System Design Intermediate

Message Queue Components Explained — Producers, Brokers, Consumers and Beyond

📅 March 05, 2026 ⏱ 7 min read 🎯 Intermediate

Where developers are forged. · Structured learning · Free forever.

📍 Part of: Components → Topic 5 of 18

Master message queue architecture: deep dive into producers, brokers, consumers, and Dead Letter Queues (DLQ) with production-grade Java examples and system design patterns.

⚙️ Intermediate — basic System Design knowledge assumed

In this tutorial, you'll learn

Master message queue architecture: deep dive into producers, brokers, consumers, and Dead Letter Queues (DLQ) with production-grade Java examples and system design patterns.

Producers fire-and-forget — they hand the message to the broker and return immediately. This latency independence between services is the core architectural benefit, and it is why message queues are the first tool experienced engineers reach for when synchronous coupling creates reliability problems.
The acknowledgement model is your delivery guarantee: only ack after all side effects succeed and are committed to durable storage. Use nack with requeue=False for permanent failures to route to the DLQ. Auto-ack is a data loss mechanism with no legitimate use in any consumer that does real work.
Queue means one consumer gets the message — correct for tasks. Topic or fanout means every subscriber gets the message — correct for domain events. Choose based on whether multiple downstream services need to react to the same event, not based on expected volume.

✦ Plain-English analogy ✦ Real code with output ✦ Interview questions

⚡Quick Answer

A message queue decouples services by letting a producer drop a message and move on — the consumer picks it up whenever it's ready, regardless of whether the producer is still running
Producers serialize and publish; brokers store and route; consumers process and acknowledge — these three form the core pipeline and each has independent failure modes
Ack after success, Nack with requeue=False to route poison messages to the DLQ — never requeue a message that will never succeed
RabbitMQ deletes messages after ACK (work queue model); Kafka retains them as an immutable, time-ordered log (streaming model) — the architectural difference is significant, not cosmetic
Prefetch count = 1 prevents one fast consumer from hoarding all in-flight messages while slower consumers sit idle with nothing to process
The biggest trap: auto-ack means the broker deletes the message the instant it is delivered, before your code does anything — a crash mid-processing loses it permanently with zero trace

🚨 START HERE

Message Queue Quick Debug Cheat Sheet

Immediate diagnostic commands when message queue processing breaks in production.

🟡Queue depth growing — consumers not draining despite appearing to run

Immediate ActionCheck consumer count, prefetch settings, and unacknowledged message count on the queue

Commands

docker exec forge-rabbitmq rabbitmqctl list_consumers

docker exec forge-rabbitmq rabbitmqctl list_queues name messages messages_unacknowledged consumers

Fix NowIf consumers=0, the consumer process crashed — restart it and check logs for the crash reason. If messages_unacknowledged is high and growing, a consumer is stuck holding messages it received but cannot process — check for deadlocks, slow DB queries, or blocked external calls.

🟠Poison message looping — same message reprocessed hundreds of times, consumer CPU spikes

Immediate ActionVerify the nack call is using requeue=False and messages are routing to DLQ

Commands

docker exec forge-rabbitmq rabbitmqctl list_queues name messages_ready messages_unacknowledged

docker logs forge-rabbitmq --tail 200 | grep -i 'dead'

Fix NowIf messages_ready stays constant while messages_unacknowledged cycles, a poison message is looping. Temporarily pause the consumer using the management UI, inspect the message payload in the queue, fix the consumer nack logic to use requeue=False, then restart. Do not purge without examining the payload first.

🟡Messages published successfully — producer logs confirm — but consumer receives nothing

Immediate ActionVerify the routing key on the producer and the binding pattern on the consumer match exactly

Commands

docker exec forge-rabbitmq rabbitmqctl list_bindings

docker exec forge-rabbitmq rabbitmqctl list_queues name messages

Fix NowIf the queue shows 0 messages but the producer confirms publish, the messages are being routed to a different queue or dropped at the exchange level because the routing key does not match any binding. Check that the producer routing key matches the consumer binding pattern character for character — a trailing dot or typo is the most common cause.

Production IncidentThe Double-Charge Incident: auto-ack Deleted the Payment Message Before Processing CompletedA payment consumer used auto-ack. The consumer received the charge message, called the payment gateway successfully, but crashed mid-database-write. The broker had already deleted the message on delivery. No retry occurred. The team discovered the issue only when customers reported missing order confirmations — the charge went through but the order was never created.

SymptomCustomer support receives a spike in 'charged but no order created' tickets within hours of a deployment. Payment gateway logs show successful charges for the affected customers. Application logs show the consumer received the messages but have no log entries for the order creation step. The message queue management dashboard shows zero unacknowledged messages in the queue — which looks healthy but is actually the problem.

AssumptionThe payment gateway must have returned an error that the code did not handle properly. The team suspects the message was retried and a second attempt created an order without a corresponding charge, or that the message was dropped in network transit. Two engineers spend four hours investigating the gateway integration before anyone looks at the ack configuration.

Root causeThe consumer was configured with auto_ack=True. RabbitMQ deleted every message the instant it was delivered to the consumer channel — before the consumer confirmed that the payment gateway call AND the database write both succeeded. The consumer process hit an OutOfMemoryError during the database connection pool exhaustion that followed a slow migration deployed the same day. The OOM killer terminated the process. The message was already gone from the broker. No retry, no DLQ entry, no trace anywhere in the system except a successful gateway log and a missing order.

Fix1. Switched to manual acknowledgement: channel.basicConsume(QUEUE_NAME, false, deliverCallback, cancelCallback) — the false is the critical parameter. 2. Moved the channel.basicAck() call to after both the payment gateway response is received AND the database transaction commits successfully. 3. On any exception, call channel.basicNack(deliveryTag, false, false) to route the message to the DLQ rather than requeuing it. 4. Added an idempotency check using the event_id against a processed_events table before calling the gateway — if the event_id already exists, skip processing and ack. 5. Set a DLQ depth alert at depth greater than 0 that pages the on-call engineer immediately.

