home / skills / first-fluke / fullstack-starter / backend-development

backend-development skill

/.agents/skills/backend-development

This skill helps you design and optimize scalable Python FastAPI backends with secure auth, robust databases, and performance improvements.

npx playbooks add skill first-fluke/fullstack-starter --skill backend-development

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
2.0 KB
---
name: backend-development
description: Comprehensive backend development skill for building scalable backend systems using Python (FastAPI), Postgres, Redis, and more. Includes API design, database optimization, security implementation, and performance tuning.
---

# Backend Development

This skill provides expert guidance for building robust, scalable, and secure backend systems, primarily focusing on the Python/FastAPI ecosystem used in this project.

## Core Capabilities

### 1. API Design & Implementation
- **RESTful Design**: Resource-oriented URLs, proper HTTP methods, and status codes.
- **FastAPI Best Practices**: Validation with Pydantic, dependency injection, and async handlers.
- **Documentation**: Automatic OpenAPI generation, clear descriptions, and examples.

### 2. Database Management
- **Schema Design**: Normalized relationships, indexing strategies, and migration management (Alembic).
- **ORM Usage**: SQLAlchemy async session management, repository pattern.
- **Optimization**: N+1 problem avoidance, query analysis, connection pooling.

### 3. Security
- **Authentication**: JWT/OAuth2 implementation, password hashing (bcrypt/argon2).
- **Authorization**: Role-Based Access Control (RBAC), scopes.
- **Data Protection**: Input sanitization, SQL injection prevention (via ORM), secure headers.

### 4. Performance Tuning
- **Caching**: Redis implementation for specific endpoints or data.
- **Async I/O**: Non-blocking database and API calls.
- **Background Tasks**: Offloading heavy processing (Celery/Cloud Tasks).

## Design Patterns

- **Repository Pattern**: Decouple business logic from data access.
- **Dependency Injection**: Manage dependencies (DB sessions, config) cleanly.
- **Service Layer**: Encapsulate complex business rules.

## When to Use

- Designing new API endpoints or microservices.
- Optimizing slow database queries.
- Implementing complex business logic.
- Reviewing backend code for security and performance.
- Setting up authentication and authorization flows.

Overview

This skill delivers hands-on guidance for building scalable, secure backend systems with a focus on Python/FastAPI, Postgres, Redis, and complementary tooling. It covers API design, database schema and query optimization, authentication/authorization, and performance tuning for production workloads. The guidance is practical and targeted to teams shipping fullstack apps from a monorepo to cloud infrastructure.

How this skill works

The skill inspects API design and FastAPI patterns, recommending Pydantic models, dependency injection, and async endpoints where appropriate. It reviews database schemas and queries for indexing, N+1 issues, and connection pooling while advising on Alembic migrations and SQLAlchemy async sessions. Security checks include JWT/OAuth2 flows, password hashing, RBAC, and input sanitization. Performance guidance covers Redis caching strategies, background task patterns, and async I/O to reduce latency and load.

When to use it

  • Designing or refactoring RESTful APIs and OpenAPI documentation
  • Optimizing slow queries, fixing N+1 problems, and tuning Postgres
  • Implementing authentication, RBAC, and secure password storage
  • Introducing caching with Redis or offloading work to background tasks
  • Reviewing backend architecture in a monorepo or preparing for production

Best practices

  • Model resources with clear REST semantics, use proper HTTP status codes and pagination
  • Validate and serialize with Pydantic; prefer async handlers for I/O-bound endpoints
  • Use repository and service layers to decouple business logic from data access
  • Add indexes based on query patterns, profile queries, and avoid N+1 with eager loading
  • Protect endpoints with scoped JWT/OAuth2 tokens, salt and hash passwords, and sanitize inputs

Example use cases

  • Create a new FastAPI microservice with well-typed request/response models and auto-generated OpenAPI
  • Speed up a slow endpoint by adding Redis caching and rewriting heavy queries with proper indexes
  • Migrate sync DB access to async SQLAlchemy sessions and adjust connection pool settings
  • Implement role-based access controls for admin and user operations with scoped tokens
  • Offload image processing to background workers (Celery or cloud tasks) to keep APIs responsive

FAQ

Should I always use async endpoints in FastAPI?

Use async for I/O-bound handlers (DB, network, file). For CPU-bound work, keep endpoints sync and move heavy tasks to background workers.

When is Redis caching appropriate?

Cache read-heavy, rarely-changing responses or computed results where eventual consistency is acceptable; avoid caching highly dynamic per-user data unless keyed carefully.