{ "schemaVersion": "1.0", "item": { "slug": "backend", "name": "Backend", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/ivangdavila/backend", "canonicalUrl": "https://clawhub.ai/ivangdavila/backend", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/backend", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=backend", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "backend", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T09:13:25.362Z", "expiresAt": "2026-05-07T09:13:25.362Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=backend", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=backend", "contentDisposition": "attachment; filename=\"backend-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "backend" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/backend" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/backend", "agentPageUrl": "https://openagent3.xyz/skills/backend/agent", "manifestUrl": "https://openagent3.xyz/skills/backend/agent.json", "briefUrl": "https://openagent3.xyz/skills/backend/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Error Handling", "body": "Never expose stack traces to clients—log internally, return generic message\nStructured error responses: code, message, request ID—enables debugging without leaking\nFail fast on bad input—validate at entry point, not deep in business logic\nUnexpected errors: 500 + alert—expected errors: appropriate 4xx" }, { "title": "Input Validation", "body": "Validate everything from outside—query params, headers, body, path params\nWhitelist valid input, don't blacklist bad—reject unknown fields\nValidate early, before any processing—save resources, clearer errors\nSize limits on all inputs—prevent memory exhaustion attacks" }, { "title": "Timeouts Everywhere", "body": "Database queries: set timeout, typically 5-30s\nExternal HTTP calls: connect timeout + read timeout—don't wait forever\nOverall request timeout—gateway or middleware level\nBackground jobs: max execution time—prevent zombie processes" }, { "title": "Retry Patterns", "body": "Exponential backoff: 1s, 2s, 4s, 8s...—prevents thundering herd\nAdd jitter: randomize delay—prevents synchronized retries\nIdempotency keys for non-idempotent operations—safe to retry\nCircuit breaker for failing dependencies—stop hammering, fail fast" }, { "title": "Database Practices", "body": "Connection pooling: reuse connections—creating is expensive\nTransactions scoped minimal—hold locks briefly\nRead replicas for read-heavy workloads—separate read/write traffic\nPrepared statements always—SQL injection prevention, query plan cache" }, { "title": "Caching Strategy", "body": "Cache invalidation strategy decided upfront—TTL, event-based, or both\nCache at right layer: query result, computed value, HTTP response\nCache stampede prevention—lock or probabilistic early expiration\nMonitor hit rate—low hit rate = wasted resources" }, { "title": "Rate Limiting", "body": "Per-user/IP limits on expensive operations—login, signup, search\nDifferent limits for different operations—read vs write\nReturn Retry-After header—tell clients when to retry\nRate limit early in request pipeline—save resources" }, { "title": "Health Checks", "body": "Liveness: is process running—restart if fails\nReadiness: can handle traffic—remove from load balancer if fails\nStartup probe for slow-starting services—don't kill during init\nHealth checks fast and cheap—don't hit database on every probe" }, { "title": "Graceful Shutdown", "body": "Stop accepting new requests first—drain load balancer\nWait for in-flight requests to complete—with timeout\nClose database connections cleanly—prevent connection leaks\nSIGTERM handling: graceful; SIGKILL after timeout" }, { "title": "Logging", "body": "Structured logs (JSON)—parseable by log aggregators\nRequest ID in every log—trace request across services\nLog level appropriate: debug for dev, info/error for prod\nSensitive data never logged—passwords, tokens, PII" }, { "title": "API Design", "body": "Versioning strategy from day one—path (/v1/) or header\nPagination for list endpoints—cursor or offset; include total count\nConsistent response format—same envelope everywhere\nMeaningful status codes—201 for create, 204 for delete, 404 for not found" }, { "title": "Security Hygiene", "body": "Secrets from environment or vault—never in code or config files\nDependencies updated regularly—automated with Dependabot/Renovate\nPrinciple