Key Lesson

Auto-ack is a data loss mechanism disguised as a convenience feature — it has no legitimate use case in any consumer that performs meaningful workManual ack must happen only after the entire business transaction completes — after the database commit, not after the message is received and certainly not before calling external servicesEvery consumer that calls a payment gateway or any non-idempotent external system must check an event_id deduplication table before acting — at-least-once delivery is guaranteed, which means duplicates will happenA DLQ without depth alerting is a graveyard — set the threshold at greater than zero, not at some arbitrary number you will never reach until something is seriously brokenOOM kills are silent — the consumer can die between a gateway call and a database commit with zero application log output, which is why the ack position matters more than good exception handling

Production Debug GuideSymptom to Action mapping for common MQ failures in production

Messages disappearing without a trace — no errors in consumer logs, no messages in DLQ, queue shows zero depth→Check if auto_ack is enabled on the consumer. If true, the broker deletes messages on delivery regardless of processing outcome and there will be no record of the failure anywhere. Switch to manual ack immediately and redeploy. Then audit whether any messages were lost and need manual recovery.

Queue depth growing steadily while consumers report low CPU and appear to be running normally→Check prefetch_count. If unset, RabbitMQ uses an unbounded prefetch and may be delivering hundreds of messages to one consumer while others sit idle with nothing to process. Set channel.basicQos(1) to enforce fair dispatch. Also check for slow downstream dependencies — a consumer that spends 30 seconds waiting on a database call can appear healthy while the queue backs up behind it.

Same message processed ten or more times in rapid succession — duplicate charges, duplicate emails, duplicate inventory decrements→Check if requeue=True is being used on nack. A poison message gets requeued and redelivered immediately in an infinite loop that looks like high throughput but is actually a single message being hammered. Change to requeue=False to route to DLQ. Also verify the consumer has idempotency checks in place — even after fixing the nack, at-least-once delivery means duplicates will arrive eventually through normal retry flows.

Consumer connection drops silently — no crash, no exception thrown, messages simply stop flowing and the consumer appears healthy→Check TCP keepalive settings and heartbeat configuration. RabbitMQ defaults to a 60-second heartbeat. If a network device drops the connection without sending a TCP RST, the broker waits indefinitely for the next heartbeat while the consumer has no idea the connection is gone. Lower heartbeat to 10 to 30 seconds and add connection recovery listeners. Use the AMQP client's built-in automatic recovery where available.

DLQ depth spikes immediately after a deployment — dozens of messages arrive in the DLQ within the first few minutes→Check for schema changes or serialization version mismatches between the new consumer and messages already in the queue. A new consumer that cannot deserialize the old message format will nack every message in the queue. Roll back the consumer deployment first, drain the DLQ manually while examining the message payloads, then redeploy with backward-compatible deserialization before cutting over fully.

Modern software systems are rarely a single monolith running by itself. They are a constellation of services — payments, notifications, inventory, analytics — all needing to communicate. When service A calls service B synchronously and B is slow, A slows down too. When B crashes, A crashes or returns an error to the user. That tight coupling is a hidden time bomb in nearly every high-traffic system, and message queues are the first tool experienced engineers reach for.

A message queue solves one fundamental problem: it lets two services communicate without either needing to know the other's current availability or processing speed. The sender drops a message into the queue and moves on immediately. The receiver picks it up whenever it is ready. This tiny architectural shift unlocks fault tolerance, horizontal scalability, and independent deployability — the three properties every distributed system must eventually achieve.

By the end of this guide you will understand every moving part inside a message queue system — producers, brokers, queues versus topics, consumers, consumer groups, acknowledgements, and dead-letter queues — well enough to design one from scratch on a whiteboard, explain the trade-offs clearly under interview pressure, and avoid the subtle bugs that trip up engineers who only understand the happy path.

In 2026, message queues underpin everything from payment processing to LLM inference pipelines. The fundamentals have not changed, but the operational expectations have — consumers are expected to be idempotent by default, DLQs are expected to have alerting from day one, and the choice between RabbitMQ and Kafka is increasingly driven by replay requirements rather than throughput alone.

The Producer — Implementing Reliable Event Egress

The producer is the entry point for all data entering your distributed system, and its reliability story is more nuanced than most tutorials suggest. A producer that simply calls publish and moves on is adequate for logging and analytics. A producer handling payment events, order creation, or anything with financial or regulatory consequences needs to think carefully about three things: persistence, confirmation, and the atomicity gap between a database write and a queue publish.

Persistence is about what happens when the broker restarts. A non-durable message lives only in memory — broker restart, message gone. For anything that matters, use delivery mode 2 (persistent), which tells the broker to flush the message to disk before acknowledging receipt. The trade-off is disk I/O on every publish, which reduces maximum throughput but eliminates the silent data loss vector.

Confirmation is about knowing the broker actually received the message. The standard publish call is fire-and-forget — if the network drops between publish and the broker's internal receipt, you never know. Publisher confirms enable an ack back from the broker to the producer. This adds latency per message but gives you a guarantee that the message is in the broker's hands.

The atomicity gap is the hardest problem. If your producer writes a row to Postgres and then publishes an event to RabbitMQ, there is a window where the database write succeeds but the queue publish fails — or the process is killed between the two operations. The downstream services never learn that the order exists. The Outbox pattern closes this gap by writing the event into a table inside the same database transaction, with a separate polling process handling the actual publish to the queue.

OrderProducer.java · JAVA

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104

package io.thecodeforge;

import com.rabbitmq.client.Channel;
import com.rabbitmq.client.Connection;
import com.rabbitmq.client.ConnectionFactory;
import com.rabbitmq.client.MessageProperties;
import com.rabbitmq.client.ConfirmListener;
import java.nio.charset.StandardCharsets;
import java.util.UUID;
import java.util.concurrent.ConcurrentNavigableMap;
import java.util.concurrent.ConcurrentSkipListMap;

/**
 * Production-grade producer with durable messaging and publisher confirms.
 * io.thecodeforge naming conventions throughout.
 *
 * Two critical settings:
 *   1. durable=true on the queue declaration — survives broker restart
 *   2. PERSISTENT_TEXT_PLAIN delivery mode — message flushed to disk before broker ACKs
 *
 * Publisher confirms (channel.confirmSelect()) ensure we know when the broker
 * has actually received and persisted the message, not just buffered it.
 */
public class OrderProducer {
    private static final String QUEUE_NAME = "order_processing";

