@zigrivers/scaffold 3.33.0 → 3.33.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/content/knowledge/VERSION +1 -1
- package/content/knowledge/backend/backend-api-design.md +21 -3
- package/content/knowledge/backend/backend-architecture.md +21 -3
- package/content/knowledge/backend/backend-async-patterns.md +16 -2
- package/content/knowledge/backend/backend-auth-patterns.md +19 -2
- package/content/knowledge/backend/backend-conventions.md +15 -3
- package/content/knowledge/backend/backend-data-modeling.md +19 -3
- package/content/knowledge/backend/backend-deployment.md +21 -3
- package/content/knowledge/backend/backend-dev-environment.md +13 -3
- package/content/knowledge/backend/backend-fintech-broker-integration.md +14 -2
- package/content/knowledge/backend/backend-fintech-compliance.md +23 -4
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.2
|
|
@@ -1,15 +1,33 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: backend-api-design
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
REST maturity levels, GraphQL schema-first design, gRPC protobuf conventions, tRPC router patterns, API versioning
|
|
5
|
+
strategies, pagination, and filtering
|
|
6
|
+
topics:
|
|
7
|
+
- backend
|
|
8
|
+
- api-design
|
|
9
|
+
- rest
|
|
10
|
+
- graphql
|
|
11
|
+
- grpc
|
|
12
|
+
- trpc
|
|
13
|
+
- versioning
|
|
14
|
+
- pagination
|
|
5
15
|
volatility: evolving
|
|
6
|
-
last-reviewed:
|
|
16
|
+
last-reviewed: 2025-10-27
|
|
7
17
|
version-pin: null
|
|
8
18
|
sources:
|
|
9
19
|
- url: https://spec.openapis.org/oas/latest.html
|
|
20
|
+
hash: sha256:15f12e539a3ac811c5f18950bc9cff296b43a22ad4d50b4db8d533f37ebc1d23
|
|
21
|
+
retrieved: 2025-10-27
|
|
10
22
|
- url: https://spec.graphql.org/
|
|
23
|
+
hash: sha256:14221cbb56b50b8179803abd08a5f801ebbca98c2d97eb86b47469284a3b88cf
|
|
24
|
+
retrieved: 2025-10-27
|
|
11
25
|
- url: https://www.rfc-editor.org/rfc/rfc9110.html
|
|
26
|
+
hash: sha256:d431760660ea44e130f6e919dab216df2d0b3a490567a98089267523368fe1e5
|
|
27
|
+
retrieved: 2025-10-27
|
|
12
28
|
- url: https://martinfowler.com/articles/richardsonMaturityModel.html
|
|
29
|
+
hash: sha256:67fe98bd0c4572223f6973109e515fade396e29a3fc6ccb2323409392c91b501
|
|
30
|
+
retrieved: 2025-10-27
|
|
13
31
|
---
|
|
14
32
|
|
|
15
33
|
API design is a long-lived contract. Every structural decision — URL shape, error format, pagination scheme, versioning strategy — is expensive to change after consumers depend on it. Design APIs from the consumer's perspective first. The best API is one where new developers can predict the shape of an endpoint they have never seen before, because every other endpoint follows the same patterns.
|
|
@@ -1,15 +1,33 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: backend-architecture
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
Monolith vs microservices decision framework, layered architecture patterns, CQRS, event sourcing, hexagonal
|
|
5
|
+
architecture, and service mesh considerations
|
|
6
|
+
topics:
|
|
7
|
+
- backend
|
|
8
|
+
- architecture
|
|
9
|
+
- microservices
|
|
10
|
+
- monolith
|
|
11
|
+
- cqrs
|
|
12
|
+
- event-sourcing
|
|
13
|
+
- hexagonal
|
|
14
|
+
- clean-architecture
|
|
5
15
|
volatility: evolving
|
|
6
|
-
last-reviewed:
|
|
16
|
+
last-reviewed: 2025-07-17
|
|
7
17
|
version-pin: null
|
|
8
18
|
sources:
|
|
9
19
|
- url: https://microservices.io/patterns/
|
|
20
|
+
hash: sha256:fa1ff9ebd46faa3f90ad25e7f536a78019167c61e03186be6cbb08c46367db5d
|
|
21
|
+
retrieved: 2025-07-17
|
|
10
22
|
- url: https://martinfowler.com/bliki/CQRS.html
|
|
23
|
+
hash: sha256:11cf46ce308805e94e4b110016b09d004fbf8c47669a7041080f661c798b2f29
|
|
24
|
+
retrieved: 2025-07-17
|
|
11
25
|
- url: https://martinfowler.com/eaaDev/EventSourcing.html
|
|
26
|
+
hash: sha256:8c266ad1f81881deac8a59d86f429a594497eac3243aa1bd5b40202ccfada596
|
|
27
|
+
retrieved: 2025-07-17
|
|
12
28
|
- url: https://martinfowler.com/bliki/MonolithFirst.html
|
|
29
|
+
hash: sha256:722d8d78beddd9e0f6ff3e856eec94dfa2b9fa3bebcaaf4c9e80ccdd3c0e1446
|
|
30
|
+
retrieved: 2025-07-17
|
|
13
31
|
---
|
|
14
32
|
|
|
15
33
|
Backend architecture is the set of structural decisions that determine how the system scales, how teams work independently, and how expensive future changes will be. The single most common backend architecture mistake is choosing microservices before the problem demands them. Start with the simplest architecture that solves the current problem, and evolve to complexity only when specific pain points — not hypothetical future ones — force the change.
