system-design

System design, software architecture, API design, cybersecurity, and threat modeling. Build secure, scalable systems.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "system-design" with this command: npx skills add pluginagentmarketplace/custom-plugin-cloudflare/pluginagentmarketplace-custom-plugin-cloudflare-system-design

System Design Skill

Quick Reference

PatternBest ForComplexityScaling
MonolithStartups, MVPsLowLimited
MicroservicesLarge teamsHighExcellent
ServerlessEvent-drivenMediumAuto
Event-DrivenHigh throughputHighExcellent

Scalability Progression

Level 1: Single Server
    │
    ▼ Bottleneck: CPU/Memory
Level 2: Load Balancer + Multiple Servers
    │
    ▼ Bottleneck: Database reads
Level 3: Caching Layer (Redis)
    │
    ▼ Bottleneck: Database writes
Level 4: Read Replicas
    │
    ▼ Bottleneck: Single DB limits
Level 5: Sharding / Partitioning
    │
    ▼ Bottleneck: Cross-shard queries
Level 6: CQRS + Event Sourcing

Architecture Decision Tree

What's your team size and product stage?
│
├─► Team < 10, product unclear
│   └─► Monolith (start simple)
│
├─► Team > 10, clear domain boundaries
│   └─► Microservices
│
├─► Variable workloads, pay-per-use
│   └─► Serverless
│
└─► High throughput, async workflows
    └─► Event-Driven

API Design

REST Best Practices

GET    /api/v1/users              # List
GET    /api/v1/users/{id}         # Get
POST   /api/v1/users              # Create
PUT    /api/v1/users/{id}         # Replace
PATCH  /api/v1/users/{id}         # Update
DELETE /api/v1/users/{id}         # Delete

GET    /api/v1/users/{id}/orders  # Nested

HTTP Status Codes

CodeMeaningUse When
200OKGET/PUT/PATCH success
201CreatedPOST success
204No ContentDELETE success
400Bad RequestInvalid input
401UnauthorizedNo/invalid auth
403ForbiddenNo permission
404Not FoundResource missing
429Too Many RequestsRate limited
500Server ErrorServer failure

Database Selection

Use CaseBest ChoiceNotes
TransactionsPostgreSQLACID, most versatile
High writeCassandraWrite-optimized
CachingRedisSub-millisecond
SearchElasticsearchFull-text search
AnalyticsBigQueryColumn-store
Time-seriesTimescaleDBTime-based data
GraphNeo4jRelationships

Security: OWASP Top 10 (2025)

#VulnerabilityPrevention
1Broken Access ControlVerify auth on every request
2Cryptographic FailuresTLS 1.3, AES-256, Argon2
3InjectionParameterized queries
4Insecure DesignThreat modeling
5Security MisconfigurationHarden defaults
6Vulnerable ComponentsDependency scanning
7Auth FailuresMFA, rate limiting
8Data IntegritySign data, verify sources
9Logging FailuresComprehensive logging
10SSRFAllowlist URLs

Encryption Standards

LayerStandardNotes
In TransitTLS 1.3HTTPS everywhere
At RestAES-256Encrypt sensitive data
PasswordsArgon2idbcrypt acceptable
API KeysSHA-256Store hashed

Threat Modeling: STRIDE

┌─────────────────────────────────────────┐
│              STRIDE MODEL                │
├─────────────────────────────────────────┤
│  S - Spoofing                           │
│      → Strong auth, MFA                 │
│                                         │
│  T - Tampering                          │
│      → Integrity checks, signatures     │
│                                         │
│  R - Repudiation                        │
│      → Audit logging                    │
│                                         │
│  I - Information Disclosure             │
│      → Encryption, access control       │
│                                         │
│  D - Denial of Service                  │
│      → Rate limiting, DDoS protection   │
│                                         │
│  E - Elevation of Privilege             │
│      → Least privilege, RBAC            │
└─────────────────────────────────────────┘

Compliance Requirements

StandardDomainKey Requirements
GDPREU DataConsent, right to delete
HIPAAHealthcarePHI encryption, audit logs
SOC 2ServicesSecurity controls
PCI DSSPaymentsCard data protection
CCPACA PrivacyConsumer rights

Disaster Recovery

StrategyRTORPOCost
Backup/RestoreHoursHoursLow
Pilot Light10s minMinutesMedium
Warm StandbyMinutesSecondsHigh
Active-ActiveSecondsZeroVery High

Troubleshooting

System not scaling?
├─► Database bottleneck? → Add caching, replicas
├─► Single point of failure? → Add redundancy
├─► Stateful services? → Make stateless
└─► Network limits? → CDN, optimize payloads

Security incident response?
├─► 1. CONTAIN: Isolate affected systems
├─► 2. IDENTIFY: Scope and entry point
├─► 3. ERADICATE: Remove threat, patch
├─► 4. RECOVER: Restore from clean backup
└─► 5. LEARN: Post-mortem, improve

Common Failure Modes

SymptomRoot CauseRecovery
Cascading failuresTight couplingCircuit breakers
Works locallyEnv differencesContainers, IaC
Data breachMissing controlsAudit, RBAC
Audit failedMissing complianceGap analysis

Next Actions

Describe your system requirements for architecture recommendations.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

data-engineering

No summary provided by upstream source.

Repository SourceNeeds Review
-23
pluginagentmarketplace
Automation

cloud-infrastructure

No summary provided by upstream source.

Repository SourceNeeds Review
-4
pluginagentmarketplace
Coding

core-development

No summary provided by upstream source.

Repository SourceNeeds Review
-3
pluginagentmarketplace
system-design | V50.AI