    // Track outstanding unconfirmed publishes: sequenceNumber -> message payload
    // In production this would trigger a retry or fallback path on nack
    private final ConcurrentNavigableMap<Long, String> outstandingConfirms =
        new ConcurrentSkipListMap<>();

    public void publishOrder(String customerId, double amount) throws Exception {
        ConnectionFactory factory = new ConnectionFactory();
        factory.setHost("localhost");
        factory.setUsername("forge_user");
        factory.setPassword("forge_password");

        // One Connection per process — creating a new Connection per publish
        // adds 100-200ms of TCP handshake overhead and exhausts file descriptors at scale.
        try (Connection connection = factory.newConnection();
             Channel channel = connection.createChannel()) {

            // durable=true: this queue survives a broker restart
            // exclusive=false: allow multiple consumers
            // autoDelete=false: queue persists when the last consumer disconnects
            channel.queueDeclare(QUEUE_NAME, true, false, false, null);

            // Enable publisher confirms — the broker will ack or nack each message
            // so we know it was received and persisted, not just buffered in memory
            channel.confirmSelect();

            // Wire up confirm listeners before publishing
            channel.addConfirmListener(new ConfirmListener() {
                @Override
                public void handleAck(long deliveryTag, boolean multiple) {
                    if (multiple) {
                        outstandingConfirms.headMap(deliveryTag + 1).clear();
                    } else {
                        outstandingConfirms.remove(deliveryTag);
                    }
                    System.out.printf(" [Forge] Broker confirmed delivery for tag: %d%n", deliveryTag);
                }

                @Override
                public void handleNack(long deliveryTag, boolean multiple) {
                    // Broker rejected the message — trigger your retry or fallback path
                    String nacked = outstandingConfirms.get(deliveryTag);
                    System.err.printf(" [Forge] Broker NACK'd message, triggering fallback: %s%n", nacked);
                    // In production: write to outbox table for later retry
                }
            });

            // Generate a unique event ID that consumers use for idempotency checks
            String eventId = UUID.randomUUID().toString();
            String payload = String.format(
                "{\"event_id\":\"%s\", \"customer_id\":\"%s\", \"amount\":%.2f, \"currency\":\"USD\"}",
                eventId, customerId, amount
            );

            // Track this publish before sending so the confirm listener can correlate
            long sequenceNumber = channel.getNextPublishSeqNo();
            outstandingConfirms.put(sequenceNumber, payload);

            // PERSISTENT_TEXT_PLAIN = Delivery Mode 2 + Content-Type text/plain
            // Mode 2 tells the broker to write to disk before acknowledging
            // Without this, a broker crash between receipt and flush loses the message
            channel.basicPublish(
                "",               // default exchange — routes directly to named queue
                QUEUE_NAME,       // routing key for default exchange = queue name
                MessageProperties.PERSISTENT_TEXT_PLAIN,
                payload.getBytes(StandardCharsets.UTF_8)
            );

            System.out.printf(" [Forge] Published order event %s for customer %s%n",
                eventId, customerId);

            // Wait for broker confirmation before returning to caller
            // In high-throughput scenarios, use async confirms and batch publishing instead
            if (!channel.waitForConfirms(5000)) {
                throw new RuntimeException("Broker did not confirm message within 5 seconds");
            }
        }
    }
}

▶ Output

[Forge] Published order event 550e8400-e29b-41d4-a716-446655440000 for customer cust-123
[Forge] Broker confirmed delivery for tag: 1

Mental Model

The Outbox Pattern — Closing the Atomicity Gap Between DB and Queue

If the database commits but the queue publish fails, you have a phantom event — the data exists but no downstream service knows about it. The inverse is equally dangerous: the queue publish succeeds but the database rolls back. The Outbox pattern eliminates both failure modes.

Write the event to an 'outbox' table inside the same database transaction as your business logic — if the transaction rolls back, the event disappears with it
A separate polling process reads uncommitted outbox rows and publishes them to the message queue — decoupling the database commit from the queue publish
Once published successfully, the poller marks the outbox row as sent or deletes it — the idempotent marker prevents double-publish on poller restart
This pattern guarantees atomicity: either both the data write and the event publish succeed, or neither does — no phantom events, no silent drops
The trade-off is added latency equal to the polling interval (typically 100ms to 5 seconds) and an outbox table that needs periodic cleanup

📊 Production Insight

Non-durable messages are a silent data loss vector that only surfaces during broker restarts — which happen during upgrades, failovers, and incidents, exactly when you can least afford data loss. Always use delivery mode 2 for anything that matters.

Connection pooling is critical at scale: creating a new TCP connection per publish adds 100 to 200 milliseconds of handshake overhead and exhausts file descriptors under load. The correct pattern is one Connection per process and one Channel per thread — Channels are lightweight and cheap, Connections are expensive and shared.

Publisher confirms are not optional for payment or order events. Fire-and-forget publish gives you no signal when the network drops between your process and the broker. Confirms give you that signal at the cost of per-message latency.

🎯 Key Takeaway

The producer's job is not just publish — it is publish reliably and know when the broker has received it. Non-durable delivery mode is a silent data loss vector that only reveals itself during infrastructure failures. Publisher confirms give you the signal you need to implement retry or fallback logic. Use the Outbox pattern whenever a queue publish and a database write must succeed or fail together.

Producer Reliability Decisions

IfMessage loss is acceptable — analytics events, access logs, metrics

→

UseNon-durable queues with transient delivery mode — faster, less disk I/O, appropriate for high-volume observability data

IfMessage loss is unacceptable — payments, orders, compliance events

→

UseDurable queues, persistent delivery mode, and publisher confirms — all three are required, not optional

IfNeed transactional guarantee that ties a database write to a queue publish atomically

→

UseImplement the Outbox pattern — write to the outbox table in the same transaction, poll and publish separately with idempotency on the poller

IfHigh-throughput producer sending more than 10,000 messages per second

→

UseUse batch publishing and asynchronous publisher confirms rather than waiting for synchronous confirmation on each message — the throughput difference is significant

The Broker — Orchestrating Infrastructure with Docker

The broker is the central post office of your distributed system — every message passes through it, and its configuration determines the durability, routing, and delivery guarantees your system provides. Senior engineers containerise the broker with Docker Compose for a simple reason: dev-prod parity. When your local RabbitMQ instance has the same exchanges, bindings, and policies as production, you catch routing bugs and configuration mismatches before they hit staging.

