playbooks

home / skills / dmdorta1111 / jac-v1 / backend-development

backend-development skill

/.claude/skills/backend-development

This skill helps you design robust backend systems with modern frameworks, secure APIs, scalable databases, and reliable CI/CD pipelines.

This is most likely a fork of the backend-development skill from nilecui
npx playbooks add skill dmdorta1111/jac-v1 --skill backend-development

Review the files below or copy the command above to add this skill to your agents.

Files (12)
SKILL.md
4.4 KB
---
name: backend-development
description: Build robust backend systems with modern technologies (Node.js, Python, Go, Rust), frameworks (NestJS, FastAPI, Django), databases (PostgreSQL, MongoDB, Redis), APIs (REST, GraphQL, gRPC), authentication (OAuth 2.1, JWT), testing strategies, security best practices (OWASP Top 10), performance optimization, scalability patterns (microservices, caching, sharding), DevOps practices (Docker, Kubernetes, CI/CD), and monitoring. Use when designing APIs, implementing authentication, optimizing database queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or developing production-ready backend systems.
license: MIT
version: 1.0.0
---

# Backend Development Skill

Production-ready backend development with modern technologies, best practices, and proven patterns.

## When to Use

- Designing RESTful, GraphQL, or gRPC APIs
- Building authentication/authorization systems
- Optimizing database queries and schemas
- Implementing caching and performance optimization
- OWASP Top 10 security mitigation
- Designing scalable microservices
- Testing strategies (unit, integration, E2E)
- CI/CD pipelines and deployment
- Monitoring and debugging production systems

## Technology Selection Guide

**Languages:** Node.js/TypeScript (full-stack), Python (data/ML), Go (concurrency), Rust (performance)
**Frameworks:** NestJS, FastAPI, Django, Express, Gin
**Databases:** PostgreSQL (ACID), MongoDB (flexible schema), Redis (caching)
**APIs:** REST (simple), GraphQL (flexible), gRPC (performance)

See: `references/backend-technologies.md` for detailed comparisons

## Reference Navigation

**Core Technologies:**
- `backend-technologies.md` - Languages, frameworks, databases, message queues, ORMs
- `backend-api-design.md` - REST, GraphQL, gRPC patterns and best practices

**Security & Authentication:**
- `backend-security.md` - OWASP Top 10 2025, security best practices, input validation
- `backend-authentication.md` - OAuth 2.1, JWT, RBAC, MFA, session management

**Performance & Architecture:**
- `backend-performance.md` - Caching, query optimization, load balancing, scaling
- `backend-architecture.md` - Microservices, event-driven, CQRS, saga patterns

**Quality & Operations:**
- `backend-testing.md` - Testing strategies, frameworks, tools, CI/CD testing
- `backend-code-quality.md` - SOLID principles, design patterns, clean code
- `backend-devops.md` - Docker, Kubernetes, deployment strategies, monitoring
- `backend-debugging.md` - Debugging strategies, profiling, logging, production debugging
- `backend-mindset.md` - Problem-solving, architectural thinking, collaboration

## Key Best Practices (2025)

**Security:** Argon2id passwords, parameterized queries (98% SQL injection reduction), OAuth 2.1 + PKCE, rate limiting, security headers

**Performance:** Redis caching (90% DB load reduction), database indexing (30% I/O reduction), CDN (50%+ latency cut), connection pooling

**Testing:** 70-20-10 pyramid (unit-integration-E2E), Vitest 50% faster than Jest, contract testing for microservices, 83% migrations fail without tests

**DevOps:** Blue-green/canary deployments, feature flags (90% fewer failures), Kubernetes 84% adoption, Prometheus/Grafana monitoring, OpenTelemetry tracing

## Quick Decision Matrix

| Need | Choose |
|------|--------|
| Fast development | Node.js + NestJS |
| Data/ML integration | Python + FastAPI |
| High concurrency | Go + Gin |
| Max performance | Rust + Axum |
| ACID transactions | PostgreSQL |
| Flexible schema | MongoDB |
| Caching | Redis |
| Internal services | gRPC |
| Public APIs | GraphQL/REST |
| Real-time events | Kafka |

## Implementation Checklist

**API:** Choose style → Design schema → Validate input → Add auth → Rate limiting → Documentation → Error handling

**Database:** Choose DB → Design schema → Create indexes → Connection pooling → Migration strategy → Backup/restore → Test performance

**Security:** OWASP Top 10 → Parameterized queries → OAuth 2.1 + JWT → Security headers → Rate limiting → Input validation → Argon2id passwords

**Testing:** Unit 70% → Integration 20% → E2E 10% → Load tests → Migration tests → Contract tests (microservices)

**Deployment:** Docker → CI/CD → Blue-green/canary → Feature flags → Monitoring → Logging → Health checks

## Resources

- OWASP Top 10: https://owasp.org/www-project-top-ten/
- OAuth 2.1: https://oauth.net/2.1/
- OpenTelemetry: https://opentelemetry.io/

Overview

This skill helps build production-ready backend systems using modern languages, frameworks, databases, APIs, and DevOps practices. It focuses on secure, testable, and scalable architectures with concrete patterns for performance, authentication, and deployment. Use it to design APIs, implement auth, optimize queries, and prepare systems for production.

How this skill works

The skill inspects requirements and maps them to a technology and architecture decision matrix (Node.js, Python, Go, Rust; REST/GraphQL/gRPC; PostgreSQL/MongoDB/Redis). It provides step-by-step checklists for API design, database schema and indexing, security hardening (OWASP mitigations), testing strategies, and CI/CD and deployment patterns. It also recommends performance and monitoring setups (caching, connection pooling, Prometheus/Grafana, OpenTelemetry) and offers concrete operational practices like blue-green/canary releases and feature flags.

When to use it

  • Designing or refactoring REST, GraphQL, or gRPC APIs
  • Implementing authentication/authorization (OAuth 2.1, JWT, RBAC, MFA)
  • Optimizing database queries, indexing, and caching strategies
  • Building and deploying microservices with CI/CD, Docker, and Kubernetes
  • Hardening systems against OWASP Top 10 risks and improving security posture
  • Setting up monitoring, tracing, and production debugging workflows

Best practices

  • Choose languages and frameworks based on team skills and workload (e.g., Node/NestJS for fast development, Go for concurrency, Rust for max performance)
  • Follow the 70-20-10 testing pyramid: prioritize unit tests, integrate integration tests, and reserve E2E for critical flows
  • Enforce parameterized queries, input validation, rate limiting, and secure password hashing (Argon2id)
  • Use connection pooling, proper indexes, and Redis caching to reduce DB load; run load tests before production
  • Adopt CI/CD with blue-green or canary deployments, feature flags, health checks, and automated rollback
  • Instrument services with Prometheus/Grafana and OpenTelemetry for metrics, traces, and production debugging

Example use cases

  • Design a public GraphQL API with schema-first design, input validation, and rate limiting
  • Implement OAuth 2.1 + PKCE for a mobile app and issue short-lived JWTs with refresh tokens
  • Migrate a monolith to microservices using gRPC for internal RPC and Kafka for events with contract tests
  • Optimize a slow report query by adding indexes, connection pooling, and Redis caching
  • Set up CI/CD pipelines with Docker, Kubernetes manifests, automated tests, and blue-green deployment

FAQ

Which database should I pick for transactional workloads?

Choose PostgreSQL for ACID transactions, strong relational guarantees, and advanced SQL features.

When should I use gRPC instead of REST or GraphQL?

Use gRPC for low-latency, high-throughput internal services or when you need strict typed contracts and streaming; use REST/GraphQL for public APIs and flexible client queries.