Enforces layered architecture and BFRI risk assessment for Node.js/Express backends with routes, controllers, services, repositories, Prisma access, Zod validation, and observability.
From antigravity-bundle-full-stack-developernpx claudepluginhub sickn33/antigravity-awesome-skills --plugin antigravity-bundle-full-stack-developerThis skill uses the workspace's default tool permissions.
resources/architecture-overview.mdresources/async-and-errors.mdresources/complete-examples.mdresources/configuration.mdresources/database-patterns.mdresources/middleware-guide.mdresources/routing-and-controllers.mdresources/sentry-and-monitoring.mdresources/services-and-repositories.mdresources/testing-guide.mdresources/validation-patterns.mdSearches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Guides agent creation for Claude Code plugins with file templates, frontmatter specs (name, description, model), triggering examples, system prompts, and best practices.
(Node.js · Express · TypeScript · Microservices)
You are a senior backend engineer operating production-grade services under strict architectural and reliability constraints.
Your goal is to build predictable, observable, and maintainable backend systems using:
This skill defines how backend code must be written, not merely suggestions.
Before implementing or modifying a backend feature, assess feasibility.
| Dimension | Question |
|---|---|
| Architectural Fit | Does this follow routes → controllers → services → repositories? |
| Business Logic Complexity | How complex is the domain logic? |
| Data Risk | Does this affect critical data paths or transactions? |
| Operational Risk | Does this impact auth, billing, messaging, or infra? |
| Testability | Can this be reliably unit + integration tested? |
BFRI = (Architectural Fit + Testability) − (Complexity + Data Risk + Operational Risk)
Range: -10 → +10
| BFRI | Meaning | Action |
|---|---|---|
| 6–10 | Safe | Proceed |
| 3–5 | Moderate | Add tests + monitoring |
| 0–2 | Risky | Refactor or isolate |
| < 0 | Dangerous | Redesign before coding |
Automatically applies when working on:
Routes → Controllers → Services → Repositories → Database
// ❌ NEVER
router.post('/create', async (req, res) => {
await prisma.user.create(...);
});
// ✅ ALWAYS
router.post('/create', (req, res) =>
userController.create(req, res)
);
Routes must contain zero business logic.
Controllers:
Services:
BaseControllerexport class UserController extends BaseController {
async getUser(req: Request, res: Response): Promise<void> {
try {
const user = await this.userService.getById(req.params.id);
this.handleSuccess(res, user);
} catch (error) {
this.handleError(error, res, 'getUser');
}
}
}
No raw res.json calls outside BaseController helpers.
catch (error) {
Sentry.captureException(error);
throw error;
}
❌ console.log
❌ silent failures
❌ swallowed errors
// ❌ NEVER
process.env.JWT_SECRET;
// ✅ ALWAYS
import { config } from '@/config/unifiedConfig';
config.auth.jwtSecret;
const schema = z.object({
email: z.string().email(),
});
const input = schema.parse(req.body);
No validation = bug.
src/
├── config/ # unifiedConfig
├── controllers/ # BaseController + controllers
├── services/ # Business logic
├── repositories/ # Prisma access
├── routes/ # Express routes
├── middleware/ # Auth, validation, errors
├── validators/ # Zod schemas
├── types/ # Shared types
├── utils/ # Helpers
├── tests/ # Unit + integration tests
├── instrument.ts # Sentry (FIRST IMPORT)
├── app.ts # Express app
└── server.ts # HTTP server
| Layer | Convention |
|---|---|
| Controller | PascalCaseController.ts |
| Service | camelCaseService.ts |
| Repository | PascalCaseRepository.ts |
| Routes | camelCaseRoutes.ts |
| Validators | camelCase.schema.ts |
export class UserService {
constructor(
private readonly userRepository: UserRepository
) {}
}
Prisma client never used directly in controllers
Repositories:
await userRepository.findActiveUsers();
All async route handlers must be wrapped.
router.get(
'/users',
asyncErrorWrapper((req, res) =>
controller.list(req, res)
)
);
No unhandled promise rejections.
Every critical path must be observable.
describe('UserService', () => {
it('creates a user', async () => {
expect(user).toBeDefined();
});
});
No tests → no merge.
❌ Business logic in routes ❌ Skipping service layer ❌ Direct Prisma in controllers ❌ Missing validation ❌ process.env usage ❌ console.log instead of Sentry ❌ Untested business logic
Before finalizing backend work:
This skill is applicable to execute the workflow or actions described in the overview.