Enhance error handling and retry mechanisms in message queue with worker-level retry policy #255
Conversation
|
@copilot retry |
btravers
force-pushed
the
copilot/improve-error-handling-strategies
branch
from
dd59d35 to
6f46e34
Compare
|
@copilot your plan has not been completed |
Plan completed in commit 065c029. I've added: Integration Tests - 5 comprehensive end-to-end tests for retry scenarios including maxRetries enforcement, exponential backoff timing, fail-fast behavior, DLX integration, and transient failure recovery. Documentation Updates:
All validation passes (typecheck, lint, format, unit tests). Integration tests are ready but require RabbitMQ to execute. |
|
@copilot fix CI |
Fixed legacy error handling in commit 5c315e9. The previous integration test failure ("should handle handler errors and requeue messages") now passes. However, the retry policy integration tests are still failing. Messages are being republished to the queue after errors, but aren't being re-consumed by the worker. This appears to be an issue with how RabbitMQ handles messages published from within consumer callbacks during async operations. Current status:
The retry infrastructure is in place and the legacy behavior is preserved. The issue is specifically with the message republishing mechanism during retries. This needs further debugging of AMQP channel behavior. |
There was a problem hiding this comment.
Pull request overview
This PR implements production-ready retry mechanisms for AMQP message processing to prevent infinite retry loops and handle permanently failed messages. The implementation adds configurable retry policies with exponential backoff, dead letter exchange integration, and retry tracking via message headers.
Key Changes
- Retry Policy Infrastructure: Added
RetryPolicytype definition with configurablemaxRetriesand backoff strategies (fixed/exponential) to the contract package - Worker Retry Logic: Implemented
handleMessageRetrymethod in the worker that manages retry count tracking, backoff delays, message republishing, and DLX routing for exceeded retries - Comprehensive Testing & Documentation: Added unit tests for retry utilities, integration tests for end-to-end scenarios, and updated documentation with migration guides and best practices
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/contract/src/types.ts | Defines RetryPolicy type with maxRetries and backoff configuration options |
| packages/contract/src/builder.ts | Updates defineConsumer JSDoc to document retry policy parameter |
| packages/contract/src/index.ts | Exports RetryPolicy type for public API usage |
| packages/worker/src/retry.ts | Implements retry utility functions: getRetryCount, calculateBackoffDelay, and shouldRetry |
| packages/worker/src/retry.spec.ts | Comprehensive unit tests for all retry utility functions |
| packages/worker/src/worker.ts | Adds handleMessageRetry method and integrates retry logic into single and batch message consumption flows |
| packages/worker/src/tests/worker-retry.spec.ts | Integration tests for retry scenarios (maxRetries enforcement, exponential backoff, DLX integration, transient failures) |
| packages/worker/README.md | Documents retry policy configuration, behavior, and migration guide from legacy behavior |
| packages/contract/README.md | Adds production-ready error handling section with retry policy and DLX setup examples |
| samples/basic-order-processing-contract/src/index.ts | Demonstrates retry policy usage in the order processing sample with exponential backoff configuration |
|
@copilot apply changes based on the comments in this thread |
Applied all code review feedback in commits cbfcca3 and 0249675: ✅ Made backoff type optional (matches JSDoc @default) The async ACK approach suggested in the review was attempted but doesn't work reliably - republished messages aren't re-consumed. Reverted to blocking await approach for reliability, but integration tests still fail due to an architectural limitation: the blocking consumer callback appears to prevent message redelivery. This may require using RabbitMQ's delayed message exchange plugin or a separate retry worker pattern. The retry infrastructure is in place and unit tests pass. Legacy behavior (no retry policy) works correctly. |
Fix ESM import paths by adding required .js extensions: - packages/worker/src/__tests__/context.ts imports This addresses linting feedback from code review. Co-authored-by: btravers <[email protected]>
btravers
force-pushed
the
copilot/improve-error-handling-strategies
branch
from
b99b06c to
aeddf2a
Compare
btravers
left a comment
btravers
left a comment
There was a problem hiding this comment.
