PromptCreek
Sign up
Back to Skills
Engineering

Senior Backend

Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.

$ npx promptcreek add senior-backend

Auto-detects your installed agents and installs the skill to each one.

What This Skill Does

The Senior Backend Engineer skill offers backend development patterns, API design guidance, database optimization techniques, and security practices. It assists backend engineers in building robust and scalable server-side applications. It provides tools for API scaffolding and database migration.

When to Use

  • Generate API routes from OpenAPI spec.
  • Analyze database schema and generate migrations.
  • Load test an API endpoint.
  • Scaffold API routes.
  • Analyze database schemas.
  • Generate migration files.

Key Features

Generates API route handlers.
Analyzes database schemas.
Detects schema changes.
Generates migration files.
Supports multiple frameworks (Express, Fastify, Koa).

Installation

Run in your project directory:
$ npx promptcreek add senior-backend

Auto-detects your installed agents (Claude Code, Cursor, Codex, etc.) and installs the skill to each one.

View Full Skill Content

Senior Backend Engineer

Backend development patterns, API design, database optimization, and security practices.

Quick Start

# Generate API routes from OpenAPI spec

python scripts/api_scaffolder.py openapi.yaml --framework express --output src/routes/



Analyze database schema and generate migrations


python scripts/database_migration_tool.py --connection postgres://localhost/mydb --analyze



Load test an API endpoint


python scripts/api_load_tester.py https://api.example.com/users --concurrency 50 --duration 30

Tools Overview

1. API Scaffolder

Generates API route handlers, middleware, and OpenAPI specifications from schema definitions.

Input: OpenAPI spec (YAML/JSON) or database schema

Output: Route handlers, validation middleware, TypeScript types

Usage:

# Generate Express routes from OpenAPI spec

python scripts/api_scaffolder.py openapi.yaml --framework express --output src/routes/


Output: Generated 12 route handlers, validation middleware, and TypeScript types



Generate from database schema


python scripts/api_scaffolder.py --from-db postgres://localhost/mydb --output src/routes/



Generate OpenAPI spec from existing routes


python scripts/api_scaffolder.py src/routes/ --generate-spec --output openapi.yaml

Supported Frameworks:

  • Express.js (--framework express)
  • Fastify (--framework fastify)
  • Koa (--framework koa)

2. Database Migration Tool

Analyzes database schemas, detects changes, and generates migration files with rollback support.

Input: Database connection string or schema files

Output: Migration files, schema diff report, optimization suggestions

Usage:

# Analyze current schema and suggest optimizations

python scripts/database_migration_tool.py --connection postgres://localhost/mydb --analyze


Output: Missing indexes, N+1 query risks, and suggested migration files



Generate migration from schema diff


python scripts/database_migration_tool.py --connection postgres://localhost/mydb \


  --compare schema/v2.sql --output migrations/



Dry-run a migration


python scripts/database_migration_tool.py --connection postgres://localhost/mydb \


  --migrate migrations/20240115_add_user_indexes.sql --dry-run

3. API Load Tester

Performs HTTP load testing with configurable concurrency, measuring latency percentiles and throughput.

Input: API endpoint URL and test configuration

Output: Performance report with latency distribution, error rates, throughput metrics

Usage:

# Basic load test

python scripts/api_load_tester.py https://api.example.com/users --concurrency 50 --duration 30


Output: Throughput (req/sec), latency percentiles (P50/P95/P99), error counts, and scaling recommendations



Test with custom headers and body


python scripts/api_load_tester.py https://api.example.com/orders \


  --method POST \


  --header "Authorization: Bearer token123" \


  --body '{"product_id": 1, "quantity": 2}' \


  --concurrency 100 \


  --duration 60



Compare two endpoints


python scripts/api_load_tester.py https://api.example.com/v1/users https://api.example.com/v2/users \


  --compare --concurrency 50 --duration 30

Backend Development Workflows

API Design Workflow

Use when designing a new API or refactoring existing endpoints.

Step 1: Define resources and operations

# openapi.yaml

openapi: 3.0.3


info:


  title: User Service API


  version: 1.0.0


paths:


  /users:


    get:


      summary: List users


      parameters:


        - name: "limit"


          in: query


          schema:


            type: integer


            default: 20


    post:


      summary: Create user


      requestBody:


        required: true


        content:


          application/json:


            schema:


              $ref: '#/components/schemas/CreateUser'

Step 2: Generate route scaffolding

python scripts/api_scaffolder.py openapi.yaml --framework express --output src/routes/

Step 3: Implement business logic

// src/routes/users.ts (generated, then customized)

export const createUser = async (req: Request, res: Response) => {


  const { email, name } = req.body;



  // Add business logic


  const user = await userService.create({ email, name });



  res.status(201).json(user);


};

Step 4: Add validation middleware

# Validation is auto-generated from OpenAPI schema

src/middleware/validators.ts includes:


- Request body validation


- Query parameter validation


- Path parameter validation

Step 5: Generate updated OpenAPI spec

python scripts/api_scaffolder.py src/routes/ --generate-spec --output openapi.yaml

Database Optimization Workflow

Use when queries are slow or database performance needs improvement.

