playbooks

home / skills / 404kidwiz / claude-supercode-skills / backend-developer-skill

backend-developer-skill skill

/backend-developer-skill

This skill provides end-to-end backend development guidance for building production-ready APIs, databases, and services across frameworks and cloud deployments.

npx playbooks add skill 404kidwiz/claude-supercode-skills --skill backend-developer-skill

Review the files below or copy the command above to add this skill to your agents.

Files (18)
SKILL.md
6.0 KB
---
name: backend-developer
description: Comprehensive backend development for building production-ready server-side applications with multiple frameworks, databases, and deployment strategies. Use when building APIs, services, databases, or server infrastructure.
---

# Backend Developer Skill

## Purpose

Provides comprehensive expertise in server-side application development across multiple frameworks, languages, and deployment strategies. Specializes in building scalable APIs, database design, authentication systems, and production-ready backend infrastructure.

## When to Use

- Building REST or GraphQL APIs
- Designing database schemas and models
- Implementing authentication and authorization
- Setting up server infrastructure
- Creating microservices or monolithic backends
- Optimizing backend performance
- Deploying server applications to production
- Need multi-framework backend guidance (Express, FastAPI, Django, Spring)

## Quick Start

**Invoke this skill when:**
- Building server-side APIs (REST, GraphQL) in Node.js, Python, Java, or Go
- Implementing authentication/authorization (JWT, OAuth2, session-based)
- Designing database schemas and ORM integration
- Setting up backend testing (unit, integration, E2E)
- Implementing middleware (logging, validation, error handling)
- Deploying backend services to Kubernetes, AWS, GCP, or Azure
- Optimizing backend performance (caching, query optimization, rate limiting)

**Do NOT invoke when:**
- Only frontend development needed → Use frontend-developer or nextjs-developer
- Database-specific optimization required → Use database-optimizer or postgres-pro
- API design without implementation → Use api-designer
- GraphQL-specific architecture → Use graphql-architect
- DevOps/infrastructure only → Use devops-engineer or cloud-architect

## Framework Support

### Node.js/TypeScript
- Express.js, NestJS, Koa.js, Fastify

### Python
- FastAPI, Django, Flask, Tornado

### Java
- Spring Boot, Quarkus, Micronaut

### Go
- Gin, Echo, Fiber

## Decision Framework

### Backend Framework Selection

```
Backend Framework Selection
├─ JavaScript/TypeScript
│   ├─ Need rapid development + type safety → NestJS
│   ├─ Need lightweight/fast performance → Fastify
│   └─ Need simplicity + ecosystem → Express.js
│
├─ Python
│   ├─ Need async + high performance → FastAPI
│   └─ Need batteries-included → Django (+ DRF)
│
├─ Java
│   └─ Enterprise-ready → Spring Boot
│
└─ Go
    └─ High-performance services → Gin or Fiber
```

### Authentication Strategy Matrix

| Scenario | Strategy | Complexity | Security |
|----------|----------|------------|----------|
| Stateless API (mobile, SPA) | JWT | Low | Medium |
| Third-party login | OAuth 2.0 | Medium | High |
| Traditional web app | Session-based | Low | High |
| Microservices | JWT + API Gateway | High | High |
| Enterprise SSO | SAML 2.0 | High | Very High |

### Database & ORM Selection

```
Database & ORM Decision
├─ Relational (SQL)
│   ├─ Node.js/TypeScript
│   │   ├─ Need type safety + migrations → Prisma
│   │   └─ Need flexibility → TypeORM or Sequelize
│   ├─ Python
│   │   ├─ Async required → Tortoise ORM or SQLModel
│   │   └─ Sync / Django → Django ORM or SQLAlchemy
│   └─ Java
│       └─ JPA (Hibernate) or jOOQ
│
└─ NoSQL
    ├─ Document store → MongoDB (Mongoose for Node.js)
    └─ Key-value → Redis (caching, sessions)
```

## Best Practices

1. **Always validate input** - Use provided validation middleware
2. **Handle errors gracefully** - Use generated error handlers
3. **Write tests** - Use test templates for consistency
4. **Use environment variables** - Never hardcode secrets
5. **Implement logging** - Use provided logging configuration
6. **Monitor performance** - Set up metrics and alerts
7. **Security first** - Use provided authentication setup
8. **Version your API** - Follow versioning patterns
9. **Document your code** - Generate API docs automatically
10. **Deploy safely** - Use provided deployment scripts

