Lessons learned, problems and solutions
Idempotent commands with idempotency key, optimistic locking on aggregates, idempotent projections and outbox pattern. The 4 idempotency layers of a production Event Sourcing system.
What idempotency is, why it's crucial (retries, double-click, at-least-once), and how to implement it in Go: HTTP middleware, unique DB constraint, concurrency handling.
Complete security audit of a Debian 12 server after a brute force attack: custom fail2ban, SSH/SFTP chroot, auditd, permissions, automated AI audit, Docker, HTTP headers.
Complete method for diagnosing a slow PostgreSQL query: EXPLAIN ANALYZE, missing indexes (B-tree, GIN, BRIN), stale statistics, pg_stat_statements. From diagnosis to production fix, no fluff.
How to implement a per-IP rate limiter in Go using the token bucket from golang.org/x/time/rate: sync.Mutex, cleanup goroutine to prevent memory leaks, X-Forwarded-For, middleware targeted at POST /api/v1/jobs.
slog, errors.Join, context.WithoutCancel, iter.Seq2, testing/synctest, go tool — what has settled as standard in the best Go projects in 2025.
How I built ClaudeGate: an HTTP gateway in Go that wraps Claude Code CLI with an async job queue, SSE streaming, webhooks, and SQLite persistence — single static binary, no CGO.
EventSource doesn't support custom headers — no way to send X-API-Key. How to replace it with fetch + ReadableStream for authenticated SSE streaming, with a manual parser and AbortController.
Goroutine leaks don't crash the program — they silently degrade it. The 4 patterns that systematically leak, detection with pprof and goleak, fixes with context and channels.
The Go "accept interfaces, return structs" convention explained through a concrete ClaudeGate code review case. When to apply it — and when leaving things as-is is the right call.