⚙️ Software Engineering

Engineering Tools Ecosystem

"A good tool improves the way you work. A great tool improves the way you think." — Jeff Atwood

Tool Categories Overview

Core Development

flowchart LR subgraph VCS [Version Control] Git[Git] GitHub[GitHub/GitLab/Bitbucket] gh[GitHub CLI] end subgraph IDE [IDE/Editor] VSCode[VS Code] Cursor[Cursor] JetBrains[JetBrains Suite] Neovim[Neovim] end subgraph Build [Build/Task] Make[Make/Just/Task] Bazel[Bazel/Nx/Turborepo] end subgraph Pkg [Package/Dep] PythonPkg[uv/pip/poetry] JSPkg[pnpm/npm/yarn] Cargo[Cargo] GoMod[Go modules] JavaBuild[Maven/Gradle] NuGet[NuGet] end

Code Quality & Testing

flowchart LR subgraph Quality [Code Quality] PythonLint[Ruff/Black/mypy] JSLint[Biome/ESLint/Prettier] GoLint[golangci-lint/clippy] Generic[SonarQube/Semgrep] end subgraph Testing [Testing] UnitTest[pytest/Jest/Vitest/JUnit] E2E[Playwright/Cypress] Containers[Testcontainers] PBT[Hypothesis/fast-check/jqwik] Mutation[mutmut/Stryker/PITest] end

CI/CD & Observability

flowchart LR subgraph CICD [CI/CD] GHA[GitHub Actions] GitLab[GitLab CI] CircleCI[CircleCI] ArgoCD[ArgoCD/Flux] end subgraph Obs [Observability] Metrics[Prometheus/Grafana] Logs[Loki] Traces[Tempo/Jaeger] OTel[OpenTelemetry] end

Infrastructure & Security

flowchart LR subgraph Infra [Infrastructure] TF[Terraform/OpenTofu] Pulumi[Pulumi] Crossplane[Crossplane] Ansible[Ansible] end subgraph C8s [Container/K8s] Docker[Docker/Podman] Build[Buildah/Kaniko] K8sTools[kubectl/helm/k9s] end subgraph Security [Security] Scan[Trivy/Grype/Syft] Signing[cosign] Policy[OPA/Kyverno] end

Documentation & Collaboration

flowchart LR subgraph Docs [Documentation] MkDocs[MkDocs] OpenAPI[OpenAPI/AsyncAPI] end subgraph Collab [Collaboration] Issues[GitHub/GitLab/Linear] Wiki[Notion/Obsidian] Diagram[Excalidraw] end

Essential Tool Chains by Language

Python (Modern 2024+)

Purpose	Tool	Why
Package mgmt	`uv`	10–100x faster than pip; lockfiles; virtualenvs
Formatting	`ruff`	100x faster than Black; includes linter
Type checking	`mypy` / `pyright`	Gradual typing; IDE integration
Testing	`pytest` + `pytest-cov` + `hypothesis`	Powerful fixtures; property-based
Mutation	`mutmut`	Fast, incremental mutation testing
Docs	`mkdocs-material` + `mkdocstrings`	Beautiful, auto-generated from docstrings
Pre-commit	`pre-commit` + `ruff` + `mypy`	Fast local quality gates

# pyproject.toml (modern config)
[tool.ruff]
line-length = 100
target-version = "py311"
select = ["E", "F", "I", "UP", "B", "C4", "PT", "T20", "RET", "SIM"]

[tool.mypy]
python_version = "3.11"
warn_return_any = true
warn_unused_ignores = true
disallow_untyped_defs = true

[tool.pytest.ini_options]
addopts = "-v --cov=src --cov-fail-under=85 --cov-report=term-missing"
testpaths = ["tests"]

[tool.mutmut]
paths_to_mutate = "src/"
backup = false
runner = "pytest"

