playbooks

home / skills / mamba-mental / agent-skill-manager / backend-development

backend-development skill

/skills/backend-development

This skill helps design robust APIs, secure authentication, and scalable backends with modern tech and best practices for production systems.

This is most likely a fork of the backend-development skill from nilecui
npx playbooks add skill mamba-mental/agent-skill-manager --skill backend-development

Review the files below or copy the command above to add this skill to your agents.

Files (12)
SKILL.md
4.4 KB
---
name: backend-development
description: Build robust backend systems with modern technologies (Node.js, Python, Go, Rust), frameworks (NestJS, FastAPI, Django), databases (PostgreSQL, MongoDB, Redis), APIs (REST, GraphQL, gRPC), authentication (OAuth 2.1, JWT), testing strategies, security best practices (OWASP Top 10), performance optimization, scalability patterns (microservices, caching, sharding), DevOps practices (Docker, Kubernetes, CI/CD), and monitoring. Use when designing APIs, implementing authentication, optimizing database queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or developing production-ready backend systems.
license: MIT
version: 1.0.0
---

# Backend Development Skill

Production-ready backend development with modern technologies, best practices, and proven patterns.

## When to Use

- Designing RESTful, GraphQL, or gRPC APIs
- Building authentication/authorization systems
- Optimizing database queries and schemas
- Implementing caching and performance optimization
- OWASP Top 10 security mitigation
- Designing scalable microservices
- Testing strategies (unit, integration, E2E)
- CI/CD pipelines and deployment
- Monitoring and debugging production systems

## Technology Selection Guide

**Languages:** Node.js/TypeScript (full-stack), Python (data/ML), Go (concurrency), Rust (performance)
**Frameworks:** NestJS, FastAPI, Django, Express, Gin
**Databases:** PostgreSQL (ACID), MongoDB (flexible schema), Redis (caching)
**APIs:** REST (simple), GraphQL (flexible), gRPC (performance)

See: `references/backend-technologies.md` for detailed comparisons

## Reference Navigation

**Core Technologies:**
- `backend-technologies.md` - Languages, frameworks, databases, message queues, ORMs
- `backend-api-design.md` - REST, GraphQL, gRPC patterns and best practices

**Security & Authentication:**
- `backend-security.md` - OWASP Top 10 2025, security best practices, input validation
- `backend-authentication.md` - OAuth 2.1, JWT, RBAC, MFA, session management

**Performance & Architecture:**
- `backend-performance.md` - Caching, query optimization, load balancing, scaling
- `backend-architecture.md` - Microservices, event-driven, CQRS, saga patterns

**Quality & Operations:**
- `backend-testing.md` - Testing strategies, frameworks, tools, CI/CD testing
- `backend-code-quality.md` - SOLID principles, design patterns, clean code
- `backend-devops.md` - Docker, Kubernetes, deployment strategies, monitoring
- `backend-debugging.md` - Debugging strategies, profiling, logging, production debugging
- `backend-mindset.md` - Problem-solving, architectural thinking, collaboration

## Key Best Practices (2025)

**Security:** Argon2id passwords, parameterized queries (98% SQL injection reduction), OAuth 2.1 + PKCE, rate limiting, security headers

**Performance:** Redis caching (90% DB load reduction), database indexing (30% I/O reduction), CDN (50%+ latency cut), connection pooling

**Testing:** 70-20-10 pyramid (unit-integration-E2E), Vitest 50% faster than Jest, contract testing for microservices, 83% migrations fail without tests

**DevOps:** Blue-green/canary deployments, feature flags (90% fewer failures), Kubernetes 84% adoption, Prometheus/Grafana monitoring, OpenTelemetry tracing

## Quick Decision Matrix

| Need | Choose |
|------|--------|
| Fast development | Node.js + NestJS |
| Data/ML integration | Python + FastAPI |
| High concurrency | Go + Gin |
| Max performance | Rust + Axum |
| ACID transactions | PostgreSQL |
| Flexible schema | MongoDB |
| Caching | Redis |
| Internal services | gRPC |
| Public APIs | GraphQL/REST |
| Real-time events | Kafka |

## Implementation Checklist

**API:** Choose style → Design schema → Validate input → Add auth → Rate limiting → Documentation → Error handling

**Database:** Choose DB → Design schema → Create indexes → Connection pooling → Migration strategy → Backup/restore → Test performance

**Security:** OWASP Top 10 → Parameterized queries → OAuth 2.1 + JWT → Security headers → Rate limiting → Input validation → Argon2id passwords

**Testing:** Unit 70% → Integration 20% → E2E 10% → Load tests → Migration tests → Contract tests (microservices)

**Deployment:** Docker → CI/CD → Blue-green/canary → Feature flags → Monitoring → Logging → Health checks

## Resources

- OWASP Top 10: https://owasp.org/www-project-top-ten/
- OAuth 2.1: https://oauth.net/2.1/
- OpenTelemetry: https://opentelemetry.io/

Overview

This skill helps you build production-ready backend systems using modern languages, frameworks, databases, APIs, and DevOps practices. It focuses on secure, scalable, and maintainable designs—covering authentication, performance, testing, and deployment. Use it to design APIs, implement authentication, optimize databases, and prepare services for production.

How this skill works

The skill guides technology selection (Node.js, Python, Go, Rust) and framework choices (NestJS, FastAPI, Django) based on project needs. It provides concrete patterns for API design (REST, GraphQL, gRPC), database strategies (PostgreSQL, MongoDB, Redis), security mitigations (OWASP Top 10, OAuth 2.1, JWT), testing pyramids, and DevOps workflows (Docker, Kubernetes, CI/CD, monitoring). It also supplies checklists for implementation, performance tuning, and deployment safety.

When to use it

  • Designing and documenting RESTful, GraphQL, or gRPC APIs for production
  • Implementing authentication and authorization (OAuth 2.1, JWT, RBAC, MFA)
  • Optimizing database schemas, queries, and caching strategies
  • Building scalable microservices and choosing appropriate communication patterns
  • Setting up CI/CD pipelines, containerization, and production monitoring
  • Hardening services against OWASP Top 10 and operational security risks

Best practices

  • Pick language/framework based on goals: rapid development, concurrency, or max performance
  • Follow the 70-20-10 testing pyramid: prioritize unit, then integration, then E2E tests
  • Use parameterized queries, input validation, and Argon2id for password storage
  • Implement connection pooling, indexing, and Redis caching to reduce DB load
  • Adopt blue-green or canary deployments and feature flags to reduce release risk
  • Instrument services with OpenTelemetry and monitor with Prometheus/Grafana

Example use cases

  • Build a public GraphQL API with NestJS and PostgreSQL, including rate limiting and schema validation
  • Create a FastAPI service for ML inference that uses Redis caching and PostgreSQL for metadata
  • Migrate a monolith to microservices with gRPC for internal services and contract testing
  • Implement OAuth 2.1 + PKCE for a web and mobile client with JWT access tokens and refresh flow
  • Set up CI/CD in GitHub Actions or GitLab CI, containerize with Docker, and deploy on Kubernetes with health checks

FAQ

Which stack is best for rapid prototyping?

Node.js with NestJS or Express provides fast development velocity and rich ecosystem for full-stack teams.

How should I choose between PostgreSQL and MongoDB?

Use PostgreSQL for ACID needs and complex queries. Use MongoDB when you need flexible schema and rapid iteration for document-like data.