✍️ ライティング コミュニティ
when-building-backend-api-orchestrate-api-development
要件定義からAPIの設計、テスト駆動開発による実装、詳細なテスト、ドキュメント作成、そして高品質と信頼性を重視したブルーグリーンデプロイメントまで、本番環境で利用できるREST APIの開発を2週間で支援するSkill。
📜 元の英語説明(参考)
Use when building a production-ready REST API from requirements through deployment. Orchestrates 8-12 specialist agents across 5 phases using Test-Driven Development methodology. Covers planning, architecture, TDD implementation, comprehensive testing, documentation, and blue-green deployment over a 2-week timeline with emphasis on quality and reliability.
🇯🇵 日本人クリエイター向け解説
一言でいうと
要件定義からAPIの設計、テスト駆動開発による実装、詳細なテスト、ドキュメント作成、そして高品質と信頼性を重視したブルーグリーンデプロイメントまで、本番環境で利用できるREST APIの開発を2週間で支援するSkill。
※ jpskill.com 編集部が日本のビジネス現場向けに補足した解説です。Skill本体の挙動とは独立した参考情報です。
⚡ おすすめ: コマンド1行でインストール(60秒)
下記のコマンドをコピーしてターミナル(Mac/Linux)または PowerShell(Windows)に貼り付けてください。 ダウンロード → 解凍 → 配置まで全自動。
🍎 Mac / 🐧 Linux
mkdir -p ~/.claude/skills && cd ~/.claude/skills && curl -L -o when-building-backend-api-orchestrate-api-development.zip https://jpskill.com/download/18793.zip && unzip -o when-building-backend-api-orchestrate-api-development.zip && rm when-building-backend-api-orchestrate-api-development.zip
🪟 Windows (PowerShell)
$d = "$env:USERPROFILE\.claude\skills"; ni -Force -ItemType Directory $d | Out-Null; iwr https://jpskill.com/download/18793.zip -OutFile "$d\when-building-backend-api-orchestrate-api-development.zip"; Expand-Archive "$d\when-building-backend-api-orchestrate-api-development.zip" -DestinationPath $d -Force; ri "$d\when-building-backend-api-orchestrate-api-development.zip"完了後、Claude Code を再起動 → 普通に「動画プロンプト作って」のように話しかけるだけで自動発動します。
💾 手動でダウンロードしたい(コマンドが難しい人向け)
- 1. 下の青いボタンを押して
when-building-backend-api-orchestrate-api-development.zipをダウンロード - 2. ZIPファイルをダブルクリックで解凍 →
when-building-backend-api-orchestrate-api-developmentフォルダができる - 3. そのフォルダを
C:\Users\あなたの名前\.claude\skills\(Win)または~/.claude/skills/(Mac)へ移動 - 4. Claude Code を再起動
⚠️ ダウンロード・利用は自己責任でお願いします。当サイトは内容・動作・安全性について責任を負いません。
🎯 このSkillでできること
下記の説明文を読むと、このSkillがあなたに何をしてくれるかが分かります。Claudeにこの分野の依頼をすると、自動で発動します。
📦 インストール方法 (3ステップ)
- 1. 上の「ダウンロード」ボタンを押して .skill ファイルを取得
- 2. ファイル名の拡張子を .skill から .zip に変えて展開(macは自動展開可)
- 3. 展開してできたフォルダを、ホームフォルダの
.claude/skills/に置く- · macOS / Linux:
~/.claude/skills/ - · Windows:
%USERPROFILE%\.claude\skills\
- · macOS / Linux:
Claude Code を再起動すれば完了。「このSkillを使って…」と話しかけなくても、関連する依頼で自動的に呼び出されます。
詳しい使い方ガイドを見る →- 最終更新
- 2026-05-18
- 取得日時
- 2026-05-18
- 同梱ファイル
- 1
📖 Skill本文(日本語訳)
※ 原文(英語/中国語)を Gemini で日本語化したものです。Claude 自身は原文を読みます。誤訳がある場合は原文をご確認ください。
[スキル名] when-building-backend-api-orchestrate-api-development
API開発オーケストレーションワークフロー
テスト駆動開発とマルチエージェント連携を用いた、完全なREST API開発ワークフローです。計画、アーキテクチャ設計、TDD実装、テスト、ドキュメント作成、本番環境へのデプロイメントにわたる8~12人の専門エージェントを、体系的な2週間のプロセスでオーケストレーションします。
概要
このSOPは、テスト駆動開発(TDD)による品質を重視した包括的なAPI開発ワークフローを実装しています。このワークフローは、計画フェーズでは階層的な連携を、開発およびテストでは並行実行を用いることで、スピードと徹底性のバランスを取っています。各フェーズは、後続のフェーズが利用する検証済みの成果物を生成し、継続性とトレーサビリティを確保します。
TDDアプローチにより、高いテストカバレッジ(90%以上)が保証され、バグが減少し、適切に設計され、保守しやすいコードが生成されます。専門的なレビューを並行して実行することで、セキュリティ、パフォーマンス、アーキテクチャに関する懸念事項を包括的にカバーしつつ、品質検証を加速します。
トリガー条件
以下の条件でこのワークフローを使用してください。
- 新しいREST APIまたはマイクロサービスをゼロから構築する場合
- 既存のAPIを包括的なテストを伴うモダンなアーキテクチャに移行する場合
- 文書化されたテストカバレッジを伴う体系的なTDDアプローチが必要な場合
- セキュリティ、パフォーマンス、スケーラビリティの検証を伴う本番環境対応のAPIが必要な場合
- 2~4週間のタイムラインで、明確なマイルストーンと成果物がある場合
- 品質ゲート(テスト、セキュリティ、パフォーマンス)が譲れない場合
- 包括的なAPIドキュメントと運用ランブックが必要な場合
オーケストレーションされるエージェント(合計12名)
計画&アーキテクチャエージェント
product-manager- 要件収集、エンドポイント定義、API契約、成功基準system-architect- APIアーキテクチャ設計、RESTfulパターン、バージョン管理、エラー処理戦略database-architect- スキーマ設計、クエリ最適化、インデックス作成、移行計画qa-engineer- テスト計画、TDD戦略、カバレッジ目標、パフォーマンスベンチマーク