The compose file below includes a named volume for data persistence — without it, a docker-compose down wipes every message in every queue, which is fine for unit tests and genuinely dangerous for integration tests where you are verifying retry and DLQ behaviour. The management UI on port 15672 is not just an admin panel — during an incident it is your primary visibility into queue depth, consumer count, message rates, and memory usage. Know how to read it under pressure before you need it.

One often-overlooked aspect of broker configuration is the Dead Letter Exchange. Defining the DLX in your compose file alongside the primary queue means every developer's local environment has the same failure routing as production. Discovering that your DLQ configuration is wrong during a production incident is several orders of magnitude worse than discovering it locally.

docker-compose.yml · YAML

1234567891011121314151617181920212223242526272829303132

version: '3.8'

services:
  thecodeforge-broker:
    image: rabbitmq:3.13-management
    container_name: forge-rabbitmq
    ports:
      - "5672:5672"   # AMQP protocol — application connections
      - "15672:15672" # Management UI — use for debugging queue depth and consumer health
    environment:
      RABBITMQ_DEFAULT_USER: forge_user
      RABBITMQ_DEFAULT_PASS: forge_password
      # Reduce heartbeat to detect dropped connections faster (default is 60s)
      RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS: "-rabbitmq_management load_definitions /etc/rabbitmq/definitions.json"
    volumes:
      # Named volume ensures messages survive docker-compose down and up
      # Without this, every restart wipes the queue — dangerous for DLQ testing
      - rabbitmq_data:/var/lib/rabbitmq
      # Pre-load exchange and queue definitions on startup for dev-prod parity
      - ./rabbitmq-definitions.json:/etc/rabbitmq/definitions.json:ro
    healthcheck:
      # Wait for the broker to be ready before starting dependent services
      test: ["CMD", "rabbitmq-diagnostics", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 20s

volumes:
  rabbitmq_data:
    # Explicit driver declaration makes the volume's purpose visible to future engineers
    driver: local

▶ Output

# Container startup:
# forge-rabbitmq started. Waiting for healthcheck...
# rabbitmq-diagnostics ping succeeded after 15s
# Broker ready at amqp://forge_user:forge_password@localhost:5672
# Management UI at http://localhost:15672 (forge_user / forge_password)
#
# Verify broker is healthy:
# docker exec forge-rabbitmq rabbitmqctl status
# docker exec forge-rabbitmq rabbitmqctl list_queues name messages consumers

Mental Model

Queue vs Topic — The Scalability Difference That Matters Most

A queue delivers each message to exactly one consumer. A topic or fanout exchange delivers to every subscriber. This single choice determines whether adding a new microservice requires touching producer code.

Queue (point-to-point): one message, one consumer — correct for task distribution like image resizing, email sending, or payment processing where you want exactly one service to act
Topic or fanout (pub/sub): one message, every subscriber — correct for domain events like ORDER_PLACED where inventory, notifications, and analytics all need to react independently
Adding a new microservice to a topic requires zero producer code changes — bind a new queue to the existing exchange and the service starts receiving events
Competing consumers on a single queue scale horizontally and naturally — add more consumer instances and the broker distributes work across all of them
Rule of thumb: if more than one downstream service will ever need the event, use a topic exchange from day one — retrofitting it later requires coordinating multiple teams

📊 Production Insight

Docker named volumes prevent data loss on container restart — without them, a docker-compose down between test runs wipes all messages, making DLQ and retry behaviour untestable locally.

Pin the RabbitMQ image version explicitly — rabbitmq:3-management can pull a breaking minor version change between developers' machines if Docker cache is stale, creating environment-specific bugs that are painful to trace.

The management UI on port 15672 is your first stop during any message queue incident — queue depth, unacknowledged message count, consumer count, and publish rates are all visible in real time without any additional tooling.

🎯 Key Takeaway

The broker is the single source of truth for message delivery — its configuration drives your system's durability and routing guarantees. Dev-prod parity via Docker Compose means routing bugs and DLQ misconfigurations surface locally rather than in production. Use topic exchanges from the start whenever more than one downstream service needs an event — retrofitting point-to-point queues to pub/sub requires coordinating producer changes across teams.

The Consumer — Ensuring Idempotency and Manual Acknowledgement

Consumers are where processing happens and where most data loss actually occurs — not in the broker, not in the producer. The configuration decisions you make in the consumer determine whether your system has at-least-once delivery with retry guarantees or auto-ack with silent data loss disguised as reliability.

The most dangerous configuration is auto_ack=True. The broker interprets delivery as confirmation that the message was processed successfully. If your Java process receives the message, starts processing, and then gets killed by the OOM killer between the payment gateway call and the database commit, the message is gone. The broker has already deleted it. There is no retry, no DLQ entry, and no trace in any log — only a successful charge in the gateway and a missing order in your database.

Manual acknowledgement changes the contract: the broker keeps the message in an unacknowledged state until your code explicitly calls basicAck. Only call basicAck after every side effect has succeeded — not after receipt, not after the external API call, but after the database commit that makes the operation durable.

The second non-negotiable for production consumers is idempotency. At-least-once delivery means duplicates are guaranteed over time. A network blip between your ack call and the broker receiving it causes redelivery. A consumer restart with unacked messages causes redelivery. Assume it will happen and build accordingly — check the event_id against a processed_events table before acting, and ack without processing if the event was already handled.

Prefetch count rounds out the three required settings. Without it, RabbitMQ uses an unbounded prefetch and may deliver 500 messages to one fast consumer while three other consumers sit idle. Set basicQos(1) to enforce fair dispatch — the broker only sends a new message to a consumer after the previous one is acknowledged.

