生产级后端服务开发指南：API设计、数据库、认证、缓存与可观测性最佳实践

software-backend by vasilyu1983/ai-agents-public

105 周安装量

46 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/vasilyu1983/ai-agents-public --skill software-backend

软件工程开发 API

🇨🇳中文介绍

软件后端工程

使用此技能来设计、实现和评审生产级后端服务：API 边界、数据层、认证、缓存、可观测性、错误处理、测试和部署。

默认倾向于：类型安全边界（在边缘进行验证）、使用 OpenTelemetry 进行可观测性、零信任假设、重试的幂等性、RFC 9457 错误、Postgres + 连接池、结构化日志、超时和速率限制。

脚手架规则：当搭建新项目时，展示所有领域逻辑的完整工作实现——欺诈规则、审计日志、Webhook 处理器、验证管道、后台作业。不要仅仅引用文件名或存根函数；展示实际代码，以便用户可以立即运行。

快速参考

任务	默认选择	备注
REST API	Fastify / Express / NestJS	倾向于类型化边界 + 显式超时
Edge API	Hono / 平台原生处理器	保持工作无状态、CPU 负载轻
类型安全 API	tRPC	倾向于用于 TS 单体仓库和内部 API
GraphQL API	Apollo Server / Pothos	倾向于用于复杂的客户端驱动查询
数据库	PostgreSQL	使用连接池 + 迁移 + 查询预算
ORM / 查询层	Prisma / Drizzle / SQLAlchemy / GORM / SeaORM / EF Core	倾向于显式事务

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

何时不应使用此技能

在以下情况时，请使用其他技能：

仅限前端关注点 -> 参见 software-frontend
基础设施配置（Terraform, K8s 清单） -> 参见 ops-devops-platform
仅限 API 设计模式（无实现） -> 参见 dev-api-design
SQL 查询优化和索引 -> 参见 data-sql-optimization
安全审计和威胁建模 -> 参见 software-security-appsec
系统架构（超越单个服务） -> 参见 software-architecture-design

根据最强的约束条件来选择，而不是功能列表：

约束条件	默认选择	原因
团队只懂 TypeScript	Fastify/Hono + Prisma/Drizzle	生态系统深度，招聘容易
需要 <50ms P95，CPU 密集型工作	Go (net/http + sqlc/pgx)	Goroutines 隔离 CPU 工作；无事件循环风险
数据密集型 / ML 集成	Python (FastAPI + SQLAlchemy)	最适合 numpy/pandas/ML 管道的生态系统
内存安全关键	Rust (Axum + SeaORM/SQLx)	零成本抽象，无 GC
企业/.NET 团队	C# (ASP.NET Core + EF Core)	Azure 集成，成熟的工具链
边缘/无服务器	Hono / 平台原生处理器	无状态，CPU 负载轻，冷启动快
金融科技/审计敏感	Go + sqlc（或原始 SQL）	ORM 魔法是一种负担；你需要可审计的 SQL

有关详细的框架/ORM/认证/缓存选择树，请参见 references/edge-deployment-guide.md 和特定语言的参考。请参见 assets/ 获取每种语言的入门模板。

API 设计模式 (2025年12月)

所有变更操作必须支持幂等性，以确保重试安全。

// Idempotency key header
const idempotencyKey = request.headers['idempotency-key'];
const cached = await redis.get(`idem:${idempotencyKey}`);
if (cached) return JSON.parse(cached);

const result = await processOperation();
await redis.set(`idem:${idempotencyKey}`, JSON.stringify(result), 'EX', 86400);
return result;

应做	避免
使用 TTL（通常 24 小时）存储幂等性键	处理重复请求
对重复键返回缓存的响应	对相同键返回不同的响应
使用客户端生成的 UUID	服务器生成的键

模式	使用场景	示例
基于游标	大型数据集，实时数据	`?cursor=abc123&limit=20`
基于偏移量	小型数据集，随机访问	`?page=3&per_page=20`
键集	排序数据，高性能	`?after_id=1000&limit=20`

