AgentSkillsCN

backend-development

运用现代技术(Node.js、Python、Go、Rust)、框架(NestJS、FastAPI、Django)、数据库(PostgreSQL、MongoDB、Redis)、API(REST、GraphQL、gRPC)、身份验证(OAuth 2.1、JWT)、测试策略、安全最佳实践(OWASP Top 10)、性能优化、扩展性模式(微服务、缓存、分片)、DevOps 实践(Docker、Kubernetes、CI/CD),以及监控手段,构建健壮的后端系统。适用于设计 API、实现身份验证、优化数据库查询、搭建 CI/CD 管道、应对安全漏洞、构建微服务,或开发可投入生产的后端系统时使用。

SKILL.md
--- frontmatter
name: backend-development
description: Build robust backend systems with modern technologies (Node.js, Python, Go, Rust), frameworks (NestJS, FastAPI, Django), databases (PostgreSQL, MongoDB, Redis), APIs (REST, GraphQL, gRPC), authentication (OAuth 2.1, JWT), testing strategies, security best practices (OWASP Top 10), performance optimization, scalability patterns (microservices, caching, sharding), DevOps practices (Docker, Kubernetes, CI/CD), and monitoring. Use when designing APIs, implementing authentication, optimizing database queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or developing production-ready backend systems.
license: MIT
version: 1.0.0
compatibility: opencode

Backend Development Skill

Production-ready backend development with modern technologies, best practices, and proven patterns.

When to Use

  • Designing RESTful, GraphQL, or gRPC APIs
  • Building authentication/authorization systems
  • Optimizing database queries and schemas
  • Implementing caching and performance optimization
  • OWASP Top 10 security mitigation
  • Designing scalable microservices
  • Testing strategies (unit, integration, E2E)
  • CI/CD pipelines and deployment
  • Monitoring and debugging production systems

Technology Selection Guide

Languages: Node.js/TypeScript (full-stack), Python (data/ML), Go (concurrency), Rust (performance) Frameworks: NestJS, FastAPI, Django, Express, Gin Databases: PostgreSQL (ACID), MongoDB (flexible schema), Redis (caching) APIs: REST (simple), GraphQL (flexible), gRPC (performance)

See: references/backend-technologies.md for detailed comparisons

Reference Navigation

Core Technologies:

  • backend-technologies.md - Languages, frameworks, databases, message queues, ORMs
  • backend-api-design.md - REST, GraphQL, gRPC patterns and best practices

Security & Authentication:

  • backend-security.md - OWASP Top 10 2025, security best practices, input validation
  • backend-authentication.md - OAuth 2.1, JWT, RBAC, MFA, session management

Performance & Architecture:

  • backend-performance.md - Caching, query optimization, load balancing, scaling
  • backend-architecture.md - Microservices, event-driven, CQRS, saga patterns

Quality & Operations:

  • backend-testing.md - Testing strategies, frameworks, tools, CI/CD testing
  • backend-code-quality.md - SOLID principles, design patterns, clean code
  • backend-devops.md - Docker, Kubernetes, deployment strategies, monitoring
  • backend-debugging.md - Debugging strategies, profiling, logging, production debugging
  • backend-mindset.md - Problem-solving, architectural thinking, collaboration

Key Best Practices (2025)

Security: Argon2id passwords, parameterized queries (98% SQL injection reduction), OAuth 2.1 + PKCE, rate limiting, security headers

Performance: Redis caching (90% DB load reduction), database indexing (30% I/O reduction), CDN (50%+ latency cut), connection pooling

Testing: 70-20-10 pyramid (unit-integration-E2E), Vitest 50% faster than Jest, contract testing for microservices, 83% migrations fail without tests

DevOps: Blue-green/canary deployments, feature flags (90% fewer failures), Kubernetes 84% adoption, Prometheus/Grafana monitoring, OpenTelemetry tracing

Quick Decision Matrix

NeedChoose
Fast developmentNode.js + NestJS
Data/ML integrationPython + FastAPI
High concurrencyGo + Gin
Max performanceRust + Axum
ACID transactionsPostgreSQL
Flexible schemaMongoDB
CachingRedis
Internal servicesgRPC
Public APIsGraphQL/REST
Real-time eventsKafka

Implementation Checklist

API: Choose style → Design schema → Validate input → Add auth → Rate limiting → Documentation → Error handling

Database: Choose DB → Design schema → Create indexes → Connection pooling → Migration strategy → Backup/restore → Test performance

Security: OWASP Top 10 → Parameterized queries → OAuth 2.1 + JWT → Security headers → Rate limiting → Input validation → Argon2id passwords

Testing: Unit 70% → Integration 20% → E2E 10% → Load tests → Migration tests → Contract tests (microservices)

Deployment: Docker → CI/CD → Blue-green/canary → Feature flags → Monitoring → Logging → Health checks

Resources