$ loading_
Domain patterns for event-driven and message-based systems — pub/sub, event sourcing, CQRS, sagas, delivery guarantees, schema evolution, and failure modes. Use when designing or evaluating systems built around events, messages, or asynchronous workflows.
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "system-type-event-driven" 技能: 1. 下载 https://raw.githubusercontent.com/microsoft/amplifier-bundle-systems-design/main/skills/system-type-event-driven/SKILL.md 2. 保存为 ~/.claude/skills/system-type-event-driven/SKILL.md 3. 装好后重载技能,告诉我可以用了
Patterns, guarantees, and failure modes for event-driven and message-based architectures.
What it is. Producers publish events to a topic; consumers subscribe and receive independently. Decouples producers from consumers. When to use. Fan-out notifications, audit logging, updating multiple read models, cross-domain integration where the producer shouldn't know about consumers. When to avoid. When you need a synchronous response. When ordering across topics matters. When the number of consumers is always exactly one (point-to-point is simpler).
What it is. Store state as a sequence of immutable events rather than current-state snapshots. Current state is derived by replaying events. When to use. Audit requirements (financial, regulatory). When you need to reconstruct historical state. When different consumers need different projections of the same data. When to avoid. CRUD-heavy domains with simple state. When event schema evolution is harder than the audit benefit. When the team has no experience with eventual consistency patterns. When query patterns require complex joins across aggregates.
What it is. Separate the write model (commands) from the read model (queries). Each is optimized for its access pattern. When to use. When read and write patterns are drastically different (many reads, few writes, or vice versa). When you need different data shapes for different consumers. Pairs naturally with event sourcing. When to avoid. Simple domains where read and write models are essentially the same. When the consistency lag between write and read models is unacceptable. When the operational complexity of maintaining two models exceeds the benefit.
What it is. Coordinate a multi-step business process across services using a sequence of local transactions with compensating actions for rollback. When to use. Business processes that span multiple services and need all-or-nothing semantics without distributed transactions. When to avoid. When a single database transaction suffices. When the compensating actions are harder to implement correctly than the forward actions.
Choreography: Each service listens for events and decides independently what to do next. No central coordinator. Good for simple flows with few steps. Becomes opaque when flows are complex — the process is implicit in the event chain. Orchestration: A central coordinator explicitly directs each step. Easier to understand, monitor, and modify complex flows. The orchestrator is a single point of failure and a coupling point. The real question: How many steps? Fewer than 4: choreography is simpler. More than 4: orchestration is easier to reason about and debug.
At-most-once. Fire and forget. Message may be lost. Use for: metrics, non-critical notifications, telemetry where gaps are acceptable.
At-least-once. Messages are retried until acknowledged. Messages may be delivered more than once. Use for: anything where losing a message is worse than processing it twice. Requires idempotent consumers.
Exactly-once. Each message processed exactly once. In distributed systems, this is achieved through at-least-once delivery + idempotent processing (not through the broker alone). Use for: financial transactions, inventory updates, anything where duplicates cause real harm.
The practical reality: Most systems use at-least-once delivery with idempotent consumers. Exactly-once semantics from the broker (e.g., Kafka transactions) have significant performance and complexity costs.
Every consumer in an at-least-once system must handle duplicate messages safely.
Strategies:
…
Catalog of reusable architectural primitives — boundaries, contracts, state machines, queues, caches, consistency models, and more. For each: what it is, when it's right, when it's WRONG. Use when selecting patterns for a design or evaluating whether a pattern fits.
Domain-Driven Design as a lens for system architecture — bounded contexts, aggregates, ubiquitous language, context mapping, domain events, and strategic vs tactical patterns. Use when modeling complex business domains, defining service boundaries, or evaluating whether a system's structure reflects its domain.
The Unix/Linux design philosophy as a lens for system design — mechanism vs policy, composability, small tools, text streams, convention over configuration, and the principle of least surprise. Use when evaluating designs for composability, simplicity, or separation of concerns.
Object-oriented design principles as a lens for system architecture — SOLID, composition over inheritance, the actor model, design patterns (and when they're wrong), encapsulation, polymorphism, and responsibility-driven design. Use when evaluating code organization, module boundaries, or object/component relationships.
Domain patterns for Azure cloud architecture — compute selection, managed services, identity (Entra ID), networking, data platform, messaging, deployment, cost management, and operational patterns. Use when designing or evaluating a system deployed on Microsoft Azure.
Adversarial review of a system design from 6 critical perspectives -- SRE, security, staff engineer, finance, operator, and developer advocate. Produces a unified risk assessment. Use for INTERACTIVE on-demand reviews during a design conversation (/adversarial-review). For RECIPE-DRIVEN reviews (where prior step context is needed), use the systems-design-critic agent instead.