backend-design-review

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Backend Design Review

后端设计评审

Review Workflow

评审流程

Follow this systematic review process:

遵循以下系统化评审流程：

1. Pre-Review Preparation

1. 评审前准备

Gather design documentation (architecture diagrams, API specs, database schemas, ADRs)
Understand requirements (functional, non-functional, compliance)
Define review scope and priorities
Identify constraints (technology, budget, timeline)

收集设计文档（架构图、API规范、数据库模式、ADR）
理解需求（功能性、非功能性、合规性）
定义评审范围和优先级
识别约束条件（技术、预算、时间线）

2. API Design Review

2. API设计评审

Evaluate RESTful resource modeling, HTTP method usage, status codes
Review GraphQL schema design, type definitions, query patterns
Assess gRPC service definitions and protobuf schemas
Validate API versioning strategy and documentation
Check authentication, authorization, and security measures

评估RESTful资源建模、HTTP方法使用、状态码
评审GraphQL模式设计、类型定义、查询模式
评估gRPC服务定义和protobuf模式
验证API版本控制策略和文档
检查认证、授权和安全措施

3. Database Design Validation

3. 数据库设计验证

Review data modeling, entity relationships, normalization
Assess schema design, column types, constraints, indexes
Evaluate query patterns and N+1 query prevention
Check data integrity rules and referential integrity
Review scalability approach (sharding, replicas, caching)

评审数据建模、实体关系、规范化
评估模式设计、列类型、约束、索引
分析查询模式及N+1查询预防方案
检查数据完整性规则和参照完整性
评审可扩展性方案（分片、副本、缓存）

4. Architecture Assessment

4. 架构评估

Evaluate service boundaries and decomposition
Review communication patterns (sync/async, event-driven)
Assess resilience patterns (circuit breakers, retries, timeouts)
Check service discovery and load balancing design
Validate data management and consistency strategies

评估服务边界与拆分方式
评审通信模式（同步/异步、事件驱动）
评估弹性模式（断路器、重试、超时）
检查服务发现和负载均衡设计
验证数据管理和一致性策略

5. Security Review

5. 安全评审

Evaluate authentication mechanisms (OAuth 2.0, JWT)
Review authorization model (RBAC, ABAC)
Assess data protection (encryption at rest/transit, secrets)
Check input validation and injection prevention
Review security monitoring and audit logging

评估认证机制（OAuth 2.0、JWT）
评审授权模型（RBAC、ABAC）
评估数据保护（静态/传输加密、密钥管理）
检查输入验证和注入攻击预防
评审安全监控和审计日志

6. Performance & Scalability

6. 性能与可扩展性

Assess caching strategy (layers, invalidation, TTL)
Review database indexing and query optimization
Evaluate horizontal/vertical scaling approach
Check load balancing and auto-scaling design
Review asynchronous processing patterns

评估缓存策略（层级、失效机制、TTL）
评审数据库索引和查询优化
评估水平/垂直扩展方案
检查负载均衡和自动扩缩容设计
评审异步处理模式

7. Report Generation

7. 报告生成

Categorize findings by severity (Critical, High, Medium, Low)
Document detailed findings with examples
Provide specific, actionable recommendations
Create architecture improvement diagrams
Define implementation roadmap and priorities

按严重性分类结果（Critical、High、Medium、Low）
记录带示例的详细发现
提供具体、可执行的建议
创建架构改进图
定义实施路线图和优先级

Review Scope

评审范围

API Design Quality

API设计质量

RESTful API assessment (resource modeling, HTTP methods, status codes, versioning)
GraphQL schema review (types, resolvers, complexity, N+1 prevention)
gRPC service review (protobuf definitions, streaming, error handling)
API documentation quality (OpenAPI/Swagger completeness)
API security design (authentication, authorization, rate limiting, validation)

RESTful API评估（资源建模、HTTP方法、状态码、版本控制）
GraphQL模式评审（类型、解析器、复杂度、N+1预防）
gRPC服务评审（protobuf定义、流处理、错误处理）
API文档质量（OpenAPI/Swagger完整性）
API安全设计（认证、授权、限流、验证）

Database Architecture

数据库架构

Data modeling (entity relationships, normalization, domain alignment)
Schema design (tables, columns, constraints, indexes, partitioning)
Query patterns (efficiency, index usage, N+1 prevention)
Data integrity (referential integrity, constraints, validation)
Scalability (sharding, read replicas, caching)

数据建模（实体关系、规范化、领域对齐）
模式设计（表、列、约束、索引、分区）
查询模式（效率、索引使用、N+1预防）
数据完整性（参照完整性、约束、验证）
可扩展性（分片、只读副本、缓存）

Microservices Patterns

微服务模式

Service boundaries (decomposition, bounded contexts, DDD alignment)
Communication patterns (sync/async, event-driven, orchestration)
Data management (database-per-service, eventual consistency, sagas)
Service discovery (registry, load balancing)
Resilience (circuit breakers, retries, timeouts, bulkheads)

服务边界（拆分方式、限界上下文、DDD对齐）
通信模式（同步/异步、事件驱动、编排）
数据管理（单服务单数据库、最终一致性、Saga模式）
服务发现（注册中心、负载均衡）
弹性（断路器、重试、超时、舱壁模式）