对于频繁插入的 API，倾向于使用基于游标的分页。

错误响应标准（问题详情）

使用一致的机器可读错误格式（RFC 9457 问题详情）：https://www.rfc-editor.org/rfc/rfc9457

{
  "type": "https://example.com/problems/invalid-request",
  "title": "Invalid request",
  "status": 400,
  "detail": "email is required",
  "instance": "/v1/users"
}

// 存活检查：进程是否在运行？
app.get('/health/live', (req, res) => {
  res.status(200).json({ status: 'ok' });
});

// 就绪检查：服务能否处理流量？
app.get('/health/ready', async (req, res) => {
  const dbOk = await checkDatabase();
  const cacheOk = await checkRedis();
  if (dbOk && cacheOk) {
    res.status(200).json({ status: 'ready', db: 'ok', cache: 'ok' });
  } else {
    res.status(503).json({ status: 'not ready', db: dbOk, cache: cacheOk });
  }
});

常见错误（非显而易见）

避免	替代方案	原因
N+1 查询	`include`/`select` 或 DataLoader	10-100 倍的性能损失；在 ORM 代码中容易遗漏
无请求超时	HTTP 客户端、数据库、处理程序上的超时	挂起的依赖项会级联故障；参见下面的生产强化
缺少连接池	Prisma 池 / PgBouncer / pgx 池	在共享数据库层级下负载时耗尽连接
静默捕获错误	记录 + 重新抛出或显式处理	隐藏的故障，无法调试

生产强化：模型容易忽略的模式

这些模式将“在开发环境中工作”与“在生产环境中存活”区分开来。除非明确提示，模型往往会忽略它们——请将它们添加到每个服务中。

请求和查询超时

每个出站调用都需要超时。没有超时，挂起的依赖项会泄漏连接并级联故障。

// HTTP 客户端超时
const response = await fetch(url, { signal: AbortSignal.timeout(5000) });

// 数据库查询超时 (Prisma)
await prisma.$queryRaw`SET statement_timeout = '3000'`;

// Express/Fastify 请求超时
server.register(import('@fastify/timeout'), { timeout: 30000 });

层级	默认超时	原理
HTTP 客户端调用	5s	外部 API 不应阻塞你
数据库查询	3s	慢查询 = 缺少索引或执行计划不佳
请求处理程序	30s	整个请求生命周期的安全网
后台作业	5min	运行时间更长的作业需要分块处理

字段级选择（不要使用 `SELECT *`）

ORM 默认获取所有列。在宽表上，这会浪费带宽并隐藏性能问题。

// 错误：获取所有 30 列
const users = await prisma.user.findMany({ include: { posts: true } });

// 正确：仅获取端点需要的内容
const users = await prisma.user.findMany({
  select: { id: true, name: true, email: true },
  include: { posts: { select: { id: true, title: true } } }
});

对于 Go (sqlc)：在 SQL 查询中编写显式的列列表——sqlc 天然强制执行这一点。对于 Python (SQLAlchemy)：使用 load_only() 或显式列选择。

结构化错误响应 (RFC 9457)

从一开始就返回机器可读的错误。客户端不应通过正则表达式解析错误消息。

{
  "type": "https://api.example.com/problems/validation-error",
  "title": "Validation failed",
  "status": 422,
  "detail": "email must be a valid email address",
  "instance": "/v1/users",
  "errors": [{ "field": "email", "message": "invalid format" }]
}

设置 Content-Type: application/problem+json。此格式是一个标准 (RFC 9457)，任何 HTTP 客户端都可以解析。

在将任何新查询部署到生产环境之前，验证其执行计划：

EXPLAIN (ANALYZE, BUFFERS, FORMAT TEXT)
SELECT ... FROM ... WHERE ...;

输出中的危险信号：大表上的 Seq Scan、高行数估计的 Nested Loop、无索引的 Sort。在部署之前添加索引或重写查询。

性能调试工作流

当服务变慢时，按顺序检查这些层级。首先修复成本最低的层级——在修复 N+1 查询之前不要添加缓存。

步骤	检查内容	修复方法
1. 查询分析	启用查询日志，查找 N+1 查询和慢查询	使用 `include`/joins 重写，为字段级优化添加 `select`
2. 索引	对慢查询运行 `EXPLAIN ANALYZE`	添加匹配 WHERE + ORDER BY 模式的复合索引
3. 连接池	检查连接数与池大小的关系	配置池限制（Prisma `connection_limit`、PgBouncer、pgx 池）
4. 缓存	识别读取密集、很少变化的数据	添加带 TTL + 失效策略的 Redis/内存缓存
5. 超时	检查数据库、HTTP、处理程序上是否缺少超时	在每个层级添加超时（参见上面的生产强化）
6. 平台调优	共享数据库限制、冷启动、内存	升级层级、添加只读副本、调整运行时设置