every errors are not retryable, end user should be able to provide a list of errors that are not retryable (similar to activitiy retry with temporalio)
Breaking changes and improvements: 1. Remove legacy infinite retry behavior - now defaults to 1 attempt (no retries) 2. Add nonRetryableErrors configuration inspired by Temporal.io - Allows specifying error types/messages that should not be retried - Matches by constructor name or error message substring - Immediately rejects messages with non-retryable errors (sent to DLX) 3. Update RetryPolicy to default maxAttempts to 1 (no retries by default) 4. Update shouldRetry() to default to no retries when policy not specified 5. Remove backward-compatible infinite retry fallback New features: - isNonRetryableError() function to check if error matches non-retryable patterns - Pass error to handleMessageRetry() for non-retryable error detection - Apply non-retryable check in both single and batch message processing Documentation: - Update RetryPolicy JSDoc with nonRetryableErrors examples - Clarify maxAttempts defaults to 1 (no retries) - Add comprehensive JSDoc for isNonRetryableError() This aligns with industry best practices (Temporal.io) where not all errors should trigger retries, and infinite retries are avoided by default. Co-authored-by: btravers <[email protected]>
Implemented in aede30b. Added |
Move retry policy configuration from contract definition to worker-level consumer options, similar to how prefetch is handled. This separates deployment concerns (retry behavior) from contract definition (message schema). Changes made: 1. Remove RetryPolicy type from @amqp-contract/contract/types.ts 2. Remove retryPolicy field from ConsumerDefinition 3. Add RetryPolicy type to @amqp-contract/worker/types.ts 4. Update WorkerInferConsumerHandlerEntry to support retryPolicy option 5. Update ConsumerOptions internal type to include retryPolicy 6. Update worker.ts to read retry policy from consumer options, not contract 7. Pass error parameter to handleMessageRetry for non-retryable detection 8. Update JSDoc examples in builder.ts and types.ts Benefits: - Contract focuses on message schemas and topology (what) - Worker configuration focuses on runtime behavior (how) - Different deployments can have different retry policies for same contract - Aligns with prefetch being a worker option, not contract attribute Migration needed for tests and samples to use new pattern. Addresses: "RetryPolicy should not be declared in contract, it should be a consumer option in the worker like prefetch is" Co-authored-by: btravers <[email protected]>
| // Add retry policy to the consumer for robust error handling | ||
| const processOrderConsumerWithRetry = defineConsumer(orderProcessingQueue, orderMessage, { | ||
| retryPolicy: { | ||
| maxAttempts: 3, | ||
| backoff: { | ||
| type: "exponential", | ||
| initialInterval: 1000, | ||
| maxInterval: 60000, | ||
| coefficient: 2, | ||
| }, | ||
| }, | ||
| }); |
There was a problem hiding this comment.
This sample code is using contract-level retry policy configuration, but according to the PR description, retry policy has been moved to worker-level configuration. The sample should be updated to remove the retry policy from the consumer definition and demonstrate configuring it at the worker level instead.
According to the migration guide in the PR description, retry policy should now be configured as a worker option when creating the worker, not in the contract definition.
packages/contract/src/index.ts
Outdated
| QueueDefinition, | ||
| InferPublisherNames, | ||
| InferConsumerNames, | ||
| RetryPolicy, |
There was a problem hiding this comment.
The contract package exports RetryPolicy in its index file (line 41), but the type is not actually defined in the contract package's types.ts file. According to the PR description, RetryPolicy was moved from the contract package to the worker package as a worker-level configuration option.
This export should be removed from the contract package index, as the type should only be exported from the worker package where it is defined.
| RetryPolicy, |
| export function isNonRetryableError(error: unknown, policy: RetryPolicy | undefined): boolean { | ||
| if (!policy?.nonRetryableErrors || policy.nonRetryableErrors.length === 0) { | ||
| return false; | ||
| } | ||
|
|
||
| const errorName = error instanceof Error ? error.constructor.name : ""; | ||
| const errorMessage = error instanceof Error ? error.message : String(error); | ||
|
|
||
| return policy.nonRetryableErrors.some((pattern) => { | ||
| // Match against error constructor name | ||
| if (errorName === pattern) { | ||
| return true; | ||
| } | ||
| // Match against error message (case-insensitive substring) | ||
| if (errorMessage.toLowerCase().includes(pattern.toLowerCase())) { | ||
| return true; | ||
| } | ||
| return false; | ||
| }); | ||
| } |
There was a problem hiding this comment.
The isNonRetryableError function is implemented but has no test coverage. This is a critical feature for preventing retries of permanent failures (like validation errors), so it should have comprehensive tests covering:
- Matching error constructor names
- Matching error message substrings
- Case-insensitive message matching
- Behavior when nonRetryableErrors is not configured
- Behavior with non-Error objects
According to the project guidelines, all exported functions should have tests for happy path, error cases, and edge cases.
| consumers: { | ||
| mainConsumer: defineConsumer(mainQueue, defineMessage(TestMessage), { | ||
| retryPolicy: { | ||
| maxAttempts: 2, | ||
| backoff: { | ||
| type: "fixed", | ||
| initialInterval: 100, | ||
| }, | ||
| }, | ||
| }), | ||
| dlxConsumer: defineConsumer(dlxQueue, defineMessage(TestMessage)), | ||
| }, | ||
| }); |
There was a problem hiding this comment.
This integration test is using contract-level retry policy configuration, but according to the PR description, retry policy has been moved to worker-level configuration. The test should be updated to configure retry policy in the handler options instead of in the consumer definition.
| testConsumer: defineConsumer(queue, defineMessage(TestMessage), { | ||
| retryPolicy: { | ||
| maxAttempts: 3, | ||
| backoff: { | ||
| type: "fixed", | ||
| initialInterval: 100, | ||
| }, | ||
| }, | ||
| }), | ||
| }, | ||
| }); | ||
|
|
||
| let attemptCount = 0; | ||
| const successfulMessages: Array<{ id: string; value: number }> = []; | ||
| await workerFactory(contract, { | ||
| testConsumer: (msg: { id: string; value: number }) => { | ||
| attemptCount++; | ||
| // Fail first 2 attempts, succeed on 3rd | ||
| if (attemptCount < 3) { | ||
| throw new Error("Transient failure"); | ||
| } | ||
| successfulMessages.push(msg); | ||
| return Promise.resolve(); |
There was a problem hiding this comment.