開発エージェント(TDDサイクル)
tester- 最初にテストを作成(レッドフェーズ)、統合テスト、E2Eシナリオbackend-developer- テストをパスするように実装(グリーンフェーズ)、品質向上のためのリファクタリングcode-reviewer- コード品質レビュー、リファクタリング提案、ベストプラクティス検証
品質&検証エージェント
security-specialist- セキュリティアーキテクチャ、OWASP検証、ペネトレーションテストperformance-analyst- ロードテスト、ストレステスト、ボトルネック特定、最適化api-documentation-specialist- OpenAPI仕様、開発者ガイド、コード例
デプロイメント&運用エージェント
devops-engineer- CI/CDパイプライン、Docker/K8sデプロイメント、Infrastructure as Codeproduction-validator- プレプロダクション検証、Go/No-Go判断、スモークテストperformance-monitor- 本番環境監視、ロギング、アラート、SLOトラッキング
ワークフローフェーズ
フェーズ1:計画と設計(1~2日目、シーケンシャル)
期間: 2日間
実行モード: シーケンシャルな分析と設計
エージェント: product-manager、system-architect、database-architect、qa-engineer
プロセス:
-
API要件の収集(1日目午前)
npx claude-flow hooks pre-task --description "API Development: ${API_NAME}" npx claude-flow swarm init --topology hierarchical --max-agents 12 --strategy specialized npx claude-flow agent spawn --type plannerProduct Managerが定義するもの:
- HTTPメソッド(GET、POST、PUT、DELETE、PATCH)を含む完全なエンドポイントリスト
- データモデルとリレーションシップ(エンティティ、属性、カーディナリティ)
- 認証および認可要件(OAuth、JWT、RBAC)
- レート制限とクォータの仕様
- サードパーティ統合と外部依存関係
- APIバージョン管理戦略(URLパス、ヘッダー、コンテンツネゴシエーション)
- 成功指標とSLA(応答時間、稼働時間、スループット)
メモリストレージ:
npx claude-flow memory store --key "api-development/${API_ID}/phase-1/product-manager/requirements" \ --value "${REQUIREMENTS_JSON}" -
APIアーキテクチャの設計(1日目午後)
npx claude-flow memory retrieve --key "api-development/${API_ID}/phase-1/product-manager/requirements" npx claude-flow agent spawn --type system-architectSystem Architectが設計するもの:
- Richardson Maturity Modelに従ったRESTful API構造
- URLパターンとリソース命名規則
- JSONスキーマを用いたリクエスト/レスポンス形式
- エラー処理パターン(エラーコード、メッセージ、スタックトレース)
- ページネーション、フィルタリング、ソート、検索戦略
- キャッシュ戦略(ETags、cache-controlヘッダー)
- APIセキュリティアーキテクチャ(認証フロー、トークン管理)
- バージョン管理と後方互換性のアプローチ
OpenAPI 3.0仕様の生成:
npx claude-flow memory store --key "api-development/${API_ID}/phase-1/system-architect/openapi-spec" \ --value "${OPENAPI_YAML}" -
データベーススキーマの設計(2日目午前)
npx claude-flow memory retrieve --key "api-development/${API_ID}/phase-1/system-architect/openapi-spec" npx claude-flow agent spawn --type code-analyzerDatabase Architectが作成するもの:
- エンティティ関係図を用いた正規化されたスキーマ設計(3NF)
- テーブル定義(列、データ型、制約、デフォルト値)
- リレーションシップと外部キー制約
- クエリパフォーマンスのためのインデックス(主キー、セカンダリ、複合)
- 移行スクリプト(アップおよびダウン移行)
- バックアップとリカバリ戦略
- スケーリング戦略(シャーディング、レプリケーション、リードレプリカ)
SQLスキーマと移行の生成:
npx claude-flow memory store --key "api-development/${API_ID}/phase-1/database-architect/schema" \ --value "${SCHEMA_SQL}" npx claude-flow memory store --key "api-development/${API_ID}/phase-1/database-architect/migrations" -
テスト戦略の作成(2日目
📜 原文 SKILL.md(Claudeが読む英語/中国語)を展開
API Development Orchestration Workflow
Complete REST API development workflow using Test-Driven Development and multi-agent coordination. Orchestrates 8-12 specialist agents across planning, architecture design, TDD implementation, testing, documentation, and production deployment in a systematic 2-week process.
Overview
This SOP implements a comprehensive API development workflow emphasizing quality through Test-Driven Development (TDD). The workflow balances speed with thoroughness, using hierarchical coordination for planning phases and parallel execution for development and testing. Each phase produces validated deliverables that subsequent phases consume, ensuring continuity and traceability.
The TDD approach ensures high test coverage (>90%), reduces bugs, and produces well-designed, maintainable code. Parallel execution of specialized reviews accelerates quality validation while maintaining comprehensive coverage of security, performance, and architectural concerns.
