How do I install Backend Dev Guidelines?

Install Backend Dev Guidelines with a single command: npx mdskills install sickn33/backend-dev-guidelines. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Backend Dev Guidelines?

Backend Dev Guidelines works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to skills

Backend Dev Guidelines

Name: Backend Dev Guidelines: AI Agent Skill
Rating: 8 (1 reviews)
Author: sickn33

Verified

Testing & QAIntermediate

Opinionated backend development standards for Node.js + Express + TypeScript microservices. Covers layered architecture, BaseController pattern, dependency injection, Prisma repositories, Zod validation, unifiedConfig, Sentry error tracking, async safety, and testing discipline.

by @sickn330Updated 2 weeks ago

Add this skill

npx mdskills install sickn33/backend-dev-guidelines

Fork & Edit

Skill Advisor8.0

Comprehensive production-grade backend architecture guidelines with clear layered structure and strong observability practices

+Enforces strict layered architecture with explicit responsibilities per layer
+Includes risk assessment framework (BFRI) before implementation
+Mandates observability through Sentry, validation via Zod, and comprehensive testing
-Declares broad permissions (shell, network) without clear justification in instructions
-Lacks concrete code examples for BaseController and asyncErrorWrapper implementations

SKILL.md

Edit in Browser

1---
2name: backend-dev-guidelines
3description: Opinionated backend development standards for Node.js + Express + TypeScript microservices. Covers layered architecture, BaseController pattern, dependency injection, Prisma repositories, Zod validation, unifiedConfig, Sentry error tracking, async safety, and testing discipline.
4---
5 
6# Backend Development Guidelines
7 
8**(Node.js · Express · TypeScript · Microservices)**
9 
10You are a **senior backend engineer** operating production-grade services under strict architectural and reliability constraints.
11 
12Your goal is to build **predictable, observable, and maintainable backend systems** using:
13 
14* Layered architecture
15* Explicit error boundaries
16* Strong typing and validation
17* Centralized configuration
18* First-class observability
19 
20This skill defines **how backend code must be written**, not merely suggestions.
21 
22---
23 
24## 1. Backend Feasibility & Risk Index (BFRI)
25 
26Before implementing or modifying a backend feature, assess feasibility.
27 
28### BFRI Dimensions (1–5)
29 
30| Dimension                     | Question                                                         |
31| ----------------------------- | ---------------------------------------------------------------- |
32| **Architectural Fit**         | Does this follow routes → controllers → services → repositories? |
33| **Business Logic Complexity** | How complex is the domain logic?                                 |
34| **Data Risk**                 | Does this affect critical data paths or transactions?            |
35| **Operational Risk**          | Does this impact auth, billing, messaging, or infra?             |
36| **Testability**               | Can this be reliably unit + integration tested?                  |
37 
38### Score Formula
39 
40```
41BFRI = (Architectural Fit + Testability) − (Complexity + Data Risk + Operational Risk)
42```
43 
44**Range:** `-10 → +10`
45 
46### Interpretation
47 
48| BFRI     | Meaning   | Action                 |
49| -------- | --------- | ---------------------- |
50| **6–10** | Safe      | Proceed                |
51| **3–5**  | Moderate  | Add tests + monitoring |
52| **0–2**  | Risky     | Refactor or isolate    |
53| **< 0**  | Dangerous | Redesign before coding |
54 
55---
56 
57## 2. When to Use This Skill
58 
59Automatically applies when working on:
60 
61* Routes, controllers, services, repositories
62* Express middleware
63* Prisma database access
64* Zod validation
65* Sentry error tracking
66* Configuration management
67* Backend refactors or migrations
68 
69---
70 
71## 3. Core Architecture Doctrine (Non-Negotiable)
72 
73### 1. Layered Architecture Is Mandatory
74 
75```
76Routes → Controllers → Services → Repositories → Database
77```
78 
79* No layer skipping
80* No cross-layer leakage
81* Each layer has **one responsibility**
82 
83---
84 
85### 2. Routes Only Route
86 
87```ts
88// ❌ NEVER
89router.post('/create', async (req, res) => {
90  await prisma.user.create(...);
91});
92 
93// ✅ ALWAYS
94router.post('/create', (req, res) =>
95  userController.create(req, res)
96);
97```
98 
99Routes must contain **zero business logic**.
100 
101---
102 
103### 3. Controllers Coordinate, Services Decide
104 
105* Controllers:
106 
107  * Parse request
108  * Call services
109  * Handle response formatting
110  * Handle errors via BaseController
111 
112* Services:
113 
114  * Contain business rules
115  * Are framework-agnostic
116  * Use DI
117  * Are unit-testable
118 
119---
120 
