Articles
🔍 Anti-patterns in event modelling - Passive-Aggressive Events
Frames "Passive-Aggressive Events" as an event-modelling anti-pattern and shows when to use commands, documents, or events. Recommends explicit coordinators (sagas/process managers) for critical, blocking flows, separating non-critical event broadcasts, and improving observability and module autonomy.
🔍 Building Enterprise-Grade IAM (Part 2: The Gatekeeper)
Presents a production Apigee + OpenFGA + Auth0 authorization pattern for multi-tenant APIs with measured latency: 5ms JWT validation, 8ms OpenFGA policy check, ~122ms total. The x-service-id header pattern lets new services onboard by adding permission mappings as data in a key-value map rather than modifying IAM code—enforcing a clean separation where Apigee determines what permissions are required and OpenFGA determines who has them.
🔍 Event-Driven Architecture on Azure vs AWS: Service Bus vs SNS/SQS
Provides a pragmatic side-by-side of Azure Service Bus vs AWS SNS+SQS for enterprise event-driven architecture, including production-grade Terraform and Bicep, identity and DLQ best practices, ordering/throughput trade-offs, and a seven-point operational checklist to apply when choosing Standard vs Premium/FIFO.
🔍 From MCP to CLI: A Paradigm Shift in Enterprise-Grade AI Agent Architecture
Proposes Router CLI as a token-efficient alternative to pre-declaring all MCP tools in context: the agent receives a single entry-point command (~10 tokens) and lazy-loads sub-command documentation (~50 tokens per module) on demand during execution. Adds pipeline chaining for multi-step determinism and positions the pattern as a scalable tool-discovery path for enterprise microservice arrays where declaring 47+ tools upfront saturates the context window.
🔍 From Identity Vacuum to Identity Driven Access Control: Securing LLM Agents in the Enterprise
Addresses the agent identity problem by passing user OIDC Bearer tokens (Keycloak + PKCE, groups claims) through the MCP Client to Neo4j MCP Server via HTTP transport, so the database enforces its native fine-grained RBAC rather than relying on static service accounts. Demonstrates property-level restrictions layered on label-based access tiers (Confidential, Internal, External) with concrete before/after response comparisons showing what each role can and cannot see.
🔍 gRPC Interceptors in Production: Design Patterns That Survive Real Load
Shows production-hardened patterns for gRPC interceptor composition: order observability→rate-limit→auth→validation→retry→context, keep one concern per interceptor, wrap ServerStream for per-message visibility, and integration-test chains with bufconn. Includes code snippets and operational caveats for reliable RPC services.
🔍 How We Upload Multi-GB Files via REST (Without Blowing Up Memory)
Presents a production-ready stream-oriented REST upload pipeline that processes multi-GB payloads with constant memory. Key contributions: a ValidationTeeStream that feeds a background validator for fail-fast structural checks and record counting, transparent streaming encryption via a cipher wrapper, and a bounded parallel multipart upload with backpressure to cap in-memory parts. Includes pseudocode, memory accounting, failure/abort semantics, and performance figures.
🔍 Methods to design backward-compatible APIs when mobile clients upgrade on dinosaur time
Consolidates pragmatic methods for backward-compatible APIs targeting slow-upgrading mobile clients: tolerant Jackson deserialization and defaulting, enum fallbacks with instrumentation, header-based routing filters, adapter/gateway transformation patterns, Protobuf UnknownFieldSet monitoring, streaming parsing to reduce GC, and contract tests plus runtime metrics. Emphasizes latency/CPU trade-offs and provides an operational checklist for deprecation and safe removals.
🔍 Outbox Pattern in Postgres, End to End: Producer, Relayer, Consumer
Provides a runnable, production-ready Postgres transactional outbox: small pending-only table with partial index, producer that writes business row and outbox row in one transaction, a relayer using SELECT ... FOR UPDATE SKIP LOCKED to claim and publish batches keyed by aggregate_id, and an idempotent consumer that records processed event IDs. Includes practical failure modes (reordering, dispatch lag, stuck rows, table bloat) and operational mitigations.
🔍 Saga Compensation for a Payments Flow That Actually Unwinds
Presents an orchestrator-based saga for a payments flow that guarantees unwindable compensations by persisting per-step idempotency keys before calls, recording completed steps, running compensations in reverse with their own persisted keys, and surfacing unrecoverable compensations as a STUCK state. Includes Python state-machine code and Postgres JSONB storage guidance for production-ready reliability.