# C++ Modern Toolchain (2024+)

# Build system
# cmake -B build -DCMAKE_BUILD_TYPE=Release
# cmake --build build

# clang-format (formatting)
# clang-tidy (static analysis)
# clangd (LSP)

# .clang-format
# BasedOnStyle: LLVM
# IndentWidth: 4
# ColumnLimit: 100

# clang-tidy config
# Checks: "**"
# WarningsAsErrors: ""

# vcpkg for package management
# vcpkg install fmt spdlog boost-asio

# Testing: Catch2, GoogleTest
# Mutation: Mull
# Coverage: gcov/lcov/gcovr

// Java Modern Toolchain (2024+)

// Build: Maven or Gradle (Kotlin DSL preferred)
// build.gradle.kts
plugins {
    id("java")
    id("application")
    id("org.springframework.boot") version "3.2.0"
}

java {
    toolchain.languageVersion.set(JavaLanguageVersion.of(21))
}

dependencies {
    implementation("org.springframework.boot:spring-boot-starter-web")
    testImplementation("org.junit.jupiter:junit-jupiter:5.10.0")
    testImplementation("org.mockito:mockito-core:5.8.0")
}

// Linting: SpotBugs, Checkstyle, Error Prone (via Gradle plugins)
// Testing: JUnit 5 + AssertJ + Mockito
// Mutation: PITest

// C# Modern Toolchain (2024+)

// .csproj (modern SDK-style)
<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
    <Nullable>enable</Nullable>
    <ImplicitUsings>enable</ImplicitUsings>
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.*" />
    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.*" />
    <PackageReference Include="FluentValidation.AspNetCore" Version="11.*" />
  </ItemGroup>
</Project>

// Linting: dotnet format --verify-no-changes
// Testing: xUnit + xUnit.extensibility + FluentAssertions + AutoFixture
// Mutation: Stryker.NET

JavaScript/TypeScript (Modern 2024+)

Purpose	Tool	Why
Package mgmt	`pnpm`	Fast, disk-efficient, strict
Runtime	`Bun` / `Node 22+`	Fast; built-in test runner, bundler
Formatting	`Biome`	Fast; formatter + linter; replaces Prettier+ESLint
Type checking	`TypeScript` + `tsc --noEmit`	Native
Testing	`Vitest` / `Playwright`	Vite-native; fast; browser testing
Bundling	`Vite` / `esbuild` / `Turbopack`	Lightning fast
Docs	`TypeDoc` + `VitePress`	Auto-generated + beautiful

Go (Modern)

Purpose	Tool	Why
Modules	`go mod`	Built-in; minimal version selection
Linting	`golangci-lint`	Unified linter runner
Formatting	`gofmt` / `gofumpt`	Built-in + stricter
Testing	`testing` + `testify` + `gotestsum`	Built-in + better output
Fuzzing	`go test -fuzz`	Built-in (Go 1.18+)
Vulnerability	`govulncheck`	Official Go vulnerability scanner

Rust

Purpose	Tool	Why
Build	`cargo`	Built-in; excellent
Linting	`clippy` + `rustfmt`	Built-in
Testing	`cargo test` + `proptest`	Built-in + property-based
Docs	`cargo doc` + `mdbook`	Built-in + narrative docs
Security	`cargo audit` + `cargo deny`	Vulnerability + license check

Infrastructure as Code — Tool Comparison

Tool	Language	State	Best For
Terraform	HCL	Remote (S3, Consul)	Multi-cloud, mature ecosystem
OpenTofu	HCL	Remote	Terraform fork; open source
Pulumi	TS/Python/Go/C#/Java	Remote	Real languages; testing
Crossplane	YAML (K8s)	K8s API	GitOps-native; K8s resources
AWS CDK	TS/Python/Go/Go/Java	CloudFormation	AWS-native; constructs

# Pulumi example — real language, testable
import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("my-bucket",
    versioning=aws.s3.BucketVersioningArgs(enabled=True),
    server_side_encryption_configuration=aws.s3.BucketServerSideEncryptionConfigurationArgs(
        rule=aws.s3.BucketServerSideEncryptionConfigurationRuleArgs(
            apply_server_side_encryption_by_default=aws.s3.ServerSideEncryptionByDefaultArgs(
                sse_algorithm="AES256"
            )
        )
    )
)

# Unit testable!
def test_bucket_has_versioning():
    assert bucket.versioning is not None
    assert bucket.versioning.get("enabled") == True

