AgentSkillsCN

backend-development

后端开发

SKILL.md

Backend Development Skill

Activation Context

Activates when working on server-side code, APIs, business logic, or backend services.

When to Invoke backend-engineer Agent

  • Implementing API endpoints
  • Writing business logic
  • Creating server-side services
  • Integrating with external APIs
  • Implementing authentication/authorization
  • Building background jobs or workers

Coordination Protocol

Before Starting Backend Work

  1. Review architecture specification from architect
  2. Confirm database schema with database-engineer
  3. Verify API contracts with frontend-engineer
  4. Check security requirements with security-engineer

During Development

  1. Follow RESTful or GraphQL API standards
  2. Implement proper error handling
  3. Add logging for debugging and monitoring
  4. Write unit tests (80%+ coverage)
  5. Document API endpoints
  6. Consider performance and scalability

Testing Requirements

  • Unit tests for all business logic
  • Integration tests for API endpoints
  • Error handling tests
  • Authentication/authorization tests
  • Performance tests for critical paths

Code Review Checklist (for code-reviewer)

  • API endpoints follow project conventions
  • Proper error handling implemented
  • Input validation on all endpoints
  • Authentication/authorization enforced
  • Database queries optimized (consult database-engineer)
  • Logging added appropriately
  • Tests written and passing
  • API documentation updated

Handoff Points

  • From architect: API specifications and architecture design
  • From database-engineer: Database schema and query patterns
  • To frontend-engineer: API endpoint documentation and contracts
  • To qa-engineer: Test scenarios and acceptance criteria
  • To devsecopsengineer: Deployment configuration and environment variables

Security Considerations (security-engineer review required)

  • Validate all user inputs
  • Use parameterized queries
  • Implement rate limiting
  • Secure API authentication
  • Protect against OWASP Top 10
  • No secrets in code

Best Practices

  • Keep controllers thin, move logic to services
  • Use dependency injection
  • Follow SOLID principles
  • Return consistent API responses
  • Version your APIs
  • Implement graceful error handling