🔍 The Gateway Timeout Nobody Warned Us About
Case study of a 504 gateway timeout and a production-ready async redesign: replace synchronous bulk download with a submit-and-poll pattern using Spring Boot @async and a dedicated ThreadPoolTaskExecutor, durable job state (Redis), and presigned S3 for final delivery. Emphasizes checking worst-case processing time, gateway/client timeouts, and thread-pool isolation—especially when code is AI-generated and lacks infrastructure context.
🔍 The Ridiculous State of Enterprise Integration Architecture: API Gateways, IoT, and LLM — A…
DDCR (Domain-Driven Centric Router) is a policy pattern that replaces per-backend proxy proliferation with a single domain-indexed API façade. Consumers use semantic URLs (e.g., /sales/orders/create/salesforce); the gateway normalizes the action, builds a deterministic key, performs an O(1) lookup in a metadata store, and dispatches to the resolved backend. The author supplies multi-platform policy code, canonical action maps, and measured POC performance; the pattern is implementation-ready for enterprise APIM platforms but remains a proof-of-concept pending production validation.
🔍 Which Rate Limit Algorithm for My Product?
Author compares Fixed Window, Sliding Window variants, Token Bucket, Leaky Bucket, and GCRA, and recommends a hybrid: Fixed Window for monthly quotas and Token Bucket (implemented with atomic Redis Lua ops) for per-second throttling. The piece gives practical storage-cost estimates, header mappings, retry semantics, and operational reasons (debuggability, industry expectations) guiding the choice.
Apache Kafka
🔍 Apache Kafka® 4.1.0: Advancing Queues and rack-aware rebalancing returns
Covers Kafka 4.1.0 GA: KIP-1101 re-enables rack-aware partition rebalancing via the next-gen consumer rebalance protocol with configuration examples and a server-side ConsumerGroupPartitionAssignor sample (plus simulation results), and reports KIP-932 (Queues for Kafka) moving from early access to preview—practical guidance for designers of multi-rack/AZ streaming architectures.
🔍 Automating Kafka Cluster Management with Cruise Control
Practical guide to deploying LinkedIn's Cruise Control for automated Kafka partition rebalancing: configures the full default.goals priority chain (replica/disk/network/CPU capacity → distribution → leader goals), demonstrates the always-dry-run-first discipline with curl-based API workflows, and provides broker-level diagnostic commands to verify the three internal Cruise Control topics are healthy before committing a live rebalance.
🔍 Building a 5000+ Notifications/sec Event Pipeline with Kafka & Distributed Idempotency
Practical rearchitecture of a high-throughput notifications pipeline: the author details Kafka partitioning by userId to hit 5k+ notifications/sec, consumer isolation with DLQs and Resilience4j-style circuit breakers, and a two‑barrier idempotency pattern (Redis for fast dedupe, PostgreSQL for durability) with code samples and production metrics showing latency and incident reductions.
🔍 Building a Zero-Loss Kafka Consumer with Spring Kafka Retryable Topics
Production case study of a stateless Kafka adaptor that bridges async Kafka to a synchronous legacy system incapable of native Kafka consumption due to threading architecture constraints. Uses @RetryableTopic with blocking retries and a two-barrier idempotency pattern. Honest about the core architectural tension—Kafka is asynchronous while the downstream is synchronous and deterministic—and explains when a bridging adaptor is the correct architectural choice rather than a workaround.
🔍 Event-Driven Agents: Why Direct CDC Just Killed the Kafka-Debezium-Kafka Stack
Argues that tools like Apache Flink CDC 3.6.0 and DBConvert Streams 2.0 make the classic three-hop DB → Debezium → Kafka → processor stack unnecessary for agent-centric architectures, reducing it to a two-hop DB → CDC reader → processor with 100–300ms lower latency. Provides a clear decision framework: use direct CDC for greenfield, single-pipeline, latency-sensitive agent architectures; keep Kafka for multi-consumer fan-out, cross-org event sharing, and long-retention archives. The tradeoff is operational simplicity vs. flexibility — direct CDC is a single-pipeline optimization, not a general Kafka replacement.
🔍 Guaranteed Message Ordering in Apache Kafka: What It Really Takes in Production (Spring Boot)
Provides a production-ready blueprint for strict Kafka ordering: use stable partition keys, enable idempotence and acks=all with conservative max.in.flight, disable auto-commit and use AckMode.RECORD, constrain consumer concurrency (one thread per partition), use CooperativeStickyAssignor and static group membership, choose blocking retries or pause+DLT for failures, implement idempotency/sequence numbers, and instrument lag/offset gaps for alerts.