// Pulumi C++ infrastructure as code
#include <pulumi/pulumi.hpp>
#include <pulumi/aws/s3/bucket.hpp>

int main() {
    pulumi::Run([]() {
        auto bucket = std::make_shared<aws::s3::Bucket>("my-bucket", 
            pulumi::Args{
                {"versioning", pulumi::Object{
                    {"enabled", true}
                }},
                {"serverSideEncryptionConfiguration", pulumi::Object{
                    {"rule", pulumi::Object{
                        {"applyServerSideEncryptionByDefault", pulumi::Object{
                            {"sseAlgorithm", "AES256"}
                        }}
                    }}
                }}
            )
        });
    });
    return 0;
}

// Pulumi Java example
import com.pulumi.Pulumi;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketVersioningArgs;

public class MyStack {
    public static void main(String[] args) {
        Pulumi.run(ctx -> {
            var bucket = new Bucket("my-bucket", BucketArgs.builder()
                .versioning(BucketVersioningArgs.builder().enabled(true).build())
                .serverSideEncryptionConfiguration(List.of(
                    BucketServerSideEncryptionConfigurationArgs.builder()
                        .rule(BucketServerSideEncryptionRuleArgs.builder()
                            .applyServerSideEncryptionByDefault(
                                ServerSideEncryptionByDefaultArgs.builder()
                                    .sseAlgorithm("AES256")
                                    .build())
                            .build())
                ))
                .build());
        });
    }
}

// Pulumi C# Example
using Pulumi;
using Pulumi.Aws.S3;

class MyStack : Stack
{
    public MyStack()
    {
        var bucket = new Bucket("my-bucket", new BucketArgs
        {
            Versioning = new BucketVersioningArgs { Enabled = true },
            ServerSideEncryptionConfiguration = new[]
            {
                new BucketServerSideEncryptionConfigurationArgs
                {
                    Rule = new BucketServerSideEncryptionRuleArgs
                    {
                        ApplyServerSideEncryptionByDefault = 
                            new ServerSideEncryptionByDefaultArgs
                            {
                                SseAlgorithm = "AES256"
                            }
                        }
                    }
                }
        });
    }
}

Observability Stack — Modern Choices

Layer	Self-Hosted	Managed	Notes
Metrics	Prometheus + Grafana	Datadog, CloudWatch	PromQL standard
Logs	Loki + Grafana	Datadog, Elastic, CloudWatch	LogQL = PromQL for logs
Traces	Tempo + Grafana	Jaeger, Zipkin, Honeycomb	TraceQL emerging
Profiles	Pyroscope + Grafana	Datadog, AWS CodeGuru	Continuous profiling
Alerting	Alertmanager + PagerDuty	Opsgenie, VictorOps	Alert routing

OpenTelemetry — The Universal Standard

# Python auto-instrumentation (zero code changes)
# pip install opentelemetry-distro opentelemetry-exporter-otlp
# opentelemetry-bootstrap -a install
# OTEL_PYTHON_TRACER_PROVIDER=otel OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4317 python app.py

# Manual instrumentation for business logic
from opentelemetry import trace

tracer = trace.get_tracer(__name__)

@tracer.start_as_current_span("calculate_discount")
def calculate_discount(customer: Customer, cart: Cart) -> Money:
    span = trace.get_current_span()
    span.set_attribute("customer.tier", customer.tier)
    span.set_attribute("cart.total", float(cart.total()))
    # ... logic

// OpenTelemetry C++
#include <opentelemetry/trace/provider.h>
#include <opentelemetry/exporters/otlp/otlp_http_exporter_factory.h>
#include <opentelemetry/sdk/trace/simple_processor_factory.h>
#include <opentelemetry/sdk/trace/tracer_provider_factory.h>

using namespace opentelemetry::trace;
using namespace opentelemetry::sdk::trace;
using namespace opentelemetry::exporter::otlp;

void InitTracer() {
    auto exporter = OtlpHttpExporterFactory::Create(OtlpHttpExporterOptions{
        .endpoint = "http://localhost:4317/v1/traces"
    });
    auto processor = SimpleSpanProcessorFactory::Create(std::move(exporter));
    auto provider = TracerProviderFactory::Create(std::move(processor));
    Provider::SetTracerProvider(provider);
}

auto tracer = trace::Provider::GetTracerProvider()->GetTracer("my-service");