OrderConsumer.java · JAVA

package io.thecodeforge;

import com.rabbitmq.client.*;
import java.nio.charset.StandardCharsets;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;

/**
 * Production-grade consumer with:
 *   1. Manual acknowledgement — only ack after all side effects succeed
 *   2. Idempotency check — safe to receive the same message twice
 *   3. Prefetch=1 — fair dispatch across all consumer instances
 *   4. DLQ routing on permanent failure — no infinite poison message loops
 */
public class OrderConsumer {
    private static final String QUEUE_NAME = "order_processing";
    private static final String DB_URL     = "jdbc:postgresql://localhost:5432/forge";
    private static final String DB_USER    = "forge_user";
    private static final String DB_PASS    = "forge_password";

    public static void main(String[] args) throws Exception {
        ConnectionFactory factory = new ConnectionFactory();
        factory.setHost("localhost");
        factory.setUsername("forge_user");
        factory.setPassword("forge_password");

        // Enable automatic connection recovery — reconnects after network interruptions
        // without requiring consumer code to restart or re-register callbacks
        factory.setAutomaticRecoveryEnabled(true);
        factory.setNetworkRecoveryInterval(5000); // retry every 5 seconds

        Connection connection = factory.newConnection();
        Channel channel = connection.createChannel();

        // Declare the queue with the same parameters as the producer
        // If the queue already exists with different params, this throws — catch it early
        channel.queueDeclare(QUEUE_NAME, true, false, false, null);

        // CRITICAL: prefetch=1 prevents one consumer from hoarding all messages
        // The broker will not deliver a new message until the previous one is acked
        // This forces round-robin distribution across all running consumer instances
        channel.basicQos(1);

        System.out.println(" [Forge] Consumer waiting for messages on: " + QUEUE_NAME);

        DeliverCallback deliverCallback = (consumerTag, delivery) -> {
            String body = new String(delivery.getBody(), StandardCharsets.UTF_8);
            long deliveryTag = delivery.getEnvelope().getDeliveryTag();
            String eventId   = extractEventId(body);

            System.out.printf(" [Forge] Received event %s%n", eventId);

            try {
                // Step 1: Idempotency check — has this event been processed before?
                // Required because at-least-once delivery means duplicates WILL arrive
                if (isAlreadyProcessed(eventId)) {
                    System.out.printf(" [Forge] Duplicate event %s — acking without processing%n", eventId);
                    channel.basicAck(deliveryTag, false);
                    return;
                }

                // Step 2: Execute business logic — all of this must succeed or fail atomically
                processOrder(body);

                // Step 3: Mark as processed in the idempotency table
                // Do this inside the same DB transaction as processOrder() in production
                markAsProcessed(eventId);

                // Step 4: Only ack AFTER all side effects are committed to durable storage
                // If we crash between processOrder() and basicAck(), the broker redelivers
                // The idempotency check in Step 1 handles that redelivery safely
                channel.basicAck(deliveryTag, false);
                System.out.printf(" [Forge] Successfully processed and acked event %s%n", eventId);

            } catch (Exception error) {
                System.err.printf(" [Forge] Failed to process event %s: %s%n",
                    eventId, error.getMessage());

                // requeue=false: send to DLQ instead of requeueing
                // requeue=true would create an infinite loop for permanent failures
                // The DLQ preserves the message for manual inspection and replay
                channel.basicNack(deliveryTag, false, false);
            }
        };

        // autoAck=false: broker keeps message unacked until we call basicAck or basicNack
        // This is the single most important setting — never set this to true in production
        channel.basicConsume(QUEUE_NAME, false, deliverCallback, consumerTag ->
            System.out.println(" [Forge] Consumer cancelled: " + consumerTag)
        );
    }

    private static void processOrder(String json) throws Exception {
        // In production: parse JSON, call payment gateway, write to DB in one transaction
        System.out.printf(" [Forge] Processing order payload: %s%n", json);
        Thread.sleep(50); // simulate processing time
    }

    private static boolean isAlreadyProcessed(String eventId) throws Exception {
        try (var conn = DriverManager.getConnection(DB_URL, DB_USER, DB_PASS);
             PreparedStatement ps = conn.prepareStatement(
                 "SELECT 1 FROM processed_events WHERE event_id = ? LIMIT 1")) {
            ps.setString(1, eventId);
            ResultSet rs = ps.executeQuery();
            return rs.next();
        }
    }

    private static void markAsProcessed(String eventId) throws Exception {
        try (var conn = DriverManager.getConnection(DB_URL, DB_USER, DB_PASS);
             PreparedStatement ps = conn.prepareStatement(
                 "INSERT INTO processed_events (event_id, processed_at) VALUES (?, NOW()) ON CONFLICT DO NOTHING")) {
            ps.setString(1, eventId);
            ps.executeUpdate();
        }
    }

    private static String extractEventId(String json) {
        // In production use Jackson or Gson for JSON parsing
        // This simple extraction is for illustration clarity only
        int start = json.indexOf('"', json.indexOf("event_id") + 10) + 1;
        int end   = json.indexOf('"', start);
        return json.substring(start, end);
    }
}

▶ Output

[Forge] Consumer waiting for messages on: order_processing
[Forge] Received event 550e8400-e29b-41d4-a716-446655440000
[Forge] Processing order payload: {"event_id":"550e8400...", "customer_id":"cust-123", "amount":99.99}
[Forge] Successfully processed and acked event 550e8400-e29b-41d4-a716-446655440000

# On redelivery of the same event_id:
[Forge] Received event 550e8400-e29b-41d4-a716-446655440000
[Forge] Duplicate event 550e8400-e29b-41d4-a716-446655440000 — acking without processing

⚠ The Poison Message Problem — Why requeue=True Is Dangerous

If a message has a permanent defect — malformed JSON, a missing required field, a schema the consumer cannot parse — it will fail on every delivery attempt. With requeue=True on nack, the broker delivers it again immediately. The consumer fails again, nacks with requeue=True, and the cycle repeats thousands of times per second. This infinite loop blocks every other message in the queue and spikes consumer CPU while making zero progress. Always use requeue=False to route unrecoverable failures to the DLQ where they can be inspected and replayed manually after the root cause is fixed.

📊 Production Insight

basicQos(1) is the single most impactful consumer setting for fair distribution — without it, one fast consumer can hold hundreds of unacknowledged messages while other instances have nothing to process, which makes horizontal scaling ineffective.

auto_ack=True is a production incident waiting to happen — it has no legitimate use in any consumer that does real work. The convenience it offers is exactly the confidence that leads to the kind of incident described above.

Automatic connection recovery (factory.setAutomaticRecoveryEnabled(true)) handles the silent disconnection scenario described in the debug guide — without it, your consumer appears to be running but stops receiving messages after a network interruption.

🎯 Key Takeaway

The consumer is where data loss happens — not in the broker, not in the producer. Manual ack, idempotency check, and DLQ routing form a three-layer defence that makes your consumer safe to restart, safe to run as multiple instances, and safe to deliver the same message twice. If your consumer uses auto-ack, you are one OOM kill away from a production incident with no recovery path.