关键原则：始终在修复前后进行测量。使用带有请求 ID 的结构化日志来端到端跟踪特定的慢请求。

基础设施经济学

后端架构决策直接影响成本和收入。有关详细的成本建模、SLA 到收入的映射、单位经济学清单和 FinOps 实践，请参见 references/infrastructure-economics.md。

references/backend-best-practices.md - 模板编写指南、质量检查清单和共享工具指针
references/edge-deployment-guide.md - 边缘计算模式、Cloudflare Workers 与 Vercel Edge、tRPC、Hono、Bun
references/infrastructure-economics.md - 成本建模、性能 SLA -> 收入、FinOps 实践、云优化
references/go-best-practices.md - Go 惯用法、并发、错误处理、GORM 使用、测试、性能分析
references/rust-best-practices.md - 所有权、异步、Axum、SeaORM、错误处理、测试
references/python-best-practices.md - FastAPI、SQLAlchemy、异步模式、验证、测试、性能
references/nodejs-best-practices.md - 事件循环、异步模式、Express/Fastify/NestJS/Hono、错误处理、内存管理、安全、性能分析
references/csharp-best-practices.md - C# 14 / .NET 10 LTS、扩展成员、field 关键字、ASP.NET Core 10（验证、SSE、OpenAPI 3.1）、EF Core 10（LeftJoin、命名过滤器）、HybridCache、Polly v8 弹性
references/database-patterns.md - PostgreSQL 模式（JSONB、CTEs、分区）、连接池、迁移策略、ORM 比较、索引设计
references/message-queues-background-jobs.md - BullMQ 模式、代理比较（Redis/SQS/Kafka/RabbitMQ）、幂等作业、DLQ、调度、交付保证
data/sources.json - 按语言/运行时的外部参考
共享检查清单：../software-clean-code-standard/assets/checklists/backend-api-review-checklist.md、../software-clean-code-standard/assets/checklists/secure-code-review-checklist.md

共享工具（集中化模式 - 提取，不要重复）

assets/nodejs/template-nodejs-prisma-postgres.md - Node.js + Prisma + PostgreSQL
assets/go/template-go-fiber-gorm.md - Go + Fiber + GORM + PostgreSQL
assets/rust/template-rust-axum-seaorm.md - Rust + Axum + SeaORM + PostgreSQL
assets/python/template-python-fastapi-sqlalchemy.md - Python + FastAPI + SQLAlchemy + PostgreSQL
assets/csharp/template-csharp-aspnet-efcore.md - C# + ASP.NET Core + Entity Framework Core + PostgreSQL

../software-architecture-design/SKILL.md - 系统分解、SLA 和数据流
../software-security-appsec/SKILL.md - 认证/授权和安全 API 设计
../ops-devops-platform/SKILL.md - CI/CD、基础设施和部署安全
../qa-resilience/SKILL.md - 弹性、重试和故障应对手册
../software-code-review/SKILL.md - 后端变更的评审检查清单和标准
../qa-testing-strategy/SKILL.md - 测试策略、测试金字塔和覆盖率目标
../dev-api-design/SKILL.md - RESTful 设计、GraphQL 和 API 版本控制模式
../data-sql-optimization/SKILL.md - SQL 优化、索引和查询调优模式

当用户询问对版本敏感的建议问题时，在断言“最佳”选择或引用版本之前，请先进行快速新鲜度检查。

“对于 [用例] 来说，最好的后端框架是什么？”
“我应该用什么来处理 [API 设计/认证/数据库]？”
“Node.js/Go/Rust 的最新动态是什么？”
“[REST/GraphQL/tRPC] 的当前最佳实践是什么？”
“[框架/运行时] 在 2026 年仍然相关吗？”
“[Express] vs [Fastify] vs [Hono]？”
“对于 [数据库/用例] 来说，最好的 ORM 是什么？”

