Software Development

General

Tech Stack Overview Recommended Libraries Development Workflow Architecture Decision Records Tech Radar

Frontend

Rendering Strategies Routing, Layouts, and Modules State Management Data Loading and Cache API Client and Types Forms and Validation Styling and Design System Auth on Frontend i18n and Localization Accessibility (A11y)Error Handling Patterns Frontend Testing

Backend

Backend Overview Architecture and Module Boundaries API Design (REST + OpenAPI)Auth and Permissions Database Schema and Migrations Transactions and Idempotency Background Jobs and Scheduling Payments System Mailing System Webhooks and Event Processing File Handling and Storage Realtime Features (WebSockets and SSE)Caching Strategies Error Handling Patterns Backend Testing Logging, Monitoring, and Alerting

Dev Environment & Tooling

Runtime (Node and Bun)Package Managers (pnpm and Bun)Monorepo Workspaces Local HTTPS Proxy and Certs Local Infra with Docker Compose External Services in Dev Debugging and Troubleshooting

Quality & Security

Coding Standards and Review Security Baseline for Web Apps Rate Limiting and Abuse Protection Dependency and Secret Management Release Readiness Checklist

Boilerplate

Overview Architecture Map Start a New Project Upgrade and Maintenance

Engineering Guides

Software Development Cloud Engineering AI Engineering (soon)

File Handling and Storage

Handle file upload, validation, processing, and delivery with predictable security and cost.

Recommended approach

Store files in object storage, not application disks.
Use pre-signed upload/download flows where possible.
Scan and validate uploaded files before processing.

Alternatives and when to choose them

Direct app upload proxying for small internal tools.
CDN-backed private file delivery for public-scale assets.

Implementation checklist

Enforce max file size and allowed MIME types.
Separate original files from derived/processed assets.
Add lifecycle/retention policy by file category.

Common pitfalls

Trusting filename extension as content type.
Keeping user-uploaded content indefinitely without policy.

Related pages

Webhooks and Event Processing
Security Baseline for Web Apps

See also: Infrastructure setup

Cloud: File Storage

Webhooks and Event Processing

Process third-party callbacks safely despite retries, delays, and ordering issues.

Realtime Features (WebSockets and SSE)

Deliver live updates without overloading backend resources.

On this page

Recommended approach Alternatives and when to choose them Implementation checklist Common pitfalls Related pages See also: Infrastructure setup