ReddRadar
Agent skill
backend-core
Language-agnostic backend patterns: API design, authentication, security, databases. Use when: designing APIs, implementing auth, securing endpoints, modeling data. Triggers: "api design", "rest api", "graphql", "authentication", "jwt", "oauth", "security", "owasp", "database schema", "migrations", "sql".
Stars
0
Forks
0
Install this agent skill to your Project
npx add-skill https://github.com/timequity/vibe-coder/tree/main/skills/backend-core
SKILL.md
Backend Core Patterns
Quick Reference
| Topic | When to Use | Reference |
|---|---|---|
| API Design | REST/GraphQL/gRPC endpoints | api-design.md |
| Authentication | JWT, OAuth, sessions, magic links | authentication.md |
| Security | Input validation, OWASP, rate limiting | security.md |
| Databases | Schema design, migrations, queries | databases.md |
API Design Decision Tree
What type of API?
├─ Public API → REST + OpenAPI spec
├─ Internal microservices → gRPC (performance) or REST (simplicity)
├─ Real-time → WebSocket or SSE
└─ Complex queries → GraphQL
Auth Decision Tree
Auth method?
├─ SPA/Mobile → JWT (access + refresh tokens)
├─ Server-rendered → Session cookies
├─ Third-party login → OAuth 2.0 / OIDC
├─ Passwordless → Magic link (email) or WebAuthn
└─ API-to-API → API keys or mTLS
Security Essentials
Always:
- Validate all inputs at boundaries
- Use parameterized queries (never string concat SQL)
- Hash passwords with bcrypt/argon2 (cost ≥ 10)
- HTTPS everywhere, HSTS headers
- Rate limit auth endpoints
Never:
- Store secrets in code or git
- Trust client-side validation alone
- Log sensitive data (passwords, tokens, PII)
- Use MD5/SHA1 for passwords
Database Patterns
Schema design:
├─ Start normalized (3NF)
├─ Denormalize only for proven bottlenecks
├─ Always have created_at, updated_at
├─ Use UUIDs for public IDs, integers for internal FKs
└─ Soft delete (deleted_at) for important data
Anti-patterns
| Don't | Do Instead |
|---|---|
| N+1 queries | Eager load / batch queries |
| SELECT * | Select only needed columns |
| No indexes on WHERE/JOIN columns | Add indexes |
| Storing files in DB | Use object storage (S3, R2) |
| God objects | Bounded contexts, single responsibility |
Didn't find tool you were looking for?