Trigger Conditions
Use this workflow when:
- Building a new REST API or microservice from scratch
- Migrating existing API to modern architecture with comprehensive testing
- Need systematic TDD approach with documented test coverage
- Require production-ready API with security, performance, and scalability validation
- Timeline is 2-4 weeks with clear milestones and deliverables
- Quality gates (testing, security, performance) are non-negotiable
- Need comprehensive API documentation and operational runbooks
Orchestrated Agents (12 Total)
Planning & Architecture Agents
product-manager- Requirements gathering, endpoint definition, API contracts, success criteriasystem-architect- API architecture design, RESTful patterns, versioning, error handling strategydatabase-architect- Schema design, query optimization, indexing, migration planningqa-engineer- Test planning, TDD strategy, coverage targets, performance benchmarks
Development Agents (TDD Cycle)
tester- Write tests first (red phase), integration tests, E2E scenariosbackend-developer- Implement to pass tests (green phase), refactor for qualitycode-reviewer- Code quality review, refactoring suggestions, best practices validation
Quality & Validation Agents
security-specialist- Security architecture, OWASP validation, penetration testingperformance-analyst- Load testing, stress testing, bottleneck identification, optimizationapi-documentation-specialist- OpenAPI specs, developer guides, code examples
Deployment & Operations Agents
devops-engineer- CI/CD pipeline, Docker/K8s deployment, infrastructure as codeproduction-validator- Pre-production validation, go/no-go decision, smoke testingperformance-monitor- Production monitoring, logging, alerting, SLO tracking
Workflow Phases
Phase 1: Planning & Design (Days 1-2, Sequential)
Duration: 2 days
Execution Mode: Sequential analysis and design
Agents: product-manager, system-architect, database-architect, qa-engineer
Process:
-
Gather API Requirements (Day 1 Morning)
npx claude-flow hooks pre-task --description "API Development: ${API_NAME}" npx claude-flow swarm init --topology hierarchical --max-agents 12 --strategy specialized npx claude-flow agent spawn --type plannerProduct Manager defines:
- Complete endpoint list with HTTP methods (GET, POST, PUT, DELETE, PATCH)
- Data models and relationships (entities, attributes, cardinality)
- Authentication and authorization requirements (OAuth, JWT, RBAC)
- Rate limiting and quota specifications
- Third-party integrations and external dependencies
- API versioning strategy (URL path, header, content negotiation)
- Success metrics and SLAs (response time, uptime, throughput)
Memory Storage:
npx claude-flow memory store --key "api-development/${API_ID}/phase-1/product-manager/requirements" \ --value "${REQUIREMENTS_JSON}" -
Design API Architecture (Day 1 Afternoon)
npx claude-flow memory retrieve --key "api-development/${API_ID}/phase-1/product-manager/requirements" npx claude-flow agent spawn --type system-architectSystem Architect designs:
- RESTful API structure following Richardson Maturity Model
- URL patterns and resource naming conventions
- Request/response formats with JSON schemas
- Error handling patterns (error codes, messages, stack traces)
- Pagination, filtering, sorting, and search strategies
- Caching strategy (ETags, cache-control headers)
- API security architecture (authentication flow, token management)
- Versioning and backward compatibility approach
Generate OpenAPI 3.0 specification:
npx claude-flow memory store --key "api-development/${API_ID}/phase-1/system-architect/openapi-spec" \ --value "${OPENAPI_YAML}" -
Design Database Schema (Day 2 Morning)
npx claude-flow memory retrieve --key "api-development/${API_ID}/phase-1/system-architect/openapi-spec" npx claude-flow agent spawn --type code-analyzerDatabase Architect creates:
- Normalized schema design (3NF) with entity-relationship diagram
- Table definitions (columns, data types, constraints, defaults)
- Relationships and foreign key constraints
- Indexes for query performance (primary, secondary, composite)
- Migration scripts (up and down migrations)
- Backup and recovery strategy
- Scaling strategy (sharding, replication, read replicas)
Generate SQL schema and migrations:
npx claude-flow memory store --key "api-development/${API_ID}/phase-1/database-architect/schema" \ --value "${SCHEMA_SQL}" npx claude-flow memory store --key "api-development/${API_ID}/phase-1/database-architect/migrations" -
Create Test Strategy (Day 2 Afternoon)
npx claude-flow memory retrieve --pattern "api-development/${API_ID}/phase-1/*" npx claude-flow agent spawn --type testerQA Engineer plans:
- Unit test strategy (per endpoint, per function)
- Integration test scenarios (database, external APIs)
- End-to-end test workflows (complete user journeys)
- Performance test targets (load, stress, endurance)
- Security test cases (OWASP API Security Top 10)
- Test data management (fixtures, factories, mocks)
- Coverage targets (>90% for new code)
- CI/CD test automation strategy
Memory Storage:
npx claude-flow memory store --key "api-development/${API_ID}/phase-1/qa-engineer/test-plan" npx claude-flow hooks post-task --task-id "phase-1-planning"
Outputs:
- API requirements document with complete endpoint specifications
- OpenAPI 3.0 specification (machine-readable contract)
- Database schema with ER diagram and migrations
- Comprehensive test plan with coverage targets
- DevOps plan with infrastructure requirements
Success Criteria:
- [ ] All API endpoints documented in OpenAPI spec
- [ ] Database schema normalized and indexed for performance
- [ ] Test strategy covers all quality dimensions
- [ ] Architecture approved by technical stakeholders
- [ ] Phase 1 deliverables stored in memory
Phase 2: Foundation Setup (Days 3-4, Parallel)
Duration: 2 days
Execution Mode: Parallel infrastructure setup
Agents: backend-developer, database-architect, devops-engineer
Process:
-
Initialize Development Environment
npx claude-flow swarm init --topology mesh --max-agents 3 --strategy adaptive npx claude-flow task orchestrate --strategy parallel -
Parallel Setup Execution
Spawn all setup agents concurrently:
# Backend project setup npx claude-flow agent spawn --type backend-dev --capabilities "nodejs,typescript,express" # Database setup npx claude-flow agent spawn --type code-analyzer --capabilities "postgresql,prisma,migrations" # CI/CD setup npx claude-flow agent spawn --type cicd-engineer --capabilities "github-actions,docker,testing"Backend Developer initializes:
- Node.js/Express (or FastAPI/Flask/Spring Boot) project
- TypeScript configuration (strict mode, path aliases)
- ESLint + Prettier (code quality and formatting)
- Environment variable management (dotenv, validation)
- Dependency installation (express, prisma, jest, supertest, etc.)