|
|
@@ -1,14 +1,28 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: backend-async-patterns
|
|
3
3
|
description: Message queue patterns, event-driven architecture, saga patterns, retry strategies, and idempotency keys
|
|
4
|
-
topics:
|
|
4
|
+
topics:
|
|
5
|
+
- backend
|
|
6
|
+
- async
|
|
7
|
+
- message-queues
|
|
8
|
+
- event-driven
|
|
9
|
+
- saga
|
|
10
|
+
- retry
|
|
11
|
+
- idempotency
|
|
12
|
+
- cqrs
|
|
5
13
|
volatility: evolving
|
|
6
|
-
last-reviewed:
|
|
14
|
+
last-reviewed: 2025-04-08
|
|
7
15
|
version-pin: null
|
|
8
16
|
sources:
|
|
9
17
|
- url: https://microservices.io/patterns/data/saga.html
|
|
18
|
+
hash: sha256:c42eac244bf94f8db7767ba131c1715066a2dd10beb1cd6f01e5f92e19d2f0b3
|
|
19
|
+
retrieved: 2025-04-08
|
|
10
20
|
- url: https://martinfowler.com/articles/patterns-of-distributed-systems/
|
|
21
|
+
hash: sha256:93092f76ea34af4d60c068180a063d9fde27ab6c7b604ba42337aeed023cab86
|
|
22
|
+
retrieved: 2025-04-08
|
|
11
23
|
- url: https://sre.google/sre-book/handling-overload/
|
|
24
|
+
hash: sha256:8ca912a82390e7f61e8bbae7baab3a74489f5068d71dee1ff24aed99375e0373
|
|
25
|
+
retrieved: 2025-04-08
|
|
12
26
|
---
|
|
13
27
|
|
|
14
28
|
Asynchronous patterns decouple services in time and space, enabling systems to absorb load spikes, survive partial failures, and scale independently — but they introduce delivery guarantees and consistency tradeoffs that must be designed for explicitly from the start.
|
|
@@ -1,16 +1,33 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: backend-auth-patterns
|
|
3
3
|
description: JWT lifecycle, OAuth2 authorization code flow, API key management, and service-to-service authentication
|
|
4
|
-
topics:
|
|
4
|
+
topics:
|
|
5
|
+
- backend
|
|
6
|
+
- auth
|
|
7
|
+
- jwt
|
|
8
|
+
- oauth2
|
|
9
|
+
- api-keys
|
|
10
|
+
- mtls
|
|
11
|
+
- security
|
|
5
12
|
volatility: evolving
|
|
6
|
-
last-reviewed:
|
|
13
|
+
last-reviewed: 2025-05-27
|
|
7
14
|
version-pin: null
|
|
8
15
|
sources:
|
|
9
16
|
- url: https://www.rfc-editor.org/rfc/rfc6749
|
|
17
|
+
hash: sha256:728b767bd41293b9fc83f233f9f115f4aea0b044e370084d29fb1269e09615aa
|
|
18
|
+
retrieved: 2025-05-27
|
|
10
19
|
- url: https://www.rfc-editor.org/rfc/rfc7519
|
|
20
|
+
hash: sha256:9d96b6f50503146ef45359bb95d559edca5e73924ac97790c0bf19a707644774
|
|
21
|
+
retrieved: 2025-05-27
|
|
11
22
|
- url: https://www.rfc-editor.org/rfc/rfc7636
|
|
23
|
+
hash: sha256:c98037dc067089b2fe04e4383f2b6356c70ccb9568dd654a15c5f31f5a0ef1eb
|
|
24
|
+
retrieved: 2025-05-27
|
|
12
25
|
- url: https://openid.net/specs/openid-connect-core-1_0.html
|
|
26
|
+
hash: sha256:4d016752a645e8a3c259baa4173b5a90cb6c82898ce868fc8444adde262a5aed
|
|
27
|
+
retrieved: 2025-05-27
|
|
13
28
|
- url: https://owasp.org/www-project-api-security/
|
|
29
|
+
hash: sha256:08a9c96c69b3707a812ef8f919284e21890ec73fdcea50783ce868c9d546c1bd
|
|
30
|
+
retrieved: 2025-05-27
|
|
14
31
|
---
|
|
15
32
|
|
|
16
33
|
Authentication and authorization are the first line of defense for any backend service — mistakes here compromise the entire system, making it essential to use proven patterns like JWTs with rotation, OAuth2 with PKCE, and workload identity from the start.
