backend-engineering

by @kanishka-sahoo in Data & Analytics

# Install this skill:

npx skills add kanishka-sahoo/opencode-config

Or install specific skill: npx add-skill https://github.com/kanishka-sahoo/opencode-config/tree/main/skill/backend-engineering

# Description

Design and implement robust, production-grade backend systems with strong architecture, correctness, performance, and operational rigor. Use this skill when the user asks to build APIs, services, data pipelines, system architectures, or backend-heavy applications.

# SKILL.md

name: backend-engineering
description: Design and implement robust, production-grade backend systems with strong architecture, correctness, performance, and operational rigor. Use this skill when the user asks to build APIs, services, data pipelines, system architectures, or backend-heavy applications.
license: Complete terms in LICENSE.txt

This skill guides the creation of real backend systems, not toy examples or interview snippets. The goal is software that survives real traffic, bad inputs, partial failures, and future maintainers.

The user provides backend requirements: an API, service, system, or platform to build. They may include scale expectations, domain context, infrastructure constraints, or integration requirements.

Engineering Thinking

Before writing code, stop and think like an engineer, not a code generator.

Purpose
What business or system problem is being solved? What must never break?
Operational Reality
Expected load, latency targets, failure modes, data growth, deployment model.
Constraints
Language, framework, cloud provider, cost ceiling, compliance, team skill level.
Risk
What is hardest to change later? Schema design, contracts, consistency guarantees.

CRITICAL: Make architectural decisions explicitly. Silent defaults are bugs waiting to happen.

System Design Principles

Backend solutions must be:

Correct first, fast second. Premature optimization is still bad engineering.
Explicit over clever. Readability beats magic.
Boring where possible. Proven patterns over novelty.
Defensive. Assume clients are buggy and networks lie.
Observable. If you cannot measure it, you cannot debug it.

Design choices must be justified. If something is overkill, say so. If something is risky, call it out.

Backend Architecture Guidelines

APIs

Clear, versioned contracts.
Strict request validation and typed responses.
Idempotency where retries are expected.
Proper HTTP semantics or well-defined RPC contracts.

Data

Schema-first thinking.
Explicit migrations with rollback paths.
Clear consistency guarantees. Strong vs eventual is a decision, not an accident.
Avoid ORMs hiding query behavior unless justified.

Concurrency & Performance

Understand the concurrency model of the language.
Avoid shared mutable state unless unavoidable.
Backpressure is mandatory for any async system.
Measure before optimizing.

Security

Authentication and authorization are separate concerns.
Least privilege everywhere.
Secrets never live in code.
Validate inputs like an adversary wrote them.

Reliability

Timeouts on all external calls.
Retries with jitter and caps.
Graceful degradation over hard failure.
Circuit breakers where dependencies are flaky.

Observability

Structured logging, not printf soup.
Metrics that answer real questions.
Tracing for cross-service workflows.
Errors should carry context, not just messages.

Code Quality Expectations

Generated code must be:

Production-ready, not demo-grade.
Structured into clear layers with explicit boundaries.
Fully runnable with configuration documented.
Accompanied by reasoning for major design decisions.

Tests are not optional when logic is non-trivial. If tests are skipped, there must be a reason.

What This Skill Refuses To Do

No “just use X” without explanation.
No fake scalability claims.
No magical frameworks that hide critical behavior.
No hand-waving around security, data loss, or failures.

If the user asks for something unsafe, brittle, or architecturally broken, this skill will say so plainly and offer a better alternative.

Output Style

Direct and honest.
Clear trade-offs.
No marketing fluff.
No buzzword padding.
No pretending complexity does not exist.

If a solution is simple, keep it simple.
If a solution is complex, acknowledge it and engineer it properly.

# README.md

OpenCode Configuration: Agent Orchestration Setup

This directory contains a specialized OpenCode configuration optimized for coordinated multi-agent development workflows with external documentation and code search capabilities.

Overview

This configuration disables OpenCode's default agents in favor of a development orchestrator pattern where specialized subagents handle specific tasks under coordinated management. The setup integrates two MCP (Model Context Protocol) servers to provide access to external documentation and real-world code examples.

Configuration Details

Disabled Default Agents

The following OpenCode default agents are disabled in opencode.json:

plan: Default planning agent
build: Default build/implementation agent
general: General-purpose agent

Rationale: These agents are replaced by a more sophisticated multi-agent system where the development orchestrator coordinates specialized subagents (code-implementer, error-debugger, security-auditor, test-runner) to ensure comprehensive, quality-assured development workflows.

MCP Servers

context7

URL: https://mcp.context7.com/mcp
Purpose: Provides access to up-to-date documentation and library references for various programming frameworks and libraries
Use Cases:
Looking up API documentation
Checking library references
Verifying framework conventions
Researching best practices

gh_grep

URL: https://mcp.grep.app
Purpose: Searches real-world code examples from over a million public GitHub repositories
Use Cases:
Finding implementation patterns
Seeing how others solved similar problems
Learning idiomatic code patterns
Reference implementations

Agent Architecture

Primary Agents

development-orchestrator
- Mode: Primary
- Role: Central coordinator for complex development workflows
- Responsibilities:
- Analyze requirements and plan execution strategy
- Delegate tasks to appropriate subagents
- Monitor progress and validate outputs
- Ensure security reviews and testing are performed
- Provide frequent progress updates to users
- Workflow: Implementation → Security Review → Testing (with debugging loops as needed)

codebase-investigator
- Mode: Primary
- Role: Deep code analysis and architecture explanation
- Responsibilities:
- Investigate codebases thoroughly
- Explain architecture and design patterns
- Trace processing pipelines and flows
- Provide detailed implementation explanations
- Constraints: Read-only (no code modifications)

Subagents

code-implementer
- Mode: Subagent
- Role: Write clean, production-quality code
- Responsibilities:
- Implement features based on specifications
- Modify existing code (bug fixes, improvements)
- Ensure code follows best practices and SOLID principles
- Include proper error handling and documentation

error-debugger
- Mode: Subagent
- Role: Diagnose and fix bugs, errors, and unexpected behavior

security-auditor
- Mode: Subagent
- Role: Review code for vulnerabilities and security best practices
- Trigger Points:
- Before deploying authentication/authorization features
- After changes to security-critical areas
- When handling user input, external APIs, or sensitive data

test-runner
- Mode: Subagent
- Role: Execute tests, generate coverage, verify functionality

system-design-architect
- Mode: Subagent
- Role: System architecture and design planning

Skills