- Project structure (controllers, services, models, middleware)
- Logging framework (Winston, Pino) with structured logging
- Error handling middleware (global error handler)
Memory Pattern:
api-development/${API_ID}/phase-2/backend-developer/project-setupDatabase Architect sets up:
- PostgreSQL database (or MySQL/MongoDB)
- Connection pooling configuration (pg-pool, connection limits)
- Initial migration execution (create tables, indexes)
- Seed data for development and testing
- Database backup scripts (pg_dump automation)
- Performance monitoring queries (slow query log)
Memory Pattern:
api-development/${API_ID}/phase-2/database-architect/db-configDevOps Engineer configures:
- GitHub Actions workflow (or GitLab CI/Jenkins)
- Docker containers (multi-stage builds for optimization)
- Docker Compose for local development
- Environment secrets management (GitHub Secrets, Vault)
- Automated testing pipeline (run tests on PR)
- Code quality checks (linting, type checking)
- Build artifact generation and storage
Memory Pattern:
api-development/${API_ID}/phase-2/devops-engineer/ci-configCoordination Script:
npx claude-flow hooks post-edit --file "package.json" \ --memory-key "api-development/${API_ID}/phase-2/setup-complete" npx claude-flow hooks notify --message "Development environment ready"
Outputs:
- Initialized project with all dependencies
- Database with schema and seed data
- CI/CD pipeline operational
- Development environment fully functional
Success Criteria:
- [ ] Project builds without errors
- [ ] Database connections established and tested
- [ ] CI/CD pipeline runs successfully
- [ ] Local development environment documented
Phase 3: TDD Implementation (Days 5-10, Red-Green-Refactor Cycle)
Duration: 6 days
Execution Mode: Iterative TDD cycles per endpoint
Agents: tester, backend-developer, code-reviewer
Process:
This phase follows strict Test-Driven Development:
- RED: Write failing tests (tester agent)
- GREEN: Implement code to pass tests (backend-developer agent)
- REFACTOR: Improve code quality (code-reviewer agent)
TDD Cycle Example (POST /api/auth/register endpoint):
-
RED Phase: Write Failing Tests (30-60 min per endpoint)
npx claude-flow agent spawn --type testerTester Agent writes:
// Unit tests describe('POST /api/auth/register', () => { test('should register user with valid email and password', async () => { const response = await request(app) .post('/api/auth/register') .send({ email: 'user@example.com', password: 'SecurePass123!' }); expect(response.status).toBe(201); expect(response.body).toHaveProperty('token'); expect(response.body.user.email).toBe('user@example.com'); }); test('should reject duplicate email registration', async () => { // Create user first await createUser({ email: 'existing@example.com' }); const response = await request(app) .post('/api/auth/register') .send({ email: 'existing@example.com', password: 'Pass123!' }); expect(response.status).toBe(409); expect(response.body.error).toContain('Email already exists'); }); test('should validate password strength', async () => { const response = await request(app) .post('/api/auth/register') .send({ email: 'user@example.com', password: 'weak' }); expect(response.status).toBe(400); expect(response.body.error).toContain('Password must be at least 8 characters'); }); test('should validate email format', async () => { const response = await request(app) .post('/api/auth/register') .send({ email: 'invalid-email', password: 'SecurePass123!' }); expect(response.status).toBe(400); expect(response.body.error).toContain('Invalid email format'); }); }); // Integration tests describe('User Registration Integration', () => { test('should create user in database', async () => { const response = await request(app) .post('/api/auth/register') .send({ email: 'dbtest@example.com', password: 'Pass123!' }); const userInDb = await db.user.findUnique({ where: { email: 'dbtest@example.com' } }); expect(userInDb).toBeDefined(); expect(userInDb.passwordHash).not.toBe('Pass123!'); // Password should be hashed }); });Memory Storage:
npx claude-flow memory store --key "api-development/${API_ID}/phase-3/tester/auth/register-tests" \ --value "${TEST_FILE_CONTENT}" -
GREEN Phase: Implement to Pass Tests (1-2 hours per endpoint)
npx claude-flow memory retrieve --key "api-development/${API_ID}/phase-3/tester/auth/register-tests" npx claude-flow agent spawn --type backend-devBackend Developer implements:
// POST /api/auth/register implementation router.post('/register', async (req, res, next) => { try { // Validate input const { email, password } = req.body; if (!isValidEmail(email)) { return res.status(400).json({ error: 'Invalid email format' }); } if (password.length < 8) { return res.status(400).json({ error: 'Password must be at least 8 characters' }); } // Check for duplicate email const existingUser = await db.user.findUnique({ where: { email } }); if (existingUser) { return res.status(409).json({ error: 'Email already exists' }); } // Hash password const passwordHash = await bcrypt.hash(password, 10); // Create user const user = await db.user.create({ data: { email, passwordHash } }); // Generate JWT token const token = jwt.sign({ userId: user.id }, process.env.JWT_SECRET, { expiresIn: '7d' }); res.status(201).json({ token, user: { id: user.id, email: user.email } }); } catch (error) { next(error); } });Run tests and verify all pass:
