id: SKL-platform-PLATFORMPRODUCTDESIGN name: Platform Product Design description: Platform Product Design enables creation of multi-tenant, extensible platforms that support third-party developers, partners, and ecosystem growth. This capability is essential for SaaS platforms, mar version: 1.0.0 status: active owner: '@cerebra-team' last_updated: '2026-02-22' category: Backend tags:

• api
• backend
• server
• database stack:
• Python
• Node.js
• REST API
• GraphQL difficulty: Intermediate

Platform Product Design

Skill Profile

(Select at least one profile to enable specific modules)

• DevOps
• Backend
• Frontend
• AI-RAG
• Security Critical

Overview

Platform Product Design enables creation of multi-tenant, extensible platforms that support third-party developers, partners, and ecosystem growth. This capability is essential for SaaS platforms, marketplaces, and any product requiring extensibility and scalability.

Why This Matters

Strategic Necessity:

• Multi-Tenancy: Support multiple customers efficiently
• Extensibility: Enable third-party integrations and extensions
• Scalability: Handle growth across customers and users
• Ecosystem Growth: Foster partner and developer ecosystem
• Revenue Diversity: Multiple revenue streams (subscriptions, marketplace, etc.)

Product Thinking:

Solves critical problem of "single-tenant architecture" where each customer requires separate deployment, leading to high operational costs and slow feature delivery. Platform Product Design provides systematic approach to creating shared multi-tenant platforms that enable efficient resource utilization while maintaining proper isolation between tenants.

Core Concepts & Rules

1. Core Principles

• Follow established patterns and conventions
• Maintain consistency across codebase
• Document decisions and trade-offs

2. Implementation Guidelines

• Start with the simplest viable solution
• Iterate based on feedback and requirements
• Test thoroughly before deployment

Inputs / Outputs / Contracts

• Inputs:
  • <e.g., env vars, request payload, file paths, schema>
• Entry Conditions:
  • <Pre-requisites: e.g., Repo initialized, DB running, specific branch checked out>
• Outputs:
  • <e.g., artifacts (PR diff, docs, tests, dashboard JSON)>
• Artifacts Required (Deliverables):
  • <e.g., Code Diff, Unit Tests, Migration Script, API Docs>
• Acceptance Evidence:
  • <e.g., Test Report (screenshot/log), Benchmark Result, Security Scan Report>
• Success Criteria:
  • <e.g., p95 < 300ms, coverage ≥ 80%>

Skill Composition

• Depends on: None
• Compatible with: None
• Conflicts with: None
• Related Skills: None

Quick Start / Implementation Example

1. Review requirements and constraints
2. Set up development environment
3. Implement core functionality following patterns
4. Write tests for critical paths
5. Run tests and fix issues
6. Document any deviations or decisions

# Example implementation following best practices
def example_function():
    # Your implementation here
    pass

Assumptions

• Tenant requirements are well-defined
• Infrastructure supports multi-tenancy
• Third-party developers will use platform APIs
• Sufficient resources for scaling
• Billing and payment systems available

Compatibility & Prerequisites

• Supported Versions:
  • Python 3.8+
  • Node.js 16+
  • Modern browsers (Chrome, Firefox, Safari, Edge)
• Required AI Tools:
  • Code editor (VS Code recommended)
  • Testing framework appropriate for language
  • Version control (Git)
• Dependencies:
  • Language-specific package manager
  • Build tools
  • Testing libraries
• Environment Setup:
  • .env.example keys: API_KEY, DATABASE_URL (no values)

Test Scenario Matrix

Technical Guardrails & Security Threat Model

1. Security & Privacy (Threat Model)

• Top Threats: Injection attacks, authentication bypass, data exposure

• Data Handling: Sanitize all user inputs to prevent Injection attacks. Never log raw PII
• Secrets Management: No hardcoded API keys. Use Env Vars/Secrets Manager
• Authorization: Validate user permissions before state changes

2. Performance & Resources

• Execution Efficiency: Consider time complexity for algorithms
• Memory Management: Use streams/pagination for large data
• Resource Cleanup: Close DB connections/file handlers in finally blocks

3. Architecture & Scalability

• Design Pattern: Follow SOLID principles, use Dependency Injection
• Modularity: Decouple logic from UI/Frameworks

4. Observability & Reliability

• Logging Standards: Structured JSON, include trace IDs request_id
• Metrics: Track error_rate, latency, queue_depth
• Error Handling: Standardized error codes, no bare except
• Observability Artifacts:
  • Log Fields: timestamp, level, message, request_id
  • Metrics: request_count, error_count, response_time
  • Dashboards/Alerts: High Error Rate > 5%

Agent Directives

1. Isolation Phase: Always implement proper tenant isolation
2. Provisioning Phase: Always validate tenant configuration
3. Integration Phase: Always setup SSO and API keys
4. Monitoring Phase: Always monitor tenant performance
5. Security Phase: Always implement security at all layers

Definition of Done (DoD) Checklist

• Tests passed + coverage met
• Lint/Typecheck passed
• Logging/Metrics/Trace implemented
• Security checks passed
• Documentation/Changelog updated
• Accessibility/Performance requirements met (if frontend)

Anti-patterns / Pitfalls

• ⛔ Don't: Log PII, catch-all exception, N+1 queries
• ⚠️ Watch out for: Common symptoms and quick fixes
• 💡 Instead: Use proper error handling, pagination, and logging

Reference Links & Examples

• Internal documentation and examples
• Official documentation and best practices
• Community resources and discussions

Versioning & Changelog

• Version: 1.0.0
• Changelog:
  • 2026-02-22: Initial version with complete template structure