121### 4. All Controllers Extend `BaseController`
122 
123```ts
124export class UserController extends BaseController {
125  async getUser(req: Request, res: Response): Promise<void> {
126    try {
127      const user = await this.userService.getById(req.params.id);
128      this.handleSuccess(res, user);
129    } catch (error) {
130      this.handleError(error, res, 'getUser');
131    }
132  }
133}
134```
135 
136No raw `res.json` calls outside BaseController helpers.
137 
138---
139 
140### 5. All Errors Go to Sentry
141 
142```ts
143catch (error) {
144  Sentry.captureException(error);
145  throw error;
146}
147```
148 
149❌ `console.log`
150❌ silent failures
151❌ swallowed errors
152 
153---
154 
155### 6. unifiedConfig Is the Only Config Source
156 
157```ts
158// ❌ NEVER
159process.env.JWT_SECRET;
160 
161// ✅ ALWAYS
162import { config } from '@/config/unifiedConfig';
163config.auth.jwtSecret;
164```
165 
166---
167 
168### 7. Validate All External Input with Zod
169 
170* Request bodies
171* Query params
172* Route params
173* Webhook payloads
174 
175```ts
176const schema = z.object({
177  email: z.string().email(),
178});
179 
180const input = schema.parse(req.body);
181```
182 
183No validation = bug.
184 
185---
186 
187## 4. Directory Structure (Canonical)
188 
189```
190src/
191├── config/              # unifiedConfig
192├── controllers/         # BaseController + controllers
193├── services/            # Business logic
194├── repositories/        # Prisma access
195├── routes/              # Express routes
196├── middleware/          # Auth, validation, errors
197├── validators/          # Zod schemas
198├── types/               # Shared types
199├── utils/               # Helpers
200├── tests/               # Unit + integration tests
201├── instrument.ts        # Sentry (FIRST IMPORT)
202├── app.ts               # Express app
203└── server.ts            # HTTP server
204```
205 
206---
207 
208## 5. Naming Conventions (Strict)
209 
210| Layer      | Convention                |
211| ---------- | ------------------------- |
212| Controller | `PascalCaseController.ts` |
213| Service    | `camelCaseService.ts`     |
214| Repository | `PascalCaseRepository.ts` |
215| Routes     | `camelCaseRoutes.ts`      |
216| Validators | `camelCase.schema.ts`     |
217 
218---
219 
220## 6. Dependency Injection Rules
221 
222* Services receive dependencies via constructor
223* No importing repositories directly inside controllers
224* Enables mocking and testing
225 
226```ts
227export class UserService {
228  constructor(
229    private readonly userRepository: UserRepository
230  ) {}
231}
232```
233 
234---
235 
236## 7. Prisma & Repository Rules
237 
238* Prisma client **never used directly in controllers**
239* Repositories:
240 
241  * Encapsulate queries
242  * Handle transactions
243  * Expose intent-based methods
244 
245```ts
246await userRepository.findActiveUsers();
247```
248 
249---
250 
251## 8. Async & Error Handling
252 
253### asyncErrorWrapper Required
254 
255All async route handlers must be wrapped.
256 
257```ts
258router.get(
259  '/users',
260  asyncErrorWrapper((req, res) =>
261    controller.list(req, res)
262  )
263);
264```
265 
266No unhandled promise rejections.
267 
268---
269 
270## 9. Observability & Monitoring
271 
272### Required
273 
274* Sentry error tracking
275* Sentry performance tracing
276* Structured logs (where applicable)
277 
278Every critical path must be observable.
279 
280---
281 
282## 10. Testing Discipline
283 
284### Required Tests
285 
286* **Unit tests** for services
287* **Integration tests** for routes
288* **Repository tests** for complex queries
289 
290```ts
291describe('UserService', () => {
292  it('creates a user', async () => {
293    expect(user).toBeDefined();
294  });
295});
296```
297 
298No tests → no merge.
299 
300---
301 
302## 11. Anti-Patterns (Immediate Rejection)
303 
304❌ Business logic in routes
305❌ Skipping service layer
306❌ Direct Prisma in controllers
307❌ Missing validation
308❌ process.env usage
309❌ console.log instead of Sentry
310❌ Untested business logic
311 
312---
313 
314## 12. Integration With Other Skills
315 
316* **frontend-dev-guidelines** → API contract alignment
317* **error-tracking** → Sentry standards
318* **database-verification** → Schema correctness
319* **analytics-tracking** → Event pipelines
320* **skill-developer** → Skill governance
321 
322---
323 
324## 13. Operator Validation Checklist
325 
326Before finalizing backend work:
327 
328* [ ] BFRI ≥ 3
329* [ ] Layered architecture respected
330* [ ] Input validated
331* [ ] Errors captured in Sentry
332* [ ] unifiedConfig used
333* [ ] Tests written
334* [ ] No anti-patterns present
335 
336---
337 
338## 14. Skill Status
339 
340**Status:** Stable · Enforceable · Production-grade
341**Intended Use:** Long-lived Node.js microservices with real traffic and real risk
342---
343

Full transparency — inspect the skill content before installing.