npm test -- auth/register.test.js # All tests should pass (GREEN)Memory Storage:
npx claude-flow memory store --key "api-development/${API_ID}/phase-3/backend-developer/auth/register-impl" -
REFACTOR Phase: Improve Code Quality (30 min per endpoint)
npx claude-flow memory retrieve --pattern "api-development/${API_ID}/phase-3/*/auth/register-*" npx claude-flow agent spawn --type reviewerCode Reviewer evaluates:
- Code readability and clarity
- Duplication (extract validation to middleware)
- Security best practices (password hashing, JWT signing)
- Error handling completeness
- Performance optimizations
Suggests refactoring:
// Extracted validation middleware const validateRegistration = (req, res, next) => { const { email, password } = req.body; if (!isValidEmail(email)) { return res.status(400).json({ error: 'Invalid email format' }); } if (password.length < 8) { return res.status(400).json({ error: 'Password must be at least 8 characters' }); } next(); }; // Cleaner route handler router.post('/register', validateRegistration, async (req, res, next) => { try { const user = await authService.registerUser(req.body); const token = authService.generateToken(user.id); res.status(201).json({ token, user }); } catch (error) { if (error.code === 'DUPLICATE_EMAIL') { return res.status(409).json({ error: 'Email already exists' }); } next(error); } });Memory Storage:
npx claude-flow memory store --key "api-development/${API_ID}/phase-3/code-reviewer/auth/register-review" npx claude-flow hooks post-edit --file "src/routes/auth.ts" -
Repeat TDD Cycle for All Endpoints (Days 5-10)
Apply RED-GREEN-REFACTOR to all endpoints:
- Authentication (register, login, logout, refresh, reset-password)
- CRUD operations (create, read, update, delete for all resources)
- Search and filtering
- Pagination and sorting
- File uploads (if applicable)
- Webhooks (if applicable)
Progress Tracking:
npx claude-flow memory store --key "api-development/${API_ID}/phase-3/progress" \ --value '{"completed_endpoints": 12, "total_endpoints": 20, "coverage": 93.5}'
Outputs:
- All API endpoints implemented
- Comprehensive test suite with >90% coverage
- Refactored, clean, maintainable code
- All tests passing (green)
Success Criteria:
- [ ] All endpoints functional and tested
- [ ] Test coverage exceeds 90%
- [ ] No code quality violations (ESLint passing)
- [ ] Code review approved for all endpoints
- [ ] TDD cycle completed for entire API surface
Phase 4: Testing & Documentation (Days 11-12, Parallel)
Duration: 2 days
Execution Mode: Parallel validation across multiple dimensions
Agents: qa-engineer, security-specialist, performance-analyst, api-documentation-specialist
Process:
-
Initialize Testing Swarm
npx claude-flow swarm init --topology star --max-agents 4 --strategy specialized npx claude-flow task orchestrate --strategy parallel --priority high -
Parallel Testing Execution
Spawn all testing agents concurrently:
# E2E testing npx claude-flow agent spawn --type tester --focus "end-to-end" # Performance testing npx claude-flow agent spawn --type perf-analyzer --focus "load-stress-endurance" # Security testing npx claude-flow agent spawn --type security-manager --focus "owasp-penetration" # Documentation npx claude-flow agent spawn --type api-docs --focus "openapi-developer-guide"QA Engineer conducts:
- End-to-End Testing: Complete user workflows (register → login → CRUD → logout)
- Error Scenario Testing: Invalid inputs, unauthorized access, rate limiting
- Edge Case Testing: Boundary conditions, null values, concurrent requests
- Smoke Testing: Basic functionality across all endpoints
Memory Pattern:
api-development/${API_ID}/phase-4/qa-engineer/e2e-resultsPerformance Analyst tests:
- Load Testing: 1000 req/sec sustained for 10 minutes (target)
- Stress Testing: Find breaking point (max throughput)
- Endurance Testing: 24-hour sustained load for memory leaks
- Spike Testing: Sudden traffic spikes (10x normal load)
- Bottleneck Identification: Database queries, API calls, CPU/memory usage
Tools: k6, Apache JMeter, Gatling
Memory Pattern:
api-development/${API_ID}/phase-4/performance-analyst/benchmarksSecurity Specialist validates:
- OWASP API Security Top 10:
- Broken Object Level Authorization (BOLA)
- Broken Authentication
- Broken Object Property Level Authorization
- Unrestricted Resource Consumption
- Broken Function Level Authorization (BFLA)
- Unrestricted Access to Sensitive Business Flows
- Server Side Request Forgery (SSRF)
- Security Misconfiguration
- Improper Inventory Management
- Unsafe Consumption of APIs
- SQL injection testing (automated + manual)
- XSS vulnerability scanning
- Authentication bypass attempts
- Rate limiting validation
- Secrets scanning (no hardcoded credentials)
Tools: OWASP ZAP, Burp Suite, Snyk
Memory Pattern:
api-development/${API_ID}/phase-4/security-specialist/audit-reportAPI Documentation Specialist creates:
- OpenAPI/Swagger UI: Interactive API documentation