如何进行新鲜度检查

从 data/sources.json 开始（官方文档、发布说明、支持策略）。
针对特定组件运行有针对性的网络搜索，并打开发布说明/支持策略页面。
对于版本和支持窗口，优先选择官方来源而非博客。

当前格局：当前稳定且广泛使用的内容
新兴趋势：正在获得关注的内容（及原因）
已弃用/衰退：正在失宠的内容（及原因）
建议：默认选择 + 1-2 个备选方案，并说明权衡

示例主题（通过最新搜索验证）

Node.js LTS 支持窗口和重大变更
Bun vs Deno vs Node.js
Hono、Elysia 和边缘优先框架
对于 TypeScript，Drizzle vs Prisma
tRPC 和端到端类型安全
边缘计算和无服务器模式
.NET 10 LTS（2025 年 11 月）和 C# 14 的采用
ASP.NET Core 10 内置验证 vs FluentValidation
对于 C# 数据访问，EF Core 10 vs Dapper
HybridCache vs 手动 IMemoryCache + IDistributedCache

references/operational-playbook.md - 完整的后端架构模式、检查清单、TypeScript 注释和决策表

在最终答案之前，使用网络搜索/网络获取来验证当前的外部事实、版本、定价、截止日期、法规或平台行为。
优先选择主要来源；对于易变信息，报告来源链接和日期。
如果无法访问网络，请说明限制并将指导标记为未经验证。

🇺🇸English

Software Backend Engineering

Use this skill to design, implement, and review production-grade backend services: API boundaries, data layer, auth, caching, observability, error handling, testing, and deployment.

Defaults to bias toward: type-safe boundaries (validation at the edge), OpenTelemetry for observability, zero-trust assumptions, idempotency for retries, RFC 9457 errors, Postgres + pooling, structured logs, timeouts, and rate limiting.

Scaffolding rule : When scaffolding a new project, show full working implementations for all domain logic — fraud rules, audit logging, webhook handlers, validation pipelines, background jobs. Don't just reference file names or stub functions; show the actual code so the user can run it immediately.

Quick Reference

Task	Default Picks	Notes
REST API	Fastify / Express / NestJS	Prefer typed boundaries + explicit timeouts
Edge API	Hono / platform-native handlers	Keep work stateless, CPU-light
Type-Safe API	tRPC	Prefer for TS monorepos and internal APIs
GraphQL API	Apollo Server / Pothos	Prefer for complex client-driven queries
Database	PostgreSQL	Use pooling + migrations + query budgets
ORM / Query Layer	Prisma / Drizzle / SQLAlchemy / GORM / SeaORM / EF Core	Prefer explicit transactions
Authentication	OIDC/OAuth + sessions/JWT	Prefer httpOnly cookies for browsers
Validation	Zod / Pydantic / validator libs	Validate at the boundary, not deep inside
Caching	Redis (or managed)	Use TTLs + invalidation strategy
Background Jobs	BullMQ / platform queues	Make jobs idempotent + retry-safe
Testing	Unit + integration + contract/E2E	Keep most tests below the UI layer
Observability	Structured logs + OpenTelemetry	Correlation IDs end-to-end

Scope

Use this skill to:

Design and implement REST/GraphQL/tRPC APIs
Model data schemas and run safe migrations
Implement authentication/authorization (OIDC/OAuth, sessions/JWT)
Add validation, error handling, rate limiting, caching, and background jobs
Ship production readiness (timeouts, observability, deploy/runbooks)

When NOT to Use This Skill

Use a different skill when:

Frontend-only concerns -> See software-frontend
Infrastructure provisioning (Terraform, K8s manifests) -> See ops-devops-platform
API design patterns only (no implementation) -> See dev-api-design
SQL query optimization and indexing -> See data-sql-optimization
Security audits and threat modeling -> See software-security-appsec
System architecture (beyond single service) -> See software-architecture-design

Technology Selection

Pick based on the strongest constraint, not feature lists:

