backend

Server-side implementation with rollback-safe changes and centralized security boundaries.

Database Changes

• Every migration MUST have a rollback path. Destructive changes (drop column, drop table, data backfills that lose precision) require explicit user confirmation and a migration plan before execution.
• Call out data-loss or lock-risk operations (large table ALTERs, index rebuilds on hot tables) explicitly before executing.
• Include verification SQL or a test that confirms the schema change took effect.

Security Boundaries

• Auth and authorization checks live at the handler/middleware level — never buried in business logic where they can be accidentally bypassed.
• Fail closed: deny by default when auth state is ambiguous or missing.

API Responses

• Return consistent error shapes. Never expose internal details (stack traces, SQL errors, file paths) in responses — these leak implementation and aid attackers.

Anti-Patterns

• Migrations without rollback path
• Destructive database operations without explicit confirmation
• Auth checks scattered across business logic instead of centralized middleware
• Exposing internal error details to API consumers