- Authentication Guide: How to obtain and use tokens
- Endpoint Reference: All endpoints with parameters, responses, errors
- Code Examples: cURL, JavaScript, Python, Java SDK examples
- Rate Limiting Guide: Quota limits and header interpretations
- Error Handling Guide: Error codes, messages, troubleshooting
- Developer Getting Started: Quick start tutorial
- Changelog: Versioning and breaking changes
Memory Pattern:
api-development/${API_ID}/phase-4/api-documentation-specialist/docs -
DevOps Runbook (Parallel with documentation)
npx claude-flow agent spawn --type cicd-engineer --focus "operations"DevOps Engineer documents:
- Deployment procedures (step-by-step)
- Monitoring and alerting setup (Grafana, Prometheus)
- Troubleshooting guide (common issues, solutions)
- Performance tuning (database, caching, scaling)
- Backup and recovery procedures
- Incident response plan (runbook)
- Rollback procedures
Memory Pattern:
api-development/${API_ID}/phase-4/devops-engineer/runbook
Outputs:
- E2E test results (all passing)
- Performance benchmark report (meets targets)
- Security audit report (no critical issues)
- Complete API documentation (developer-ready)
- Operations runbook (deployment-ready)
Success Criteria:
- [ ] All E2E tests passing
- [ ] Performance targets met (API < 200ms, throughput > 1000 req/sec)
- [ ] Security audit passed (zero critical, zero high issues)
- [ ] Documentation complete and published
- [ ] Operations runbook approved
Phase 5: Deployment & Monitoring (Days 13-14, Sequential → Continuous)
Duration: 2 days + ongoing monitoring
Execution Mode: Sequential deployment with validation gates
Agents: production-validator, devops-engineer, performance-monitor
Process:
-
Pre-Production Validation (Day 13 Morning)
npx claude-flow hooks pre-task --description "Final production validation" npx claude-flow agent spawn --type production-validatorProduction Validator checks:
- All Tests Passing: 100% of test suite (unit + integration + E2E)
- Code Coverage: >90% verified
- Security Audit: Passed with zero critical/high issues
- Performance Benchmarks: All targets met or exceeded
- Documentation: Complete and published
- Monitoring Setup: Dashboards and alerts configured
- Rollback Plan: Documented and rehearsed
Generate go/no-go report:
npx claude-flow memory store --key "api-development/${API_ID}/phase-5/production-validator/go-no-go" \ --value '{"decision": "GO", "readiness_score": 98, "blockers": []}'If any validation fails:
# Return to appropriate phase to fix issues npx claude-flow hooks notify --message "Production validation FAILED: ${BLOCKER_ISSUES}" # Halt deployment until issues resolved -
Staging Deployment (Day 13 Afternoon)
npx claude-flow agent spawn --type cicd-engineerDevOps Engineer deploys to staging:
# Deploy API to staging environment kubectl apply -f k8s/staging/ # Run smoke tests npm run test:smoke -- --env=staging # Validate monitoring curl https://api-staging.example.com/healthStaging Validation:
- Full test suite execution against staging
- Data persistence verification
- Error handling validation
- Monitoring dashboard validation
- Load balancer health checks
Memory Storage:
npx claude-flow memory store --key "api-development/${API_ID}/phase-5/devops-engineer/staging-deploy" -
Production Deployment (Day 14 Morning - Blue-Green Strategy)
npx claude-flow workflow create --name "production-deployment" \ --steps '["blue-green-deploy","canary-rollout","full-rollout","monitor"]'DevOps Engineer executes:
# Step 1: Deploy to green environment (alongside blue) kubectl apply -f k8s/production/green/ # Step 2: Run smoke tests on green npm run test:smoke -- --env=production-green # Step 3: Gradual traffic shift (canary rollout) # 10% traffic to green kubectl patch service api-service -p '{"spec":{"selector":{"version":"green","weight":"10"}}}' sleep 300 # Monitor for 5 minutes # 50% traffic to green kubectl patch service api-service -p '{"spec":{"selector":{"version":"green","weight":"50"}}}' sleep 600 # Monitor for 10 minutes # 100% traffic to green kubectl patch service api-service -p '{"spec":{"selector":{"version":"green","weight":"100"}}}' # Step 4: Keep blue environment ready for rollback (for 24 hours)Rollback Procedure (if issues detected):
# Instant rollback to blue kubectl patch service api-service -p '{"spec":{"selector":{"version":"blue","weight":"100"}}}'Memory Storage:
npx claude-flow memory store --key "api-development/${API_ID}/phase-5/devops-engineer/production-deploy" \ --value '{"status": "SUCCESS", "deployment_time": "2025-01-15T10:00:00Z", "version": "v1.0.0"}' -
Post-Deployment Monitoring (Day 14 Afternoon + Ongoing)
npx claude-flow agent spawn --type performance-monitorPerformance Monitor tracks:
- Application Metrics:
- API response time (p50, p95, p99)
- Throughput (requests per second)
- Error rate (4xx, 5xx errors)
- Uptime and availability
- Infrastructure Metrics:
- CPU and memory utilization
- Database connection pool usage
- Cache hit ratio
- Network throughput
- Business Metrics:
- API usage by endpoint
- User activity patterns
- Rate limit violations
- Authentication success/failure rates
Generate hourly reports for first 24 hours:
