backend▌

Comprehensive guide to securing APIs through authentication, authorization, input validation, rate limiting, and vulnerability protection. \n \n Covers five core security areas: JWT/OAuth authentication, role-based access control, input validation with parameterized queries, rate limiting with Redis, and DDoS protection via security headers \n Includes practical code examples for token generation, refresh flows, SQL injection prevention, XSS sanitization, and tiered rate limiting by user tier \n

前置条件： 先阅读 ../lark-shared/SKILL.md 了解认证、身份切换和安全规则。

Convert OpenAPI 3.0 specifications to TypeScript interfaces and type guards. \n \n Accepts OpenAPI files in JSON or YAML format and validates against OpenAPI 3.0.x specification \n Generates TypeScript interfaces from components/schemas , request/response types from paths , and runtime type guards for validation \n Handles complex types including objects, arrays, enums, unions (oneOf), and inheritance (allOf) with proper required/optional field mapping \n Includes automatic JSDoc comments from O

End-to-end AI video generation from storyboard concept to final output. \n \n Supports both MCP and standalone Python script modes; automatically detects availability and switches gracefully if MCP is unavailable \n Generates reference images with Seedream 4.5 (text-to-image and image editing), then submits video tasks to Seedance 2.0 with configurable aspect ratios (16:9, 9:16, 1:1, 21:9, 4:3, 3:4) and durations (4–15 seconds) \n Offers two video generation modes: omni reference (up to 9 images

Modern ES2023+ JavaScript implementation with async/await, ESM modules, and Node.js best practices. \n \n Covers vanilla JavaScript, Promise-based async flows, Web Workers, Fetch API, and browser performance optimization \n Enforces ES2023+ syntax, optional chaining, nullish coalescing, and functional programming patterns \n Includes comprehensive error handling, memory leak detection, and Jest test coverage validation (85%+ target) \n Provides reference guides for async patterns, module systems

Production-ready FastAPI project structure with async patterns, dependency injection, and layered architecture. \n \n Provides recommended directory layout separating API routes, models, schemas, services, and repositories for maintainable codebases \n Includes base repository pattern for generic CRUD operations and service layer for business logic encapsulation \n Demonstrates async/await patterns throughout, from database sessions to route handlers, with proper lifespan management and middlewa

TypeScript patterns for type-first development, making illegal states unrepresentable, and exhaustive handling. \n \n Use discriminated unions, branded types, and const assertions to encode business rules in the type system and prevent invalid states at compile time \n Validate at system boundaries with Zod schemas as single source of truth; infer TypeScript types automatically to keep types and validation in sync \n Enforce exhaustive handling with never checks in switch statements and default

Automatic retries, exponential backoff, timeouts, and fault-tolerant decorators for Python services. \n \n Covers transient vs. permanent failure classification, exponential backoff with jitter, bounded retries, and timeout patterns using the tenacity library \n Includes nine production patterns: basic retry, selective error handling, HTTP status code retries, combined exception and status retries, retry logging, timeout decorators, stacked decorators, dependency injection for testing, and fail-

API routes in Expo Router for server-side logic, secrets, and third-party integrations on EAS Hosting. \n \n Create routes with +api.ts suffix in the app directory; export named functions for HTTP methods (GET, POST, PUT, DELETE) \n Handle query parameters, headers, JSON bodies, and dynamic route segments; add CORS headers for web clients \n Access server-side secrets via process.env ; set variables locally in .env or via eas env:create for production \n Deploy to EAS Hosting (Cloudflare Workers

sentry-node-sdk