System Design (LLD)Event Handlers

Event Handlers

LevelIntermediate

Duration55 mins

TopicEvent Handlers

2 / 4

Handler Design Principles

The Principles Behind Robust Event Handlers

Understanding what an event handler is provides a foundation, but knowing how to design excellent handlers requires a deeper understanding of principles that make handlers robust, maintainable, and production-ready.

The difference between a handler that works in tests and one that survives years in production lies not in the business logic, but in the application of design principles that anticipate and mitigate real-world challenges: duplicate messages, out-of-order delivery, partial failures, and the inevitable evolution of event schemas.

What You Will Learn

By the end of this page, you will master the core principles that guide event handler design: idempotency, error handling strategies, resilience patterns, and the architectural principles that keep handlers maintainable as systems grow. These principles apply across languages, frameworks, and domains.

The Idempotency Imperative

Idempotency is the single most important principle for event handlers. In distributed systems with at-least-once delivery guarantees, handlers will inevitably receive duplicate events. Network retries, message broker redeliveries, and infrastructure failures all conspire to send the same event multiple times.

An idempotent handler produces the same result whether it processes an event once or multiple times. This doesn't mean the handler does nothing on subsequent calls—it means the observable outcome remains consistent.

The Duplicate Reality

In distributed systems, you should assume every event will be delivered at least twice. Infrastructure failures, network partitions, and consumer crashes all trigger redelivery. Handlers that aren't idempotent will double-charge customers, send duplicate emails, and corrupt data.

Strategies for achieving idempotency:

Idempotency Strategies

•Natural Idempotency — Some operations are inherently idempotent. Setting a user's email address to 'foo@bar.com' is idempotent; doing it twice has the same effect as once. Design operations to be naturally idempotent when possible.
•Idempotency Keys — Store a unique event ID in a persistent store before processing. On subsequent attempts, check if the ID exists and skip processing. This is the explicit deduplication approach.
•Conditional Updates — Use database constraints, version numbers, or conditional writes to ensure updates only apply if state hasn't changed. 'UPDATE users SET email = ? WHERE id = ? AND version = ?' fails safely on duplicates.
•Upsert Operations — Use INSERT ON CONFLICT or MERGE semantics to create-or-update atomically. Re-processing simply overwrites with the same data.
•Deduplication at the Source — Some message brokers (like Kafka with idempotent producers) can deduplicate at the transport level, though handlers should still implement their own checks.

idempotency-patterns.ts
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
// Idempotency Pattern 1: Explicit Deduplication Store
class IdempotentPaymentHandler implements EventHandler<OrderPaidEvent> {
    readonly eventTypes = ['OrderPaid'];
    
    constructor(
        private readonly paymentService: PaymentService,
        private readonly idempotencyStore: IdempotencyStore,
        private readonly logger: Logger
    ) {}
    
    async handle(event: OrderPaidEvent): Promise<void> {
        // Check for prior processing using event ID
        if (await this.idempotencyStore.hasProcessed(event.id)) {
            this.logger.info('Event already processed, skipping', { eventId: event.id });
            return;
        }
        
        // Process the payment
        await this.paymentService.capturePayment(event.payload.paymentId);
        
        // Mark as processed AFTER successful completion
        await this.idempotencyStore.markProcessed(event.id, {
            processedAt: new Date(),
            orderId: event.payload.orderId
        });
    }
}
 
// Idempotency Pattern 2: Conditional Update with Version
class IdempotentOrderStatusHandler implements EventHandler<OrderShippedEvent> {
    readonly eventTypes = ['OrderShipped'];
    
    constructor(private readonly orderRepo: OrderRepository) {}
    
    async handle(event: OrderShippedEvent): Promise<void> {
        // Conditional update - only applies if order is in 'processing' state
        // Running twice is safe: second attempt finds order in 'shipped' state and fails gracefully
        const updated = await this.orderRepo.updateStatus({
            orderId: event.payload.orderId,
            newStatus: 'shipped',
            expectedCurrentStatus: 'processing', // Precondition
            trackingNumber: event.payload.trackingNumber,
            shippedAt: event.timestamp
        });
        
        if (!updated) {
            // Order wasn't in 'processing' state - either already shipped or invalid transition
            // This is expected on duplicate events - just log and continue
            console.log('Order status update skipped - precondition not met');
        }
    }
}
 
// Idempotency Pattern 3: Upsert with Event ID
class IdempotentProjectionHandler implements EventHandler<UserCreatedEvent> {
    readonly eventTypes = ['UserCreated'];
    
    constructor(private readonly userReadModelRepo: UserReadModelRepository) {}
    
    async handle(event: UserCreatedEvent): Promise<void> {
        // Upsert is naturally idempotent - insert or update if exists
        await this.userReadModelRepo.upsert({
            userId: event.payload.userId, // Natural key
            email: event.payload.email,
            name: event.payload.name,
            createdAt: event.timestamp,
            lastEventId: event.id,
            lastUpdated: new Date()
        });
        