npx claude-flow hooks post-task --task-id "production-monitoring" --export-metrics true npx claude-flow memory store --key "api-development/${API_ID}/phase-5/performance-monitor/metrics/hour-${HOUR}"Alert Configuration:
- Response time > 500ms (p95): WARNING
- Response time > 1000ms (p95): CRITICAL
- Error rate > 1%: WARNING
- Error rate > 5%: CRITICAL
- Uptime < 99.9%: CRITICAL
- Database connection pool > 80%: WARNING
- Application Metrics:
-
Documentation Publication (Day 14)
npx claude-flow agent spawn --type api-docsUpdate Final Documentation:
- Production API URLs and endpoints
- Authentication endpoints (production)
- Monitoring dashboards (link to Grafana)
- Support contact information
- SLA and uptime guarantees
Publish to developer portal:
npm run docs:publish -- --env=production -
Knowledge Transfer (End of Phase 5)
npx claude-flow hooks session-end --export-workflow "/tmp/${API_ID}-workflow.json"Create handoff materials:
- Developer onboarding guide
- Support team training materials
- Common issues and troubleshooting
- Escalation procedures
Memory Storage:
npx claude-flow memory store --key "api-development/${API_ID}/phase-5/knowledge-transfer/complete"
Outputs:
- Production API (live and stable)
- Complete documentation (published to developer portal)
- Monitoring dashboards (real-time metrics)
- Trained support team (ready for inquiries)
- Workflow documentation (for future reference)
Success Criteria:
- [ ] Production deployment successful with zero downtime
- [ ] All monitoring metrics within acceptable ranges
- [ ] Documentation published and accessible
- [ ] Support team trained and ready
- [ ] Post-deployment validation complete
Memory Coordination
Namespace Convention
All workflow data follows this hierarchical pattern:
api-development/{api-id}/phase-{N}/{agent-type}/{deliverable-type}Examples:
api-development/user-api-v1/phase-1/product-manager/requirementsapi-development/user-api-v1/phase-1/system-architect/openapi-specapi-development/user-api-v1/phase-2/backend-developer/project-setupapi-development/user-api-v1/phase-3/tester/auth/register-testsapi-development/user-api-v1/phase-4/security-specialist/audit-reportapi-development/user-api-v1/phase-5/devops-engineer/production-deploy
Cross-Phase Data Flow
Phase 1 → Phase 2:
# Phase 2 retrieves design specifications
npx claude-flow memory retrieve --key "api-development/${API_ID}/phase-1/system-architect/openapi-spec"
npx claude-flow memory retrieve --key "api-development/${API_ID}/phase-1/database-architect/schema"Phase 2 → Phase 3:
# Phase 3 retrieves project structure and test plan
npx claude-flow memory retrieve --key "api-development/${API_ID}/phase-2/backend-developer/project-setup"
npx claude-flow memory retrieve --key "api-development/${API_ID}/phase-1/qa-engineer/test-plan"Phase 3 → Phase 4:
# Phase 4 retrieves implementation for testing
npx claude-flow memory retrieve --pattern "api-development/${API_ID}/phase-3/backend-developer/*"Phase 4 → Phase 5:
# Phase 5 retrieves test results and documentation
npx claude-flow memory retrieve --pattern "api-development/${API_ID}/phase-4/*/results"Scripts & Automation
Pre-Workflow Initialization
#!/bin/bash
# Initialize API development workflow
API_NAME="$1"
API_ID="${API_NAME}-api-$(date +%Y%m%d)"
# Setup coordination
npx claude-flow hooks pre-task --description "API Development: ${API_NAME}"
# Initialize hierarchical swarm (12 agents max)
npx claude-flow swarm init --topology hierarchical --max-agents 12 --strategy specialized
# Store API metadata
npx claude-flow memory store --key "api-development/${API_ID}/metadata" --value '{
"api_name": "'"${API_NAME}"'",
"api_id": "'"${API_ID}"'",
"start_date": "'"$(date -I)"'",
"timeline_days": 14,
"phases": 5,
"tdd_approach": true
}'
echo "✅ API development initialized: ${API_ID}"TDD Cycle Script
#!/bin/bash
# Execute TDD cycle for single endpoint
API_ID="$1"
ENDPOINT_PATH="$2" # e.g., "POST /api/auth/register"
echo "🔴 RED Phase: Writing tests for ${ENDPOINT_PATH}"
npx claude-flow agent spawn --type tester --task "write-tests:${ENDPOINT_PATH}"
# Wait for tests to be written
npx claude-flow memory retrieve --key "api-development/${API_ID}/phase-3/tester/${ENDPOINT_PATH}/tests"
echo "🟢 GREEN Phase: Implementing ${ENDPOINT_PATH}"
npx claude-flow agent spawn --type backend-dev --task "implement:${ENDPOINT_PATH}"
# Run tests to verify implementation
npm test -- "${ENDPOINT_PATH}.test.js"
echo "🔵 REFACTOR Phase: Code review for ${ENDPOINT_PATH}"
npx claude-flow agent spawn --type reviewer --task "review:${ENDPOINT_PATH}"
# Store completion
npx claude-flow hooks post-edit --file "src/routes/${ENDPOINT_PATH}.ts" \
--memory-key "api-development/${API_ID}/phase-3/completed/${ENDPOINT_PATH}"Deployment Script
#!/bin/bash
# Blue-green deployment to production
API_ID="$1"
VERSION="$2"
echo "🚀 Starting blue-green deployment: ${VERSION}"
# Pre-deployment validation
npx claude-flow agent spawn --type production-validator
VALIDATION=$(npx claude-flow memory retrieve --key "api-development/${API_ID}/phase-5/production-validator/go-no-go")
if [ "$(echo $VALIDATION | jq -r '.decision')" != "GO" ]; then
echo "❌ Production validation FAILED. Aborting deployment."
