Merge pull request #23 from beginwebdev2002/feat/backend-arch-expansion-9281158822798433561

feat(backend): Autonomous Backend Documentation Evolution

Author: beginwebdev2002

backend/expressjs/architecture.md

@@ -0,0 +1,16 @@
+---
+description: Vibe coding guidelines and architectural constraints for Express.js within the backend domain.
+technology: Express.js
+domain: backend
+level: Senior/Architect
+complexity: Advanced
+topic: Express.js Architecture
+vibe_coding_ready: true
+version: "4.x / 5.x"
+tags: [best-practices, clean-code, expressjs, vibe-coding, cursor-rules, javascript, typescript, software-architecture, system-design, mvc, production-ready, programming-standards, node-js, design-patterns, scalable-code, windsurf-rules, ai-coding, enterprise-patterns, backend]
+ai_role: Senior Express.js Architecture Expert
+last_updated: 2026-03-27
+last_evolution: 2026-03-27
+---
+
+# 🏗️ Express.js Architecture Best Practices

backend/expressjs/readme.md

@@ -29,6 +29,41 @@ last_updated: 2026-03-23
 
 ---
 
+
+## 🔄 Architecture Data Flow
+
+```mermaid
+sequenceDiagram
+    participant Client
+    participant Router as Express Router
+    participant AuthMW as Auth Middleware
+    participant ValMW as Validation Middleware
+    participant Controller as Controller
+    participant Service as Service Layer
+    participant ErrorMW as Global Error Handler
+
+    Client->>Router: HTTP Request
+    Router->>AuthMW: Authenticate
+    AuthMW-->>Router: Authorized
+    Router->>ValMW: Validate Request
+    ValMW-->>Router: Validated
+    Router->>Controller: Route Request
+    Controller->>Service: Execute Logic
+
+    alt Success
+        Service-->>Controller: Return Result
+        Controller-->>Client: HTTP Response
+    else Failure
+        Service-->>ErrorMW: Throw Error
+        ErrorMW-->>Client: Standardized Error Response
+    end
+```
+
+## 📚 Specialized Documentation
+- [architecture.md](./architecture.md)
+- [security-best-practices.md](./security-best-practices.md)
+
+---
 ## 1. Controller / Route Decoupling
 ### ❌ Bad Practice
 ```javascript

backend/expressjs/security-best-practices.md

@@ -0,0 +1,16 @@
+---
+description: Vibe coding guidelines and architectural constraints for Express.js Security within the backend domain.
+technology: Express.js
+domain: backend
+level: Senior/Architect
+complexity: Advanced
+topic: Express.js Security
+vibe_coding_ready: true
+version: "4.x / 5.x"
+tags: [best-practices, clean-code, security-patterns, vibe-coding, cursor-rules, expressjs, software-architecture, system-design, solid-principles, production-ready, programming-standards, node-js, security, scalable-code, windsurf-rules, ai-coding, enterprise-patterns]
+ai_role: Senior Express.js Security Expert
+last_updated: 2026-03-27
+last_evolution: 2026-03-27
+---
+
+# 🔒 Express.js Security Best Practices

backend/microservices/api-design.md

@@ -0,0 +1,16 @@
+---
+description: Vibe coding guidelines and architectural constraints for Microservices API Design within the backend domain.
+technology: Microservices
+domain: backend
+level: Architect
+complexity: Architect
+topic: Microservices API Design
+vibe_coding_ready: true
+version: Agnostic
+tags: [best-practices, clean-code, architecture-patterns, vibe-coding, microservices, distributed-systems, system-design, solid-principles, production-ready, scalable-code]
+ai_role: Senior Microservices Architect
+last_updated: 2026-03-27
+last_evolution: 2026-03-27
+---
+
+# 🧩 Microservices API Design

backend/microservices/architecture.md

@@ -0,0 +1,16 @@
+---
+description: Vibe coding guidelines and architectural constraints for Microservices Architecture within the backend domain.
+technology: Microservices
+domain: backend
+level: Architect
+complexity: Architect
+topic: Microservices Architecture
+vibe_coding_ready: true
+version: Agnostic
+tags: [best-practices, clean-code, architecture-patterns, vibe-coding, microservices, distributed-systems, system-design, solid-principles, production-ready, scalable-code]
+ai_role: Senior Microservices Architect
+last_updated: 2026-03-27
+last_evolution: 2026-03-27
+---
+
