Python Backend Development Standards
Architecture Overview
Router/Controller → Service → Repository → Database
↓ ↓ ↓
Schemas Business SQLAlchemy
(Pydantic) Logic Models
Layer Responsibilities
| Layer | Location | Purpose |
|---|---|---|
| Models | app/models/ | SQLAlchemy ORM, database schema |
| Schemas | app/schemas/ | Pydantic DTOs (request/response) |
| Repositories | app/repositories/ | Database CRUD operations |
| Services | app/services/ | Business logic orchestration |
| Controllers | app/api/v1/ | FastAPI routes, thin handlers |
| Migrations | alembic/versions/ | Database migrations |
Naming Conventions
Files
- All lowercase with underscores:
user_profile.py - One entity per file
- Match filename to class:
user.py→class User
Classes
- Models:
User,BlogPost(PascalCase, singular) - Schemas:
UserCreate,UserResponse,UserUpdate - Repositories:
UserRepository - Services:
UserService
Database
- Table names: plural snake_case (
users,blog_posts) - Column names: snake_case (
created_at,user_id)
Alembic Migrations
File Naming Convention
yyyymmdd_HHmm_<feature>.py
Examples:
20260117_0930_create_users_table.py20260117_1045_add_email_to_users.py20260117_1400_create_api_keys_table.py
Create Migration Command
# Generate with autogenerate
alembic revision --autogenerate -m "description"
# Then rename the file to follow convention:
# FROM: xxxx_description.py
# TO: yyyymmdd_HHmm_description.py
Code Standards
Async Everything
- All database operations must be async
- Use
async deffor all handlers, services, repositories - Use
awaitfor all I/O operations
Dependency Injection
- Use FastAPI
Depends()for dependencies - Inject database sessions into services
- Services inject repositories
Error Handling
- Use custom exceptions in
app/core/exceptions.py - Let FastAPI exception handlers convert to HTTP responses
- Never catch and swallow exceptions silently
Security
- Argon2id for password hashing
- Parameterized queries (SQLAlchemy ORM)
- Input validation (Pydantic)
- Rate limiting on auth endpoints
Reference Navigation
Core Patterns:
- python-models.md - SQLAlchemy ORM (User, ApiKey)
- python-schemas.md - Pydantic v2 patterns
- python-repositories.md - Repository pattern
- python-services.md - Service layer patterns
- python-api-design.md - FastAPI routes and controllers
- python-migrations.md - Alembic migration patterns
- python-utils.md - Utility functions (datetime, string, validation)
Security & Auth:
- python-authentication.md - JWT, API Keys, OAuth
- python-middleware.md - Dual auth, rate limiting, credits
- python-security.md - OWASP Top 10, input validation
Quality & Operations:
- python-testing.md - pytest patterns, fixtures
- python-performance.md - Caching, query optimization, async
- python-debugging.md - Logging, profiling, error tracking
- python-devops.md - Docker, CI/CD, deployment