a-organvm/backend-implementation-patterns
distributions/direct/example/backend-implementation-patterns/SKILL.md
Production-ready backend API implementation patterns including REST, GraphQL, authentication, error handling, and data validation
$ install --global
skillsauthnpx skillsauth add a-organvm/a-i--skills backend-implementation-patternsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 19, 2026, 2:08 AM17.9s2 files scanned
SKILL.md
- name:
- backend-implementation-patterns
- description:
- Production-ready backend API implementation patterns including REST, GraphQL, authentication, error handling, and data validation
- license:
- MIT
- adapted-by:
- ai-skills
- category:
- backend-development
- governance_phases:
- [build]
- organ_affinity:
- [organ-iii, organ-vi, organ-vii, meta]
- triggers:
- [user-asks-about-backend, user-asks-about-api-implementation, context:backend]
- complements:
- [api-design-patterns, tdd-workflow]
Backend Implementation Patterns
Production-ready patterns for building robust, scalable backend APIs.
API Design Patterns
RESTful Endpoints
// Resource-based routing
app.get('/api/users', getUsers); // List
app.get('/api/users/:id', getUserById); // Get
app.post('/api/users', createUser); // Create
app.put('/api/users/:id', updateUser); // Update
app.delete('/api/users/:id', deleteUser); // Delete
// Nested resources
app.get('/api/users/:id/posts', getUserPosts);
app.post('/api/users/:id/posts', createUserPost);
Request/Response Pattern
interface APIResponse<T> {
success: boolean;
data?: T;
error?: {
code: string;
message: string;
details?: any;
};
meta?: {
page?: number;
limit?: number;
total?: number;
};
}
async function handleRequest<T>(
handler: () => Promise<T>
): Promise<APIResponse<T>> {
try {
const data = await handler();
return { success: true, data };
} catch (error) {
return {
success: false,
error: {
code: error.code || 'INTERNAL_ERROR',
message: error.message,
}
};
}
}
Validation Layer
import { z } from 'zod';
const CreateUserSchema = z.object({
email: z.string().email(),
name: z.string().min(2).max(100),
age: z.number().int().min(18).optional(),
});
app.post('/api/users', async (req, res) => {
const validation = CreateUserSchema.safeParse(req.body);
if (!validation.success) {
return res.status(400).json({
success: false,
error: {
code: 'VALIDATION_ERROR',
message: 'Invalid request data',
details: validation.error.errors
}
});
}
const user = await userService.create(validation.data);
res.status(201).json({ success: true, data: user });
});
Authentication Patterns
JWT Authentication
import jwt from 'jsonwebtoken';
// Generate token
function generateToken(userId: string) {
return jwt.sign(
{ userId },
process.env.JWT_SECRET!, // allow-secret
{ expiresIn: '7d' }
);
}
// Middleware
async function authenticateToken(req, res, next) {
const token = req.headers.authorization?.split(' ')[1]; // allow-secret
if (!token) {
return res.status(401).json({
success: false,
error: { code: 'UNAUTHORIZED', message: 'Missing token' }
});
}
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET!); // allow-secret
req.userId = decoded.userId;
next();
} catch (error) {
return res.status(401).json({
success: false,
error: { code: 'INVALID_TOKEN', message: 'Invalid or expired token' }
});
}
}
Error Handling
Custom Error Classes
class AppError extends Error {
constructor(
public statusCode: number,
public code: string,
message: string,
public details?: any
) {
super(message);
this.name = 'AppError';
}
}
class NotFoundError extends AppError {
constructor(resource: string) {
super(404, 'NOT_FOUND', `${resource} not found`);
}
}
class ValidationError extends AppError {
constructor(details: any) {
super(400, 'VALIDATION_ERROR', 'Validation failed', details);
}
}
Error Handling Middleware
app.use((error, req, res, next) => {
console.error('Error:', error);
if (error instanceof AppError) {
return res.status(error.statusCode).json({
success: false,
error: {
code: error.code,
message: error.message,
details: error.details
}
});
}
res.status(500).json({
success: false,
error: {
code: 'INTERNAL_ERROR',
message: 'An unexpected error occurred'
}
});
});
Data Access Layer
Repository Pattern
interface Repository<T> {
find Find(filters: any): Promise<T[]>;
findById(id: string): Promise<T | null>;
create(data: Partial<T>): Promise<T>;
update(id: string, data: Partial<T>): Promise<T>;
delete(id: string): Promise<void>;
}
class UserRepository implements Repository<User> {
async findById(id: string): Promise<User | null> {
return db.user.findUnique({ where: { id } });
}
async create(data: Partial<User>): Promise<User> {
return db.user.create({ data });
}
// ... other methods
}
Rate Limiting
import rateLimit from 'express-rate-limit';
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // 100 requests per window
message: { success: false, error: { code: 'RATE_LIMIT', message: 'Too many requests' }}
});
app.use('/api/', limiter);
Integration Points
Complements:
- api-design-patterns: For API structure
- postgres-advanced-patterns: For data layer
- security-implementation-guide: For security
- tdd-workflow: For testing
Related Skills
Complementary Skills (Use Together)
- api-design-patterns - Design your API structure before implementing
- postgres-advanced-patterns - Advanced database patterns for the data layer
- testing-patterns - Write tests for your API endpoints
- deployment-cicd - Deploy your backend services
Alternative Skills (Similar Purpose)
- nextjs-fullstack-patterns - If building with Next.js App Router
Prerequisite Skills (Learn First)
- api-design-patterns - Understanding API design helps structure implementations
Related Skills
a-organvm/generative-art-algorithms
development
VerifiedTrustedCommunity
Create algorithmic and generative art using mathematical patterns, noise functions, particle systems, and procedural generation. Covers flow fields, L-systems, fractals, and creative coding foundations. Triggers on generative art, algorithmic art, creative coding, procedural generation, or mathematical visualization requests.
7SKILL.mdUpdated May 31, 2026
a-organvm/gdpr-compliance-check
development
VerifiedTrustedCommunity
Audits web applications and architectures for compliance with GDPR, CCPA, and other privacy regulations, focusing on consent, data minimization, and user rights.
7SKILL.mdUpdated May 31, 2026
a-organvm/gcp-resource-optimizer
development
VerifiedTrustedCommunity
Optimize Google Cloud Platform resource allocation and manage cloud credits efficiently. Use when planning GCP deployments, analyzing cloud spend, maximizing value from expiring credits, right-sizing instances, or designing cost-effective architectures. Triggers on GCP cost optimization, credit management, resource allocation planning, or cloud budget concerns.
7SKILL.mdUpdated May 31, 2026
a-organvm/game-mechanics-designer
testing
VerifiedTrustedCommunity
Designs engaging gameplay loops, economies, and progression systems, balancing challenge and reward for interactive experiences.
7SKILL.mdUpdated May 31, 2026