Software Development

General

Tech Stack Overview Recommended Libraries Development Workflow Architecture Decision Records Tech Radar

Frontend

Rendering Strategies Routing, Layouts, and Modules State Management Data Loading and Cache API Client and Types Forms and Validation Styling and Design System Auth on Frontend i18n and Localization Accessibility (A11y)Error Handling Patterns Frontend Testing

Backend

Backend Overview Architecture and Module Boundaries API Design (REST + OpenAPI)Auth and Permissions Database Schema and Migrations Transactions and Idempotency Background Jobs and Scheduling Payments System Mailing System Webhooks and Event Processing File Handling and Storage Realtime Features (WebSockets and SSE)Caching Strategies Error Handling Patterns Backend Testing Logging, Monitoring, and Alerting

Dev Environment & Tooling

Runtime (Node and Bun)Package Managers (pnpm and Bun)Monorepo Workspaces Local HTTPS Proxy and Certs Local Infra with Docker Compose External Services in Dev Debugging and Troubleshooting

Quality & Security

Coding Standards and Review Security Baseline for Web Apps Rate Limiting and Abuse Protection Dependency and Secret Management Release Readiness Checklist

Boilerplate

Overview Architecture Map Start a New Project Upgrade and Maintenance

Engineering Guides

Software Development Cloud Engineering AI Engineering (soon)

Auth and Permissions

Design authentication and authorization that remain secure as product scope expands.

Recommended approach

Keep authentication (who the user is) and authorization (what user can do) separate.
Centralize permission checks in policy/service layers.
Support role-based and resource-based permissions when needed.

For many projects, Better Auth can serve as a practical base for sessions, MFA, and API-key flows.

Alternatives and when to choose them

Hosted IdP for enterprise SSO/compliance constraints.
Custom auth stack for unique domain/security models.

Implementation checklist

Define permission matrix per domain action.
Log sensitive auth events.
Add rate limits on auth endpoints.

Common pitfalls

Permissions enforced only in controllers without domain-level checks.
Missing token/session revocation paths.

Related pages

Auth on Frontend
Security Baseline for Web Apps

API Design (REST + OpenAPI)

Deliver consistent APIs that frontend and integrations can consume confidently.

Database Schema and Migrations

Evolve schema safely while protecting production data and deployment reliability.

On this page

Recommended approach Alternatives and when to choose them Implementation checklist Common pitfalls Related pages