Moustachir
IT ProtocolsEngineering Protocols

Backend Engineering Protocol

Standard operating procedures for Backend Development at Moustachir Com

1. INTRODUCTION

This document defines the standard operating procedures for Backend Development at Moustachir Com. It applies to all Backend Developers (Node.js, Python, etc.), whether internal team members or external partners.

For general engineering standards (Git Flow, Testing Strategy, Code Quality), refer to the General Engineering Protocol.

2. ONBOARDING CHECKLIST

Goal: First API endpoint deployed to staging in 48 hours.

2.1 Access Provisioning

  • GitHub: Accept invite to the Organization.
  • Cloud Services: Access to AWS, Supabase, or other cloud platforms as needed.
  • Database: Credentials for development and staging databases.
  • Notion: Access to the Development Board.

2.2 Environment Setup

  • Runtime:
    • Node.js: Use the LTS version specified in .nvmrc (if Node.js project).
    • Python: Use the version specified in .python-version or pyproject.toml (if Python project).
  • Package Manager:
    • Node.js: We use pnpm.
    • Python: We use poetry or pip with requirements.txt.
  • Docker: Ensure Docker Desktop is running for local database containers and services (if applicable).
  • IDE: VS Code is recommended with extensions:
    • Biome
    • Docker
    • Database client extension (e.g., PostgreSQL, MongoDB)
  • API Testing: Install Postman or Insomnia for API testing.

2.3 Repository Setup

  1. Clone the main repository and submodules: git submodule update --init --recursive
  2. Install dependencies: pnpm install or poetry install
  3. Copy .env.example to .env and populate keys (ask Team Lead for secrets).
  4. Start local services: docker-compose up -d
  5. Run database migrations: pnpm migrate or python manage.py migrate
  6. Start the development server: pnpm dev or python main.py

3. DAILY WORKFLOW

3.1 API Development

  • RESTful Design: Follow REST principles for endpoint naming and HTTP methods.
  • Validation: Always validate input data (use libraries like Zod, Joi, or Pydantic. Mainly Zod).
  • Error Handling: Return consistent error responses with proper HTTP status codes.
  • Documentation: Update API documentation (Swagger/OpenAPI) as you build.

3.2 Database

  • Migrations: Never modify the database schema directly. Always use migrations.
  • Indexing: Add indexes for frequently queried fields.
  • Transactions: Use transactions for operations that modify multiple tables.

3.3 Security

  • Authentication: Follow the project's auth pattern (JWT, OAuth, etc.).
  • Authorization: Implement role-based access control where needed.
  • Input Sanitization: Prevent SQL injection, XSS, and other attacks.
  • Secrets: Never commit secrets to Git. Use environment variables.

3.4 Performance

  • Caching: Implement caching for expensive queries (Redis, in-memory).
  • Pagination: Always paginate list endpoints.
  • N+1 Queries: Avoid N+1 query problems. Use joins or eager loading.

4. TESTING

  • Unit Tests: Test business logic and utility functions.
  • Integration Tests: Test API endpoints with a test database.
  • Load Testing: For critical endpoints, perform load testing before production.

Frontend Engineering Protocol

Standard operating procedures for Frontend Development at Moustachir Com

Mobile Engineering Protocol

Standard operating procedures for Mobile Development at Moustachir Com

Table of contents

1. INTRODUCTION2. ONBOARDING CHECKLIST2.1 Access Provisioning2.2 Environment Setup2.3 Repository Setup3. DAILY WORKFLOW3.1 API Development3.2 Database3.3 Security3.4 Performance4. TESTING