Python Backend Architecture Review

What this skill does

# Python Backend Architecture Review

This skill provides comprehensive architecture review capabilities for Python backend applications, covering all aspects of system design from infrastructure to code organization.

## When to Use This Skill

Activate this skill when the user requests:
- Review of a backend architecture design document
- Feedback on system design for a Python application
- Analysis of scalability patterns and approaches
- Security review of backend architecture
- Database design evaluation
- API design assessment
- Microservices architecture review
- Performance optimization recommendations
- Cloud infrastructure architecture review
- Code organization and project structure analysis

## Review Framework

### 1. Initial Analysis

When a user provides an architecture document or describes their system, begin by:

1. **Understanding Context**
   - Ask clarifying questions about:
     - Expected scale (users, requests/sec, data volume)
     - Performance requirements (latency, throughput)
     - Security and compliance requirements
     - Team size and expertise
     - Budget constraints
     - Timeline expectations

2. **Document Analysis**
   - If architecture diagrams or documents are provided, analyze:
     - Component relationships and boundaries
     - Data flow patterns
     - External dependencies
     - Technology stack choices
     - Deployment topology

### 2. Comprehensive Review Areas

Evaluate the architecture across these dimensions:

#### A. System Architecture & Design Patterns

**Evaluate:**
- Overall architectural style (monolith, microservices, serverless, hybrid)
- Service boundaries and responsibilities
- Communication patterns (sync/async, REST/GraphQL/gRPC)
- Event-driven architecture components
- CQRS and Event Sourcing patterns where applicable
- Domain-Driven Design principles
- Separation of concerns
- Dependency management

**Provide Feedback On:**
- Whether the chosen architecture matches the scale and complexity
- Over-engineering or under-engineering concerns
- Missing components or services
- Tight coupling issues
- Single points of failure
- Scalability bottlenecks

**Python-Specific Considerations:**
- Framework selection (FastAPI, Django, Flask, etc.)
- ASGI vs WSGI considerations
- Async/await patterns and usage
- Python's GIL impact on architecture decisions
- Multi-processing vs multi-threading strategies

#### B. Database Architecture

**Evaluate:**
- Database type selection (PostgreSQL, MySQL, MongoDB, Redis, etc.)
- Data modeling approach
- Normalization vs denormalization strategy
- Sharding and partitioning plans
- Read replicas and replication strategy
- Caching layers (Redis, Memcached)
- Database connection pooling
- Transaction management
- Data consistency models (strong, eventual)

**Provide Feedback On:**
- Schema design quality
- Index strategies
- Query optimization patterns
- N+1 query prevention
- Database migration strategy
- Backup and disaster recovery
- Multi-tenancy approaches if applicable
- Data retention and archival strategies

**Python-Specific Considerations:**
- ORM selection (SQLAlchemy, Django ORM, Tortoise ORM, etc.)
- Raw SQL vs ORM tradeoffs
- Async database drivers (asyncpg, motor, etc.)
- Migration tools (Alembic, Django migrations)

#### C. API Design & Communication

**Evaluate:**
- API design patterns (RESTful, GraphQL, gRPC)
- Endpoint structure and naming
- Request/response formats
- Versioning strategy
- Authentication and authorization
- Rate limiting and throttling
- API documentation approach
- Contract-first vs code-first design
- WebSocket usage for real-time features
- Message queue integration (RabbitMQ, Kafka, SQS)

**Provide Feedback On:**
- API consistency and conventions
- Error handling and status codes
- Pagination strategies
- Filtering and search capabilities
- Idempotency guarantees
- Backward compatibility approach
- GraphQL schema design if applicable
- gRPC service definitions if applicable

**Python-Specific Considerations:**
- FastAPI automatic OpenAPI generation
- Pydantic validation models
- Django REST Framework serializers
- GraphQL libraries (Strawberry, Graphene, Ariadne)
- gRPC-python code generation

#### D. Security Architecture

**Evaluate:**
- Authentication mechanisms (JWT, OAuth2, session-based)
- Authorization model (RBAC, ABAC, policy-based)
- API security (rate limiting, CORS, CSRF protection)
- Data encryption (at rest and in transit)
- Secrets management approach
- Network security (VPC, security groups, firewall rules)
- Input validation and sanitization
- SQL injection prevention
- XSS and CSRF protections
- Dependency vulnerability scanning
- Security headers implementation

**Provide Feedback On:**
- Authentication/authorization gaps
- Sensitive data exposure risks
- Missing security controls
- Overly permissive access
- Insecure defaults
- Lack of audit logging
- Missing security monitoring

**Python-Specific Considerations:**
- Usage of python-jose, PyJWT for token handling
- Password hashing with bcrypt, argon2
- Environment variable management (python-dotenv)
- Security middleware in frameworks
- SQLAlchemy parameterized queries

#### E. Scalability & Performance

**Evaluate:**
- Horizontal vs vertical scaling strategy
- Load balancing approach
- Auto-scaling configuration
- Caching strategy (application, database, CDN)
- Async processing for long-running tasks
- Background job processing (Celery, RQ, Dramatiq)
- Queue-based architectures
- Database read replicas
- Connection pooling
- Resource optimization

**Provide Feedback On:**
- Scalability bottlenecks
- Missing caching layers
- Inefficient data access patterns
- Synchronous operations that should be async
- Missing queue infrastructure
- Poor resource utilization
- Lack of performance monitoring

**Python-Specific Considerations:**
- ASGI server selection (Uvicorn, Hypercorn)
- Gunicorn worker configuration
- Celery worker configuration
- Async framework usage (asyncio best practices)
- Performance profiling tools (cProfile, py-spy)
- GIL workarounds for CPU-bound tasks

#### F. Observability & Monitoring

**Evaluate:**
- Logging strategy and centralization
- Metrics collection and aggregation
- Distributed tracing implementation
- Error tracking and alerting
- Health check endpoints
- Performance monitoring
- Business metrics tracking
- Log aggregation tools (ELK, Loki, CloudWatch)
- APM tools (DataDog, New Relic, Prometheus)

**Provide Feedback On:**
- Missing observability components
- Insufficient logging detail
- Lack of structured logging
- No distributed tracing
- Missing critical alerts
- No performance baselines
- Inadequate error tracking

**Python-Specific Considerations:**
- Structured logging libraries (structlog, python-json-logger)
- OpenTelemetry Python SDK
- Sentry integration
- StatsD/Prometheus client libraries
- Context propagation in async code

#### G. Deployment & Infrastructure

**Evaluate:**
- Containerization strategy (Docker)
- Orchestration approach (Kubernetes, ECS, etc.)
- CI/CD pipeline design
- Environment management (dev, staging, prod)
- Infrastructure as Code (Terraform, CloudFormation)
- Blue-green or canary deployment strategies
- Rollback procedures
- Configuration management
- Secret management in deployment

**Provide Feedback On:**
- Deployment complexity
- Missing automation
- Lack of environment parity
- No rollback strategy
- Insufficient testing in pipeline
- Manual deployment steps
- Missing infrastructure versioning

**Python-Specific Considerations:**
- Docker image optimization (multi-stage builds)
- Dependency management (pip, Poetry, PDM)
- Virtual environment handling in containers
- Python version management
- Compiled dependencies (wheel files)

#### H. Code Organization & Project Structure

**Evaluate:**
- Project directory structure
- Module and package organization
- Dependency injection patterns
- Configuration management
- Environment variable usage
- Testing strategy and organization
- Code