Skip to content

[1.0.1][Reliability+Security] Harden RabbitMQ queue durability, ack strategy, and credentials (go-api) #97

New issue
New issue
Open
Open
[1.0.1][Reliability+Security] Harden RabbitMQ queue durability, ack strategy, and credentials (go-api)#97
@0sm0s1z

Description

@0sm0s1z
0sm0s1z
opened on Feb 19, 2026

Summary

go-api queue client currently uses non-durable queues, auto-ack consumption, and hardcoded guest:guest broker URL defaults.

Why this matters

  • non-durable + auto-ack can lose critical messages on broker/service interruptions
  • hardcoded default credentials are unsafe and non-production compliant

Evidence

In minor-projects/go-api/sirius/queue/queue.go:

  • SIRIUS_RABBITMQ = "amqp://guest:guest@sirius-rabbitmq:5672/"
  • QueueDeclare(... durable=false ... )
  • Consume(... autoAck=true ... )

Expected behavior

  • production queues for critical workflows are durable
  • consumers use explicit ack/nack strategy where required
  • broker URL/credentials come from environment and are validated

Proposed fix

  1. Replace hardcoded RabbitMQ URL with required env-configured value.
  2. Support durable queue declaration for production-critical routes.
  3. Move critical consumers to manual ack/nack + retry policy.
  4. Add dead-letter queue guidance/config for failed message handling.
  5. Add tests to validate durability/ack behavior and env validation.

Acceptance criteria

  • No hardcoded default broker credentials in production path.
  • Critical queues are durable in production config.
  • Critical consumers do not rely on auto-ack.
  • Retry/dead-letter behavior documented and validated.
  • Queue behavior tests cover reconnect + ack failure scenarios.

Release target

1.0.1 security/reliability hardening

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions