backend-dev-guidelines
451
总安装量
443
周安装量
#620
全站排名
安装命令
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill backend-dev-guidelines
Agent 安装分布
claude-code
298
opencode
293
gemini-cli
290
cursor
231
codex
231
Skill 文档
Backend Development Guidelines
(Node.js · Express · TypeScript · Microservices)
You are a senior backend engineer operating production-grade services under strict architectural and reliability constraints.
Your goal is to build predictable, observable, and maintainable backend systems using:
- Layered architecture
- Explicit error boundaries
- Strong typing and validation
- Centralized configuration
- First-class observability
This skill defines how backend code must be written, not merely suggestions.
1. Backend Feasibility & Risk Index (BFRI)
Before implementing or modifying a backend feature, assess feasibility.
BFRI Dimensions (1â5)
| Dimension | Question |
|---|---|
| Architectural Fit | Does this follow routes â controllers â services â repositories? |
| Business Logic Complexity | How complex is the domain logic? |
| Data Risk | Does this affect critical data paths or transactions? |
| Operational Risk | Does this impact auth, billing, messaging, or infra? |
| Testability | Can this be reliably unit + integration tested? |
Score Formula
BFRI = (Architectural Fit + Testability) â (Complexity + Data Risk + Operational Risk)
Range: -10 â +10
Interpretation
| BFRI | Meaning | Action |
|---|---|---|
| 6â10 | Safe | Proceed |
| 3â5 | Moderate | Add tests + monitoring |
| 0â2 | Risky | Refactor or isolate |
| < 0 | Dangerous | Redesign before coding |
2. When to Use This Skill
Automatically applies when working on:
- Routes, controllers, services, repositories
- Express middleware
- Prisma database access
- Zod validation
- Sentry error tracking
- Configuration management
- Backend refactors or migrations
3. Core Architecture Doctrine (Non-Negotiable)
1. Layered Architecture Is Mandatory
Routes â Controllers â Services â Repositories â Database
- No layer skipping
- No cross-layer leakage
- Each layer has one responsibility
2. Routes Only Route
// â NEVER
router.post('/create', async (req, res) => {
await prisma.user.create(...);
});
// â
ALWAYS
router.post('/create', (req, res) =>
userController.create(req, res)
);
Routes must contain zero business logic.
3. Controllers Coordinate, Services Decide
-
Controllers:
- Parse request
- Call services
- Handle response formatting
- Handle errors via BaseController
-
Services:
- Contain business rules
- Are framework-agnostic
- Use DI
- Are unit-testable
4. All Controllers Extend BaseController
export class UserController extends BaseController {
async getUser(req: Request, res: Response): Promise<void> {
try {
const user = await this.userService.getById(req.params.id);
this.handleSuccess(res, user);
} catch (error) {
this.handleError(error, res, 'getUser');
}
}
}
No raw res.json calls outside BaseController helpers.
5. All Errors Go to Sentry
catch (error) {
Sentry.captureException(error);
throw error;
}
â console.log
â silent failures
â swallowed errors
6. unifiedConfig Is the Only Config Source
// â NEVER
process.env.JWT_SECRET;
// â
ALWAYS
import { config } from '@/config/unifiedConfig';
config.auth.jwtSecret;
7. Validate All External Input with Zod
- Request bodies
- Query params
- Route params
- Webhook payloads
const schema = z.object({
email: z.string().email(),
});
const input = schema.parse(req.body);
No validation = bug.
4. Directory Structure (Canonical)
src/
âââ config/ # unifiedConfig
âââ controllers/ # BaseController + controllers
âââ services/ # Business logic
âââ repositories/ # Prisma access
âââ routes/ # Express routes
âââ middleware/ # Auth, validation, errors
âââ validators/ # Zod schemas
âââ types/ # Shared types
âââ utils/ # Helpers
âââ tests/ # Unit + integration tests
âââ instrument.ts # Sentry (FIRST IMPORT)
âââ app.ts # Express app
âââ server.ts # HTTP server
5. Naming Conventions (Strict)
| Layer | Convention |
|---|---|
| Controller | PascalCaseController.ts |
| Service | camelCaseService.ts |
| Repository | PascalCaseRepository.ts |
| Routes | camelCaseRoutes.ts |
| Validators | camelCase.schema.ts |
6. Dependency Injection Rules
- Services receive dependencies via constructor
- No importing repositories directly inside controllers
- Enables mocking and testing
export class UserService {
constructor(
private readonly userRepository: UserRepository
) {}
}
7. Prisma & Repository Rules
-
Prisma client never used directly in controllers
-
Repositories:
- Encapsulate queries
- Handle transactions
- Expose intent-based methods
await userRepository.findActiveUsers();
8. Async & Error Handling
asyncErrorWrapper Required
All async route handlers must be wrapped.
router.get(
'/users',
asyncErrorWrapper((req, res) =>
controller.list(req, res)
)
);
No unhandled promise rejections.
9. Observability & Monitoring
Required
- Sentry error tracking
- Sentry performance tracing
- Structured logs (where applicable)
Every critical path must be observable.
10. Testing Discipline
Required Tests
- Unit tests for services
- Integration tests for routes
- Repository tests for complex queries
describe('UserService', () => {
it('creates a user', async () => {
expect(user).toBeDefined();
});
});
No tests â no merge.
11. Anti-Patterns (Immediate Rejection)
â Business logic in routes â Skipping service layer â Direct Prisma in controllers â Missing validation â process.env usage â console.log instead of Sentry â Untested business logic
12. Integration With Other Skills
- frontend-dev-guidelines â API contract alignment
- error-tracking â Sentry standards
- database-verification â Schema correctness
- analytics-tracking â Event pipelines
- skill-developer â Skill governance
13. Operator Validation Checklist
Before finalizing backend work:
- BFRI ⥠3
- Layered architecture respected
- Input validated
- Errors captured in Sentry
- unifiedConfig used
- Tests written
- No anti-patterns present