ReddRadar
Agent skill
backend-core
Language-agnostic backend patterns: API design, authentication, security, databases. Use when: designing APIs, implementing auth, securing endpoints, modeling data. Triggers: "api design", "rest api", "graphql", "authentication", "jwt", "oauth", "security", "owasp", "database schema", "migrations", "sql".
Install this agent skill to your Project
npx add-skill https://github.com/timequity/vibe-coder/tree/main/skills/backend-core
SKILL.md
Backend Core Patterns
Quick Reference
| Topic | When to Use | Reference |
|---|---|---|
| API Design | REST/GraphQL/gRPC endpoints | api-design.md |
| Authentication | JWT, OAuth, sessions, magic links | authentication.md |
| Security | Input validation, OWASP, rate limiting | security.md |
| Databases | Schema design, migrations, queries | databases.md |
API Design Decision Tree
What type of API?
├─ Public API → REST + OpenAPI spec
├─ Internal microservices → gRPC (performance) or REST (simplicity)
├─ Real-time → WebSocket or SSE
└─ Complex queries → GraphQL
Auth Decision Tree
Auth method?
├─ SPA/Mobile → JWT (access + refresh tokens)
├─ Server-rendered → Session cookies
├─ Third-party login → OAuth 2.0 / OIDC
├─ Passwordless → Magic link (email) or WebAuthn
└─ API-to-API → API keys or mTLS
Security Essentials
Always:
- Validate all inputs at boundaries
- Use parameterized queries (never string concat SQL)
- Hash passwords with bcrypt/argon2 (cost ≥ 10)
- HTTPS everywhere, HSTS headers
- Rate limit auth endpoints
Never:
- Store secrets in code or git
- Trust client-side validation alone
- Log sensitive data (passwords, tokens, PII)
- Use MD5/SHA1 for passwords
Database Patterns
Schema design:
├─ Start normalized (3NF)
├─ Denormalize only for proven bottlenecks
├─ Always have created_at, updated_at
├─ Use UUIDs for public IDs, integers for internal FKs
└─ Soft delete (deleted_at) for important data
Anti-patterns
| Don't | Do Instead |
|---|---|
| N+1 queries | Eager load / batch queries |
| SELECT * | Select only needed columns |
| No indexes on WHERE/JOIN columns | Add indexes |
| Storing files in DB | Use object storage (S3, R2) |
| God objects | Bounded contexts, single responsibility |
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
timequity/vibe-coder
mvp-help
Help and documentation for Idea to MVP plugin. Use when: user asks about building MVPs, vibe coding, or available commands. Triggers: "help", "what can you do", "mvp help", "how to build".
timequity/vibe-coder
verification-gate
Hidden quality gate that runs before showing "Done!" to user - ensures all tests pass, build succeeds, and requirements met before claiming completion
timequity/vibe-coder
brainstorming
Refine ideas into detailed designs through Socratic dialogue. Use when: user has rough idea, needs to clarify requirements, explore approaches. Triggers: "brainstorm", "discuss idea", "I'm thinking about", "what if", "help me think through", "explore options", "/brainstorm".
timequity/vibe-coder
subagent-creator
Guide for creating effective subagents (custom agents). Use when users want to create a new subagent that can be dispatched via Task tool for autonomous work. Covers frontmatter fields (name, description, tools, model, permissionMode, skills), prompt design, and when to use subagents vs skills.
timequity/vibe-coder
backend-rust
Modern Rust backend with Axum, SQLx, tokio + CI/CD automation. Use when: building Rust APIs, high-performance services, or needing build/test/lint/audit automation. Triggers: "axum", "rust backend", "rust api", "sqlx", "tokio", "cargo build", "cargo test", "clippy", "rustfmt", "cargo-audit", "cross-compile", "rust ci", "release build", "rust security", "shuttle", "actix".
timequity/vibe-coder
test-driven-development
Write failing test first, then minimal code to pass. Red-Green-Refactor cycle. Use when: implementing features, fixing bugs, refactoring code. Triggers: "implement", "add feature", "fix bug", "tdd", "test first", "write tests", "test-driven".
Didn't find tool you were looking for?