of least privilege—service accounts with minimal permissions\nAuthentication and authorization separated—who you are vs what you can do" }, { "title": "Observability", "body": "Metrics: request count, latency percentiles, error rate—the RED method\nDistributed tracing for microservices—follow request across services\nAlerting on symptoms, not causes—high error rate, not CPU usage\nDashboards for operational visibility—know normal to spot abnormal" } ], "body": "Error Handling\nNever expose stack traces to clients—log internally, return generic message\nStructured error responses: code, message, request ID—enables debugging without leaking\nFail fast on bad input—validate at entry point, not deep in business logic\nUnexpected errors: 500 + alert—expected errors: appropriate 4xx\nInput Validation\nValidate everything from outside—query params, headers, body, path params\nWhitelist valid input, don't blacklist bad—reject unknown fields\nValidate early, before any processing—save resources, clearer errors\nSize limits on all inputs—prevent memory exhaustion attacks\nTimeouts Everywhere\nDatabase queries: set timeout, typically 5-30s\nExternal HTTP calls: connect timeout + read timeout—don't wait forever\nOverall request timeout—gateway or middleware level\nBackground jobs: max execution time—prevent zombie processes\nRetry Patterns\nExponential backoff: 1s, 2s, 4s, 8s...—prevents thundering herd\nAdd jitter: randomize delay—prevents synchronized retries\nIdempotency keys for non-idempotent operations—safe to retry\nCircuit breaker for failing dependencies—stop hammering, fail fast\nDatabase Practices\nConnection pooling: reuse connections—creating is expensive\nTransactions scoped minimal—hold locks briefly\nRead replicas for read-heavy workloads—separate read/write traffic\nPrepared statements always—SQL injection prevention, query plan cache\nCaching Strategy\nCache invalidation strategy decided upfront—TTL, event-based, or both\nCache at right layer: query result, computed value, HTTP response\nCache stampede prevention—lock or probabilistic early expiration\nMonitor hit rate—low hit rate = wasted resources\nRate Limiting\nPer-user/IP limits on expensive operations—login, signup, search\nDifferent limits for different operations—read vs write\nReturn Retry-After header—tell clients when to retry\nRate limit early in request pipeline—save resources\nHealth Checks\nLiveness: is process running—restart if fails\nReadiness: can handle traffic—remove from load balancer if fails\nStartup probe for slow-starting services—don't kill during init\nHealth checks fast and cheap—don't hit database on every probe\nGraceful Shutdown\nStop accepting new requests first—drain load balancer\nWait for in-flight requests to complete—with timeout\nClose database connections cleanly—prevent connection leaks\nSIGTERM handling: graceful; SIGKILL after timeout\nLogging\nStructured logs (JSON)—parseable by log aggregators\nRequest ID in every log—trace request across services\nLog level appropriate: debug for dev, info/error for prod\nSensitive data never logged—passwords, tokens, PII\nAPI Design\nVersioning strategy from day one—path (/v1/) or header\nPagination for list endpoints—cursor or offset; include total count\nConsistent response format—same envelope everywhere\nMeaningful status codes—201 for create, 204 for delete, 404 for not found\nSecurity Hygiene\nSecrets from environment or vault—never in code or config files\nDependencies updated regularly—automated with Dependabot/Renovate\nPrinciple of least privilege—service accounts with minimal permissions\nAuthentication and authorization separated—who you are vs what you can do\nObservability\nMetrics: request count, latency percentiles, error rate—the RED method\nDistributed tracing for microservices—follow request across services\nAlerting on symptoms, not causes—high error rate, not CPU usage\nDashboards for operational visibility—know normal to spot abnormal" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/ivangdavila/backend", "publisherUrl": "https://clawhub.ai/ivangdavila/backend", "owner": "ivangdavila", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/backend", "downloadUrl": "https://openagent3.xyz/downloads/backend", "agentUrl": "https://openagent3.xyz/skills/backend/agent", "manifestUrl": "https://openagent3.xyz/skills/backend/agent.json", "briefUrl": "https://openagent3.xyz/skills/backend/agent.md" } }