Related: README | Architecture | Security | Local Development
These notes describe the runtime shape the repository is designed for. They are intentionally operational and implementation-grounded, not cloud-vendor specific.
| Deployable | Purpose |
|---|---|
| API service | Handles HTTP ingress, management queries, and replay initiation |
| Worker service | Consumes replay and process queues, performs delivery attempts, and schedules retries |
| PostgreSQL | Durable state for integrations and event history |
| Redis | Ephemeral coordination state |
| RabbitMQ | Async transport for process, retry, and replay messages |
The API and worker should be deployed as separate long-running processes that share the same PostgreSQL, Redis, and RabbitMQ dependencies.
The repository ships one Node-based container image and runs different commands per role:
| Role | Runtime command |
|---|---|
| API | node dist/api/server.js |
| Worker | node dist/worker/worker.js |
| Migration job | npm run db:migrate |
| Seed job for local/demo environments | npm run db:seed |
The Dockerfile builds TypeScript during image creation and runs compiled output from dist/.
- Provision or verify PostgreSQL, Redis, and RabbitMQ.
- Run database migrations before deploying new API or worker revisions.
- Start or roll the API service.
- Start or roll the worker service.
- Confirm health, queue connectivity, and callback reachability.
In local Compose, the migrator service runs before the API and worker start.
| Configuration group | Examples |
|---|---|
| HTTP runtime | APP_HOST, APP_PORT, LOG_LEVEL |
| PostgreSQL | DATABASE_URL, DB_MIGRATIONS_TABLE |
| Redis | REDIS_URL, WEBHOOK_RATE_LIMIT_PER_MINUTE, IDEMPOTENCY_TTL_SECONDS, PROCESSING_LOCK_TTL_SECONDS |
| RabbitMQ | RABBITMQ_URL, RABBITMQ_PROCESS_QUEUE, RABBITMQ_RETRY_QUEUE, RABBITMQ_REPLAY_QUEUE |
| Processing policy | MAX_PROCESSING_RETRIES, RETRY_BASE_DELAY_MS |
| Management access | MANAGEMENT_API_KEY |
| Topic | Current design note |
|---|---|
| Horizontal scaling | API replicas are straightforward; worker replicas rely on Redis locks and queue competition |
| Retry behavior | Queue-native delay through RabbitMQ TTL and dead-letter routing |
| Failure recovery | Replay endpoint allows controlled reprocessing of persisted events |
| Backups | PostgreSQL should be backed up as the source of truth for event history |
| Queue durability | RabbitMQ queues are durable and messages are published as persistent |
| Health checks | The health endpoint validates PostgreSQL, Redis, and RabbitMQ connectivity |
- No Kubernetes manifests, Helm charts, or Terraform are included.
- No dead-letter inspection or queue-recovery tooling is implemented yet.
- No external scheduler is required for retries because delay is modeled inside RabbitMQ.
- The internal delivery sink is a local and test helper, not a production callback target.
Use these notes together with architecture.md and security.md when evaluating how the repository would evolve into a larger deployment.