+# 🧩 Microservices Architecture

backend/microservices/readme.md

@@ -0,0 +1,93 @@
+---
+description: Vibe coding guidelines and architectural constraints for Microservices within the backend domain.
+technology: Microservices
+domain: backend
+level: Architect
+complexity: Architect
+topic: Microservices
+vibe_coding_ready: true
+version: Agnostic
+tags: [best-practices, clean-code, architecture-patterns, vibe-coding, microservices, distributed-systems, system-design, solid-principles, production-ready, scalable-code]
+ai_role: Senior Microservices Architect
+last_updated: 2026-03-27
+last_evolution: 2026-03-27
+---
+
+<div align="center">
+  <img src="https://raw.githubusercontent.com/tandpfun/skill-icons/main/icons/Docker.svg" width="100" alt="Microservices Logo">
+
+  # 🧩 Microservices Production-Ready Best Practices
+</div>
+
+---
+
+This document establishes **best practices** for designing and maintaining a Microservices architecture. These constraints guarantee a scalable, highly secure, and clean system suitable for an enterprise-level, production-ready backend.
+
+# ⚙️ Context & Scope
+- **Primary Goal:** Provide an uncompromising set of rules and architectural constraints for distributed system environments.
+- **Target Tooling:** AI-agents (Cursor, Windsurf, Copilot, Antigravity) and System Architects.
+- **Tech Stack Version:** Agnostic
+
+> [!IMPORTANT]
+> **Architectural Standard (Contract):** Ensure loose coupling and high cohesion. Each microservice must own its domain data. Use asynchronous messaging (e.g., Kafka, RabbitMQ) for inter-service communication to prevent cascading failures.
+
+---
+
+## 🏗️ 1. Architecture & Design
+
+### Domain-Driven Design (DDD)
+- Define clear Bounded Contexts for every service to avoid spaghetti dependencies.
+- Implement the API Gateway pattern to route external requests to internal microservices, handling cross-cutting concerns (auth, rate limiting).
+
+### 🔄 Data Flow Lifecycle
+
+```mermaid
+sequenceDiagram
+    participant Client
+    participant Gateway as API Gateway
+    participant Auth as Auth Service
+    participant User as User Service
+    participant Msg as Message Broker (Kafka)
+    participant Notification as Notification Service
+
+    Client->>Gateway: POST /users (Create User)
+    Gateway->>Auth: Validate Token
+    Auth-->>Gateway: Token Valid
+    Gateway->>User: Create User Request
+    User-->>User: Persist User to DB
+    User->>Msg: Publish "UserCreated" Event
+    User-->>Gateway: Return 201 Created
+    Gateway-->>Client: Respond with Success
+
+    Msg->>Notification: Consume "UserCreated" Event
+    Notification-->>Notification: Send Welcome Email
+```
+
+## 🔒 2. Security Best Practices
+
+### Service-to-Service Authentication
+- Implement Zero Trust architecture. Internal services must authenticate each other using mTLS (Mutual TLS) or signed JWTs.
+- Secrets must never be hardcoded. Utilize a secret manager (HashiCorp Vault, AWS Secrets Manager).
+
+### Data Isolation
+- Enforce "Database per Service" pattern. Services must never share a single database to ensure independent scaling and deployment.
+
+## 🚀 3. Reliability Optimization
+
+### Resilience Patterns
+- Implement Circuit Breakers (e.g., resilience4j) to fail fast and recover when a dependent service goes down.
+- Implement retries with exponential backoff for transient network errors.
+- Ensure Idempotency for critical operations to handle duplicated requests gracefully.
+
+### Observability
+- Distributed Tracing is mandatory (OpenTelemetry). All requests must pass a Correlation ID across service boundaries.
+- Centralized Logging (ELK, Datadog) is required for debugging complex distributed issues.
+
+## 📚 Specialized Documentation
+- [architecture.md](./architecture.md)
+- [security-best-practices.md](./security-best-practices.md)
+- [api-design.md](./api-design.md)
+
+---
+
+[Back to Top](#)

backend/microservices/security-best-practices.md

@@ -0,0 +1,16 @@
+---
+description: Vibe coding guidelines and architectural constraints for Microservices Security within the backend domain.
+technology: Microservices
+domain: backend