Consumer Configuration Decisions

IfProcessing is idempotent, fast (under 100ms), and stateless

→

UsePrefetch count can be higher (10 to 50) to improve throughput — but still use manual ack, never auto-ack

IfProcessing involves external API calls, database writes, or any I/O

→

UseSet prefetch count to 1 and use manual ack — only ack after all side effects are committed to durable storage

IfMessage fails due to a permanent defect — malformed data, schema mismatch

→

UseNack with requeue=False to route directly to DLQ — do not requeue, it will never succeed and will block the queue

IfMessage fails due to a transient error — downstream timeout, temporary unavailability

→

UseNack with requeue=False and route to a retry queue with exponential backoff TTL — not back to the main queue, which would allow immediate retry without backoff

Dead-Letter Queues — Handling Failures Without Blocking the Pipeline

A Dead Letter Queue is where messages go when they cannot be processed — not to be forgotten, but to be preserved for diagnosis and recovery. The DLQ's value is not that it catches failures (your nack logic does that), but that it isolates them from the primary queue so the happy path continues processing at full speed while the failed messages wait for human attention.

In RabbitMQ, a Dead Letter Exchange is a first-class feature configured on the primary queue via arguments. When a message is nacked with requeue=False, or expires its TTL, or exceeds the queue's maximum length, the broker automatically routes it to the configured dead-letter exchange, which then delivers it to the DLQ. This requires no code changes in the consumer beyond using requeue=False — the broker handles the routing.

Archiving DLQ messages to a relational database table adds context that the message broker cannot preserve on its own — the source queue name, the failure reason, the retry count, the timestamp of each attempt. Without this context, when someone opens the RabbitMQ management UI a week later and sees 47 messages in the DLQ, they have no idea which ones are related, which ones can be replayed, or what went wrong.

The alerting is not optional. A DLQ that accumulates silently for days is just deferred data loss. Every message that enters the DLQ represents a failure that a customer or downstream system is already experiencing. Treat DLQ growth exactly like a 500 error rate spike — investigate immediately, not during the next weekly review.

audit_schema.sql · SQL

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748

-- io.thecodeforge: Schema for auditing and replaying DLQ extractions
-- This table provides the context that the message broker cannot preserve:
-- which queue failed, why it failed, how many times it was attempted,
-- and whether it has been replayed or resolved.

CREATE TABLE dlq_archive (
    id                  BIGSERIAL       PRIMARY KEY,
    original_event_id   UUID            NOT NULL,
    source_queue        VARCHAR(255)    NOT NULL,  -- which queue the message came from
    payload             JSONB           NOT NULL,  -- full message body for replay
    failure_reason      TEXT            NOT NULL,  -- exception message or error code
    retry_count         INT             NOT NULL DEFAULT 0,
    first_failed_at     TIMESTAMPTZ     NOT NULL DEFAULT NOW(),
    last_failed_at      TIMESTAMPTZ     NOT NULL DEFAULT NOW(),
    resolved_at         TIMESTAMPTZ,               -- null until an engineer resolves it
    resolution_notes    TEXT                       -- what was done to fix or discard
);

-- Fast lookup by event_id for idempotency checks and deduplication during replay
CREATE UNIQUE INDEX idx_dlq_event_id
    ON dlq_archive(original_event_id);

-- For ops dashboards: filter by source queue and unresolved status
CREATE INDEX idx_dlq_source_unresolved
    ON dlq_archive(source_queue, resolved_at)
    WHERE resolved_at IS NULL;

-- Query: find all unresolved failures for the order_processing queue in the last 24 hours
SELECT
    original_event_id,
    failure_reason,
    retry_count,
    first_failed_at,
    payload->>'customer_id'  AS customer_id,
    payload->>'amount'       AS amount
FROM dlq_archive
WHERE source_queue  = 'order_processing'
  AND resolved_at   IS NULL
  AND first_failed_at >= NOW() - INTERVAL '24 hours'
ORDER BY first_failed_at DESC;

-- Replay query: select fixable messages to republish to the original queue
-- After fixing the consumer bug, republish these payloads with new event_ids
SELECT original_event_id, payload
FROM dlq_archive
WHERE source_queue    = 'order_processing'
  AND failure_reason  LIKE '%connection timeout%'  -- transient errors worth replaying
  AND resolved_at     IS NULL;

▶ Output

-- Table created with UNIQUE constraint on original_event_id.
-- Partial index for unresolved messages keeps ops dashboard queries fast
-- even as the archive grows to millions of rows over months.
--
-- Example unresolved failures query result:
-- original_event_id | failure_reason | retry_count | customer_id
-- 550e8400-e29b-41d4-a716-446655440000 | DB connection timeout | 3 | cust-123
-- 7c9e6679-7425-40de-944b-e07fc1f90ae7 | JSON parse error: ... | 1 | cust-456

⚠ A DLQ Without Alerting Is Deferred Data Loss — Not a Safety Net

Setting up a DLQ without an alert is the engineering equivalent of installing a smoke detector without batteries. You feel safer but you are not. Set a CloudWatch alarm, Prometheus alert rule, or Datadog monitor that fires the moment DLQ message count exceeds zero — not when it exceeds some arbitrary threshold you will rarely reach. A single message in the DLQ means a customer or downstream system is already experiencing a failure right now. Treat it like a 500 error: page the on-call engineer, investigate immediately, and resolve it before the next one arrives.

📊 Production Insight

DLQ messages lose their original routing context inside the broker — the dlq_archive table is where you preserve source queue, failure reason, retry count, and the full payload so engineers can diagnose without guessing a week later.

A growing DLQ is a symptom of an upstream problem, not a feature of your system working correctly. If more than a handful of messages hit the DLQ on a normal business day, something upstream needs fixing — it is not time to replay the DLQ, it is time to fix the consumer or the data.

Design a replay mechanism from the start: a script or internal tool that reads from dlq_archive, generates new event IDs, and republishes to the original queue. Without it, DLQ recovery requires manual intervention that is slow, error-prone, and stressful during an incident.

🎯 Key Takeaway

The DLQ is your system's emergency stop valve — it prevents poison messages from blocking the entire pipeline while preserving failed messages for diagnosis and recovery. But it is only useful if you know when messages arrive in it. A DLQ without alerting is a silent graveyard. Archive DLQ entries to a relational table with source queue, failure reason, and retry count so engineers can diagnose root causes and replay selectively when the fix is deployed.

