Skills backend-dev-guidelines

📦

backend-dev-guidelines

Name: backend-dev-guidelines
Author: sickn33

Safe

Build Production Node.js Backends with Best Practices

Also available from: BrianDai22,DojoCodingLabs,diet103,Dimon94

Stop guessing backend architecture. Get comprehensive guidelines for layered Node.js services with Express, TypeScript, Prisma repositories, and Zod validation that scale reliably.

Supports: Claude Codex Code(CC)

📊 71 Adequate

Download the skill ZIP

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

Toggle on and start using

Test it

Using "backend-dev-guidelines". Create a user registration endpoint

Expected outcome:

Generated Zod validation schema for user input
Created UserController extending BaseController with createUser method
Implemented UserService with business logic and dependency injection
Created UserRepository with Prisma queries
Added route registration with asyncErrorWrapper
Included Sentry error tracking and BFRI assessment

Using "backend-dev-guidelines". Refactor inline database queries in routes

Expected outcome:

Extracted business logic from routes into new UserService
Created UserRepository to encapsulate Prisma operations
Updated UserController to orchestrate service calls
Added proper error boundaries with BaseController
Wrote unit tests for service layer
BFRI improved from -2 (dangerous) to 8 (safe)

Security Audit

Safe

v1 • 2/25/2026

Static analysis flagged 544 patterns across 12 markdown documentation files (5337 lines). All findings are FALSE POSITIVES - the detected patterns exist in markdown code examples and documentation, not executable code. This skill provides secure backend development guidelines that explicitly teach against risky patterns like direct process.env usage. Safe for publication.

Files scanned

5,337

Lines analyzed

findings

Total audits

No security issues found

Audited by: claude

Quality Score

Architecture

100

Maintainability

Content

Community

100

Security

Spec Compliance

What You Can Build

New Microservice Development

Generate a complete backend microservice from scratch following production-ready patterns with proper layering, validation, and error handling.

Legacy Code Refactoring

Refactor monolithic route handlers into proper layered architecture with controllers, services, and repositories for improved maintainability.

Team Onboarding and Standards

Establish consistent backend development standards across teams with clear patterns for architecture, testing, and error handling.

Try These Prompts

Create a New Controller

Create a UserController following the BaseController pattern with methods for getUser, listUsers, createUser, and updateUser. Include proper error handling with Sentry integration.

Implement Service Layer with DI

Create a UserService that receives UserRepository via dependency injection. Include methods for findById, getAll, create, update, and delete with proper business logic separation.

Build Complete Feature with Validation

Implement a complete user registration feature with Zod validation schema, controller extending BaseController, service with business logic, and repository with Prisma. Include BFRI scoring for the implementation.

Refactor Legacy Code to Layered Architecture

Refactor this monolithic route handler into proper layered architecture. Identify routes, controllers, services, and repositories. Add proper error handling, validation, and Sentry tracking. Calculate BFRI before and after.

Best Practices

Always use layered architecture: routes delegate to controllers, controllers call services, services use repositories
Never use process.env directly - access configuration through unifiedConfig for type safety and testability
Validate all external input with Zod schemas before processing - request bodies, query params, and route params

Avoid

Business logic in route handlers - routes should only delegate to controllers
Direct Prisma usage in controllers - always abstract through repositories
Using console.log for errors - all errors must be captured in Sentry

Frequently Asked Questions

Why use layered architecture instead of putting logic in routes?

Layered architecture enables testability, reusability, and maintainability. Services can be tested independently, reused across routes/cron jobs/scripts, and bugs are easier to locate in isolated layers.

What is BFRI and how do I calculate it?

BFRI (Backend Feasibility Risk Index) = (Architectural Fit + Testability) - (Complexity + Data Risk + Operational Risk). Score ranges from -10 to +10. Scores above 3 are safe to proceed; below 0 require redesign.

Why can't I use process.env directly in my code?

Direct process.env usage lacks type safety, validation, and makes testing difficult. unifiedConfig provides typed access with defaults, validates at startup, and enables easy mocking in tests.

Do I need to extend BaseController for all controllers?

Yes. BaseController provides consistent error handling via handleError, success responses via handleSuccess, Sentry integration, and request tracing. This ensures uniform behavior across all endpoints.

When should I use transactions in my services?

Use transactions when multiple database operations must succeed or fail together. Wrap related operations in this.withTransaction() to ensure atomicity and proper rollback on errors.

How do I test services that use dependency injection?

Inject mock repositories through the service constructor in tests. This allows testing business logic in isolation without database access. Jest mocks or manual mock classes work well for this pattern.