        // Re-processing simply overwrites with the same (or newer) data
    }
}
 
// The IdempotencyStore interface
interface IdempotencyStore {
    hasProcessed(eventId: string): Promise<boolean>;
    markProcessed(eventId: string, metadata?: Record<string, unknown>): Promise<void>;
}
 
// Redis-based implementation
class RedisIdempotencyStore implements IdempotencyStore {
    constructor(
        private readonly redis: Redis,
        private readonly ttlSeconds: number = 7 * 24 * 60 * 60 // 7 days
    ) {}
    
    async hasProcessed(eventId: string): Promise<boolean> {
        const result = await this.redis.get(`idempotency:${eventId}`);
        return result !== null;
    }
    
    async markProcessed(eventId: string, metadata?: Record<string, unknown>): Promise<void> {
        await this.redis.setex(
            `idempotency:${eventId}`,
            this.ttlSeconds,
            JSON.stringify({ processedAt: new Date(), ...metadata })
        );
    }
}

Idempotency Check First

Always check for prior processing at the beginning of your handler, not the end. This ensures you skip duplicate work early and avoid partially re-executing logic. The idempotency store should be your first call, before any business logic.

Error Handling Strategies

Event handlers must manage their own errors without propagating to a caller. This requires explicit error handling strategies that classify failures and respond appropriately. Not all errors are created equal—some warrant retry, others require human intervention, and some can be safely ignored.

Error Classification and Response Strategies
Error Type	Examples	Strategy	Handler Action
Transient	Network timeout, database lock, rate limit	Retry with backoff	Throw/rethrow to trigger retry
Permanent	Invalid data, business rule violation	Dead-letter	Log error, send to DLQ, acknowledge message
Poison Message	Unparseable event, schema mismatch	Dead-letter immediately	Don't retry, send to DLQ for investigation
Expected/Graceful	Entity not found (deleted), already processed	Skip silently	Log at info/debug level, return successfully
Infrastructure	Service unavailable, circuit breaker open	Defer processing	Dead-letter with retry-after timestamp

error-handling.ts
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
// Comprehensive error handling in handlers
class RobustOrderHandler implements EventHandler<OrderPlacedEvent> {
    readonly eventTypes = ['OrderPlaced'];
    
    constructor(
        private readonly orderService: OrderService,
        private readonly deadLetterQueue: DeadLetterQueue,
        private readonly logger: Logger,
        private readonly metrics: Metrics
    ) {}
    
    async handle(event: OrderPlacedEvent): Promise<void> {
        try {
            await this.processOrder(event);
            this.metrics.increment('order.handler.success');
            
        } catch (error) {
            await this.handleError(event, error);
        }
    }
    
    private async processOrder(event: OrderPlacedEvent): Promise<void> {
        // Validate event data
        this.validateEvent(event);
        
        // Process the order
        await this.orderService.processOrder(event.payload);
    }
    
    private validateEvent(event: OrderPlacedEvent): void {
        if (!event.payload.orderId) {
            throw new PermanentError('Missing orderId in event payload');
        }
        if (!event.payload.items?.length) {
            throw new PermanentError('Order must have at least one item');
        }
    }
    
    private async handleError(event: OrderPlacedEvent, error: unknown): Promise<void> {
        this.metrics.increment('order.handler.error');
        
        // Classify the error
        if (error instanceof PermanentError) {
            // Permanent errors go straight to dead-letter
            this.logger.error('Permanent error processing order', {
                eventId: event.id,
                orderId: event.payload.orderId,
                error: error.message
            });
            
            await this.deadLetterQueue.send({
                event,
                error: error.message,
                errorType: 'permanent',
                timestamp: new Date()
            });
            
            // Return successfully - don't retry
            return;
        }
        
        if (error instanceof NotFoundError) {
            // Entity not found - likely deleted between event creation and handling
            this.logger.warn('Order not found, may have been deleted', {
                eventId: event.id,
                orderId: event.payload.orderId
            });
            
            // Return successfully - this is expected in eventually consistent systems
            return;
        }
        
        if (error instanceof CircuitBreakerOpenError) {
            // Downstream service unavailable
            this.logger.warn('Downstream service unavailable', {
                eventId: event.id,
                service: error.serviceName
            });
            