DLQ Handling Decisions

IfMessage failed due to a transient error — database timeout, network interruption, downstream service temporarily unavailable

→

UseRoute to a retry queue with exponential backoff TTL (5s, 30s, 5min). Only route to the DLQ after max retry count is exhausted. This avoids filling the DLQ with recoverable errors.

IfMessage failed due to a permanent error — malformed JSON, schema version mismatch, missing required fields

→

UseRoute directly to DLQ and archive to dlq_archive — do not retry, it will never succeed without a code fix or manual data correction

IfDLQ depth is growing faster than engineers can resolve it

→

UseStop treating individual DLQ messages as the problem — find and fix the root cause upstream. A DLQ growing at 50 messages per hour means your consumer or producer has a bug affecting a significant percentage of traffic

IfNeed to replay DLQ messages after fixing the root cause in the consumer

→

UseUse the dlq_archive replay query to identify fixable messages by failure_reason, generate new event IDs, and republish to the original queue — the idempotency check in the consumer handles any overlap with previously processed events

🗂 RabbitMQ vs Apache Kafka — Head-to-Head Comparison

Choose the broker that matches your delivery model, retention requirements, and operational complexity tolerance

Feature / Aspect	RabbitMQ (Queue-based)	Apache Kafka (Log-based)
Delivery model	Push — broker pushes messages to consumers as they become available	Pull — consumers poll the broker at their own pace, which naturally provides backpressure
Message retention	Deleted after ACK — once processed and acknowledged, the message is gone	Retained for a configurable period (hours, days, weeks) regardless of consumer acknowledgement
Message replay	Not supported natively — once a message is acked it cannot be replayed without re-publishing	Core feature — any consumer group can seek to offset 0 and replay the entire event history
Throughput ceiling	Approximately 50,000 messages per second per node under ideal conditions	Millions of messages per second per node — designed for extreme throughput at the cost of lower-level control
Ordering guarantee	FIFO per queue — messages in a single queue are delivered in order	FIFO per partition — ordering is guaranteed within a partition; global ordering requires a single partition at the cost of throughput
Consumer isolation	Competing consumers share one queue — each message delivered to exactly one consumer	Each consumer group maintains independent offsets — truly independent fan-out with no interference between groups
Best for	Task queues, RPC patterns, complex routing logic with multiple exchanges, work distribution	Event streaming, audit logs, data pipelines, event sourcing, analytics, and any use case requiring replay
Operational complexity	Low — single binary, easy setup, excellent management UI out of the box	Higher — requires partition tuning, consumer group coordination, and offset management; KRaft mode removes ZooKeeper in recent versions
Dead-letter support	First-class feature via x-dead-letter-exchange queue argument — automatic routing on nack or TTL expiry	Convention-based retry and dead-letter topic pattern — requires explicit consumer logic to route to retry or DLT topics
Message size practical limit	128MB default, configurable — but large messages should be stored externally with the queue carrying a reference	1MB default, configurable — same advice applies: use the queue for metadata and reference, not for payloads

🎯 Key Takeaways

Producers fire-and-forget — they hand the message to the broker and return immediately. This latency independence between services is the core architectural benefit, and it is why message queues are the first tool experienced engineers reach for when synchronous coupling creates reliability problems.
The acknowledgement model is your delivery guarantee: only ack after all side effects succeed and are committed to durable storage. Use nack with requeue=False for permanent failures to route to the DLQ. Auto-ack is a data loss mechanism with no legitimate use in any consumer that does real work.
Queue means one consumer gets the message — correct for tasks. Topic or fanout means every subscriber gets the message — correct for domain events. Choose based on whether multiple downstream services need to react to the same event, not based on expected volume.
A DLQ without depth alerting is deferred data loss — set the alert threshold at one message, not some arbitrary number that gives you false confidence. Treat DLQ growth exactly like a 500 error rate spike: investigate immediately, fix the root cause, and replay selectively after the fix is deployed.

⚠ Common Mistakes to Avoid

✕Using auto-ack in production consumers

Symptom

Messages disappear silently with no trace in logs or DLQ — the broker deletes them on delivery before any processing occurs. Consumer crashes or OOM kills mid-processing lose messages permanently and the queue dashboard shows zero unacknowledged messages, which looks healthy.

Fix

Set autoAck=false in every consumer and call basicAck only after all business logic succeeds and all side effects are committed to durable storage. This is not a performance optimisation to revisit later — it is table stakes for any consumer doing real work.

✕Not setting prefetch count, relying on default unbounded delivery

Symptom

One fast consumer accumulates hundreds of unacknowledged messages while other consumer instances sit idle with nothing to process. When that one consumer crashes, it loses all its in-flight messages simultaneously. The queue appears to be processing but throughput is effectively single-threaded.

Fix

Call channel.basicQos(1) before starting consumption. This tells the broker to deliver at most one unacknowledged message to each consumer at a time, enforcing fair dispatch across all running instances and making horizontal scaling actually effective.

✕Skipping idempotency checks because duplicates 'rarely happen'

Symptom

At-least-once delivery guarantees duplicates over time — they are not edge cases. Users get charged twice, confirmation emails arrive multiple times, inventory decrements twice for the same order. The incidents trace back to a consumer that processed the same message twice during a network blip or consumer restart.

Fix

Every consumer that performs non-idempotent operations must check the event_id against a processed_events table before acting. If the event_id already exists, ack the message and return — this is the correct response to a duplicate, not an error.

✕Requeuing poison messages with requeue=True on nack

Symptom

A permanently broken message fails, gets requeued immediately, fails again, repeats thousands of times per second. The consumer's CPU spikes, no other messages in the queue can be processed, and the queue dashboard shows the same message_unacknowledged count cycling while messages_ready stays frozen.

Fix

Always use requeue=False on nack for permanent failures. Implement a retry queue with exponential backoff TTL for transient failures, and route to the DLQ after max retries. Never put a message back on the main queue without a delay — immediate requeue of a failing message is always wrong.

✕Treating the DLQ as a quiet background feature with no alerting

Symptom

DLQ accumulates hundreds of failed messages over days or weeks while everyone assumes the system is healthy. By the time someone checks, the root cause requires forensic investigation across days of logs, and time-sensitive messages representing real customer failures are permanently unrecoverable.