Step 1: Analyze current performance

python scripts/database_migration_tool.py --connection $DATABASE_URL --analyze

Step 2: Identify slow queries

-- Check query execution plans

EXPLAIN ANALYZE SELECT * FROM orders


WHERE user_id = 123


ORDER BY created_at DESC


LIMIT 10;



-- Look for: Seq Scan (bad), Index Scan (good)

Step 3: Generate index migrations

python scripts/database_migration_tool.py --connection $DATABASE_URL \

  --suggest-indexes --output migrations/

Step 4: Test migration (dry-run)

python scripts/database_migration_tool.py --connection $DATABASE_URL \

  --migrate migrations/add_indexes.sql --dry-run

Step 5: Apply and verify

# Apply migration

python scripts/database_migration_tool.py --connection $DATABASE_URL \


  --migrate migrations/add_indexes.sql



Verify improvement


python scripts/database_migration_tool.py --connection $DATABASE_URL --analyze

Security Hardening Workflow

Use when preparing an API for production or after a security review.

Step 1: Review authentication setup

// Verify JWT configuration

const jwtConfig = {


  secret: process.env.JWT_SECRET,  // Must be from env, never hardcoded


  expiresIn: '1h',                 // Short-lived tokens


  algorithm: 'RS256'               // Prefer asymmetric


};

Step 2: Add rate limiting

import rateLimit from 'express-rate-limit';


const apiLimiter = rateLimit({


  windowMs: 15  60  1000,  // 15 minutes


  max: 100,                   // 100 requests per window


  standardHeaders: true,


  legacyHeaders: false,


});



app.use('/api/', apiLimiter);

Step 3: Validate all inputs

import { z } from 'zod';


const CreateUserSchema = z.object({


  email: z.string().email().max(255),


  name: "zstringmin1max100"


  age: z.number().int().positive().optional()


});



// Use in route handler


const data = CreateUserSchema.parse(req.body);

Step 4: Load test with attack patterns

# Test rate limiting

python scripts/api_load_tester.py https://api.example.com/login \


  --concurrency 200 --duration 10 --expect-rate-limit



Test input validation


python scripts/api_load_tester.py https://api.example.com/users \


  --method POST \


  --body '{"email": "not-an-email"}' \


  --expect-status 400

Step 5: Review security headers

import helmet from 'helmet';


app.use(helmet({


  contentSecurityPolicy: true,


  crossOriginEmbedderPolicy: true,


  crossOriginOpenerPolicy: true,


  crossOriginResourcePolicy: true,


  hsts: { maxAge: 31536000, includeSubDomains: true },


}));

Reference Documentation

| File | Contains | Use When |

|------|----------|----------|

| references/api_design_patterns.md | REST vs GraphQL, versioning, error handling, pagination | Designing new APIs |

| references/database_optimization_guide.md | Indexing strategies, query optimization, N+1 solutions | Fixing slow queries |

| references/backend_security_practices.md | OWASP Top 10, auth patterns, input validation | Security hardening |

Common Patterns Quick Reference

REST API Response Format

{

  "data": { "id": 1, "name": "John" },


  "meta": { "requestId": "abc-123" }


}

Error Response Format

{

  "error": {


    "code": "VALIDATION_ERROR",


    "message": "Invalid email format",


    "details": [{ "field": "email", "message": "must be valid email" }]


  },


  "meta": { "requestId": "abc-123" }


}

HTTP Status Codes

| Code | Use Case |

|------|----------|

| 200 | Success (GET, PUT, PATCH) |

| 201 | Created (POST) |

| 204 | No Content (DELETE) |

| 400 | Validation error |

| 401 | Authentication required |

| 403 | Permission denied |

| 404 | Resource not found |

| 429 | Rate limit exceeded |

| 500 | Internal server error |

Database Index Strategy

-- Single column (equality lookups)

CREATE INDEX idx_users_email ON users(email);



-- Composite (multi-column queries)


CREATE INDEX idx_orders_user_status ON orders(user_id, status);



-- Partial (filtered queries)


CREATE INDEX idx_orders_active ON orders(created_at) WHERE status = 'active';



-- Covering (avoid table lookup)


CREATE INDEX idx_users_email_name ON users(email) INCLUDE (name);

Common Commands

# API Development

python scripts/api_scaffolder.py openapi.yaml --framework express


python scripts/api_scaffolder.py src/routes/ --generate-spec



Database Operations


python scripts/database_migration_tool.py --connection $DATABASE_URL --analyze


python scripts/database_migration_tool.py --connection $DATABASE_URL --migrate file.sql



Performance Testing


python scripts/api_load_tester.py https://api.example.com/endpoint --concurrency 50


python scripts/api_load_tester.py https://api.example.com/endpoint --compare baseline.json

0Installs
0Views

Supported Agents

Claude CodeCursorCodexGemini CLIAiderWindsurfOpenClaw

Attribution

Alireza Rezvani
alirezarezvani/claude-skills
MITseeded

Details

License
MIT
Source
seeded
Published
3/17/2026

Tags

engineering team

Related Skills

Agent Protocol

Inter-agent communication protocol for C-suite agent teams. Defines invocation syntax, loop prevention, isolation rules, and response formats. Use when C-suite agents need to query each other, coordinate cross-functional analysis, or run board meetings with multiple agent roles.

90
Alireza Rezvani
#c-level#c-level advisor

CTO Advisor

Technical leadership guidance for engineering teams, architecture decisions, and technology strategy. Use when assessing technical debt, scaling engineering teams, evaluating technologies, making architecture decisions, establishing engineering metrics, or when user mentions CTO, tech debt, technical debt, team scaling, architecture decisions, technology evaluation, engineering metrics, DORA metrics, or technology strategy.

20
Alireza Rezvani
#c-level#c-level advisor

Agent Workflow Designer

Agent Workflow Designer

10
Alireza Rezvani
#engineering