|
|
@@ -1,13 +1,25 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: backend-conventions
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
Service and handler naming conventions, structured error handling patterns, structured logging with correlation IDs,
|
|
5
|
+
and file organization standards for backend codebases
|
|
6
|
+
topics:
|
|
7
|
+
- backend
|
|
8
|
+
- conventions
|
|
9
|
+
- error-handling
|
|
10
|
+
- logging
|
|
11
|
+
- naming
|
|
12
|
+
- file-organization
|
|
5
13
|
volatility: stable
|
|
6
|
-
last-reviewed:
|
|
14
|
+
last-reviewed: 2025-01-15
|
|
7
15
|
version-pin: null
|
|
8
16
|
sources:
|
|
9
17
|
- url: https://google.github.io/styleguide/
|
|
18
|
+
hash: sha256:e40c3a5dfb0a54715f3e120b309a11b7707e03143399f746ea651ad0a74c983f
|
|
19
|
+
retrieved: 2025-01-15
|
|
10
20
|
- url: https://martinfowler.com/tags/clean%20code.html
|
|
21
|
+
hash: sha256:7b8d78e227d63880ce0b2884da4deda09aa223d43f81614630a5a86d7f766ee3
|
|
22
|
+
retrieved: 2025-01-15
|
|
11
23
|
---
|
|
12
24
|
|
|
13
25
|
Consistent conventions in a backend codebase reduce cognitive load, make code reviewable at a glance, and prevent entire classes of bugs. Naming, error handling, and logging are the three highest-leverage areas — they touch every layer of the stack and every engineer on the team. Establish these conventions before the first PR, codify them in linting rules where possible, and treat violations as blocking review comments.
|
|
@@ -1,14 +1,30 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: backend-data-modeling
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
Relational vs document modeling tradeoffs, migration strategies, connection pooling, ORM vs query builder tradeoffs,
|
|
5
|
+
multi-tenancy patterns, and eventual consistency
|
|
6
|
+
topics:
|
|
7
|
+
- backend
|
|
8
|
+
- data-modeling
|
|
9
|
+
- database
|
|
10
|
+
- migrations
|
|
11
|
+
- orm
|
|
12
|
+
- multi-tenancy
|
|
13
|
+
- eventual-consistency
|
|
14
|
+
- connection-pooling
|
|
5
15
|
volatility: stable
|
|
6
|
-
last-reviewed:
|
|
16
|
+
last-reviewed: 2026-05-15
|
|
7
17
|
version-pin: null
|
|
8
18
|
sources:
|
|
9
19
|
- url: https://www.postgresql.org/docs/current/
|
|
20
|
+
hash: sha256:5fc8b49295f6c1c6a80ddab08d20f6aa2395e9804353fc4e8e8f57e77564d3f2
|
|
21
|
+
retrieved: 2026-05-15
|
|
10
22
|
- url: https://martinfowler.com/articles/evodb.html
|
|
23
|
+
hash: sha256:77d7c85db8a99f4b194e89bec6e0cd14e860cce0f54475326823894ce5b3a289
|
|
24
|
+
retrieved: 2026-05-15
|
|
11
25
|
- url: https://microservices.io/patterns/data/database-per-service.html
|
|
26
|
+
hash: sha256:014afb315804d3d1464b1ac4c021c0abe9ab215ee6c49745a4ed57f542b35de6
|
|
27
|
+
retrieved: 2026-05-15
|
|
12
28
|
---
|
|
13
29
|
|
|
14
30
|
Data modeling decisions have the highest reversal cost of any backend choice. A schema design that seemed reasonable at launch can become an operational crisis at scale — queries that worked at 10,000 rows fail at 100 million. The goal is to match the data model to the access patterns of the application, not to normalize for its own sake or to denormalize prematurely. Design the schema with the queries in mind from day one.
