backend-development
Backend Development Skill
Production-ready backend development with modern technologies, best practices, and proven patterns.
When to Use
- Designing RESTful, GraphQL, or gRPC APIs
- Building authentication/authorization systems
- Optimizing database queries and schemas
- Implementing caching and performance optimization
- OWASP Top 10 security mitigation
- Designing scalable microservices
- Testing strategies (unit, integration, E2E)
- CI/CD pipelines and deployment
- Monitoring and debugging production systems
Technology Selection Guide
Languages: Node.js/TypeScript (full-stack), Python (data/ML), Go (concurrency), Rust (performance) Frameworks: NestJS, FastAPI, Django, Express, Gin Databases: PostgreSQL (ACID), MongoDB (flexible schema), Redis (caching) APIs: REST (simple), GraphQL (flexible), gRPC (performance)
See: references/backend-technologies.md for detailed comparisons
Reference Navigation
Core Technologies:
backend-technologies.md- Languages, frameworks, databases, message queues, ORMsbackend-api-design.md- REST, GraphQL, gRPC patterns and best practices
Security & Authentication:
backend-security.md- OWASP Top 10 2025, security best practices, input validationbackend-authentication.md- OAuth 2.1, JWT, RBAC, MFA, session management
Performance & Architecture:
backend-performance.md- Caching, query optimization, load balancing, scalingbackend-architecture.md- Microservices, event-driven, CQRS, saga patterns
Quality & Operations:
backend-testing.md- Testing strategies, frameworks, tools, CI/CD testingbackend-code-quality.md- SOLID principles, design patterns, clean codebackend-devops.md- Docker, Kubernetes, deployment strategies, monitoringbackend-debugging.md- Debugging strategies, profiling, logging, production debuggingbackend-mindset.md- Problem-solving, architectural thinking, collaboration
Key Best Practices (2025)
Security: Argon2id passwords, parameterized queries (98% SQL injection reduction), OAuth 2.1 + PKCE, rate limiting, security headers
Performance: Redis caching (90% DB load reduction), database indexing (30% I/O reduction), CDN (50%+ latency cut), connection pooling
Testing: 70-20-10 pyramid (unit-integration-E2E), Vitest 50% faster than Jest, contract testing for microservices, 83% migrations fail without tests
DevOps: Blue-green/canary deployments, feature flags (90% fewer failures), Kubernetes 84% adoption, Prometheus/Grafana monitoring, OpenTelemetry tracing
Quick Decision Matrix
| Need | Choose |
|---|---|
| Fast development | Node.js + NestJS |
| Data/ML integration | Python + FastAPI |
| High concurrency | Go + Gin |
| Max performance | Rust + Axum |
| ACID transactions | PostgreSQL |
| Flexible schema | MongoDB |
| Caching | Redis |
| Internal services | gRPC |
| Public APIs | GraphQL/REST |
| Real-time events | Kafka |
Implementation Checklist
API: Choose style → Design schema → Validate input → Add auth → Rate limiting → Documentation → Error handling
Database: Choose DB → Design schema → Create indexes → Connection pooling → Migration strategy → Backup/restore → Test performance
Security: OWASP Top 10 → Parameterized queries → OAuth 2.1 + JWT → Security headers → Rate limiting → Input validation → Argon2id passwords
Testing: Unit 70% → Integration 20% → E2E 10% → Load tests → Migration tests → Contract tests (microservices)
Deployment: Docker → CI/CD → Blue-green/canary → Feature flags → Monitoring → Logging → Health checks
Resources
- OWASP Top 10: https://owasp.org/www-project-top-ten/
- OAuth 2.1: https://oauth.net/2.1/
- OpenTelemetry: https://opentelemetry.io/
More from wollfoo/setup-factory
frontend-dev-guidelines
Frontend development guidelines for React/TypeScript applications. Modern patterns including Suspense, lazy loading, useSuspenseQuery, file organization with features directory, MUI v7 styling, TanStack Router, performance optimization, and TypeScript best practices. Use when creating components, pages, features, fetching data, styling, routing, or working with frontend code.
15code-review
Use when receiving code review feedback (especially if unclear or technically questionable), when completing tasks or major features requiring review before proceeding, or before making any completion/success claims. Covers three practices - receiving feedback with technical rigor over performative agreement, requesting reviews via code-reviewer subagent, and verification gates requiring evidence before any status claims. Essential for subagent-driven development, pull requests, and preventing false completion claims. | Sử dụng khi review code, đánh giá code, xem xét PR, pull request, cải thiện chất lượng code.
13planning
Use when you need to plan technical solutions that are scalable, secure, and maintainable. Create implementation plans, architecture designs, feature roadmaps. | Sử dụng khi cần lên kế hoạch, thiết kế kiến trúc, phân tích tính năng, đề xuất giải pháp, roadmap.
11better-auth
Implement authentication and authorization with Better Auth - a framework-agnostic TypeScript authentication framework. Features include email/password authentication with verification, OAuth providers (Google, GitHub, Discord, etc.), two-factor authentication (TOTP, SMS), passkeys/WebAuthn support, session management, role-based access control (RBAC), rate limiting, and database adapters. Use when adding authentication to applications, implementing OAuth flows, setting up 2FA/MFA, managing user sessions, configuring authorization rules, or building secure authentication systems for web applications. | Sử dụng khi xác thực, đăng nhập, login, auth, OAuth, session, bảo mật, phiên đăng nhập.
11databases
Work with MongoDB (document database, BSON documents, aggregation pipelines, Atlas cloud) and PostgreSQL (relational database, SQL queries, psql CLI, pgAdmin). Use when designing database schemas, writing queries and aggregations, optimizing indexes for performance, performing database migrations, configuring replication and sharding, implementing backup and restore strategies, managing database users and permissions, analyzing query performance, or administering production databases. | Sử dụng khi làm việc với cơ sở dữ liệu, database, SQL, query, truy vấn, schema, migration.
10docs-seeker
Search technical documentation using executable scripts to detect query type, fetch from llms.txt sources (context7.com), and analyze results. Use when user needs: (1) Topic-specific documentation (features/components/concepts), (2) Library/framework documentation, (3) GitHub repository analysis, (4) Documentation discovery with automated agent distribution strategy | Dùng khi tìm tài liệu, hướng dẫn, docs, documentation, api docs, tham khảo.
10