Money calculate_discount(Customer customer, Cart cart) {
    auto span = tracer->StartSpan("calculate_discount");
    auto scope = opentelemetry::trace::Scope(span);
    span->SetAttribute("customer.tier", customer.tier);
    span->SetAttribute("cart.total", cart.total());
    // ... logic
}

// OpenTelemetry Java
import io.opentelemetry.api.trace.*;
import io.opentelemetry.exporter.otlp.trace.OtlpGrpcSpanExporter;
import io.opentelemetry.sdk.trace.*;
import io.opentelemetry.sdk.trace.export.BatchSpanProcessor;

public class TracingConfig {
    public static void init() {
        var exporter = OtlpGrpcSpanExporter.builder()
            .setEndpoint("http://localhost:4317")
            .build();

        var processor = BatchSpanProcessor.builder(exporter).build();
        var provider = SdkTracerProvider.builder()
            .addSpanProcessor(processor)
            .build();

        GlobalOpenTelemetry.resetFor(
            OpenTelemetrySdk.builder()
                .setTracerProvider(provider)
                .buildAndRegisterGlobal()
        );
    }
}

// Usage
Tracer tracer = GlobalOpenTelemetry.getTracer("my-service");

@WithSpan("calculate_discount")
public Money calculateDiscount(Customer customer, Cart cart) {
    Span span = Span.current();
    span.setAttribute("customer.tier", customer.getTier());
    span.setAttribute("cart.total", cart.getTotal());
    // ... logic
}

// OpenTelemetry .NET
using OpenTelemetry;
using OpenTelemetry.Trace;
using OpenTelemetry.Exporter.OpenTelemetryProtocol;
using OpenTelemetry.Resources;
using OpenTelemetry.Instrumentation.AspNetCore;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddOpenTelemetry()
    .WithTracing(builder => builder
        .AddAspNetCoreInstrumentation()
        .AddHttpClientInstrumentation()
        .AddSource("MyApp")
        .SetResourceBuilder(ResourceBuilder.CreateDefault()
            .AddService("MyApp"))
        .AddOtlpExporter(options => {
            options.Endpoint = new Uri("http://localhost:4317");
        })
    );

// Usage
var tracer = TracerProvider.Default.GetTracer("MyApp");

using var span = tracer.StartActiveSpan("calculate_discount");
span.SetAttribute("customer.tier", customer.Tier);
span.SetAttribute("cart.total", cart.Total);
// ... logic

Local Development Environments

Tool	Approach	Best For
Docker Compose	Declarative services	Simple multi-service apps
Dev Containers	VS Code extension	Consistent team envs
Tilt	Live update + smart rebuild	Microservices dev loop
Skaffold	Build→deploy→port-forward	K8s-native dev
Garden	Stack graph + smart sync	Complex multi-env
Nix + direnv	Reproducible builds	Polyglot, hermetic

Architecture Decision Records (ADRs)

# docs/adr/001-use-postgresql.md

## Title: Use PostgreSQL as Primary Datastore

## Status: Accepted

## Context
We need a relational database for transactional data with complex queries.

## Decision
Use PostgreSQL 16+ with connection pooling (PgBouncer).

## Consequences
- ✅ ACID, rich data types, JSONB, full-text search
- ✅ Mature ecosystem, team familiarity
- ⚠️ Operational overhead (backups, vacuum, monitoring)
- ⚠️ Horizontal scaling requires read replicas/sharding

## Alternatives Considered
- MySQL — less advanced indexing, no JSONB parity
- CockroachDB — distributed SQL, higher latency
- DynamoDB — NoSQL, different access patterns

// docs/adr/001-use-postgresql.md

## Title: Use PostgreSQL as Primary Datastore

## Status: Accepted

## Context
We need a relational database for transactional data with complex queries.

## Decision
Use PostgreSQL 16+ with connection pooling (PgBouncer).

## Consequences
- ✅ ACID, rich data types, JSONB, full-text search
- ✅ Mature ecosystem, team familiarity
- ⚠️ Operational overhead (backups, vacuum, monitoring)
- ⚠️ Horizontal scaling requires read replicas/sharding

