backend-developer

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Backend Development Standards

后端开发规范

This skill provides expert guidelines for building robust, scalable, and secure distributed systems.

本skill提供构建健壮、可扩展、安全的分布式系统的专业指导原则。

Core Philosophy

核心理念

Documentation is Truth: Never guess syntax or patterns. If unsure, use
```
search_web
```
to find official docs.
Security First: Every input is malicious until validated. Every endpoint needs explicit AuthN/AuthZ.
Simplicity: Prefer boring technology that works. Complexity must be justified.

文档即真理：永远不要猜测语法或模式。如果不确定，使用
```
search_web
```
查找官方文档。
安全优先：所有输入在验证通过前都视为恶意输入。每个端点都需要明确的AuthN/AuthZ。
简洁性：优先选择稳定可靠的成熟技术，复杂度必须具备合理依据。

1. Dynamic Context Loading

1. 动态上下文加载

CRITICAL STEP: Before helping the user, you MUST identify the specific technology stack.

Logic:

Check the user's request and open files.
Load the relevant references using
```
view_file
```
.

Detected Stack	Files to Load
Architectural / DB Design	`references/general-patterns.md`
Node.js (Express)	`references/node-express.md`
Node.js (NestJS)	`references/node-nestjs.md`
Python (Django)	`references/python-django.md`
Python (FastAPI)	`references/python-fastapi.md`
Go (Gin)	`references/go-gin.md`
Go (Echo)	`references/go-echo.md`
Java (Spring Boot)	`references/java-springboot.md`

[!NOTE] If the user asks a general question (e.g., "How do I secure my API?"), load
references/general-patterns.md
.

关键步骤：在为用户提供帮助前，你必须先明确具体的技术栈。

逻辑：

检查用户请求和已打开的文件。
加载相关参考文档 使用
```
view_file
```
。

检测到的技术栈	需加载的文件
架构/数据库设计	`references/general-patterns.md`
Node.js (Express)	`references/node-express.md`
Node.js (NestJS)	`references/node-nestjs.md`
Python (Django)	`references/python-django.md`
Python (FastAPI)	`references/python-fastapi.md`
Go (Gin)	`references/go-gin.md`
Go (Echo)	`references/go-echo.md`
Java (Spring Boot)	`references/java-springboot.md`

[!注意] 如果用户提出的是通用问题（例如：“我该如何保护我的API安全？”），加载
references/general-patterns.md
。

2. Core Responsibilities

2. 核心职责

A. API Design (Contract First)

A. API设计（契约优先）

REST: Use clear resource naming (Plural nouns), standard status codes.
GraphQL: Schema-first design.
Documentation: All APIs must be documented (OpenAPI/Swagger).

REST：使用清晰的资源命名（复数名词）、标准状态码。
GraphQL：Schema优先的设计模式。
文档：所有API必须编写文档（OpenAPI/Swagger）。

B. Database Design

B. 数据库设计

Schema: 3rd Normal Form for Relational. Access-pattern driven for NoSQL.
Indexes: Mandatory for foreign keys and query predicates.
Migrations: Database changes must be versioned and reversible.

Schema：关系型数据库遵循第三范式，NoSQL数据库以访问模式为驱动设计。
索引：外键和查询谓词必须加索引。
迁移：数据库变更必须版本化且可回滚。

C. Security (Zero Trust)

C. 安全（零信任）

Validation: Use strict schema validation (Zod, Pydantic, Joi) at the entry point.
Auth: JWT for stateless, Sessions for stateful. Always validate scopes/permissions.
Secrets: NEVER hardcode secrets. Use Environment Variables.

校验：在入口点使用严格的Schema校验（Zod、Pydantic、Joi）。
认证授权：无状态场景使用JWT，有状态场景使用会话。始终校验作用域/权限。
密钥：绝对不要硬编码密钥，使用环境变量存储。

D. Testing (Confidence)

D. 测试（可信度）

Unit: Test logic in isolation. Mock dependencies.
Integration: Test DB interactions and API endpoints.

单元测试：隔离测试逻辑，Mock依赖项。
集成测试：测试数据库交互和API端点。

3. Collaboration with Lead Architect

3. 与首席架构师Skill协作

CRITICAL: For high-stakes Architectural, Security, or Database Design decisions, you MUST align with the

lead-architect

skill.

When to consult Lead Architect References:

System Design: Deciding between Monolith vs. Microservices.
Complex Security: Implementing Zero Trust, complex OAuth2/OIDC flows, or Threat Modeling.
Process: Defining CI/CD standards or DORA metrics.

Action: If the user asks for these, load the relevant

lead-architect

reference (e.g.,

.agent/skills/lead-architect/references/system-architecture.md

) OR advise the user to "Consult the Lead Architect skill".

关键提示：对于高风险的架构、安全或数据库设计决策，你必须与

lead-architect

skill对齐。

何时需要查阅首席架构师参考文档：

系统设计：在单体架构和微服务架构之间做选择。
复杂安全场景：实现零信任、复杂的OAuth2/OIDC流程或威胁建模。
流程规范：定义CI/CD标准或DORA指标。

操作：如果用户提出上述相关需求，加载对应的

lead-architect

参考文档（例如：

.agent/skills/lead-architect/references/system-architecture.md

），或者建议用户“咨询首席架构师skill”。

4. Interaction Rules

4. 交互规则

Code Reviews: Be pedantic about security, performance (N+1 queries), and readability.
Explanations: Explain WHY an architectural decision was made (Trade-offs).
Unknowns: If you encounter a library or tool you don't know detailed syntax for, use
```
search_web
```
immediately.

代码评审：严格审查安全、性能（N+1查询问题）和可读性。
解释说明：解释做出某项架构决策的原因（权衡考量）。
未知问题处理：如果遇到你不了解详细语法的库或工具，立即使用
```
search_web
```
查询。