+level: Architect
+complexity: Architect
+topic: Microservices Security
+vibe_coding_ready: true
+version: Agnostic
+tags: [best-practices, clean-code, architecture-patterns, vibe-coding, microservices, distributed-systems, system-design, solid-principles, production-ready, scalable-code]
+ai_role: Senior Microservices Architect
+last_updated: 2026-03-27
+last_evolution: 2026-03-27
+---
+
+# 🧩 Microservices Security Best Practices

backend/nestjs/architecture.md

@@ -0,0 +1,16 @@
+---
+description: Vibe coding guidelines and architectural constraints for NestJS within the backend domain.
+technology: NestJS
+domain: backend
+level: Senior/Architect
+complexity: Advanced
+topic: NestJS Architecture
+vibe_coding_ready: true
+version: "11+"
+tags: [best-practices, clean-code, architecture-patterns, vibe-coding, cursor-rules, typescript, software-architecture, system-design, solid-principles, production-ready, programming-standards, react-best-practices, node-js, design-patterns, scalable-code, windsurf-rules, ai-coding, fsd, ddd, enterprise-patterns]
+ai_role: Senior NestJS Architecture Expert
+last_updated: 2026-03-27
+last_evolution: 2026-03-27
+---
+
+# 🏗️ NestJS 11+ Architecture Best Practices

backend/nestjs/readme.md

@@ -3,7 +3,7 @@ description: Vibe coding guidelines and architectural constraints for NestJS wit
 technology: NestJS
 domain: backend
 level: Senior/Architect
-version: "10+"
+version: "11+"
 tags: [best-practices, clean-code, architecture-patterns, vibe-coding, cursor-rules, typescript, software-architecture, system-design, solid-principles, production-ready, programming-standards, react-best-practices, node-js, design-patterns, scalable-code, windsurf-rules, ai-coding, fsd, ddd, enterprise-patterns]
 ai_role: Senior NestJS Architecture Expert
 last_updated: 2026-03-23
@@ -22,13 +22,46 @@ last_updated: 2026-03-23
 ## 🎯 Context & Scope
 - **Primary Goal:** Предоставить строгие архитектурные правила и 30 паттернов разработки на NestJS.
 - **Target Tooling:** AI-агенты (Cursor, Windsurf, Copilot) и Senior-разработчики.
-- **Tech Stack Version:** NestJS 10+
+- **Tech Stack Version:** NestJS 11+
 
 > [!IMPORTANT]
 > **Архитектурный стандарт (Contract):** Используйте строгую типизацию TypeScript, DI (Dependency Injection) и модульную структуру. Бизнес-логика должна быть изолирована от деталей HTTP-уровня и баз данных.
 
 ---
 
+
+## 🔄 Architecture Data Flow
+
+```mermaid
+sequenceDiagram
+    participant Client
+    participant Controller as Controller (Thin)
+    participant Pipe as ValidationPipe (Global)
+    participant Guard as AuthGuard
+    participant Service as Service (Fat)
+    participant Repo as Repository (Port)
+    participant DB as Database
+
+    Client->>Controller: HTTP Request
+    Controller->>Guard: Check Authorization
+    Guard-->>Controller: Authorized
+    Controller->>Pipe: Validate DTO
+    Pipe-->>Controller: Validated
+    Controller->>Service: Execute Business Logic
+    Service->>Repo: Fetch/Save Data
+    Repo->>DB: Query
+    DB-->>Repo: Data
+    Repo-->>Service: Domain Entity
+    Service-->>Controller: Result (mapped to DTO)
+    Controller-->>Client: HTTP Response
+```
+
+
+## 📚 Specialized Documentation
+- [architecture.md](./architecture.md)
+- [security-best-practices.md](./security-best-practices.md)
+
+---
 ### 🚨 1. Clean Architecture Modules (Изоляция логики)
 #### ❌ Bad Practice
 ```typescript

backend/nestjs/security-best-practices.md

@@ -0,0 +1,16 @@
+---
+description: Vibe coding guidelines and architectural constraints for NestJS Security within the backend domain.
+technology: NestJS
+domain: backend
+level: Senior/Architect
+complexity: Advanced
+topic: NestJS Security
+vibe_coding_ready: true
+version: "11+"
+tags: [best-practices, clean-code, security-patterns, vibe-coding, cursor-rules, typescript, software-architecture, system-design, solid-principles, production-ready, programming-standards, node-js, security, scalable-code, windsurf-rules, ai-coding, enterprise-patterns]
+ai_role: Senior NestJS Security Expert
+last_updated: 2026-03-27
+last_evolution: 2026-03-27
+---
+
+# 🔒 NestJS 11+ Security Best Practices