## Common Patterns

### Repository Pattern
- Separation of concerns
- Easy testing
- Swappable implementations

### Service Layer
- Centralized business rules
- Transaction management
- Error handling

### Middleware Stack
- Authentication
- Authorization
- Validation
- Logging
- Error handling

## Troubleshooting

### Common Issues

**Database connection errors**
- Check connection string
- Verify database is running
- Check network connectivity
- Review connection pool settings

**Authentication failures**
- Verify JWT secret
- Check token expiration
- Validate token format
- Review middleware order

**Build failures**
- Check TypeScript configuration
- Verify dependencies are installed
- Review error messages
- Check for syntax errors

**Deployment issues**
- Verify Docker image builds
- Check Kubernetes pods
- Review logs
- Verify environment variables

## Quality Checklist

### Security
- [ ] Input validation on all endpoints (Zod/Joi)
- [ ] Password hashing (bcrypt cost 10+ or Argon2)
- [ ] SQL injection prevention (parameterized queries)
- [ ] Rate limiting on auth endpoints
- [ ] Security headers (Helmet.js)
- [ ] Environment variables for secrets

### Authentication & Authorization
- [ ] Strong JWT secret (256-bit)
- [ ] Short-lived access tokens (15min)
- [ ] Refresh token rotation
- [ ] Authorization checks on protected routes

### Error Handling
- [ ] Global error handler
- [ ] Async error handling (express-async-errors)
- [ ] Clear validation error messages
- [ ] 404 handling for unknown endpoints

### Performance
- [ ] Database connection pooling
- [ ] Query optimization (no N+1)
- [ ] Caching (Redis for sessions, rate limiting)
- [ ] Response compression (gzip/brotli)

### Testing
- [ ] Unit tests for services/repositories
- [ ] Integration tests for API endpoints
- [ ] >80% coverage for critical paths
- [ ] Separate test database

## Additional Resources

- **Detailed Technical Reference**: See [REFERENCE.md](REFERENCE.md)
- **Code Examples & Patterns**: See [EXAMPLES.md](EXAMPLES.md)

Overview

This skill provides end-to-end backend development expertise for building production-ready server-side applications across multiple languages and frameworks. It focuses on APIs, database design, authentication, testing, performance, and deployment. Use it to get framework recommendations, architecture decisions, implementation patterns, and troubleshooting guidance.

How this skill works

The skill inspects project goals, constraints, and technology preferences, then recommends frameworks, ORMs, and deployment patterns. It produces concrete artifacts: API routes, schema designs, auth flows, middleware stacks, test outlines, and deployment steps. It also checks common failure points (connections, auth, builds) and provides remediation actions.

When to use it

  • Building REST or GraphQL APIs in Node.js, Python, Java, or Go
  • Designing relational or NoSQL database schemas and ORM integrations
  • Implementing authentication/authorization (JWT, OAuth2, sessions)
  • Setting up CI/CD, containerization, or Kubernetes deployments
  • Optimizing backend performance, caching, and query plans
  • Creating microservices or monolithic server architectures

Best practices

  • Validate all input at the edge using schema validation (Zod, Joi, Pydantic)
  • Centralize business logic in a service layer and use repository patterns for data access
  • Never hardcode secrets; use environment variables and secret management
  • Implement global error handling and clear validation error responses
  • Write unit and integration tests; use a separate test database and CI checks
  • Monitor performance and security: metrics, logging, rate limiting, and security headers

Example use cases

  • Design and implement a FastAPI service with SQLModel, async DB access, and JWT auth
  • Migrate a monolith to microservices with clear service boundaries and API gateway configuration
  • Create an Express or NestJS API with Prisma/TypeORM, migrations, and Redis caching
  • Set up CI/CD, Dockerfile, and Kubernetes manifests for a production deployment
  • Optimize slow endpoints: add query indexes, use connection pooling and response caching

FAQ

Which framework should I pick for a new service?

Choose based on priorities: FastAPI for async Python performance, Django for batteries-included webapps, NestJS for structured TypeScript, and Spring Boot for enterprise Java.

When should I use JWT vs sessions?

Use JWT for stateless APIs consumed by mobile/SPAs. Use session-based auth for server-rendered apps or when you need server-side session control.