Integration Architecture

集成架构

Integration patterns (API, message queues, event streaming, webhooks)
Message queue design (selection, schemas, DLQ, idempotency)
Event streaming (event sourcing, CQRS, stream processing)
External API integration (retry logic, circuit breakers, versioning)
Batch processing (ETL, job scheduling, error handling)

集成模式（API、消息队列、事件流、Webhook）
消息队列设计（选型、模式、死信队列、幂等性）
事件流（事件溯源、CQRS、流处理）
外部API集成（重试逻辑、断路器、版本控制）
批处理（ETL、任务调度、错误处理）

Security Architecture

安全架构

Authentication design (JWT, OAuth 2.0, session management)
Authorization design (RBAC, ABAC, permission models)
Data protection (encryption at rest/transit, secrets management)
API security (validation, injection prevention, rate limiting)
Security monitoring (audit logging, anomaly detection)

认证设计（JWT、OAuth 2.0、会话管理）
授权设计（RBAC、ABAC、权限模型）
数据保护（静态/传输加密、密钥管理）
API安全（验证、注入预防、限流）
安全监控（审计日志、异常检测）

Severity Levels

严重性等级

Use these severity ratings for findings:

🔴 Critical: Security risks, data loss, broken functionality - must fix before implementation
🟠 High: Significant flaws affecting scalability, performance, reliability - should fix before go-live
🟡 Medium: Moderate issues or best practice deviations - address in next iteration
🟢 Low: Minor improvements or optimizations - track for future improvements

使用以下严重性评级标记发现的问题：

🔴 Critical（严重）：安全风险、数据丢失、功能故障 - 必须在实施前修复
🟠 High（高）：影响可扩展性、性能、可靠性的重大缺陷 - 应在上线前修复
🟡 Medium（中）：中等问题或偏离最佳实践 - 在下一迭代中解决
🟢 Low（低）：微小改进或优化 - 跟踪以便未来改进

Report Structure

报告结构

Present backend design review findings with:

Executive Summary - Project context, review date, overall assessment
Review Scope - What was reviewed, depth of review, focus areas
Key Findings Summary - Critical and high severity issues overview
Detailed Findings - Each finding with severity, description, impact, recommendations, examples
Positive Observations - Strengths and good design decisions
Recommendations - Prioritized improvements with implementation guidance
Architecture Diagrams - Current state and proposed improvements
Action Items - Specific tasks with owners, deadlines, and status tracking
Next Steps - Immediate actions, short-term tasks, follow-up review schedule

后端设计评审报告应包含以下部分：

执行摘要 - 项目背景、评审日期、整体评估
评审范围 - 评审内容、评审深度、重点领域
关键发现摘要 - 严重和高等级问题概述
详细发现 - 每个问题包含严重性、描述、影响、建议、示例
积极观察 - 优势和优秀设计决策
建议 - 按优先级排序的改进方案及实施指导
架构图 - 当前状态和改进后的状态
行动项 - 具体任务、负责人、截止日期和状态跟踪
下一步计划 - 即时行动、短期任务、后续评审时间表

Reference Files

参考文件

Load detailed guidance based on specific review needs:

Review Process: See backend-design-review-process.md for comprehensive step-by-step review workflow covering API design, database validation, microservices assessment, security review, and performance evaluation with detailed checklists
API Design Patterns: See api-design-patterns.md when reviewing RESTful APIs, GraphQL schemas, or gRPC services - includes resource modeling, HTTP methods, status codes, versioning strategies, authentication patterns, and common anti-patterns
Database Design Patterns: See database-design-patterns.md for detailed guidance on data modeling, normalization, indexing strategies, query optimization, database scaling patterns, NoSQL patterns, and caching strategies
Microservices & Integration Patterns: See microservices-integration-patterns.md when reviewing microservices architecture, service boundaries, communication patterns, resilience patterns, message queues, event streaming, and distributed system designs
Report Template: See report-template.md for complete report structure with sections for executive summary, findings, recommendations, architecture diagrams, and action items
Severity Levels: See severity-levels.md for detailed severity rating criteria (Critical, High, Medium, Low) with examples and action requirements

根据具体评审需求加载详细指南：

评审流程：查看backend-design-review-process.md获取涵盖API设计、数据库验证、微服务评估、安全评审和性能分析的完整分步评审流程及详细检查清单
API设计模式：评审RESTful API、GraphQL模式或gRPC服务时，查看api-design-patterns.md - 包含资源建模、HTTP方法、状态码、版本控制策略、认证模式及常见反模式
数据库设计模式：查看database-design-patterns.md获取数据建模、规范化、索引策略、查询优化、数据库扩展模式、NoSQL模式和缓存策略的详细指南
微服务与集成模式：评审微服务架构、服务边界、通信模式、弹性模式、消息队列、事件流和分布式系统设计时，查看microservices-integration-patterns.md
报告模板：查看report-template.md获取完整报告结构，包含执行摘要、发现、建议、架构图和行动项等章节
严重性等级：查看severity-levels.md获取详细的严重性评级标准（Critical、High、Medium、Low）及示例和行动要求