playbooks

home / skills / nilecui / skillsbase / backend-development

backend-development skill

/.cursor/skills/backend-development

This skill helps design and implement secure, scalable Python-based backends using modern frameworks, databases, APIs, and DevOps practices.

npx playbooks add skill nilecui/skillsbase --skill backend-development

Review the files below or copy the command above to add this skill to your agents.

Files (12)
SKILL.md
4.4 KB
---
name: backend-development
description: Build robust backend systems with modern technologies (Node.js, Python, Go, Rust), frameworks (NestJS, FastAPI, Django), databases (PostgreSQL, MongoDB, Redis), APIs (REST, GraphQL, gRPC), authentication (OAuth 2.1, JWT), testing strategies, security best practices (OWASP Top 10), performance optimization, scalability patterns (microservices, caching, sharding), DevOps practices (Docker, Kubernetes, CI/CD), and monitoring. Use when designing APIs, implementing authentication, optimizing database queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or developing production-ready backend systems.
license: MIT
version: 1.0.0
---

# Backend Development Skill

Production-ready backend development with modern technologies, best practices, and proven patterns.

## When to Use

- Designing RESTful, GraphQL, or gRPC APIs
- Building authentication/authorization systems
- Optimizing database queries and schemas
- Implementing caching and performance optimization
- OWASP Top 10 security mitigation
- Designing scalable microservices
- Testing strategies (unit, integration, E2E)
- CI/CD pipelines and deployment
- Monitoring and debugging production systems

## Technology Selection Guide

**Languages:** Node.js/TypeScript (full-stack), Python (data/ML), Go (concurrency), Rust (performance)
**Frameworks:** NestJS, FastAPI, Django, Express, Gin
**Databases:** PostgreSQL (ACID), MongoDB (flexible schema), Redis (caching)
**APIs:** REST (simple), GraphQL (flexible), gRPC (performance)

See: `references/backend-technologies.md` for detailed comparisons

## Reference Navigation

**Core Technologies:**
- `backend-technologies.md` - Languages, frameworks, databases, message queues, ORMs
- `backend-api-design.md` - REST, GraphQL, gRPC patterns and best practices

**Security & Authentication:**
- `backend-security.md` - OWASP Top 10 2025, security best practices, input validation
- `backend-authentication.md` - OAuth 2.1, JWT, RBAC, MFA, session management

**Performance & Architecture:**
- `backend-performance.md` - Caching, query optimization, load balancing, scaling
- `backend-architecture.md` - Microservices, event-driven, CQRS, saga patterns

**Quality & Operations:**
- `backend-testing.md` - Testing strategies, frameworks, tools, CI/CD testing
- `backend-code-quality.md` - SOLID principles, design patterns, clean code
- `backend-devops.md` - Docker, Kubernetes, deployment strategies, monitoring
- `backend-debugging.md` - Debugging strategies, profiling, logging, production debugging
- `backend-mindset.md` - Problem-solving, architectural thinking, collaboration

## Key Best Practices (2025)

**Security:** Argon2id passwords, parameterized queries (98% SQL injection reduction), OAuth 2.1 + PKCE, rate limiting, security headers

**Performance:** Redis caching (90% DB load reduction), database indexing (30% I/O reduction), CDN (50%+ latency cut), connection pooling

**Testing:** 70-20-10 pyramid (unit-integration-E2E), Vitest 50% faster than Jest, contract testing for microservices, 83% migrations fail without tests

**DevOps:** Blue-green/canary deployments, feature flags (90% fewer failures), Kubernetes 84% adoption, Prometheus/Grafana monitoring, OpenTelemetry tracing

## Quick Decision Matrix

| Need | Choose |
|------|--------|
| Fast development | Node.js + NestJS |
| Data/ML integration | Python + FastAPI |
| High concurrency | Go + Gin |
| Max performance | Rust + Axum |
| ACID transactions | PostgreSQL |
| Flexible schema | MongoDB |
| Caching | Redis |
| Internal services | gRPC |
| Public APIs | GraphQL/REST |
| Real-time events | Kafka |

## Implementation Checklist

**API:** Choose style → Design schema → Validate input → Add auth → Rate limiting → Documentation → Error handling

**Database:** Choose DB → Design schema → Create indexes → Connection pooling → Migration strategy → Backup/restore → Test performance

**Security:** OWASP Top 10 → Parameterized queries → OAuth 2.1 + JWT → Security headers → Rate limiting → Input validation → Argon2id passwords

**Testing:** Unit 70% → Integration 20% → E2E 10% → Load tests → Migration tests → Contract tests (microservices)

**Deployment:** Docker → CI/CD → Blue-green/canary → Feature flags → Monitoring → Logging → Health checks

## Resources

- OWASP Top 10: https://owasp.org/www-project-top-ten/
- OAuth 2.1: https://oauth.net/2.1/
- OpenTelemetry: https://opentelemetry.io/

Overview

This skill helps you design and build production-ready backend systems using modern languages, frameworks, databases, APIs, and DevOps practices. It focuses on secure, performant, and maintainable architectures with practical patterns for microservices, caching, testing, and monitoring. Use it to make technology choices, implement authentication, optimize data access, and deploy reliable services to production.

How this skill works

The skill inspects your requirements and recommends languages and frameworks (Node.js, Python, Go, Rust) based on trade-offs like speed, concurrency, and developer velocity. It guides API design (REST, GraphQL, gRPC), database selection and schema optimization (Postgres, MongoDB, Redis), authentication strategies (OAuth 2.1, JWT, Argon2id), and operational practices (Docker, Kubernetes, CI/CD, monitoring). It provides checklists, decision matrices, and concrete implementation steps for security, testing, performance, and deployments.

When to use it

  • Designing or refactoring REST, GraphQL, or gRPC APIs for production
  • Implementing authentication/authorization (OAuth 2.1, JWT, RBAC, MFA)
  • Optimizing database schemas, indexes, and caching strategies
  • Building scalable microservices or event-driven architectures
  • Creating CI/CD pipelines, container deployments, and observability
  • Handling security issues, OWASP Top 10 mitigations, and incident response

Best practices

  • Choose the language/framework that matches team skills and system needs (e.g., FastAPI for ML integration, Go for high concurrency)
  • Enforce input validation and parameterized queries to mitigate injection attacks
  • Adopt a testing pyramid: unit (70%), integration (20%), end-to-end (10%) and add contract tests for services
  • Use caching (Redis), indexing, and connection pooling to reduce DB load and latency
  • Deploy with CI/CD using blue-green or canary strategies and feature flags for safer releases
  • Instrument apps with OpenTelemetry, Prometheus, and Grafana for real-time monitoring and tracing

Example use cases

  • Design a public GraphQL API with role-based access control and rate limiting
  • Migrate a monolith to microservices with Kafka events and contract testing
  • Optimize slow queries in PostgreSQL with indexing, explain plans, and caching
  • Implement OAuth 2.1 + PKCE for a mobile app and secure token handling with JWT
  • Set up CI/CD pipelines with Docker images, Kubernetes manifests, health checks, and canary rollout

FAQ

Which stack is best for rapid prototyping versus long-term performance?

Use Node.js + NestJS for fast development and iteration; choose Go or Rust for high-concurrency or performance-critical services.

How should I prioritize security vs. performance?

Treat security as foundational—fix OWASP risks first, then optimize performance with safe caching, indexes, and profiling to avoid introducing vulnerabilities.