gh-macroman5-claude-code-workflow-plugins/.claude/skills/tech-stack-architect/SKILL.md

---
name: tech-stack-architect
description: Design complete technology stack and system architecture from project requirements - generates TECH-STACK.md with frontend/backend/database/DevOps choices plus rationale, and ARCHITECTURE.md with components, data flow, and mermaid diagrams
version: 0.1.0
tags: [architecture, planning, tech-stack, design]
triggers:
  - tech stack
  - architecture
  - technology choices
  - system design
  - architecture diagram
---

# Tech Stack Architect

## Purpose
Generate comprehensive technology stack selection and system architecture design from project requirements. Creates two foundational documents that guide implementation.

## When to Use
- Starting a new project after PROJECT-OVERVIEW.md is created
- Re-architecting existing systems
- Technology evaluation and selection
- Architecture documentation needed
- User mentions "tech stack", "architecture", "system design"

## Behavior

### Phase 1: Technology Stack Selection

1. **Read PROJECT-OVERVIEW.md** for:
   - Project goals and constraints
   - Scale requirements (users, data, traffic)
   - Team skills and preferences
   - Budget and timeline
   - Compliance requirements

2. **Analyze requirements** across 4 categories:
   - Frontend (framework, state management, UI library)
   - Backend (language, framework, API style)
   - Database (RDBMS, NoSQL, caching, search)
   - DevOps (hosting, CI/CD, monitoring, security)

3. **Generate TECH-STACK.md** with:
   - **Category tables**: Technology | Rationale | Alternatives Considered
   - **Integration notes**: How technologies work together
   - **Trade-offs**: What you gain/lose with this stack
   - **Migration path**: How to evolve the stack
   - **Team considerations**: Learning curve, hiring, support

### Phase 2: System Architecture Design

1. **Design components**:
   - Client-side architecture
   - API layer and services
   - Data storage and caching
   - Background jobs and queues
   - External integrations

2. **Define data flow**:
   - Request/response paths
   - Authentication flow
   - Data persistence patterns
   - Event-driven flows (if applicable)

3. **Generate ARCHITECTURE.md** with:
   - **System Overview**: High-level component diagram (C4 Context)
   - **Component Details**: Responsibilities, interfaces, dependencies
   - **Data Flow Diagrams**: Key user journeys with sequence diagrams
   - **Scalability Strategy**: Horizontal scaling, caching, load balancing
   - **Security Architecture**: Auth, encryption, OWASP considerations
   - **Mermaid Diagrams**: C4, sequence, data flow, deployment

## Output Style
- Use `table-based` for technology comparisons
- Use `markdown-focused` with mermaid diagrams for architecture
- Keep rationales concise (1-2 sentences per choice)
- Include visual diagrams for clarity

## Output Files

### 1. project-management/TECH-STACK.md
```markdown
# Technology Stack

## Summary
[2-3 sentence overview of the stack philosophy]

## Frontend Stack

| Technology | Choice | Rationale | Alternatives Considered |
|------------|--------|-----------|------------------------|
| Framework | React 18 | ... | Vue, Svelte, Angular |
| State | Zustand | ... | Redux, Jotai, Context |
| UI Library | Tailwind + shadcn/ui | ... | MUI, Chakra, custom |
| Build | Vite | ... | Webpack, Turbopack |

## Backend Stack

| Technology | Choice | Rationale | Alternatives Considered |
|------------|--------|-----------|------------------------|
| Language | Python 3.11 | ... | Node.js, Go, Rust |
| Framework | FastAPI | ... | Django, Flask, Express |
| API Style | REST + OpenAPI | ... | GraphQL, gRPC, tRPC |

## Database & Storage

| Technology | Choice | Rationale | Alternatives Considered |
|------------|--------|-----------|------------------------|
| Primary DB | PostgreSQL 15 | ... | MySQL, MongoDB, SQLite |
| Caching | Redis | ... | Memcached, Valkey |
| Search | ElasticSearch | ... | Algolia, Meilisearch |
| Object Storage | S3 | ... | MinIO, CloudFlare R2 |

## DevOps & Infrastructure

| Technology | Choice | Rationale | Alternatives Considered |
|------------|--------|-----------|------------------------|
| Hosting | AWS ECS Fargate | ... | k8s, VM, serverless |
| CI/CD | GitHub Actions | ... | GitLab CI, CircleCI |
| Monitoring | DataDog | ... | Grafana, New Relic |
| Secrets | AWS Secrets Manager | ... | Vault, Doppler |

## Integration Notes
- [How frontend talks to backend]
- [Database connection pooling strategy]
- [Caching layer integration]
- [CI/CD pipeline flow]

## Trade-offs
**Gains**: [What this stack provides]
**Costs**: [Complexity, vendor lock-in, learning curve]

## Migration Path
- Phase 1: [Initial minimal stack]
- Phase 2: [Add caching, search]
- Phase 3: [Scale horizontally]

## Team Considerations
- **Learning Curve**: [Estimate for team]
- **Hiring**: [Availability of talent]
- **Support**: [Community, docs, enterprise support]
```