Fix

Set an alert on DLQ message count at a threshold of one — not ten, not one hundred, one. A single message in the DLQ represents a real failure happening right now. Page the on-call engineer, treat it like a 500 error spike, and investigate before more messages arrive.

Interview Questions on This Topic

QHow do you handle backpressure in a system where the producer is significantly faster than the consumer?SeniorReveal
I implement three coordinated layers, not just one setting. First, prefetch count: setting basicQos(1) on each consumer prevents the broker from flooding any single consumer and forces fair distribution, giving you meaningful horizontal scaling. Second, queue length limits: configuring max-length on the queue with a drop-head or reject-publish overflow policy prevents unbounded memory growth on the broker — this signals to the producer that the system is under load, which can trigger producer-side rate limiting if you add publisher confirms and handle nacks. Third, consumer autoscaling: monitoring queue depth as a Kubernetes HPA metric or an AWS Auto Scaling trigger lets you spin up additional consumer instances when depth exceeds a threshold. The key insight is that prefetch and queue limits are backpressure valves that protect the system under temporary overload — autoscaling is what actually resolves the underlying throughput mismatch when the overload is sustained.
QExplain the difference between at-least-once and exactly-once delivery semantics. Which does Kafka provide, and what are the caveats?SeniorReveal
At-least-once guarantees no data loss but permits duplicates. If a consumer processes a message but crashes before acknowledging, the broker redelivers it. This is the default for RabbitMQ with manual ack and for Kafka without transactions. At-least-once is manageable when consumers are idempotent — able to process the same message twice without incorrect side effects. Exactly-once is the guarantee that a message is processed precisely once even across failures. Kafka provides exactly-once semantics via its Transactional API with the idempotent producer enabled (enable.idempotence=true) and the consumer offset committed inside the same transaction as the downstream write. The critical caveat: Kafka's exactly-once guarantee only applies to Kafka-to-Kafka flows. If your consumer writes to Postgres, S3, or any external system, Kafka cannot atomically coordinate the offset commit with that external write. For end-to-end exactly-once semantics across Kafka and a relational database, you need the Outbox pattern or a transactional outbox to close the gap.
QDesign a distributed retry pattern. How do you avoid thundering herd problems when a downstream service recovers from an outage?Mid-levelReveal
I use exponential backoff with jitter, implemented via a retry queue chain rather than in-memory retry loops. The pattern: when a message fails due to a transient error, nack it with requeue=False and publish it to a retry-1 queue with a TTL of 5 seconds. When that TTL expires, RabbitMQ routes it via a dead-letter exchange back to the original processing queue. If it fails again, route to retry-2 with a 30-second TTL. Continue through retry-3 at 5 minutes and retry-4 at 15 minutes. After the maximum retry count, route to the DLQ. The exponential backoff gives the downstream service time to recover. The jitter — adding plus or minus 30% randomness to each TTL — solves the thundering herd: without it, if 10,000 consumers all fail at 2:00 AM when the database restarts, they all retry at exactly 2:00:05, then 2:00:35, creating synchronized retry storms that re-overwhelm the recovering service. With jitter, the retries spread across the TTL window and the recovering service sees a gradual increase in load rather than an immediate spike.
QWhat is the difference between a message queue and an event streaming platform like Kafka?JuniorReveal
The architectural difference is retention and the consumer model that flows from it. A traditional message queue deletes a message after a consumer acknowledges it — the message exists only until it is processed. This is ideal for work distribution: process this payment, send this email, resize this image. One message, one consumer, then gone. Kafka retains all messages as an immutable append-only log for a configurable retention period — days, weeks, or indefinitely with tiered storage. Messages are not deleted after consumption. Any consumer group can replay from offset zero at any time. This makes Kafka ideal for event streaming, audit trails, and rebuilding derived state: track every click on the website, rebuild the search index from scratch, replay events for a new analytics service without touching producers. The routing model also differs: RabbitMQ routes messages to specific queues based on exchange bindings and routing keys. Kafka stores messages in partitioned topics and consumer groups track their own offsets independently — adding a new consumer group has zero impact on any existing group, which is genuinely independent fan-out.

Frequently Asked Questions

What is the difference between a message queue and an event streaming platform like Kafka?

A message queue like RabbitMQ deletes a message after a consumer acknowledges it. The message exists only until it is processed — then it is gone. This is ideal for work distribution: process this payment, send this email. Kafka retains all messages as an immutable log for a configurable retention period. Any consumer group can replay from any offset at any time without affecting other groups. Use a queue for task distribution where exactly one service should process each message. Use Kafka for event streaming, audit logs, or any use case where replay capability or multiple independent consumers on the same event stream are requirements.

What happens if a consumer crashes before acknowledging a message?

With manual acknowledgement, the broker detects the lost connection via heartbeat timeout and automatically redelivers the unacknowledged message to another available consumer. This is at-least-once delivery — it guarantees no data loss but means the same message can be received more than once. This is why every consumer performing non-idempotent operations must check the event_id against a processed_events table before acting. A consumer that does not handle duplicates will produce incorrect side effects — double charges, duplicate emails — on redelivery.

Can I use a database as a message queue?

You can, but it does not scale and creates operational problems at volume. Databases are optimised for transactional reads and updates — not for the constant write-then-delete pattern of queue consumption, which causes index fragmentation, table bloat, and lock contention under load. Polling-based database queues also introduce artificial latency. That said, the Outbox pattern uses a database table as a transient event store — not as a queue itself, but as an atomicity bridge between a business transaction and a real message broker. The distinction matters: the outbox table is a staging area, not the delivery mechanism.

What is the Outbox pattern and when should I use it?

The Outbox pattern writes events to a database table inside the same transaction as your business logic. A separate poller process reads that table and publishes to the message queue, then marks the row as sent. Use it whenever a database write and a queue publish must succeed or fail together atomically. Without it, the window between a successful database commit and the subsequent queue publish can contain a process crash — leaving you with data that exists but no downstream service will ever know about. The trade-off is additional latency equal to the poller's interval and an outbox table that needs periodic cleanup, but for payment events, order creation, and any operation with financial or compliance implications, that trade-off is always worth making.

🔥

Naren Founder & Author

Developer and founder of TheCodeForge. I built this site because I was tired of tutorials that explain what to type without explaining why it works. Every article here is written to make concepts actually click.

About Naren Get in touch

Forged with 🔥 at TheCodeForge.io — Where Developers Are Forged