🔍 NOT_LEADER_OR_FOLLOWER : Kafka Error That Had Nothing to Do With Kafka
When Confluent Enterprise clusters use Private Service Connect, multiple broker hostnames resolve to the same IP and routing depends on TLS SNI. OpenResty/Nginx connection pools keyed by resolved IP can therefore reuse connections with the wrong SNI, causing brokers to receive produces for partitions they do not lead and return NOT_LEADER_OR_FOLLOWER. The post details diagnosis, reproducing logs, and the fix: pass a hostname-based pool key to sock:connect so pooled TLS connections preserve the intended broker SNI.
🔍 One-shotting a Diskless Kafka in Python
Practical build of a diskless, leaderless Kafka in Python: the author implements StreamNative's leaderless-log-protocol using Oxia for offset sequencing, writes mixed-partition WAL blobs to S3, and describes a compactor that merges sparse index entries into per-partition compacted files. Includes failure-safe CAS sequencing, byte-range read/index mapping, measured throughput/latency tradeoffs, performance tuning steps, and a public repo for reproduction.
Azure
🔍 Event Debouncing with Logic Apps and Azure Table Storage
Describes an enterprise-ready event-debouncing pattern: ingest webhook bursts via a Logic App HTTP trigger that upserts one row per entity into Azure Table Storage (dedupe index), a timer-driven Logic App dispatches pending rows after a debounce window, and a processing workflow fetches authoritative state before calling downstream APIs. Includes schema, state transitions, scaling trade-offs, and when to prefer brokers like Service Bus.
🔍 Liquid Templates in Azure Logic Apps: What They Are and Why They Matter
Walks through DotLiquid templates in Azure Logic Apps Standard (DotLiquid 2.0.361), calling out non-obvious production pitfalls—sentence-cased filters, integer truncation, .NET date formatting, missing filters, and the wrapped input ('content'). Includes code samples and a real B2B sales-order transform, making it a practical, implementation-focused reference for integration engineers building Logic Apps transformations.
🔍 Running Azure Logic Apps Standard on Azure Container Apps
Practical guide to deploying Logic Apps Standard as a Docker container on Azure Container Apps (ACA) instead of an always-on App Service plan, using Bicep for infrastructure provisioning and pinning exact image digests to avoid stale revisions. Covers the built-in connector boundary (Azure Blob, Queue, Service Bus, Event Hubs, HTTP, OpenAI, AI Search — no extra OAuth setup), agentic workflow support (LLM calls, RAG pipelines, tool-use loops) out of the box, and hard limits to know before choosing ACA over App Service Standard.
Debezium
🔍 Overcoming Oracle CDC Replication Lag Through Collaboration
This Debezium case study shows how truncate-and-load staging generated hundreds of millions of redo inserts that crippled Oracle LogMiner-based CDC. The authors used V$LOGMNR_CONTENTS to pinpoint top tables by redo count, then collaborated with DBAs to replace materialized-view truncate-and-load with an external table and a MERGE-based ingestion (ROW_NUMBER dedupe). Result: orders-of-magnitude reduction in redo events and sustained LogMiner lag improvement.
🔍 Zero-Loss Architecture: Tableless Outbox Pipeline on PostgreSQL and Kafka Under High Loads
Presents a production-ready tableless outbox pattern: emit events directly to PostgreSQL WAL via pg_logical_emit_message, filter and parse them with a tuned Debezium connector and a low-GC SMT, protect WAL disk with heartbeat queries and max_slot_wal_keep_size, and enforce strict ordering with blocking retries plus DB-level idempotency. Useful for architects building zero-loss CDC pipelines under extreme load.
Kong
🔍 The consequences of an insecure KongAPI Gateways: A virtual lab exploring security…
Demonstrates an end-to-end exploit chain against Kong Gateway combining CORS origin reflection, an internet-accessible unauthenticated admin API, and enabled Lua FFI to achieve browser-triggered RCE. Includes request/response examples, config snippets, Kong-version behavior, and practical mitigations: restrict admin_listen to localhost or firewall it, whitelist CORS origins, and keep untrusted_lua off.