### 2. project-management/ARCHITECTURE.md
```markdown
# System Architecture

## Overview
[2-3 sentence description of the system]

## C4 Context Diagram
```mermaid
C4Context
  title System Context for [Project Name]

  Person(user, "User", "End user of the system")
  System(app, "Application", "Main system")
  System_Ext(auth, "Auth Provider", "OAuth2 provider")
  System_Ext(payment, "Payment Gateway", "Stripe")

  Rel(user, app, "Uses", "HTTPS")
  Rel(app, auth, "Authenticates", "OAuth2")
  Rel(app, payment, "Processes payments", "API")
```

## Component Architecture
```mermaid
graph TB
  Client[React Client]
  API[FastAPI Backend]
  DB[(PostgreSQL)]
  Cache[(Redis)]
  Queue[Job Queue]
  Worker[Background Workers]

  Client -->|HTTPS/JSON| API
  API -->|SQL| DB
  API -->|GET/SET| Cache
  API -->|Enqueue| Queue
  Queue -->|Process| Worker
  Worker -->|Update| DB
```

### Component Details

**Client (React)**
- **Responsibilities**: UI rendering, state management, client-side validation
- **Key Libraries**: React Router, Zustand, React Query
- **Interfaces**: REST API via fetch/axios

**API (FastAPI)**
- **Responsibilities**: Business logic, validation, auth, rate limiting
- **Key Modules**: auth, users, payments, notifications
- **Interfaces**: REST endpoints (OpenAPI), WebSocket (notifications)

**Database (PostgreSQL)**
- **Responsibilities**: Persistent data storage, relational integrity
- **Schema**: Users, sessions, transactions, audit logs
- **Patterns**: Repository pattern, connection pooling

**Cache (Redis)**
- **Responsibilities**: Session storage, rate limiting, job queue
- **TTL Strategy**: Sessions (24h), API cache (5m), rate limits (1h)

**Background Workers**
- **Responsibilities**: Email sending, report generation, cleanup jobs
- **Queue**: Redis-backed Celery/ARQ
- **Monitoring**: Dead letter queue, retry logic

## Authentication Flow
```mermaid
sequenceDiagram
  participant User
  participant Client
  participant API
  participant Auth0
  participant DB

  User->>Client: Click "Login"
  Client->>Auth0: Redirect to OAuth2
  Auth0->>Client: Return auth code
  Client->>API: Exchange code for token
  API->>Auth0: Validate code
  Auth0->>API: User profile
  API->>DB: Create/update user
  API->>Client: Return JWT token
  Client->>Client: Store token (httpOnly cookie)
```

## Data Flow: User Registration
```mermaid
sequenceDiagram
  participant Client
  participant API
  participant DB
  participant Queue
  participant Worker
  participant Email

