In modern backend architecture, building an API that simply "works" is no longer enough. To compete at the highest level, you must build systems that are resilient, stateless, and capable of defending themselves against massive scale.
Recently, I embarked on a journey to engineer the ArogyaDoot Guardian - a high-performance Spring Boot microservice designed as an unbreakable shield for central API ecosystems. Here is the technical breakdown of how I leveraged distributed state and atomic operations to eliminate bot spam and prevent AI compute runaway.
1. The Atomic Gatekeeper: Zero-Race-Condition Concurrency
The most brutal test for any API is the Spam Test: 200 concurrent bot requests hitting a single post at the exact same millisecond.
Standard application-level checks fail because they are prone to race conditions. To solve this, I moved the intelligence directly to the data layer using Redis Lua Scripts. By executing the logic on the Redis server itself, we ensure that the check-and-increment operations happen in a single, uninterruptible trip. This guarantees that we stop at exactly 100 bot replies - providing absolute accuracy regardless of how many thousands of requests are fired in parallel.
2. Multi-Dimensional Guardrails: Horizontal, Vertical, and Time
Safety in this system is three-dimensional:
- Horizontal Cap: Exactly 100 bot interactions per post.
- Vertical Cap: Recursive depth protection that rejects any comment thread deeper than 20 levels, preventing memory exhaustion and UI breakage.
- Cooldown Cap: A 10-minute interaction lock between specific bots and humans, implemented via Redis TTL (Time-To-Live) keys.
3. Real-Time Virality Calculation
We treated virality as a living metric. Every interaction - be it a Bot Reply, a Human Like, or a Human Comment - is instantly calculated and indexed in Redis. By assigning weighted scores (+1, +20, and +50), the system can determine the heat of any post in microseconds without touching the main database, ensuring the core remains responsive even during viral surges.
4. Intelligent Notification Batching: The CRON Sweeper
User engagement can be destroyed by notification spam. To solve this, I engineered a Throttler and Buffer model.
- Direct delivery only happens if the user hasn't been notified in the last 15 minutes.
- All other notifications are buffered into a Redis List.
- A Spring @Scheduled task runs every 5 minutes to sweep the buffer, summarize the activity (example: "Bot X and 5 others interacted with your post"), and clear the queue. This provides a clean, human-centric user experience.
5. Stealth Auditing: The Power of Aspect-Oriented Programming (AOP)
One of the most unique features of this project is the AuditAspect. Instead of cluttering the business logic with logging code, I used AOP to create an invisible security layer. This aspect intercepts every guardrail hit and automatically logs it as a Security Threat event. This separation of concerns ensures that the code remains pristine while the security team gets a perfect audit trail.
6. Hardening for the Cloud: Multi-Stage Docker
Professional engineering doesn't stop at the code level. I designed an Optimized Multi-Stage Dockerfile using Eclipse Temurin 17.
- The build happens in a heavy Gradle container, but the final runtime is a lightweight, secure JRE image.
- For maximum security, the container runs as a non-root user, and standard JVM container-aware flags ensure the memory footprint is perfectly tuned for environments like Kubernetes or Google Cloud Run.
The Verdict
Engineering the ArogyaDoot Guardian was a masterclass in distributed state management. By combining the speed of Redis with the robustness of Spring Boot 3.x, we created a system that is not only high-performing but truly resilient.
The results speak for themselves: Under massive parallel load, the guardrails held firm, the logs captured every threat, and the database remained the pristine source of truth.
The Guardian is live. The competition is over.
Visit = (https://github.com/Rahulatram321/Core-API-Guardrails.git)
Top comments (0)