3.7 KiB
name, description
| name | description |
|---|---|
| ck-backend-development | Build production-ready backends with Node.js, Python, Go. Use for REST/GraphQL/gRPC APIs, authentication (OAuth, JWT), database design, microservices, OWASP security, Docker and Kubernetes deployment. |
ck-backend-development
Production-ready backend development with modern technologies, best practices, and proven patterns.
When to Use
- Designing RESTful, GraphQL, or gRPC APIs
- Building authentication and authorization systems
- Optimizing database queries and schemas
- Implementing caching and performance optimization
- OWASP Top 10 security mitigation
- Designing scalable microservices
- Testing strategies (unit, integration, E2E)
- CI/CD pipelines and deployment
- Monitoring and debugging production systems
Don't Use When
- Frontend UI work — use
ck-frontend-developmentorck-frontend-design - Infrastructure-only work (K8s manifests, Dockerfiles) — use
ck-devops - Database schema design only — use
ck-databases
Technology Selection
Languages:
- Node.js/TypeScript — full-stack teams, fast iteration
- Python — data/ML integration, scientific computing
- Go — high concurrency, performance-critical services
- Rust — maximum performance, memory safety
Frameworks: NestJS, FastAPI, Django, Express, Gin
Databases: PostgreSQL (ACID), MongoDB (flexible schema), Redis (caching)
APIs: REST (simple/public), GraphQL (flexible queries), gRPC (internal services, performance)
Quick Decision Matrix
| Need | Choose |
|---|---|
| Fast development | Node.js + NestJS |
| Data/ML integration | Python + FastAPI |
| High concurrency | Go + Gin |
| ACID transactions | PostgreSQL |
| Flexible schema | MongoDB |
| Caching | Redis |
| Internal services | gRPC |
| Public APIs | GraphQL/REST |
| Real-time events | Kafka |
Key Best Practices (2025)
Security:
- Argon2id for password hashing
- Parameterized queries (eliminates SQL injection)
- OAuth 2.1 + PKCE for authentication
- Rate limiting on all public endpoints
- Security headers (HSTS, CSP, X-Frame-Options)
Performance:
- Redis caching (reduces DB load significantly)
- Database indexing on frequently queried columns
- CDN for static assets
- Connection pooling (pgBouncer for PostgreSQL)
Testing: 70% unit / 20% integration / 10% E2E pyramid
DevOps: Blue-green or canary deployments, feature flags, Prometheus/Grafana monitoring
Implementation Checklists
API: Choose style → Design schema → Validate input → Add auth → Rate limiting → Documentation → Error handling
Database: Choose DB → Design schema → Create indexes → Connection pooling → Migration strategy → Backup/restore → Test performance
Security: OWASP Top 10 → Parameterized queries → OAuth 2.1 + JWT → Security headers → Rate limiting → Input validation → Argon2id
Testing: Unit 70% → Integration 20% → E2E 10% → Load tests → Migration tests
Deployment: Docker → CI/CD → Blue-green/canary → Feature flags → Monitoring → Logging → Health checks
Domain References
- API Design: REST/GraphQL/gRPC patterns and best practices
- Security: OWASP Top 10 2025, input validation, auth patterns
- Authentication: OAuth 2.1, JWT, RBAC, MFA, session management
- Performance: Caching, query optimization, load balancing, scaling
- Architecture: Microservices, event-driven, CQRS, saga patterns
- Testing: Testing strategies, frameworks, CI/CD testing
- DevOps: Docker, Kubernetes, deployment strategies, monitoring
Resources
- OWASP Top 10: https://owasp.org/www-project-top-ten/
- OAuth 2.1: https://oauth.net/2.1/
- OpenTelemetry: https://opentelemetry.io/