  Client->>API: POST /api/register
  API->>API: Validate input
  API->>DB: Create user (inactive)
  API->>Queue: Enqueue welcome email
  API->>Client: 201 Created
  Queue->>Worker: Process email job
  Worker->>Email: Send welcome email
  Worker->>DB: Log email sent
```

## Scalability Strategy

### Horizontal Scaling
- **API**: Stateless containers (2-10 instances behind ALB)
- **Database**: Read replicas for reporting queries
- **Cache**: Redis Cluster (3+ nodes)
- **Workers**: Auto-scale based on queue depth

### Caching Strategy
- **API Responses**: Cache GET endpoints (5m TTL)
- **Database Queries**: Query result cache in Redis
- **Static Assets**: CDN (CloudFront) with edge caching

### Load Balancing
- **Application**: AWS ALB with health checks
- **Database**: pgpool for read/write splitting
- **Geographic**: Multi-region deployment (future)

## Security Architecture

### Authentication & Authorization
- **Strategy**: OAuth2 + JWT tokens (15m access, 7d refresh)
- **Storage**: httpOnly cookies for web, secure storage for mobile
- **Rotation**: Automatic token refresh

### Data Protection
- **At Rest**: PostgreSQL encryption (AWS RDS)
- **In Transit**: TLS 1.3 for all connections
- **Secrets**: AWS Secrets Manager, rotated monthly

### OWASP Top 10 Mitigations
- **Injection**: Parameterized queries (SQLAlchemy ORM)
- **Auth**: JWT validation, session management
- **XSS**: Content Security Policy, input sanitization
- **CSRF**: SameSite cookies, CSRF tokens
- **Rate Limiting**: Redis-backed (100 req/min per IP)

### Network Security
- **VPC**: Private subnets for DB/workers
- **Security Groups**: Least privilege access
- **WAF**: CloudFront WAF rules

## Deployment Architecture
```mermaid
graph TB
  subgraph "Public Subnet"
    ALB[Application Load Balancer]
  end

  subgraph "Private Subnet - App Tier"
    API1[API Container 1]
    API2[API Container 2]
    Worker1[Worker Container]
  end

  subgraph "Private Subnet - Data Tier"
    DB[(RDS PostgreSQL)]
    Cache[(ElastiCache Redis)]
  end

  Internet((Internet)) --> ALB
  ALB --> API1
  ALB --> API2
  API1 --> DB
  API2 --> DB
  API1 --> Cache
  API2 --> Cache
  Worker1 --> DB
  Worker1 --> Cache
```

## Monitoring & Observability

**Metrics**:
- API latency (p50, p95, p99)
- Error rates by endpoint
- Database connection pool usage
- Cache hit/miss ratios

**Logging**:
- Structured JSON logs (ECS logs to CloudWatch)
- Request ID tracing across services
- Error tracking (Sentry)

**Alerting**:
- API error rate >1%
- Database connections >80%
- Job queue depth >1000

## Future Considerations

**Phase 2 Enhancements**:
- GraphQL API option
- WebSocket real-time updates
- ElasticSearch for full-text search

**Phase 3 Scale**:
- Multi-region deployment
- Event-driven microservices
- CQRS for read-heavy workloads
```

## Guardrails
- Keep technology choices pragmatic (avoid hype-driven development)
- Consider team skills when selecting stack
- Prefer managed services over self-hosted for DevOps
- Include alternatives to show deliberate choice
- Use mermaid for all diagrams (portable, version-controllable)
- Keep each document under 400 lines
- Link to official docs for each technology

## Integration
- Run after PROJECT-OVERVIEW.md is created
- Feed into `/lazy plan` for user story creation
- Reference during `/lazy code` for implementation consistency
- Update during `/lazy review` if architecture evolves

## Example Prompt
> Design the tech stack and architecture for this project

## Validation Checklist
- [ ] TECH-STACK.md has all 4 categories (Frontend, Backend, Database, DevOps)
- [ ] Each technology has rationale and alternatives
- [ ] ARCHITECTURE.md has system overview + 3+ mermaid diagrams
- [ ] Authentication and data flow are documented
- [ ] Scalability and security sections are complete
- [ ] Trade-offs and migration path are clear