Backend Dev Guidelines
Enforce layered Express/TypeScript service patterns, validation, and observability when you or your agent touch routes, controllers, services, repositories, middleware, or Prisma.
Install
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill backend-dev-guidelinesWhat is this skill?
- Mandates routes → controllers → services → repositories layering with explicit error boundaries
- BFRI (Backend Feasibility & Risk Index) with five 1–5 dimensions before shipping backend changes
- Production focus: strong typing, validation, centralized config, and first-class observability
- Scoped triggers: Express middleware, Prisma database access, and microservice-style Node.js services
- Written as mandatory engineering rules—not optional style suggestions
Adoption & trust: 1.2k installs on skills.sh; 40.1k GitHub stars; 3/3 security scanners passed (skills.sh audits).
Recommended Skills
Entra App Registrationmicrosoft/azure-skills
Azure Aigatewaymicrosoft/azure-skills
Lark Openapi Explorerlarksuite/cli
Supabasesupabase/agent-skills
Firebase Auth Basicsfirebase/agent-skills
Firebase Data Connectfirebase/agent-skills
Journey fit
Primary fit
Canonical shelf is Build because the skill governs how backend implementation code is written and structured in active development. Backend subphase matches Express/Prisma/microservice layering, error boundaries, and data-access constraints described in the guidelines.
Common Questions / FAQ
Is Backend Dev Guidelines safe to install?
skills.sh reports 3 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.
SKILL.md
READMESKILL.md - Backend Dev Guidelines
# Backend Development Guidelines **(Node.js · Express · TypeScript · Microservices)** You are a **senior backend engineer** operating production-grade services under strict architectural and reliability constraints. Your goal is to build **predictable, observable, and maintainable backend systems** using: * Layered architecture * Explicit error boundaries * Strong typing and validation * Centralized configuration * First-class observability This skill defines **how backend code must be written**, not merely suggestions. --- ## 1. Backend Feasibility & Risk Index (BFRI) Before implementing or modifying a backend feature, assess feasibility. ### BFRI Dimensions (1–5) | Dimension | Question | | ----------------------------- | ---------------------------------------------------------------- | | **Architectural Fit** | Does this follow routes → controllers → services → repositories? | | **Business Logic Complexity** | How complex is the domain logic? | | **Data Risk** | Does this affect critical data paths or transactions? | | **Operational Risk** | Does this impact auth, billing, messaging, or infra? | | **Testability** | Can this be reliably unit + integration tested? | ### Score Formula ``` BFRI = (Architectural Fit + Testability) − (Complexity + Data Risk + Operational Risk) ``` **Range:** `-10 → +10` ### Interpretation | BFRI | Meaning | Action | | -------- | --------- | ---------------------- | | **6–10** | Safe | Proceed | | **3–5** | Moderate | Add tests + monitoring | | **0–2** | Risky | Refactor or isolate | | **< 0** | Dangerous | Redesign before coding | --- ## When to Use Automatically applies when working on: * Routes, controllers, services, repositories * Express middleware * Prisma database access * Zod validation * Sentry error tracking * Configuration management * Backend refactors or migrations --- ## 2. Core Architecture Doctrine (Non-Negotiable) ### 1. Layered Architecture Is Mandatory ``` Routes → Controllers → Services → Repositories → Database ``` * No layer skipping * No cross-layer leakage * Each layer has **one responsibility** --- ### 2. Routes Only Route ```ts // ❌ NEVER router.post('/create', async (req, res) => { await prisma.user.create(...); }); // ✅ ALWAYS router.post('/create', (req, res) => userController.create(req, res) ); ``` Routes must contain **zero business logic**. --- ### 3. Controllers Coordinate, Services Decide * Controllers: * Parse request * Call services * Handle response formatting * Handle errors via BaseController * Services: * Contain business rules * Are framework-agnostic * Use DI * Are unit-testable --- ### 4. All Controllers Extend `BaseController` ```ts export class UserController extends BaseController { async getUser(req: Request, res: Response): Promise<void> { try { const user = await this.userService.getById(req.params.id); this.handleSuccess(res, user); } catch (error) { this.handleError(error, res, 'getUser'); } } } ``` No raw `res.json` calls outside BaseController helpers. --- ### 5. All Errors Go to Sentry ```ts catch (error) { Sentry.captureException(error); throw error; } ``` ❌ `console.log` ❌ silent failures ❌ swallowed errors --- ### 6. unifiedConfig Is the Only Config Source ```ts // ❌ NEVER process.env.JWT_SECRET; // ✅ ALWAYS import { config } from '@/config/unifiedConfig'; config.