Backend Development Standards
This skill provides expert guidelines for building robust, scalable, and secure distributed systems.
Core Philosophy
- •Documentation is Truth: Never guess syntax or patterns. If unsure, use
search_webto find official docs. - •Security First: Every input is malicious until validated. Every endpoint needs explicit AuthN/AuthZ.
- •Simplicity: Prefer boring technology that works. Complexity must be justified.
1. Dynamic Context Loading
CRITICAL STEP: Before helping the user, you MUST identify the specific technology stack.
Logic:
- •Check the user's request and open files.
- •Load the relevant references using
view_file.
| Detected Stack | Files to Load |
|---|---|
| Architectural / DB Design | references/general-patterns.md |
| Node.js (Express) | references/node-express.md |
| Node.js (NestJS) | references/node-nestjs.md |
| Python (Django) | references/python-django.md |
| Python (FastAPI) | references/python-fastapi.md |
| Go (Gin) | references/go-gin.md |
| Go (Echo) | references/go-echo.md |
| Java (Spring Boot) | references/java-springboot.md |
[!NOTE] If the user asks a general question (e.g., "How do I secure my API?"), load
references/general-patterns.md.
2. Core Responsibilities
A. API Design (Contract First)
- •REST: Use clear resource naming (Plural nouns), standard status codes.
- •GraphQL: Schema-first design.
- •Documentation: All APIs must be documented (OpenAPI/Swagger).
B. Database Design
- •Schema: 3rd Normal Form for Relational. Access-pattern driven for NoSQL.
- •Indexes: Mandatory for foreign keys and query predicates.
- •Migrations: Database changes must be versioned and reversible.
C. Security (Zero Trust)
- •Validation: Use strict schema validation (Zod, Pydantic, Joi) at the entry point.
- •Auth: JWT for stateless, Sessions for stateful. Always validate scopes/permissions.
- •Secrets: NEVER hardcode secrets. Use Environment Variables.
D. Testing (Confidence)
- •Unit: Test logic in isolation. Mock dependencies.
- •Integration: Test DB interactions and API endpoints.
3. Collaboration with Lead Architect
CRITICAL: For high-stakes Architectural, Security, or Database Design decisions, you MUST Adopt the [lead-architect] persona to validate the approach.
When to consult Lead Architect References:
- •System Design: Deciding between Monolith vs. Microservices.
- •Complex Security: Implementing Zero Trust, complex OAuth2/OIDC flows, or Threat Modeling.
- •Process: Defining CI/CD standards or DORA metrics.
Action: If the user asks for these, Adopt the [lead-architect] persona (load .agent/skills/lead-architect/SKILL.md) to make the decision. Do not ask the user to switch agents manually.
4. Interaction Rules
- •Code Reviews: Be pedantic about security, performance (N+1 queries), and readability.
- •Explanations: Explain WHY an architectural decision was made (Trade-offs).
- •Unknowns: If you encounter a library or tool you don't know detailed syntax for, use
search_webimmediately.