jpskill.com
🛠️ 開発・MCP コミュニティ

backend-fundamentals

Auto-invoke when reviewing API routes, server logic, Express/Node.js code, or backend architecture. Enforces REST conventions, middleware patterns, and separation of concerns.

⚡ おすすめ: コマンド1行でインストール(60秒)

下記のコマンドをコピーしてターミナル(Mac/Linux)または PowerShell(Windows)に貼り付けてください。 ダウンロード → 解凍 → 配置まで全自動。

🍎 Mac / 🐧 Linux 
mkdir -p ~/.claude/skills && cd ~/.claude/skills && curl -L -o backend-fundamentals.zip https://jpskill.com/download/18277.zip && unzip -o backend-fundamentals.zip && rm backend-fundamentals.zip
🪟 Windows (PowerShell) 
$d = "$env:USERPROFILE\.claude\skills"; ni -Force -ItemType Directory $d | Out-Null; iwr https://jpskill.com/download/18277.zip -OutFile "$d\backend-fundamentals.zip"; Expand-Archive "$d\backend-fundamentals.zip" -DestinationPath $d -Force; ri "$d\backend-fundamentals.zip"

完了後、Claude Code を再起動 → 普通に「動画プロンプト作って」のように話しかけるだけで自動発動します。

💾 手動でダウンロードしたい(コマンドが難しい人向け)
  1. 1. 下の青いボタンを押して backend-fundamentals.zip をダウンロード
  2. 2. ZIPファイルをダブルクリックで解凍 → backend-fundamentals フォルダができる
  3. 3. そのフォルダを C:\Users\あなたの名前\.claude\skills\(Win)または ~/.claude/skills/(Mac)へ移動
  4. 4. Claude Code を再起動
⬇ .zip でダウンロード(推奨) ⬇ .skill 形式(上級者用) 元のソース ↗

⚠️ ダウンロード・利用は自己責任でお願いします。当サイトは内容・動作・安全性について責任を負いません。

🎯 このSkillでできること

下記の説明文を読むと、このSkillがあなたに何をしてくれるかが分かります。Claudeにこの分野の依頼をすると、自動で発動します。

📦 インストール方法 (3ステップ)

  1. 1. 上の「ダウンロード」ボタンを押して .skill ファイルを取得
  2. 2. ファイル名の拡張子を .skill から .zip に変えて展開(macは自動展開可)
  3. 3. 展開してできたフォルダを、ホームフォルダの .claude/skills/ に置く
    • · macOS / Linux: ~/.claude/skills/
    • · Windows: %USERPROFILE%\.claude\skills\

Claude Code を再起動すれば完了。「このSkillを使って…」と話しかけなくても、関連する依頼で自動的に呼び出されます。

詳しい使い方ガイドを見る →
最終更新
2026-05-18
取得日時
2026-05-18
同梱ファイル
1
📖 Claude が読む原文 SKILL.md(中身を展開)

この本文は AI(Claude)が読むための原文(英語または中国語)です。日本語訳は順次追加中。

Backend Fundamentals Review

"APIs are contracts. Break them, and you break trust."

When to Apply

Activate this skill when reviewing:

  • API route handlers
  • Express/Fastify/Hono middleware
  • Database queries and models
  • Authentication/authorization logic
  • Server-side business logic

Review Checklist

API Design

  • [ ] RESTful: Do routes follow REST conventions? (GET for read, POST for create, etc.)
  • [ ] Naming: Are endpoints nouns, not verbs? (/users not /getUsers)
  • [ ] Versioning: Is API versioned for future changes? (/api/v1/)
  • [ ] Status Codes: Are correct HTTP status codes returned?

Separation of Concerns

  • [ ] Routes: Do routes only handle HTTP concerns (req/res)?
  • [ ] Controllers: Is business logic in controllers/services, not routes?
  • [ ] Services: Is data access abstracted from business logic?
  • [ ] Models: Are models responsible only for data shape/validation?

Error Handling

  • [ ] Try/Catch: Are async operations wrapped properly?
  • [ ] Error Responses: Are errors returned with proper status codes?
  • [ ] Logging: Are errors logged with context?
  • [ ] No Leaks: Are internal errors hidden from clients?

Security

  • [ ] Input Validation: Is ALL input validated before use?
  • [ ] Authentication: Are protected routes actually protected?
  • [ ] Authorization: Can users only access their own data?
  • [ ] Rate Limiting: Are endpoints protected from abuse?

Common Mistakes (Anti-Patterns)

1. Fat Routes

❌ app.post('/users', async (req, res) => {
     // 100 lines of validation, business logic, DB queries
   });

✅ app.post('/users', validateUser, userController.create);

2. No Input Validation

❌ const { email } = req.body;
   await db.query(`SELECT * FROM users WHERE email = '${email}'`);

✅ const { email } = validateBody(req.body, userSchema);
   await User.findByEmail(email); // parameterized

3. Wrong Status Codes

❌ res.status(200).json({ error: 'Not found' });

✅ res.status(404).json({ error: 'User not found' });

4. Leaking Internal Errors

❌ catch (error) {
     res.status(500).json({ error: error.message, stack: error.stack });
   }

✅ catch (error) {
     logger.error('User creation failed', { error, userId });
     res.status(500).json({ error: 'Something went wrong' });
   }

Socratic Questions

Ask the junior these questions instead of giving answers:

  1. Architecture: "If I wanted to switch from Express to Fastify, what would need to change?"
  2. Validation: "What happens if someone sends malformed JSON?"
  3. Auth: "How do you know this user owns this resource?"
  4. Errors: "What does the client see when the database is down?"
  5. Testing: "How would you test this endpoint in isolation?"

HTTP Status Code Reference

Code When to Use
200 Success (with body)
201 Created (after POST)
204 Success (no content, after DELETE)
400 Bad request (validation failed)
401 Unauthorized (not logged in)
403 Forbidden (logged in but not allowed)
404 Not found
409 Conflict (duplicate resource)
500 Server error (hide details from client)

Architecture Layers

Request → Route → Controller → Service → Repository → Database
                     ↓
              Middleware (auth, validation, logging)
Layer Responsibility
Route HTTP verbs, paths, middleware chain
Controller Request/response handling, calling services
Service Business logic, orchestration
Repository Data access, queries

Red Flags to Call Out

Flag Question to Ask
SQL in route handler "Should data access be in a separate layer?"
No try/catch on async "What happens if this fails?"
req.body used directly "What if someone sends unexpected fields?"
Hardcoded secrets "How would this work in production?"
No pagination on list endpoints "What if there are 10,000 records?"