What technologies does this skill cover?

Node.js/TypeScript, Python, Go, Rust; frameworks NestJS, FastAPI, Django, Express, Gin; databases PostgreSQL, MongoDB, Redis; APIs REST/GraphQL/gRPC; authentication OAuth 2.1, JWT.

When should I use backend-development skills?

When designing APIs, implementing authentication, optimizing queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or delivering production-ready backend systems.

What practices are essential?

OWASP Top 10 security, parameterized queries, Redis caching, database indexing, testing pyramid (unit/integration/E2E), contract testing, and robust deployment/monitoring strategies.

backend-development

npx machina-cli add skill zircote/agents/backend-development --openclaw

Files (1)

SKILL.md

5.1 KB

Backend Development Skill

Production-ready backend development with modern technologies, best practices, and proven patterns.

<triggers> <trigger>Designing RESTful, GraphQL, or gRPC APIs</trigger> <trigger>Building authentication/authorization systems</trigger> <trigger>Optimizing database queries and schemas</trigger> <trigger>Implementing caching and performance optimization</trigger> <trigger>OWASP Top 10 security mitigation</trigger> <trigger>Designing scalable microservices</trigger> <trigger>Testing strategies (unit, integration, E2E)</trigger> <trigger>CI/CD pipelines and deployment</trigger> <trigger>Monitoring and debugging production systems</trigger> </triggers>

Technology Selection Guide

Languages: Node.js/TypeScript (full-stack), Python (data/ML), Go (concurrency), Rust (performance) Frameworks: NestJS, FastAPI, Django, Express, Gin Databases: PostgreSQL (ACID), MongoDB (flexible schema), Redis (caching) APIs: REST (simple), GraphQL (flexible), gRPC (performance)

See: references/backend-technologies.md for detailed comparisons

Reference Navigation

Core Technologies:

backend-technologies.md - Languages, frameworks, databases, message queues, ORMs
backend-api-design.md - REST, GraphQL, gRPC patterns and best practices

Security & Authentication:

backend-security.md - OWASP Top 10 2025, security best practices, input validation
backend-authentication.md - OAuth 2.1, JWT, RBAC, MFA, session management

Performance & Architecture:

backend-performance.md - Caching, query optimization, load balancing, scaling
backend-architecture.md - Microservices, event-driven, CQRS, saga patterns

Quality & Operations:

backend-testing.md - Testing strategies, frameworks, tools, CI/CD testing
backend-code-quality.md - SOLID principles, design patterns, clean code
backend-devops.md - Docker, Kubernetes, deployment strategies, monitoring
backend-debugging.md - Debugging strategies, profiling, logging, production debugging
backend-mindset.md - Problem-solving, architectural thinking, collaboration

Key Best Practices (2025)

Security: Argon2id passwords, parameterized queries (98% SQL injection reduction), OAuth 2.1 + PKCE, rate limiting, security headers

Performance: Redis caching (90% DB load reduction), database indexing (30% I/O reduction), CDN (50%+ latency cut), connection pooling

Testing: 70-20-10 pyramid (unit-integration-E2E), Vitest 50% faster than Jest, contract testing for microservices, 83% migrations fail without tests

DevOps: Blue-green/canary deployments, feature flags (90% fewer failures), Kubernetes 84% adoption, Prometheus/Grafana monitoring, OpenTelemetry tracing

Quick Decision Matrix

Need	Choose
Fast development	Node.js + NestJS
Data/ML integration	Python + FastAPI
High concurrency	Go + Gin
Max performance	Rust + Axum
ACID transactions	PostgreSQL
Flexible schema	MongoDB
Caching	Redis
Internal services	gRPC
Public APIs	GraphQL/REST
Real-time events	Kafka

Implementation Checklist

API: Choose style -> Design schema -> Validate input -> Add auth -> Rate limiting -> Documentation -> Error handling

Database: Choose DB -> Design schema -> Create indexes -> Connection pooling -> Migration strategy -> Backup/restore -> Test performance

Security: OWASP Top 10 -> Parameterized queries -> OAuth 2.1 + JWT -> Security headers -> Rate limiting -> Input validation -> Argon2id passwords

Testing: Unit 70% -> Integration 20% -> E2E 10% -> Load tests -> Migration tests -> Contract tests (microservices)

Deployment: Docker -> CI/CD -> Blue-green/canary -> Feature flags -> Monitoring -> Logging -> Health checks

<constraints> <constraint severity="critical">Never store plain-text passwords - always use Argon2id or bcrypt</constraint> <constraint severity="critical">Always use parameterized queries to prevent SQL injection</constraint> <constraint severity="high">Implement rate limiting on all public endpoints</constraint> <constraint severity="high">Use HTTPS/TLS for all production traffic</constraint> <constraint severity="medium">Database migrations must have rollback procedures</constraint> <constraint severity="medium">All API endpoints must have input validation</constraint> </constraints>

Resources

OWASP Top 10: https://owasp.org/www-project-top-ten/
OAuth 2.1: https://oauth.net/2.1/
OpenTelemetry: https://opentelemetry.io/

Source

git clone https://github.com/zircote/agents/blob/main/skills/backend-development/SKILL.mdView on GitHub

Overview

Design and implement production-ready backends using Node.js, Python, Go, or Rust with modern frameworks and databases. It covers API design (REST/GraphQL/gRPC), secure authentication, performance optimization, and scalable architectures using Docker, Kubernetes, CI/CD, and monitoring.

How This Skill Works

Select a language and framework (e.g., Node.js with NestJS or FastAPI), implement API patterns (REST, GraphQL, gRPC), integrate databases like PostgreSQL, MongoDB, or Redis, add authentication (OAuth 2.1, JWT), and apply testing, security, deployment, and observability practices through CI/CD and monitoring tooling.

When to Use It

Designing REST, GraphQL, or gRPC APIs
Building authentication/authorization systems with OAuth 2.1 and JWT
Optimizing database queries and schemas (PostgreSQL, MongoDB, Redis)
Setting up CI/CD pipelines and deployment for backend services
Designing scalable microservices and implementing monitoring

Quick Start

Step 1: Pick your stack (e.g., Node.js + NestJS, Python + FastAPI) and select databases (PostgreSQL, MongoDB, Redis)
Step 2: Design APIs (REST/GraphQL/gRPC) and implement authentication (OAuth 2.1, JWT)
Step 3: Add tests, configure CI/CD, and enable monitoring/observability

Best Practices

Security: apply OWASP Top 10 mitigations, use input validation, and secure authentication (OAuth 2.1 + PKCE, JWT)
Performance: leverage Redis caching, implement database indexing, and enable connection pooling
Testing: follow the 70-20-10 pyramid (unit/integration/E2E) and use contract testing for microservices
DevOps: adopt blue-green/canary deployments, feature flags, Kubernetes-based deployments, and robust monitoring
API & Architecture: design clear schemas, versioning, proper error handling, and scalable microservice patterns (CQRS, sagas)

Example Use Cases

Designing a REST API with NestJS and PostgreSQL, including JWT auth and rate limiting
Implementing OAuth 2.1, RBAC, and JWT-based sessions for a multi-service backend
Optimizing queries in PostgreSQL with indexing and parameterized queries, plus Redis caching
Dockerizing services and deploying on Kubernetes with a CI/CD pipeline and monitoring
Migrating to microservices using gRPC for internal APIs and GraphQL for public APIs

Frequently Asked Questions

Add this skill to your agents