Software Development

General

Tech Stack Overview Recommended Libraries Development Workflow Architecture Decision Records Tech Radar

Frontend

Rendering Strategies Routing, Layouts, and Modules State Management Data Loading and Cache API Client and Types Forms and Validation Styling and Design System Auth on Frontend i18n and Localization Accessibility (A11y)Error Handling Patterns Frontend Testing

Backend

Backend Overview Architecture and Module Boundaries API Design (REST + OpenAPI)Auth and Permissions Database Schema and Migrations Transactions and Idempotency Background Jobs and Scheduling Payments System Mailing System Webhooks and Event Processing File Handling and Storage Realtime Features (WebSockets and SSE)Caching Strategies Error Handling Patterns Backend Testing Logging, Monitoring, and Alerting

Dev Environment & Tooling

Runtime (Node and Bun)Package Managers (pnpm and Bun)Monorepo Workspaces Local HTTPS Proxy and Certs Local Infra with Docker Compose External Services in Dev Debugging and Troubleshooting

Quality & Security

Coding Standards and Review Security Baseline for Web Apps Rate Limiting and Abuse Protection Dependency and Secret Management Release Readiness Checklist

Boilerplate

Overview Architecture Map Start a New Project Upgrade and Maintenance

Engineering Guides

Software Development Cloud Engineering AI Engineering (soon)

Security Baseline for Web Apps

Define mandatory minimum security controls across web applications.

Recommended approach

Apply a baseline that includes:

secure authentication/session management
least-privilege access controls
input validation and output encoding
dependency hygiene and secret protection
logging for security-relevant events

Alternatives and when to choose them

Enhanced compliance baseline for regulated industries.
Reduced baseline only for non-production experiments.

Implementation checklist

Add security headers and transport security defaults.
Add abuse controls to auth and public endpoints.
Ensure backup and incident response processes exist.

Common pitfalls

Security checks treated as a final pre-release step only.
Missing threat model for high-risk features (payments, file upload, admin actions).

Related pages

Auth and Permissions
Rate Limiting and Abuse Protection

Coding Standards and Review

Maintain code quality and consistency across contributors.

Rate Limiting and Abuse Protection

Protect public endpoints and critical workflows from abuse and service degradation.

On this page

Recommended approach Alternatives and when to choose them Implementation checklist Common pitfalls Related pages