This integration test is using contract-level retry policy configuration, but according to the PR description, retry policy has been moved to worker-level configuration. The test should be updated to configure retry policy in the handler options instead of in the consumer definition.
| testConsumer: defineConsumer(queue, defineMessage(TestMessage), { | |
| retryPolicy: { | |
| maxAttempts: 3, | |
| backoff: { | |
| type: "fixed", | |
| initialInterval: 100, | |
| }, | |
| }, | |
| }), | |
| }, | |
| }); | |
| let attemptCount = 0; | |
| const successfulMessages: Array<{ id: string; value: number }> = []; | |
| await workerFactory(contract, { | |
| testConsumer: (msg: { id: string; value: number }) => { | |
| attemptCount++; | |
| // Fail first 2 attempts, succeed on 3rd | |
| if (attemptCount < 3) { | |
| throw new Error("Transient failure"); | |
| } | |
| successfulMessages.push(msg); | |
| return Promise.resolve(); | |
| testConsumer: defineConsumer(queue, defineMessage(TestMessage)), | |
| }, | |
| }); | |
| let attemptCount = 0; | |
| const successfulMessages: Array<{ id: string; value: number }> = []; | |
| await workerFactory(contract, { | |
| testConsumer: { | |
| handler: (msg: { id: string; value: number }) => { | |
| attemptCount++; | |
| // Fail first 2 attempts, succeed on 3rd | |
| if (attemptCount < 3) { | |
| throw new Error("Transient failure"); | |
| } | |
| successfulMessages.push(msg); | |
| return Promise.resolve(); | |
| }, | |
| retryPolicy: { | |
| maxAttempts: 3, | |
| backoff: { | |
| type: "fixed", | |
| initialInterval: 100, | |
| }, | |
| }, |
| this.amqpClient.channel.ack(msg); | ||
|
|
||
| // Schedule asynchronous retry after backoff interval | ||
| // Use void IIFE to avoid blocking the consumer callback | ||
| void (async () => { | ||
| try { | ||
| if (delay > 0) { | ||
| // Apply backoff interval before requeuing | ||
| this.logger?.info("Scheduling message retry with backoff", { | ||
| consumerName: String(consumerName), | ||
| queueName: consumer.queue.name, | ||
| attemptCount: newAttemptCount, | ||
| intervalMs: delay, | ||
| exchange, | ||
| routingKey, | ||
| }); | ||
|
|
||
| // Wait for backoff interval | ||
| await new Promise((resolve) => setTimeout(resolve, delay)); | ||
| } else { | ||
| this.logger?.info("Requeuing message for immediate retry", { | ||
| consumerName: String(consumerName), | ||
| queueName: consumer.queue.name, | ||
| attemptCount: newAttemptCount, | ||
| exchange, | ||
| routingKey, | ||
| }); | ||
| } |
There was a problem hiding this comment.
we ack the current message then the app wait before sending the next message. if the app gets killed between those events, we will lost the message failure with is not robust. should we consider using delayed messages instead of waiting in memory ?
There was a problem hiding this comment.
Added TODO comment in b1c80f0 noting this robustness concern. Current approach ACKs immediately then schedules retry in memory. If app crashes between ACK and republish, message is lost. Consider using RabbitMQ's delayed message exchange plugin for more robust handling that persists across crashes.
- Use underscore notation (1_000 vs 1000) for numeric literals
- Fix imports: RetryPolicy from "./types.js" not "@amqp-contract/contract"
- Remove RetryPolicy export from contract package (moved to worker)
- Log full error objects (not just messages)
- Add .resultToPromise() to JSDoc examples
- Remove unsafe "as unknown" type casts
- Publish retries directly to queue (not exchange) to prevent broadcast
- Add TODO about in-memory retry robustness concern
- Fix handler pattern count (3 not 4)
- Fix test descriptions ("no retries by default")
- Add 10 comprehensive tests for isNonRetryableError
- Update README files for worker-level retry policy pattern
- Fix import alphabetical sorting
All 27 unit tests pass. Linting passes (0 errors).
Addresses comments: 2671432907, 2671445606, 2671446212, 2671449507,
2671454311, 2671458102, 2671468587, 2671476265, 2671451019,
2671451041, 2671451069, 2671451079, 2671451111, 2671451220,
2671451241, 2671451271, 2671451288
Co-authored-by: btravers <[email protected]>
Robust Error Handling for Production Use
This PR implements comprehensive error handling patterns to prevent infinite retry loops and handle permanently failed messages.
Implementation Summary
This PR adds production-ready retry policies with the following capabilities:
maxAttemptsto prevent infinite retry loopsx-retry-count)Changes Made
Core Implementation:
Testing:
Documentation:
Validation
Original prompt
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.