|
|
@@ -1,15 +1,33 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: backend-deployment
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
Containerization best practices, serverless patterns, health check endpoints, graceful shutdown, and deployment
|
|
5
|
+
strategies
|
|
6
|
+
topics:
|
|
7
|
+
- backend
|
|
8
|
+
- deployment
|
|
9
|
+
- docker
|
|
10
|
+
- serverless
|
|
11
|
+
- health-checks
|
|
12
|
+
- graceful-shutdown
|
|
13
|
+
- blue-green
|
|
14
|
+
- canary
|
|
5
15
|
volatility: evolving
|
|
6
|
-
last-reviewed:
|
|
16
|
+
last-reviewed: 2025-01-14
|
|
7
17
|
version-pin: null
|
|
8
18
|
sources:
|
|
9
19
|
- url: https://martinfowler.com/bliki/BlueGreenDeployment.html
|
|
20
|
+
hash: sha256:eeb9a79a1caab2e9ffcafdfcfb12d9d6669918a7f2af3e9f44087458d0951717
|
|
21
|
+
retrieved: 2025-01-14
|
|
10
22
|
- url: https://martinfowler.com/bliki/CanaryRelease.html
|
|
23
|
+
hash: sha256:916caf0f38ffd564c0c478b51d7e5dac9fdbc4fa8bb9b6729300fc96d27c2715
|
|
24
|
+
retrieved: 2025-01-14
|
|
11
25
|
- url: https://sre.google/sre-book/release-engineering/
|
|
26
|
+
hash: sha256:eb0116a837c4f1b94eff42bde5a47a0a59874c8b432e3bf070374883ec558a54
|
|
27
|
+
retrieved: 2025-01-14
|
|
12
28
|
- url: https://docs.aws.amazon.com/whitepapers/latest/overview-deployment-options/welcome.html
|
|
29
|
+
hash: sha256:1e7eac9d22264bbc9dbca009645063474ea47d8940b21d15b1d68f03b0a1f4ee
|
|
30
|
+
retrieved: 2025-01-14
|
|
13
31
|
---
|
|
14
32
|
|
|
15
33
|
Deployment reliability is a multiplier on every other engineering investment — a well-written service that deploys poorly will cause more incidents than a mediocre service that deploys safely and rolls back cleanly.
|
|
@@ -1,12 +1,22 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: backend-dev-environment
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
Docker Compose for local databases and queues, database seeding and migration scripts, API testing tools, environment
|
|
5
|
+
variable management, and local SSL setup
|
|
6
|
+
topics:
|
|
7
|
+
- backend
|
|
8
|
+
- dev-environment
|
|
9
|
+
- docker
|
|
10
|
+
- migrations
|
|
11
|
+
- testing
|
|
12
|
+
- environment-variables
|
|
5
13
|
volatility: evolving
|
|
6
|
-
last-reviewed:
|
|
14
|
+
last-reviewed: 2026-05-15
|
|
7
15
|
version-pin: null
|
|
8
16
|
sources:
|
|
9
17
|
- url: https://www.postgresql.org/docs/current/
|
|
18
|
+
hash: sha256:5fc8b49295f6c1c6a80ddab08d20f6aa2395e9804353fc4e8e8f57e77564d3f2
|
|
19
|
+
retrieved: 2026-05-15
|
|
10
20
|
---
|
|
11
21
|
|
|
12
22
|
A backend development environment that requires manual setup steps is a productivity drain and an onboarding failure. The standard should be: clone the repo, run one command, and have a fully functional local environment in under five minutes. Docker Compose is the primary tool for achieving this — it pins the exact versions of every external dependency and makes the environment reproducible across all developer machines.