MuleSoft
🔍 AI-Generated DataWeave in MuleSoft: Production Failure Modes and How to Make It Safe
Examines failure modes of AI-generated DataWeave in MuleSoft—unsafe nulls, type coercion, semantic drift, memory-heavy transforms, and non-idempotent changes—and prescribes concrete, production-ready guardrails: centralized defensive utils, pre-transform contract validation, MUnit/CI gating with large-payload tests, shadow runs and controlled rollouts. Offers code examples and an incremental migration checklist for safely adopting AI-assisted transforms.
🔍 From API to MCP Server: Reverse-Engineering MuleSoft MCP Bridge on Flex Gateway
Practical reverse-engineering of MuleSoft's MCP Bridge: the author traces the browser HAR to map Exchange GraphQL discovery, spec reads, the multipart Exchange publish (mcp-metadata.json), and the API Manager POST that deploys an MCP-backed Flex Gateway instance. Includes representative endpoints, payloads, routing/policy configuration examples, deployment failure cause (path collisions), and a repeatable automation workflow to publish and deploy MCP assets from existing governed APIs.
🔍 MuleSoft Case Study — When Building a Custom Policy for Flex Gateway Outweighs the Necessity
Practical MuleSoft case study evaluating when to avoid a Rust/WASM custom Flex Gateway policy and instead implement routing in the Mule app. The article supplies RAML examples, DataWeave configuration and functions, and a flow that rewrites HttpRequestAttributes to return 308 redirects or route to APIKit-backed endpoints—useful for architects weighing governance, TCO, skills, and risk when integrating legacy RPC/XML platforms.
🔍 Using MuleSoft APIs in Agentforce: A Developer Guide for Clean OpenAPI Contracts
Actionable guide for designing MuleSoft APIs as clean agent interfaces for Salesforce Agentforce. Presents a MuleSoft-as-orchestration pattern, precise OpenAPI schema examples, DataWeave normalization snippets, JSON error/response contracts, and operationId/tagging rules so Agentforce-generated actions are predictable and safe. Useful for integration architects exposing APIs to conversational or platform-driven agents.
RabbitMQ
🔍 Upgrading RabbitMQ from v3 to v4 on Kubernetes: A Blue/Green Migration Guide with the RabbitMQ…
Hands-on blue/green migration for RabbitMQ v3 to v4 on Kubernetes: deploy a parallel v4 cluster with the Cluster Operator, use bidirectional queue federation to bridge traffic during migration, and shift clients via Istio TCP VirtualService. The guide supplies operator CRDs, federation and policy YAML, and highlights critical client changes (frame_max minimum and removal of classic mirroring) and mesh routing pitfalls to ensure zero-downtime cutover.
SAP
🔍 Integration Guardrails are more than Integration Patterns of the Composable Business
Argues that integration guardrails define the non-negotiable boundaries within which composable business architecture operates—distinct from, and superseding, integration patterns alone. Covers the key guardrail dimensions: decoupled/loosely-coupled integrations, standard-APIs-first, and governance principles that span architecture, delivery, and leadership layers, positioning guardrails as the constraint layer that makes composable resilience achievable in practice.
Releases
🚀 Kong Gateway 3.14
Kong Gateway 3.14 adds native OAuth 2.0 Token Exchange (RFC 8693) in the OIDC plugin—the gateway accepts an inbound token, re-issues a scoped token for each downstream service without touching upstream code, keeping credentials out of application logic with centrally governed rotation. New WebSocket metrics (active connections, disconnects, handshakes/min, handshake failures/min) provide real-time visibility for WebSocket and AI-driven workloads. Additional simplified security and policy management capabilities round out this GA minor release.
🚀 NATS Server 2.14
NATS Server 2.14 delivers several enterprise-grade JetStream enhancements: fast batch publish for high-throughput, flow-controlled ingest with gap semantics; server-side recurring schedules and scheduled subject sampling for server-side downsampling; durable consumers for reliable WorkQueue/Interest sourcing and mirroring; plus leafnode remote config reload, deduplication tweaks, and EOB commit support—improving throughput, reliability, and operational flexibility for message-driven architectures.
🚀 RabbitMQ 4.3
RabbitMQ 4.3 introduces substantive broker changes: quorum queues gain 32 strict priorities, internal delayed-retries and unlimited returns, and per-queue consumer timeouts; Khepri replaces Mnesia as the sole metadata store; AMQP 1.0 gains richer rejection and activity signals. VMware Tanzu RabbitMQ adds JMS queue semantics, a Spark connector, a Stream Browser, and an enterprise-grade message scheduler.
Top comments (0)