Skip to content

backend

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

backend

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
expressjs
expressjs
 
 
graphql
graphql
 
 
microservices
microservices
 
 
mongodb
mongodb
 
 
nestjs
nestjs
 
 
nodejs
nodejs
 
 
postgresql
postgresql
 
 
redis
redis
 
 
readme.md
readme.md
 
 

readme.md

technology Backend Architecture
domain backend
level Senior/Architect
version Agnostic
tags
best-practices
deterministic-code
architecture-patterns
vibe-coding
cursor-rules
typescript
software-architecture
system-design
solid-principles
production-ready
programming-standards
react-best-practices
node-js
design-patterns
scalable-code
windsurf-rules
ai-coding
fsd
ddd
enterprise-patterns
ai_role Senior Backend Architect
last_updated 2026-03-22

Backend Best Practices & Production-Ready Patterns

🏠 Back to Home

Context & Scope

  • Primary Goal: Outline the overarching philosophy and standards for Backend and system development inside the ecosystem.
  • Target Tooling: Cursor, Windsurf, Antigravity.
  • Tech Stack Version: Agnostic
Backend Logo

The foundational rules and standards governing backend logic.

--- ## Architecture Principles
  • Adhere to the defined Architectural Patterns when building applications, specifically Hexagonal Architecture / Clean Architecture.
  • Avoid tightly coupling business domains to framework-specific libraries.

Technical Requirements for AI Generation

Important

Constraint: Never allow Database Object Relational Mapping (ORM) models to bleed into standard HTTP responses. Always map through a DTO.

  • Security First: Validate all inputs using schema validations. Assume all external input is malicious.
  • TypeScript Strictness: any is strictly prohibited. Enforce boundary definitions between the transport and core logic layers.

Technologies Included

This folder acts as a container for documentation around the following backend technologies:

1. 🛑 Global Domain Bleeding

❌ Bad Practice

// Returning database ORM models directly in HTTP responses
app.get('/users/:id', async (req, res) => {
  const user = await db.User.findByPk(req.params.id);
  res.json(user); // Exposes sensitive database fields like passwords or salts
});

⚠️ Problem

Returning database ORM models directly in HTTP responses tightly couples the database schema to the API contract. This exposes sensitive internal fields (like password hashes or internal IDs) and prevents evolving the database schema without breaking API clients.

✅ Best Practice

// Mapping the database entity to a specialized DTO
app.get('/users/:id', async (req, res) => {
  const user = await db.User.findByPk(req.params.id);
  const userDTO = { id: user.id, username: user.username, email: user.email };
  res.json(userDTO);
});

Note

Internal Routing: For more context, refer back to the Global Index.

🚀 Solution

Never allow Database Object Relational Mapping (ORM) models to bleed into standard HTTP responses. Always map through a DTO.