Constraint	Default Pick	Why
Team knows TypeScript only	Fastify/Hono + Prisma/Drizzle	Ecosystem depth, hiring ease
Need <50ms P95, CPU-bound work	Go (net/http + sqlc/pgx)	Goroutines isolate CPU work; no event-loop risk
Data-heavy / ML integration	Python (FastAPI + SQLAlchemy)	Best ecosystem for numpy/pandas/ML pipelines
Memory-safety critical	Rust (Axum + SeaORM/SQLx)	Zero-cost abstractions, no GC
Enterprise/.NET team	C# (ASP.NET Core + EF Core)	Azure integration, mature tooling
Edge/serverless	Hono / platform-native handlers	Stateless, CPU-light, fast cold starts
Fintech/audit-sensitive	Go + sqlc (or raw SQL)	ORM magic is a liability; you need auditable SQL

For detailed framework/ORM/auth/caching selection trees, see references/edge-deployment-guide.md and language-specific references. See assets/ for starter templates per language.

API Design Patterns (Dec 2025)

Idempotency Patterns

All mutating operations MUST support idempotency for retry safety.

Implementation:

// Idempotency key header
const idempotencyKey = request.headers['idempotency-key'];
const cached = await redis.get(`idem:${idempotencyKey}`);
if (cached) return JSON.parse(cached);

const result = await processOperation();
await redis.set(`idem:${idempotencyKey}`, JSON.stringify(result), 'EX', 86400);
return result;

Do	Avoid
Store idempotency keys with TTL (24h typical)	Processing duplicate requests
Return cached response for duplicate keys	Different responses for same key
Use client-generated UUIDs	Server-generated keys

Pagination Patterns

Pattern	Use When	Example
Cursor-based	Large datasets, real-time data	`?cursor=abc123&limit=20`
Offset-based	Small datasets, random access	`?page=3&per_page=20`
Keyset	Sorted data, high performance	`?after_id=1000&limit=20`

Prefer cursor-based pagination for APIs with frequent inserts.

Error Response Standard (Problem Details)

Use a consistent machine-readable error format (RFC 9457 Problem Details): https://www.rfc-editor.org/rfc/rfc9457

{
  "type": "https://example.com/problems/invalid-request",
  "title": "Invalid request",
  "status": 400,
  "detail": "email is required",
  "instance": "/v1/users"
}

Health Check Patterns

// Liveness: Is the process running?
app.get('/health/live', (req, res) => {
  res.status(200).json({ status: 'ok' });
});

// Readiness: Can the service handle traffic?
app.get('/health/ready', async (req, res) => {
  const dbOk = await checkDatabase();
  const cacheOk = await checkRedis();
  if (dbOk && cacheOk) {
    res.status(200).json({ status: 'ready', db: 'ok', cache: 'ok' });
  } else {
    res.status(503).json({ status: 'not ready', db: dbOk, cache: cacheOk });
  }
});

Common Mistakes (Non-Obvious)

Avoid	Instead	Why
N+1 queries	`include`/`select` or DataLoader	10-100x perf hit; easy to miss in ORM code
No request timeouts	Timeouts on HTTP clients, DB, handlers	Hung deps cascade; see Production Hardening below
Missing connection pooling	Prisma pool / PgBouncer / pgx pool	Exhaustion under load on shared DB tiers
Catching errors silently	Log + rethrow or handle explicitly	Hidden failures, impossible to debug

Production Hardening: Patterns Models Skip

These are the patterns that separate "works in dev" from "survives production." Models tend to skip them unless explicitly prompted — add them to every service.

Request & Query Timeouts

Every outbound call needs a timeout. Without one, a hung dependency leaks connections and cascades failures.

// HTTP client timeout
const response = await fetch(url, { signal: AbortSignal.timeout(5000) });

// Database query timeout (Prisma)
await prisma.$queryRaw`SET statement_timeout = '3000'`;

// Express/Fastify request timeout
server.register(import('@fastify/timeout'), { timeout: 30000 });

Layer	Default Timeout	Rationale
HTTP client calls	5s	External APIs shouldn't block you
Database queries	3s	Slow queries = missing index or bad plan
Request handler	30s	Safety net for the whole request lifecycle
Background jobs	5min	Jobs that run longer need chunking

Field-Level Selection (Don't `SELECT *`)

ORMs default to fetching all columns. On wide tables this wastes bandwidth and hides performance problems.