exit 1
fi
# Deploy to green environment
kubectl apply -f k8s/production/green/
# Smoke tests
npm run test:smoke -- --env=production-green
# Gradual traffic shift (canary)
for WEIGHT in 10 50 100; do
echo "Shifting ${WEIGHT}% traffic to green..."
kubectl patch service api-service -p "{\"spec\":{\"selector\":{\"version\":\"green\",\"weight\":\"${WEIGHT}\"}}}"
# Monitor for issues (5-10 minutes per step)
DURATION=$((WEIGHT == 100 ? 10 : 5))
sleep $((DURATION * 60))
# Check error rate
ERROR_RATE=$(curl -s https://monitoring.example.com/api/error-rate | jq -r '.rate')
if (( $(echo "$ERROR_RATE > 1.0" | bc -l) )); then
echo "❌ High error rate detected: ${ERROR_RATE}%. Rolling back."
kubectl patch service api-service -p '{"spec":{"selector":{"version":"blue","weight":"100"}}}'
exit 1
fi
done
echo "✅ Deployment complete: ${VERSION}"
npx claude-flow hooks post-task --task-id "production-deployment" --export-metrics trueSuccess Metrics
Technical Metrics
- Test Coverage: > 90% (code coverage report)
- API Response Time: < 200ms (p95)
- Uptime: 99.9%+ (production SLA)
- Error Rate: < 0.1% (4xx + 5xx errors)
- Code Quality Score: A rating (SonarQube/CodeClimate)
- Security Audit: Zero critical, zero high issues
Performance Metrics
- Throughput: > 1000 req/sec sustained
- Database Query Time: < 50ms (p95)
- Memory Usage: < 512MB per instance
- CPU Usage: < 70% under normal load
Quality Metrics
- TDD Adherence: 100% (all endpoints test-first)
- Documentation Coverage: 100% of endpoints documented
- API Compliance: OpenAPI 3.0 valid (no errors)
- Code Review Approval: 100% (all code reviewed)
Usage Examples
Example 1: User Management API
# Initialize workflow
API_ID="user-management-api-20250115"
npx claude-flow hooks pre-task --description "User Management API Development"
# Phase 1: Planning (Day 1-2)
npx claude-flow agent spawn --type planner
# Output: 15 endpoints defined, authentication strategy established
# Phase 3: TDD Implementation (Day 5-10)
for endpoint in "POST /api/users/register" "POST /api/users/login" "GET /api/users/:id"; do
./tdd-cycle.sh "${API_ID}" "${endpoint}"
done
# Output: All endpoints implemented with 94% test coverage
# Phase 5: Production Deployment (Day 14)
./deploy-production.sh "${API_ID}" "v1.0.0"
# Output: Deployed successfully, handling 1500 req/sec with 99.95% uptimeExample 2: Payment Gateway API
# High-security API with PCI compliance
API_ID="payment-gateway-api-20250120"
# Phase 1: Enhanced security planning
npx claude-flow agent spawn --type system-architect --focus "pci-compliance"
npx claude-flow agent spawn --type security-specialist --focus "payment-security"
# Output: PCI DSS compliant architecture designed
# Phase 4: Enhanced security testing
npx claude-flow agent spawn --type security-manager --focus "penetration-testing-comprehensive"
# Output: Zero vulnerabilities, PCI DSS validation passedExample 3: Microservice API (Event-Driven)
# Microservice with message queue integration
API_ID="order-service-api-20250125"
# Phase 2: Message queue setup
npx claude-flow agent spawn --type backend-dev --capabilities "rabbitmq,events"
# Output: Event-driven architecture with pub/sub patterns
# Phase 3: Event handler TDD
./tdd-cycle.sh "${API_ID}" "POST /api/orders/create"
./tdd-cycle.sh "${API_ID}" "EVENT order.created"
# Output: Synchronous API + asynchronous event processingGraphViz Process Diagram
See when-building-backend-api-orchestrate-api-development-process.dot for visual workflow representation showing:
- 5 phases with TDD cycle details
- 12 agent interactions and coordination
- Memory flow between phases
- Blue-green deployment strategy
- Validation gates and decision points
Quality Checklist
Before considering API development complete, verify:
- [ ] Phase 1: Requirements documented, OpenAPI spec complete, database schema designed
- [ ] Phase 2: Development environment operational, CI/CD pipeline functional
- [ ] Phase 3: All endpoints implemented following TDD, test coverage > 90%
- [ ] Phase 4: E2E tests passing, security audit passed, performance benchmarks met
- [ ] Phase 5: Production deployment successful, monitoring active, documentation published
Memory Verification:
- [ ]
api-development/${API_ID}/phase-1/*- Planning artifacts - [ ]
api-development/${API_ID}/phase-2/*- Setup configurations - [ ]
api-development/${API_ID}/phase-3/*- TDD implementation + tests - [ ]
api-development/${API_ID}/phase-4/*- Test results + documentation - [ ]
api-development/${API_ID}/phase-5/*- Deployment logs + metrics
Workflow Complexity: Medium (12 agents, 14 days, 5 phases) Coordination Pattern: Hierarchical with TDD cycle iteration Memory Footprint: ~30-50 memory entries per API Typical Use Case: Production-ready REST API with comprehensive testing and quality gates