## Alternatives Considered
- MySQL — less advanced indexing, no JSONB parity
- CockroachDB — distributed SQL, higher latency
- DynamoDB — NoSQL, different access patterns

// docs/adr/001-use-postgresql.md

## Title: Use PostgreSQL as Primary Datastore

## Status: Accepted

## Context
We need a relational database for transactional data with complex queries.

## Decision
Use PostgreSQL 16+ with connection pooling (PgBouncer).

## Consequences
- ✅ ACID, rich data types, JSONB, full-text search
- ✅ Mature ecosystem, team familiarity
- ⚠️ Operational overhead (backups, vacuum, monitoring)
- ⚠️ Horizontal scaling requires read replicas/sharding

## Alternatives Considered
- MySQL — less advanced indexing, no JSONB parity
- CockroachDB — distributed SQL, higher latency
- DynamoDB — NoSQL, different access patterns

// docs/adr/001-use-postgresql.md

## Title: Use PostgreSQL as Primary Datastore

## Status: Accepted

## Context
We need a relational database for transactional data with complex queries.

## Decision
Use PostgreSQL 16+ with connection pooling (PgBouncer).

## Consequences
- ✅ ACID, rich data types, JSONB, full-text search
- ✅ Mature ecosystem, team familiarity
- ⚠️ Operational overhead (backups, vacuum, monitoring)
- ⚠️ Horizontal scaling requires read replicas/sharding

## Alternatives Considered
- MySQL — less advanced indexing, no JSONB parity
- CockroachDB — distributed SQL, higher latency
- DynamoDB — NoSQL, different access patterns

Security Tooling

Category	Tools	Purpose
SAST	Semgrep, CodeQL, SonarQube, CodeQL	Static analysis
SCA	Trivy, Grype, Syft, Dependabot, Renovate	Dependency scanning
Secrets	TruffleHog, GitLeaks, Gitleaks	Secret detection
Container	Trivy, Grype, Claw	Image scanning
Policy	OPA, Kyverno, Checkov	Policy as code

Documentation Stack

Purpose	Tools
API Docs	Swagger/OpenAPI, Redoc, Scalar
Architecture	Mermaid, Structurizr, PlantUML
Wiki/Knowledge	Notion, Obsidian, GitBook, Wiki.js
Diagrams	Mermaid, Excalidraw, PlantUML
API Catalog	Postman, Insomnia, Hoppscotch

Summary: Modern Engineering Stack (2024)

Category	Recommended Stack
Python	uv + ruff + mypy + pytest + hypothesis + mutmut + mkdocs
TypeScript	pnpm + Biome + TypeScript + Vitest + Playwright + Vite
Go	go mod + golangci-lint + testify + gotestsum
Rust	cargo + clippy + rustfmt + proptest + cargo-audit
Java	Gradle (Kotlin DSL) + SpotBugs + JUnit 5 + PITest
C#	dotnet CLI + dotnet format + xUnit + Stryker.NET
C++	CMake + vcpkg + clang-format/tidy + Catch2 + Mull
Infra	Terraform/OpenTofu + Pulumi + Terragrunt
K8s	Helm + Kustomize + ArgoCD/Flux + k9s
Observe	OpenTelemetry + Prometheus + Grafana + Tempo + Loki
CI/CD	GitHub Actions / GitLab CI / Buildkite + ArgoCD
Security	Trivy + Trivy + Cosign + OPA + Renovate
Package	uv / pnpm / Cargo / go mod / Maven / NuGet
Containers	Docker / Buildah / Kaniko / Podman
Docs	mkdocs / TypeDoc / cargo doc / docfx
Collab	GitHub/GitLab + Linear + Excalidraw + Mermaid

Philosophy: "The best tool is the one your team actually uses consistently." — Choose tools that reduce cognitive load, integrate well, and have active communities. Standardize on a core stack, but allow exceptions with architectural review.