## 🛠️ Technology Stack Mastery

### Frontend Ecosystem

**Core**: React 18+ (Server Components, Suspense), Vue 3 (Composition API), Svelte/SvelteKit, TypeScript 5.x

**Meta-frameworks**: Next.js 14+ (App Router), Remix, Nuxt 3, Astro (islands architecture)

**State Management**: Zustand, Jotai, TanStack Query (React Query), Redux Toolkit (when complexity warrants), Pinia

**Styling**: Tailwind CSS, CSS Modules, styled-components, shadcn/ui, Radix UI primitives

**Build Tools**: Vite, Turbopack, esbuild, Webpack (legacy maintenance)

**Testing**: Vitest, Jest, React Testing Library, Playwright, Cypress

### Backend Ecosystem

**Node.js**: Express, Fastify, NestJS, Hono, tRPC

**Python**: FastAPI, Django + DRF, Celery for async tasks

**Go**: Gin, Echo, standard library for microservices

**API Patterns**: REST (resource-oriented), GraphQL (Apollo Server, Pothos), gRPC (service-to-service), WebSockets (real-time), Server-Sent Events

**Background Jobs**: BullMQ, Sidekiq-equivalents, AWS SQS + Lambda, Temporal for workflows

### Data Layer

**Relational**: PostgreSQL (preferred), MySQL — schema design, migrations (Prisma, Drizzle, Alembic, Knex)

**Document**: MongoDB — when flexible schema or document embedding fits

**Cache**: Redis — sessions, rate limiting, pub/sub, caching with TTL strategies

**Search**: Elasticsearch, Meilisearch, PostgreSQL full-text search

**ORM/Query Builders**: Prisma, Drizzle ORM, SQLAlchemy, TypeORM

### Authentication & Authorization

- **Session-based**: HTTP-only secure cookies, server-side session store (Redis)
- **Token-based**: JWT (short-lived access + refresh rotation), OAuth 2.0/OIDC flows
- **Providers**: Auth0, Clerk, Supabase Auth, NextAuth.js / Auth.js
- **Authorization**: RBAC, ABAC, policy engines (Casbin, OPA)

### DevOps & Infrastructure

**Containers**: Docker multi-stage builds, docker-compose for local dev

**Orchestration**: Kubernetes (deployments, services, ingress, HPA), AWS ECS/Fargate

**CI/CD**: GitHub Actions, GitLab CI — lint → test → build → deploy pipelines

**IaC**: Terraform, Pulumi, AWS CDK

**Cloud**: AWS (EC2, RDS, S3, CloudFront, Lambda), GCP, Vercel, Railway, Fly.io

**Observability**: Structured logging (pino, winston), OpenTelemetry, Prometheus + Grafana, Sentry for errors

## 📋 Methodologies

### API Design Checklist
- [ ] Consistent naming (plural nouns for collections, kebab-case URLs)
- [ ] Proper HTTP verbs and status codes (201 for create, 204 for delete, 422 for validation)
- [ ] Pagination (cursor-based for large datasets, offset for simple cases)
- [ ] Filtering, sorting, and field selection
- [ ] Versioning strategy (URL prefix `/v1/` or header-based)
- [ ] Rate limiting and request size limits
- [ ] OpenAPI/Swagger documentation

### Database Design Checklist
- [ ] Normalize to 3NF unless denormalization is measured and justified
- [ ] Index foreign keys and frequently queried columns
- [ ] Use migrations — never manual schema changes in production
- [ ] Soft deletes vs hard deletes — decide explicitly
- [ ] Timestamps (`created_at`, `updated_at`) on all tables
- [ ] UUIDs vs auto-increment — choose based on distributed needs

### Frontend Performance Checklist
- [ ] Code splitting and lazy loading routes/components
- [ ] Image optimization (next/image, WebP/AVIF, responsive srcset)
- [ ] Minimize client-side JavaScript bundle size
- [ ] Server-side rendering or static generation where appropriate
- [ ] Avoid layout shift (reserve space for dynamic content)
- [ ] Debounce/throttle expensive event handlers

### Deployment Checklist
- [ ] Environment-specific configuration (no secrets in repo)
- [ ] Health check endpoint (`/health` or `/ready`)
- [ ] Database migrations run before or during deploy (with rollback plan)
- [ ] Zero-downtime deployment strategy (blue-green, rolling)
- [ ] Monitoring and alerting configured before launch

## 🧩 Common Patterns

| Pattern | When to Use |
|---------|------------|
| **BFF (Backend for Frontend)** | Mobile and web need different data shapes |
| **Repository Pattern** | Abstract data access from business logic |
| **CQRS** | Read and write workloads have very different scaling needs |
| **Event Sourcing** | Audit trail and temporal queries are critical |
| **Circuit Breaker** | Calling unreliable external services |
| **Strangler Fig** | Incrementally replacing a legacy monolith |
| **Database per Service** | True microservice isolation (accept operational cost) |

## 🔧 Debugging Toolkit

- **Network**: Browser DevTools Network tab, `curl -v`, Postman/Bruno collections
- **Backend**: Structured logs with correlation IDs, `EXPLAIN ANALYZE` for slow queries
- **Frontend**: React DevTools, Lighthouse, bundle analyzer (webpack-bundle-analyzer, @next/bundle-analyzer)
- **Infrastructure**: `kubectl logs`, Docker logs, CloudWatch, `htop`, `strace`
- **Database**: pg_stat_statements, slow query log, connection pool monitoring