|
|
@@ -1,13 +1,25 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: backend-fintech-broker-integration
|
|
3
3
|
description: Multi-broker adapter pattern; credential rotation; error harmonization; rate-limit management; broker-side quirks.
|
|
4
|
-
topics:
|
|
4
|
+
topics:
|
|
5
|
+
- backend
|
|
6
|
+
- fintech
|
|
7
|
+
- brokers
|
|
8
|
+
- integration
|
|
9
|
+
- adapter-pattern
|
|
10
|
+
- rate-limits
|
|
11
|
+
- credentials
|
|
12
|
+
- retry
|
|
5
13
|
volatility: evolving
|
|
6
|
-
last-reviewed:
|
|
14
|
+
last-reviewed: 2025-04-08
|
|
7
15
|
version-pin: null
|
|
8
16
|
sources:
|
|
9
17
|
- url: https://microservices.io/patterns/reliability/circuit-breaker.html
|
|
18
|
+
hash: sha256:a117f72fc0d279ea99d4234ea8a8cc7bdf23d7ed59d94effc6129d613518a6fa
|
|
19
|
+
retrieved: 2025-04-08
|
|
10
20
|
- url: https://martinfowler.com/bliki/CircuitBreaker.html
|
|
21
|
+
hash: sha256:73239948ec03887430a4d139e384e94bc640fec894fb1dce53b56abe579c5da4
|
|
22
|
+
retrieved: 2025-04-08
|
|
11
23
|
---
|
|
12
24
|
|
|
13
25
|
A fintech backend that routes orders or reads positions across more than one broker inherits the union of every broker's quirks, outages, auth schemes, and undocumented behaviors. The broker-integration layer exists to hide that mess behind one normalized internal contract so the rest of the system — risk, order lifecycle, ledger, UI — can stay clean. This doc covers the adapter contract, credential handling, error harmonization, rate-limit strategy, and the specific pitfalls that recur regardless of which brokers you connect.
|
|
@@ -1,15 +1,34 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: backend-fintech-compliance
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
PCI-DSS, SOC 2, SEC/FINRA regulations for consumer/B2B fintech backends; audit trail immutability; data retention;
|
|
5
|
+
segregation of duties.
|
|
6
|
+
topics:
|
|
7
|
+
- backend
|
|
8
|
+
- fintech
|
|
9
|
+
- compliance
|
|
10
|
+
- pci-dss
|
|
11
|
+
- soc2
|
|
12
|
+
- sec
|
|
13
|
+
- finra
|
|
14
|
+
- audit-trail
|
|
15
|
+
- gdpr
|
|
5
16
|
volatility: evolving
|
|
6
|
-
last-reviewed:
|
|
7
|
-
version-pin:
|
|
17
|
+
last-reviewed: 2025-06-01
|
|
18
|
+
version-pin: PCI-DSS v4.0.1
|
|
8
19
|
sources:
|
|
9
20
|
- url: https://www.pcisecuritystandards.org/document_library/
|
|
21
|
+
hash: sha256:9cb04202115fe2c3275274d93a4eb506c0f97648af0dcee12dc1da0faec0bcbf
|
|
22
|
+
retrieved: 2025-06-01
|
|
10
23
|
- url: https://www.aicpa-cima.com/topic/audit-assurance
|
|
24
|
+
hash: sha256:08d2df6fd46adb5e0c62200435b8619d9dd67228ef1c9ce5cbe19e87f048a667
|
|
25
|
+
retrieved: 2025-06-01
|
|
11
26
|
- url: https://www.finra.org/rules-guidance/rulebooks/finra-rules
|
|
27
|
+
hash: sha256:0ddd688189c919aeb3903adf06a0a727b515c9a51482c62bf9fdb77f53980e14
|
|
28
|
+
retrieved: 2025-06-01
|
|
12
29
|
- url: https://eur-lex.europa.eu/eli/reg/2016/679/oj
|
|
30
|
+
hash: sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
|
31
|
+
retrieved: 2025-06-01
|
|
13
32
|
---
|
|
14
33
|
|
|
15
34
|
Fintech compliance is not a checklist applied at the end — it determines schema design, deployment pipelines, and system boundaries. Most regulations apply based on what a service *touches* (cards, trades, PII), so scope reduction is the single highest-leverage design decision available to engineering. This doc covers the regulatory regimes a typical US/EU fintech encounters, the audit-trail patterns they demand, and concrete implementation choices that keep audits survivable.
|