            // Dead-letter with retry-after
            await this.deadLetterQueue.send({
                event,
                error: error.message,
                errorType: 'infrastructure',
                retryAfter: new Date(Date.now() + 5 * 60 * 1000), // 5 minutes
                timestamp: new Date()
            });
            
            return;
        }
        
        // Transient or unknown error - rethrow to trigger retry
        this.logger.error('Transient error processing order, will retry', {
            eventId: event.id,
            orderId: event.payload.orderId,
            error: error instanceof Error ? error.message : String(error)
        });
        
        throw error; // Rethrow for retry
    }
}
 
// Custom error types for classification
class PermanentError extends Error {
    constructor(message: string) {
        super(message);
        this.name = 'PermanentError';
    }
}
 
class NotFoundError extends Error {
    constructor(public readonly entityType: string, public readonly entityId: string) {
        super(`${entityType} not found: ${entityId}`);
        this.name = 'NotFoundError';
    }
}
 
class CircuitBreakerOpenError extends Error {
    constructor(public readonly serviceName: string) {
        super(`Circuit breaker open for service: ${serviceName}`);
        this.name = 'CircuitBreakerOpenError';
    }
}

The Dead-Letter Queue (DLQ)

A dead-letter queue is essential for production event systems. It captures events that cannot be processed, preserving them for investigation and manual replay. Without a DLQ, failed events are lost, and problems go undetected. Always implement DLQ handling for permanent errors.

The Autonomous Handler Principle

An autonomous handler is self-contained: it has everything it needs to process an event without relying on prior handlers, shared state, or specific execution order. Autonomy is fundamental to scalability—autonomous handlers can be parallelized, distributed across machines, and scaled independently.

Autonomy Checklist

•Event contains sufficient data — The handler shouldn't need to query the publisher for additional context. Events should carry all necessary information.
•No shared mutable state — Handlers mustn't communicate through shared variables. Use databases, message queues, or event publishing instead.
•No ordering assumptions — Unless the system explicitly guarantees order, handlers should work correctly regardless of event sequence.
•Independent failure — One handler's failure shouldn't affect other handlers processing the same or different events.
•Stateless execution — Handler instances should be interchangeable. Any instance can process any event.

Non-Autonomous Handler

•Relies on prior handler to prepare state
•Uses static/global variables for communication
•Assumes events arrive in publication order
•Fails if another handler failed first
•Maintains instance-specific state between events

Autonomous Handler

•Gets all needed data from the event itself
•Persists state to databases or external stores
•Uses timestamps/versions to handle reordering
•Succeeds or fails independently of other handlers
•Stateless—any instance can handle any event

autonomous-handler.ts
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
// Autonomous handler - self-contained and independent
class AutonomousInventoryHandler implements EventHandler<OrderPlacedEvent> {
    readonly eventTypes = ['OrderPlaced'];
    
    constructor(
        private readonly inventoryRepo: InventoryRepository,
        private readonly eventBus: EventBus,
        private readonly logger: Logger
    ) {}
    
    async handle(event: OrderPlacedEvent): Promise<void> {
        // The event contains all necessary data - no external queries needed
        const { orderId, items, timestamp } = event.payload;
        
        // Process independently - other handlers' success/failure doesn't affect us
        for (const item of items) {
            // Use timestamp for handling out-of-order events
            const reserved = await this.inventoryRepo.reserveStock({
                sku: item.sku,
                quantity: item.quantity,
                orderId: orderId,
                reservedAt: timestamp,
                // Only reserve if this is newer than existing reservation
                ifNewerThan: await this.getExistingReservationTime(orderId, item.sku)
            });
            
            if (!reserved) {
                // Insufficient stock - this handler publishes its own event
                await this.eventBus.publish({
                    type: 'InventoryReservationFailed',
                    id: generateId(),
                    timestamp: new Date(),
                    payload: { orderId, sku: item.sku, requestedQuantity: item.quantity }
                });
                return;
            }
        }
        
        // Success - publish downstream event
        await this.eventBus.publish({
            type: 'InventoryReserved',
            id: generateId(),
            timestamp: new Date(),
            payload: { orderId, items }
        });
    }
    
    private async getExistingReservationTime(orderId: string, sku: string): Promise<Date | null> {
        const existing = await this.inventoryRepo.findReservation(orderId, sku);
        return existing?.reservedAt ?? null;
    }
}

Fat Events Enable Autonomy

Autonomous handlers depend on events carrying sufficient data. This argues for 'fat events' that include all relevant information rather than just IDs that require additional lookups. The trade-off is larger message sizes, but the autonomy gained is usually worth it.

Resilience Patterns for Handlers

Handlers interact with external systems—databases, APIs, message queues—that can fail. Building resilience into handlers ensures they degrade gracefully and recover automatically from transient failures.