// BAD: fetches all 30 columns
const users = await prisma.user.findMany({ include: { posts: true } });

// GOOD: fetch only what the endpoint needs
const users = await prisma.user.findMany({
  select: { id: true, name: true, email: true },
  include: { posts: { select: { id: true, title: true } } }
});

For Go (sqlc): write explicit column lists in SQL queries — sqlc enforces this naturally. For Python (SQLAlchemy): use load_only() or explicit column selection.

Structured Error Responses (RFC 9457)

Return machine-readable errors from day one. Clients shouldn't have to regex-parse error messages.

{
  "type": "https://api.example.com/problems/validation-error",
  "title": "Validation failed",
  "status": 422,
  "detail": "email must be a valid email address",
  "instance": "/v1/users",
  "errors": [{ "field": "email", "message": "invalid format" }]
}

Set Content-Type: application/problem+json. This format is a standard (RFC 9457) and parseable by any HTTP client.

Query Plan Verification

Before shipping any new query to production, verify its execution plan:

EXPLAIN (ANALYZE, BUFFERS, FORMAT TEXT)
SELECT ... FROM ... WHERE ...;

Red flags in the output: Seq Scan on large tables, Nested Loop with high row estimates, Sort without index. Add indexes or rewrite the query before deploying.

Performance Debugging Workflow

When a service is slow, work through these layers in order. Fix the cheapest layer first — don't add caching before fixing N+1 queries.

Step	What to Check	Fix
1. Query analysis	Enable query logging, find N+1s and slow queries	Rewrite with `include`/joins, add `select` for field-level optimization
2. Indexing	Run `EXPLAIN ANALYZE` on slow queries	Add composite indexes matching WHERE + ORDER BY patterns
3. Connection pooling	Check connection count vs. pool size	Configure pool limits (Prisma `connection_limit`, PgBouncer, pgx pool)
4. Caching	Identify read-heavy, rarely-changing data	Add Redis/in-memory cache with TTL + invalidation strategy
5. Timeouts	Check for missing timeouts on DB, HTTP, handlers

Key principle : always measure before and after. Use structured logging with request IDs to trace specific slow requests end-to-end.

Infrastructure Economics

Backend architecture decisions directly impact cost and revenue. See references/infrastructure-economics.md for detailed cost modeling, SLA-to-revenue mapping, unit economics checklists, and FinOps practices.

Navigation

Resources

references/backend-best-practices.md - Template authoring guide, quality checklist, and shared utilities pointers
references/edge-deployment-guide.md - Edge computing patterns, Cloudflare Workers vs Vercel Edge, tRPC, Hono, Bun
references/infrastructure-economics.md - Cost modeling, performance SLAs -> revenue, FinOps practices, cloud optimization
references/go-best-practices.md - Go idioms, concurrency, error handling, GORM usage, testing, profiling
references/rust-best-practices.md - Ownership, async, Axum, SeaORM, error handling, testing
references/python-best-practices.md - FastAPI, SQLAlchemy, async patterns, validation, testing, performance
references/nodejs-best-practices.md - Event loop, async patterns, Express/Fastify/NestJS/Hono, error handling, memory management, security, profiling
references/csharp-best-practices.md - C# 14 / .NET 10 LTS, extension members, field keyword, ASP.NET Core 10 (validation, SSE, OpenAPI 3.1), EF Core 10 (LeftJoin, named filters), HybridCache, Polly v8 resilience

Shared Utilities (Centralized patterns - extract, don't duplicate)

../software-clean-code-standard/utilities/auth-utilities.md - Argon2id, jose JWT, OAuth 2.1/PKCE
../software-clean-code-standard/utilities/error-handling.md - Effect Result types, correlation IDs
../software-clean-code-standard/utilities/config-validation.md - Zod 3.24+, Valibot, secrets management
../software-clean-code-standard/utilities/resilience-utilities.md - p-retry v6, opossum v8, OTel spans
../software-clean-code-standard/utilities/logging-utilities.md - pino v9 + OpenTelemetry integration
../software-clean-code-standard/utilities/testing-utilities.md - Vitest, MSW v2, factories, fixtures
../software-clean-code-standard/utilities/observability-utilities.md - OpenTelemetry SDK, tracing, metrics
../software-clean-code-standard/references/clean-code-standard.md - Canonical clean code rules () for citation

