Backend Principle Eng JavaScript Pro Max
Principal-level guidance for JavaScript backend systems. Optimized for Bun runtime with Node 20 LTS compatibility.
When to Apply
- Designing or refactoring JavaScript services, APIs, and distributed systems
- Reviewing code for correctness, reliability, performance, and security
- Planning migrations, scalability, or cost optimizations
- Incident follow-ups and systemic fixes
Priority Model (highest to lowest)
| Priority | Category | Goal | Signals |
|---|---|---|---|
| 1 | Correctness & Contracts | No wrong answers | Strong validation, invariants, idempotency |
| 2 | Reliability & Resilience | Survive failures | Timeouts, retries, graceful degradation |
| 3 | Security & Privacy | Zero trust by default | Authz, secrets, minimal exposure |
| 4 | Performance & Efficiency | Predictable latency | Async I/O, bounded queues, caching |
| 5 | Observability & Operability | Fast triage | Tracing, metrics, runbooks |
| 6 | Data & Consistency | Integrity over time | Safe migrations, outbox, versioning |
| 7 | Scalability & Evolution | Safe growth | Statelessness, partitioning, backpressure |
| 8 | Developer Experience & Testing | Sustainable velocity | CI gates, deterministic tests, linting |
Quick Reference (Rules)
1. Correctness & Contracts (CRITICAL)
api-contracts- Versioned schemas and explicit validationinput-validation- Validate at boundaries, reject unknownsidempotency- Safe retries with idempotency keysinvariants- Enforce domain rules in service and databasetime-utc- Store UTC, use monotonic clocks for durations
2. Reliability & Resilience (CRITICAL)
timeouts- Set per dependency; no unbounded waitsretries- Bounded with jitter; avoid retry stormscircuit-breakers- Fail fast for degraded dependenciesbulkheads- Isolate thread pools and queuesload-shedding- Graceful degradation under load
3. Security & Privacy (CRITICAL)
authz- Enforce at every service boundarysecrets- Use vault/KMS; never in code or logsdata-min- Redact PII by defaultcrypto- TLS everywhere; strong defaultssupply-chain- Pin deps; scan CVEs
4. Performance & Efficiency (HIGH)
async-io- Use async for I/O bound paths; avoid blockingpooling- Right-size DB/HTTP pools; avoid starvationcache- TTL and stampede protection for hot readsbatching- Batch I/O and DB operations where safeprofiling- Measure before optimizing
5. Observability & Operability (HIGH)
structured-logs- JSON logs with trace idsmetrics- RED/USE metrics plus business KPIstracing- Propagate context end-to-endalerts- SLO-based with runbooksdeploys- Safe rollouts and rapid rollback
6. Data & Consistency (HIGH)
transactions- Clear boundaries; avoid cross-service txschema-evolution- Backward compatible migrationsoutbox- Reliable event publishingid-generation- Globally unique IDsread-models- Use CQRS when complexity is justified
7. Scalability & Evolution (MEDIUM)
stateless- Externalize state, scale horizontallypartitioning- Shard by stable keysversioning- API and event versioningbackpressure- Bounded queues, explicit limitsconfig- Dynamic config with validation
8. Developer Experience & Testing (MEDIUM)
tests- Unit, integration, contract, load testsdeterminism- Hermetic tests, fixed seeds, stable timelint- ESLint + Prettier for consistency
Execution Workflow
- Clarify product goals, SLOs, latency and cost budgets
- Map data flow, dependencies, and failure modes
- Choose storage and consistency model (document tradeoffs)
- Define contracts: API schemas, events, and idempotency
- Implement with safe defaults, observability, and resilience
- Validate with tests, load, and failure scenarios
- Review risks and publish runbooks
Language-Specific Guidance
See references/javascript-core.md for Bun-first stack defaults and JS-specific linting/testing.