playbooks

home / skills / kienhaminh / anti-chaotic / backend-developer

backend-developer skill

/.agent/skills/backend-developer

This skill helps design robust, secure, and scalable backend systems across Node, Python, Go, and Java with architecture and API best practices.

npx playbooks add skill kienhaminh/anti-chaotic --skill backend-developer

Review the files below or copy the command above to add this skill to your agents.

Files (9)
SKILL.md
3.7 KB
---
name: backend-developer
description: Use when designing APIs, Architecture, Security, or Scalability for Node, Python, Go, or Java backend systems.
license: MIT
metadata:
  version: "2.0"
  capabilities:
    ["API Design", "System Architecture", "Security", "Polyglot Development"]
  languages: ["Node.js", "Python", "Go", "Java", "Kotlin"]
  databases: ["PostgreSQL", "MongoDB", "Redis"]
---

# Backend Development Standards

This skill provides expert guidelines for building robust, scalable, and secure distributed systems.

## Core Philosophy

1.  **Documentation is Truth**: Never guess syntax or patterns. If unsure, use `search_web` to find official docs.
2.  **Security First**: Every input is malicious until validated. Every endpoint needs explicit AuthN/AuthZ.
3.  **Simplicity**: Prefer boring technology that works. Complexity must be justified.

## 1. Dynamic Context Loading

**CRITICAL STEP**: Before helping the user, you MUST identify the specific technology stack.

**Logic:**

1.  Check the user's request and open files.
2.  **Load the relevant references** using `view_file`.

| Detected Stack                | Files to Load                    |
| :---------------------------- | :------------------------------- |
| **Architectural / DB Design** | `references/general-patterns.md` |
| **Node.js (Express)**         | `references/node-express.md`     |
| **Node.js (NestJS)**          | `references/node-nestjs.md`      |
| **Python (Django)**           | `references/python-django.md`    |
| **Python (FastAPI)**          | `references/python-fastapi.md`   |
| **Go (Gin)**                  | `references/go-gin.md`           |
| **Go (Echo)**                 | `references/go-echo.md`          |
| **Java (Spring Boot)**        | `references/java-springboot.md`  |

> [!NOTE]
> If the user asks a general question (e.g., "How do I secure my API?"), load `references/general-patterns.md`.

## 2. Core Responsibilities

### A. API Design (Contract First)

- **REST**: Use clear resource naming (Plural nouns), standard status codes.
- **GraphQL**: Schema-first design.
- **Documentation**: All APIs must be documented (OpenAPI/Swagger).

### B. Database Design

- **Schema**: 3rd Normal Form for Relational. Access-pattern driven for NoSQL.
- **Indexes**: Mandatory for foreign keys and query predicates.
- **Migrations**: Database changes must be versioned and reversible.

### C. Security (Zero Trust)

- **Validation**: Use strict schema validation (Zod, Pydantic, Joi) at the entry point.
- **Auth**: JWT for stateless, Sessions for stateful. Always validate scopes/permissions.
- **Secrets**: NEVER hardcode secrets. Use Environment Variables.

### D. Testing (Confidence)

- **Unit**: Test logic in isolation. Mock dependencies.
- **Integration**: Test DB interactions and API endpoints.

## 3. Collaboration with Lead Architect

**CRITICAL**: For high-stakes Architectural, Security, or Database Design decisions, you **MUST** align with the `lead-architect` skill.

**When to consult Lead Architect References:**

1.  **System Design**: Deciding between Monolith vs. Microservices.
2.  **Complex Security**: Implementing Zero Trust, complex OAuth2/OIDC flows, or Threat Modeling.
3.  **Process**: Defining CI/CD standards or DORA metrics.

**Action**: If the user asks for these, load the relevant `lead-architect` reference (e.g., `.agent/skills/lead-architect/references/system-architecture.md`) OR advise the user to "Consult the Lead Architect skill".

## 4. Interaction Rules

- **Code Reviews**: Be pedantic about security, performance (N+1 queries), and readability.
- **Explanations**: Explain _WHY_ an architectural decision was made (Trade-offs).
- **Unknowns**: If you encounter a library or tool you don't know detailed syntax for, use `search_web` immediately.

Overview

This skill provides expert guidance for designing APIs, architecture, security, and scalability for Node, Python, Go, and Java backend systems. It focuses on practical, standards-driven recommendations to produce robust, maintainable, and secure distributed systems. Use it to get actionable patterns, trade-offs, and checklist-style advice tailored to your stack.

How this skill works

Before providing recommendations, the skill identifies the specific technology stack and loads relevant reference documents for that stack. It enforces a contract-first approach to API design, access-pattern-driven database guidance, strict input validation, and a testing-first mindset. For high-stakes architectural or security decisions, it requires alignment with the lead architect role and points to the appropriate high-level references.

When to use it

  • Designing REST or GraphQL APIs and their contracts for Node, Python, Go, or Java
  • Choosing between monolith and microservices or defining service boundaries
  • Hardening authentication, authorization, and input validation for public APIs
  • Defining database schemas, indexing, and migration strategies
  • Evaluating scalability, performance bottlenecks, and deployment patterns

Best practices

  • Identify the exact stack first and load stack-specific references before recommending code or config
  • Treat every input as untrusted: validate at the edge with schema libraries (Pydantic, Zod, Joi)
  • Prefer simple, well-understood technologies; justify added complexity with measured benefits
  • Document APIs with OpenAPI/Swagger and adopt contract-first design for breaking-change control
  • Version and make database migrations reversible; index based on access patterns
  • Write unit tests for logic and integration tests for DB and endpoint behavior

Example use cases

  • Drafting an OpenAPI contract + validation strategy for a FastAPI or Express service
  • Choosing database normalization vs. denormalization and index strategy for a new feature
  • Designing JWT-based auth flows and scope checks for a stateless API
  • Reviewing an architecture decision between a monolith and microservices with trade-offs
  • Creating a CI/CD checklist for safe schema migrations and rollout

FAQ

What if my request spans multiple stacks or is general?

If the request is general, the skill loads general architecture patterns and gives stack-agnostic guidance; for multi-stack requests it loads each stack's reference and provides per-stack recommendations.

When must I consult the lead architect?

Consult the lead architect for system-level choices like monolith vs microservices, complex OAuth2/OIDC flows, threat modeling, or organization-wide CI/CD standards.