Templates

assets/nodejs/template-nodejs-prisma-postgres.md - Node.js + Prisma + PostgreSQL
assets/go/template-go-fiber-gorm.md - Go + Fiber + GORM + PostgreSQL
assets/rust/template-rust-axum-seaorm.md - Rust + Axum + SeaORM + PostgreSQL
assets/python/template-python-fastapi-sqlalchemy.md - Python + FastAPI + SQLAlchemy + PostgreSQL
assets/csharp/template-csharp-aspnet-efcore.md - C# + ASP.NET Core + Entity Framework Core + PostgreSQL

Related Skills

../software-architecture-design/SKILL.md - System decomposition, SLAs, and data flows
../software-security-appsec/SKILL.md - Authentication/authorization and secure API design
../ops-devops-platform/SKILL.md - CI/CD, infrastructure, and deployment safety
../qa-resilience/SKILL.md - Resilience, retries, and failure playbooks
../software-code-review/SKILL.md - Review checklists and standards for backend changes
../qa-testing-strategy/SKILL.md - Testing strategies, test pyramids, and coverage goals
../dev-api-design/SKILL.md - RESTful design, GraphQL, and API versioning patterns
../data-sql-optimization/SKILL.md - SQL optimization, indexing, and query tuning patterns

Freshness Protocol

When users ask version-sensitive recommendation questions, do a quick freshness check before asserting "best" choices or quoting versions.

Trigger Conditions

"What's the best backend framework for [use case]?"
"What should I use for [API design/auth/database]?"
"What's the latest in Node.js/Go/Rust?"
"Current best practices for [REST/GraphQL/tRPC]?"
"Is [framework/runtime] still relevant in 2026?"
"[Express] vs [Fastify] vs [Hono]?"
"Best ORM for [database/use case]?"

How to Freshness-Check

Start from data/sources.json (official docs, release notes, support policies).
Run a targeted web search for the specific component and open release notes/support policy pages.
Prefer official sources over blogs for versions and support windows.

What to Report

Current landscape : what is stable and widely used now
Emerging trends : what is gaining traction (and why)
Deprecated/declining : what is falling out of favor (and why)
Recommendation : default choice + 1-2 alternatives, with trade-offs

Example Topics (verify with fresh search)

Node.js LTS support window and major changes
Bun vs Deno vs Node.js
Hono, Elysia, and edge-first frameworks
Drizzle vs Prisma for TypeScript
tRPC and end-to-end type safety
Edge computing and serverless patterns
.NET 10 LTS (Nov 2025) and C# 14 adoption
ASP.NET Core 10 built-in validation vs FluentValidation
EF Core 10 vs Dapper for C# data access
HybridCache vs manual IMemoryCache + IDistributedCache

Operational Playbooks

references/operational-playbook.md - Full backend architecture patterns, checklists, TypeScript notes, and decision tables

Fact-Checking

Use web search/web fetch to verify current external facts, versions, pricing, deadlines, regulations, or platform behavior before final answers.
Prefer primary sources; report source links and dates for volatile information.
If web access is unavailable, state the limitation and mark guidance as unverified.

Weekly Installs

105

Repository

vasilyu1983/ai-…s-public

GitHub Stars

First Seen

Jan 23, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykWarn

Installed on

opencode86

codex83

gemini-cli82

cursor80

github-copilot78

amp69

agent-browser 浏览器自动化工具 - Vercel Labs 命令行网页操作与测试

157,400 周安装

references/database-patterns.md - PostgreSQL patterns (JSONB, CTEs, partitioning), connection pooling, migration strategies, ORM comparison, index design

references/message-queues-background-jobs.md - BullMQ patterns, broker comparison (Redis/SQS/Kafka/RabbitMQ), idempotent jobs, DLQ, scheduling, delivery guarantees

data/sources.json - External references per language/runtime