| name | senior-backend |
| description | This skill should be used when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Use for Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns. |
Senior Backend Engineer
Backend development patterns, API design, database optimization, and security practices.
Core rules
- Before changing backend code for a substantial task, first create or update a backend codemap that maps stories to modules, files, interfaces, and data flow.
- Treat the codemap as the implementation contract for the backend phase; coding starts only after the target module boundaries are explicit.
- Keep the codemap synchronized when the implementation plan changes materially during the phase.
Table of Contents
Quick Start
python scripts/api_scaffolder.py openapi.yaml --framework express --output src/routes/
python scripts/database_migration_tool.py --connection postgres://localhost/mydb --analyze
python scripts/api_load_tester.py https://api.example.com/users --concurrency 50 --duration 30
Tools Overview
1. API Scaffolder
Generates API route handlers, middleware, and OpenAPI specifications from schema definitions.
Input: OpenAPI spec (YAML/JSON) or database schema
Output: Route handlers, validation middleware, TypeScript types
Usage:
python scripts/api_scaffolder.py openapi.yaml --framework express --output src/routes/
python scripts/api_scaffolder.py --from-db postgres://localhost/mydb --output src/routes/
python scripts/api_scaffolder.py src/routes/ --generate-spec --output openapi.yaml
Supported Frameworks:
- Express.js (
--framework express)
- Fastify (
--framework fastify)
- Koa (
--framework koa)
2. Database Migration Tool
Analyzes database schemas, detects changes, and generates migration files with rollback support.
Input: Database connection string or schema files
Output: Migration files, schema diff report, optimization suggestions
Usage:
python scripts/database_migration_tool.py --connection postgres://localhost/mydb --analyze
python scripts/database_migration_tool.py --connection postgres://localhost/mydb \
--compare schema/v2.sql --output migrations/
python scripts/database_migration_tool.py --connection postgres://localhost/mydb \
--migrate migrations/20240115_add_user_indexes.sql --dry-run
3. API Load Tester
Performs HTTP load testing with configurable concurrency, measuring latency percentiles and throughput.
Input: API endpoint URL and test configuration
Output: Performance report with latency distribution, error rates, throughput metrics
Usage:
python scripts/api_load_tester.py https://api.example.com/users --concurrency 50 --duration 30
python scripts/api_load_tester.py https://api.example.com/orders \
--method POST \
--header "Authorization: Bearer token123" \
--body '{"product_id": 1, "quantity": 2}' \
--concurrency 100 \
--duration 60
python scripts/api_load_tester.py https://api.example.com/v1/users https://api.example.com/v2/users \
--compare --concurrency 50 --duration 30
Backend Development Workflows
API Design Workflow
Use when designing a new API or refactoring existing endpoints.
Step 1: Define resources and operations
openapi: 3.0.3
info:
title: User Service API
version: 1.0.0
paths:
/users:
get:
summary: List users
parameters:
- name: limit
in: query
schema:
type: integer
default: 20
post:
summary: Create user
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreateUser'
Step 2: Generate route scaffolding
python scripts/api_scaffolder.py openapi.yaml --framework express --output src/routes/
Step 3: Implement business logic
export const createUser = async (req: Request, res: Response) => {
const { email, name } = req.body;
const user = await userService.create({ email, name });
res.status(201).json(user);
};
Step 4: Add validation middleware
Step 5: Generate updated OpenAPI spec
python scripts/api_scaffolder.py src/routes/ --generate-spec --output openapi.yaml
Database Optimization Workflow
Use when queries are slow or database performance needs improvement.
Step 1: Analyze current performance
python scripts/database_migration_tool.py --connection $DATABASE_URL --analyze
Step 2: Identify slow queries
EXPLAIN ANALYZE SELECT * FROM orders
WHERE user_id = 123
ORDER BY created_at DESC
LIMIT 10;
Step 3: Generate index migrations
python scripts/database_migration_tool.py --connection $DATABASE_URL \
--suggest-indexes --output migrations/
Step 4: Test migration (dry-run)
python scripts/database_migration_tool.py --connection $DATABASE_URL \
--migrate migrations/add_indexes.sql --dry-run
Step 5: Apply and verify
python scripts/database_migration_tool.py --connection $DATABASE_URL \
--migrate migrations/add_indexes.sql
python scripts/database_migration_tool.py --connection $DATABASE_URL --analyze
Security Hardening Workflow
Use when preparing an API for production or after a security review.
Step 1: Review authentication setup
const jwtConfig = {
secret: process.env.JWT_SECRET,
expiresIn: '1h',
algorithm: 'RS256'
};
Step 2: Add rate limiting
import rateLimit from 'express-rate-limit';
const apiLimiter = rateLimit({
windowMs: 15 * 60 * 1000,
max: 100,
standardHeaders: true,
legacyHeaders: false,
});
app.use('/api/', apiLimiter);
Step 3: Validate all inputs
import { z } from 'zod';
const CreateUserSchema = z.object({
email: z.string().email().max(255),
name: z.string().min(1).max(100),
age: z.number().int().positive().optional()
});
const data = CreateUserSchema.parse(req.body);
Step 4: Load test with attack patterns
python scripts/api_load_tester.py https://api.example.com/login \
--concurrency 200 --duration 10 --expect-rate-limit
python scripts/api_load_tester.py https://api.example.com/users \
--method POST \
--body '{"email": "not-an-email"}' \
--expect-status 400
Step 5: Review security headers
import helmet from 'helmet';
app.use(helmet({
contentSecurityPolicy: true,
crossOriginEmbedderPolicy: true,
crossOriginOpenerPolicy: true,
crossOriginResourcePolicy: true,
hsts: { maxAge: 31536000, includeSubDomains: true },
}));
Reference Documentation
| File | Contains | Use When |
|---|
references/api_design_patterns.md | REST vs GraphQL, versioning, error handling, pagination | Designing new APIs |
references/database_optimization_guide.md | Indexing strategies, query optimization, N+1 solutions | Fixing slow queries |
references/backend_security_practices.md | OWASP Top 10, auth patterns, input validation | Security hardening |
Common Patterns Quick Reference
REST API Response Format
{
"data": { "id": 1, "name": "John" },
"meta": { "requestId": "abc-123" }
}
Error Response Format
{
"error": {
"code": "VALIDATION_ERROR",
"message": "Invalid email format",
"details": [{ "field": "email", "message": "must be valid email" }]
},
"meta": { "requestId": "abc-123" }
}
HTTP Status Codes
| Code | Use Case |
|---|
| 200 | Success (GET, PUT, PATCH) |
| 201 | Created (POST) |
| 204 | No Content (DELETE) |
| 400 | Validation error |
| 401 | Authentication required |
| 403 | Permission denied |
| 404 | Resource not found |
| 429 | Rate limit exceeded |
| 500 | Internal server error |
Database Index Strategy
CREATE INDEX idx_users_email ON users(email);
CREATE INDEX idx_orders_user_status ON orders(user_id, status);
CREATE INDEX idx_orders_active ON orders(created_at) WHERE status = 'active';
CREATE INDEX idx_users_email_name ON users(email) INCLUDE (name);
Common Commands
python scripts/api_scaffolder.py openapi.yaml --framework express
python scripts/api_scaffolder.py src/routes/ --generate-spec
python scripts/database_migration_tool.py --connection $DATABASE_URL --analyze
python scripts/database_migration_tool.py --connection $DATABASE_URL --migrate file.sql
python scripts/api_load_tester.py https://api.example.com/endpoint --concurrency 50
python scripts/api_load_tester.py https://api.example.com/endpoint --compare baseline.json
