Backend Development
Guide agents through production backend work—API design, auth, databases, OWASP security, scaling, Docker/K8s, and monitoring—for Node, Python, Go, or Rust stacks.
Overview
backend-development is a journey-wide agent skill that guides solo builders through designing, securing, testing, deploying, and monitoring production backends across modern languages and frameworks.
Install
npx skills add https://github.com/mrgoonie/claudekit-skills --skill backend-developmentWhat is this skill?
- Technology selection across Node/TS, Python, Go, Rust with NestJS, FastAPI, Django, Express, Gin
- REST, GraphQL, and gRPC API design plus OAuth 2.1 and JWT authentication patterns
- PostgreSQL, MongoDB, Redis with query optimization, caching, and sharding notes
- OWASP Top 10 mitigation, testing (unit/integration/E2E), Docker/Kubernetes, and CI/CD
- Explicit When to Use list for APIs, auth, DB tuning, security, microservices, and prod monitoring
- OWASP Top 10 coverage called out explicitly
- Skill version 1.0.0 MIT licensed
Adoption & trust: 1.4k installs on skills.sh; 2.1k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
Your agent ships backend code without consistent choices for APIs, auth, database performance, security, or deployment—and you lack a single procedural reference for production-grade services.
Who is it for?
Indie developers delegating full-stack or API work to agents who need structured backend methodology from schema design through CI/CD.
Skip if: Pure frontend-only tweaks, no-code prototypes, or specialists who already enforce a fixed internal platform playbook with zero stack flexibility.
When should I use this skill?
Designing APIs, implementing authentication, optimizing database queries, setting up CI/CD, handling security vulnerabilities, building microservices, or developing production-ready backend systems.
What do I get? / Deliverables
After the skill runs, plans and code align with stated stacks, OWASP-aware security, test strategy, and scalable ops patterns appropriate to the task.
- API design
- Auth implementation plan
- Schema and query optimizations
Recommended Skills
Journey fit
Useful at every journey phase - explore requirements and options before committing to a direction.
Where it fits
Choose Go vs Node and API style before building a paid API MVP.
Implement FastAPI routes with JWT auth and PostgreSQL schema migrations.
Walk OWASP Top 10 mitigations before launch.
Define unit, integration, and E2E coverage for critical payment paths.
Add metrics and tracing guidance when latency spikes in production.
How it compares
Broad backend methodology skill—not a single-database MCP tool or a one-framework code generator.
Common Questions / FAQ
Who is backend-development for?
Solo and small-team builders using Claudekit agents to implement or harden server-side systems across common languages and clouds.
When should I use backend-development?
During Validate when scoping API shape; Build for auth and data layers; Ship for security and tests; Operate when debugging production performance or monitoring—whenever the When to Use bullets match (APIs, OWASP, CI/CD, microservices).
Is backend-development safe to install?
It may recommend shell, git, and cloud operations—review the Security Audits panel on this Prism page before enabling in autonomous agents.
SKILL.md
READMESKILL.md - Backend Development
# Backend Development Skill Production-ready backend development with modern technologies, best practices, and proven patterns. ## When to Use - Designing RESTful, GraphQL, or gRPC APIs - Building authentication/authorization systems - Optimizing database queries and schemas - Implementing caching and performance optimization - OWASP Top 10 security mitigation - Designing scalable microservices - Testing strategies (unit, integration, E2E) - CI/CD pipelines and deployment - Monitoring and debugging production systems ## Technology Selection Guide **Languages:** Node.js/TypeScript (full-stack), Python (data/ML), Go (concurrency), Rust (performance) **Frameworks:** NestJS, FastAPI, Django, Express, Gin **Databases:** PostgreSQL (ACID), MongoDB (flexible schema), Redis (caching) **APIs:** REST (simple), GraphQL (flexible), gRPC (performance) See: `references/backend-technologies.md` for detailed comparisons ## Reference Navigation **Core Technologies:** - `backend-technologies.md` - Languages, frameworks, databases, message queues, ORMs - `backend-api-design.md` - REST, GraphQL, gRPC patterns and best practices **Security & Authentication:** - `backend-security.md` - OWASP Top 10 2025, security best practices, input validation - `backend-authentication.md` - OAuth 2.1, JWT, RBAC, MFA, session management **Performance & Architecture:** - `backend-performance.md` - Caching, query optimization, load balancing, scaling - `backend-architecture.md` - Microservices, event-driven, CQRS, saga patterns **Quality & Operations:** - `backend-testing.md` - Testing strategies, frameworks, tools, CI/CD testing - `backend-code-quality.md` - SOLID principles, design patterns, clean code - `backend-devops.md` - Docker, Kubernetes, deployment strategies, monitoring - `backend-debugging.md` - Debugging strategies, profiling, logging, production debugging - `backend-mindset.md` - Problem-solving, architectural thinking, collaboration ## Key Best Practices (2025) **Security:** Argon2id passwords, parameterized queries (98% SQL injection reduction), OAuth 2.1 + PKCE, rate limiting, security headers **Performance:** Redis caching (90% DB load reduction), database indexing (30% I/O reduction), CDN (50%+ latency cut), connection pooling **Testing:** 70-20-10 pyramid (unit-integration-E2E), Vitest 50% faster than Jest, contract testing for microservices, 83% migrations fail without tests **DevOps:** Blue-green/canary deployments, feature flags (90% fewer failures), Kubernetes 84% adoption, Prometheus/Grafana monitoring, OpenTelemetry tracing ## Quick Decision Matrix | Need | Choose | |------|--------| | Fast development | Node.js + NestJS | | Data/ML integration | Python + FastAPI | | High concurrency | Go + Gin | | Max performance | Rust + Axum | | ACID transactions | PostgreSQL | | Flexible schema | MongoDB | | Caching | Redis | | Internal services | gRPC | | Public APIs | GraphQL/REST | | Real-time events | Kafka | ## Implementation Checklist **API:** Choose style → Design schema → Validate input → Add auth → Rate limiting → Documentation → Error handling **Database:** Choose DB → Design schema → Create indexes → Connection pooling → Migration strategy → Backup/restore → Test performance **Security:** OWASP Top 10 → Parameter