRPC, authentication, OAuth, JWT, RBAC, database, PostgreSQL, MongoDB, Redis, caching, microservices, Docker, Kubernetes, CI/CD, OWASP, security, performance, scalability, NestJS, FastAPI, Express, middleware, rate limiting. Use when: designing APIs, implementing auth/authz, optimizing queries, building microservices, securing endpoints, deploying containers, setting up CI/CD."
license: MIT
version: 1.0.0

Backend Development Skill

Production-ready backend development with modern technologies, best practices, and proven patterns.

When to Use

  • Designing RESTful, GraphQL, or gRPC APIs
  • Building authentication/authorization systems
  • Optimizing database queries and schemas
  • Implementing caching and performance optimization
  • OWASP Top 10 security mitigation
  • Designing scalable microservices
  • Testing strategies (unit, integration, E2E)
  • CI/CD pipelines and deployment
  • Monitoring and debugging production systems

Technology Selection Guide

Languages: Node.js/TypeScript (full-stack), Python (data/ML), Go (concurrency), Rust (performance) Frameworks: NestJS, FastAPI, Django, Express, Gin Databases: PostgreSQL (ACID), MongoDB (flexible schema), Redis (caching) APIs: REST (simple), GraphQL (flexible), gRPC (performance)

See: references/backend-technologies.md for detailed comparisons

Reference Navigation

Core Technologies:

  • backend-technologies.md - Languages, frameworks, databases, message queues, ORMs
  • backend-api-design.md - REST, GraphQL, gRPC patterns and best practices

Security & Authentication:

  • backend-security.md - OWASP Top 10 2025, security best practices, input validation
  • backend-authentication.md - OAuth 2.1, JWT, RBAC, MFA, session management

Performance & Architecture:

  • backend-performance.md - Caching, query optimization, load balancing, scaling
  • backend-architecture.md - Microservices, event-driven, CQRS, saga patterns

Quality & Operations:

  • backend-testing.md - Testing strategies, frameworks, tools, CI/CD testing
  • backend-code-quality.md - SOLID principles, design patterns, clean code
  • backend-devops.md - Docker, Kubernetes, deployment strategies, monitoring
  • backend-debugging.md - Debugging strategies, profiling, logging, production debugging
  • backend-mindset.md - Problem-solving, architectural thinking, collaboration

Key Best Practices (2025)

Security: Argon2id passwords, parameterized queries (98% SQL injection reduction), OAuth 2.1 + PKCE, rate limiting, security headers

Performance: Redis caching (90% DB load reduction), database indexing (30% I/O reduction), CDN (50%+ latency cut), connection pooling

Testing: 70-20-10 pyramid (unit-integration-E2E), Vitest 50% faster than Jest, contract testing for microservices, 83% migrations fail without tests

DevOps: Blue-green/canary deployments, feature flags (90% fewer failures), Kubernetes 84% adoption, Prometheus/Grafana monitoring, OpenTelemetry tracing

Quick Decision Matrix

NeedChoose
Fast developmentNode.js + NestJS
Data/ML integrationPython + FastAPI
High concurrencyGo + Gin
Max performanceRust + Axum
ACID transactionsPostgreSQL
Flexible schemaMongoDB
CachingRedis
Internal servicesgRPC
Public APIsGraphQL/REST
Real-time eventsKafka

Implementation Checklist

API: Choose style → Design schema → Validate input → Add auth → Rate limiting → Documentation → Error handling

Database: Choose DB → Design schema → Create indexes → Connection pooling → Migration strategy → Backup/restore → Test performance

Security: OWASP Top 10 → Parameterized queries → OAuth 2.1 + JWT → Security headers → Rate limiting → Input validation → Argon2id passwords

Testing: Unit 70% → Integration 20% → E2E 10% → Load tests → Migration tests → Contract tests (microservices)

Deployment: Docker → CI/CD → Blue-green/canary → Feature flags → Monitoring → Logging → Health checks

Resources