Retry with exponential backoff handles transient failures by reaxtempting operations with increasing delays. This gives downstream systems time to recover while avoiding overwhelming them with immediate retries.

TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
class RetryPolicy {
    constructor(
        private readonly maxAttempts: number = 3,
        private readonly baseDelayMs: number = 100,
        private readonly maxDelayMs: number = 10000
    ) {}
    
    async execute<T>(operation: () => Promise<T>): Promise<T> {
        let lastError: Error | undefined;
        
        for (let attempt = 1; attempt <= this.maxAttempts; attempt++) {
            try {
                return await operation();
            } catch (error) {
                lastError = error as Error;
                
                if (attempt === this.maxAttempts) {
                    break; // No more retries
                }
                
                if (!this.isRetryable(error)) {
                    break; // Non-retryable error
                }
                
                // Calculate delay with exponential backoff + jitter
                const delay = Math.min(
                    this.baseDelayMs * Math.pow(2, attempt - 1) + Math.random() * 100,
                    this.maxDelayMs
                );
                
                console.log(`Attempt ${attempt} failed, retrying in ${delay}ms`);
                await this.sleep(delay);
            }
        }
        
        throw lastError;
    }
    
    private isRetryable(error: unknown): boolean {
        // Retry network errors, timeouts, rate limits
        if (error instanceof Error) {
            const message = error.message.toLowerCase();
            return message.includes('timeout') ||
                   message.includes('network') ||
                   message.includes('rate limit') ||
                   message.includes('503') ||
                   message.includes('429');
        }
        return false;
    }
    
    private sleep(ms: number): Promise<void> {
        return new Promise(resolve => setTimeout(resolve, ms));
    }
}
 
// Usage in handler
class ResilientHandler implements EventHandler<SomeEvent> {
    private readonly retryPolicy = new RetryPolicy(3, 100, 5000);
    
    async handle(event: SomeEvent): Promise<void> {
        await this.retryPolicy.execute(async () => {
            await this.externalService.call(event.payload);
        });
    }
}

Single Responsibility for Handlers

The Single Responsibility Principle (SRP) applies directly to event handlers: each handler should have one reason to change. This means handlers should focus on a single concern, making them easier to understand, test, and maintain.

Signs a handler is doing too much:

The handle method is longer than ~50 lines
Multiple unrelated if/else branches
Several different dependencies used for different purposes
Changes to one feature require modifying the same handler as unrelated features
Handler name includes "And" (SendEmailAndUpdateInventoryHandler)

The remedy: Split into multiple focused handlers that each subscribe to the same event.

❌ Violating SRP

TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
// Fat handler doing too many things
class OrderPlacedHandler {
    async handle(event: OrderPlacedEvent) {
        // Concern 1: Inventory
        await this.inventoryService
            .reserve(event.payload.items);
        
        // Concern 2: Notifications
        await this.emailService
            .sendConfirmation(event.payload);
        await this.smsService
            .sendConfirmation(event.payload);
        
        // Concern 3: Analytics
        await this.analyticsService
            .trackOrder(event.payload);
        
        // Concern 4: Fraud detection
        await this.fraudService
            .analyze(event.payload);
        
        // Concern 5: Loyalty points
        await this.loyaltyService
            .awardPoints(event.payload);
    }
}

✅ Following SRP

TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
// Focused handlers - each with one job
class InventoryReservationHandler {
    readonly eventTypes = ['OrderPlaced'];
    async handle(event: OrderPlacedEvent) {
        await this.inventoryService
            .reserve(event.payload.items);
    }
}
 
class OrderConfirmationHandler {
    readonly eventTypes = ['OrderPlaced'];
    async handle(event: OrderPlacedEvent) {
        await this.emailService
            .sendConfirmation(event.payload);
        await this.smsService
            .sendConfirmation(event.payload);
    }
}
 
class OrderAnalyticsHandler {
    readonly eventTypes = ['OrderPlaced'];
    async handle(event: OrderPlacedEvent) {
        await this.analyticsService
            .trackOrder(event.payload);
    }
}
 
class FraudDetectionHandler {
    readonly eventTypes = ['OrderPlaced'];
    async handle(event: OrderPlacedEvent) {
        await this.fraudService
            .analyze(event.payload);
    }
}
 
class LoyaltyPointsHandler {
    readonly eventTypes = ['OrderPlaced'];
    async handle(event: OrderPlacedEvent) {
        await this.loyaltyService
            .awardPoints(event.payload);
    }
}

Benefits of Split Handlers

Split handlers provide fault isolation (email failure doesn't block inventory), independent testing (test each concern separately), parallel execution (handlers run concurrently), and independent scaling (high-priority handlers get more resources).

Keep Handlers Fast

Event handlers should execute quickly—typically completing in milliseconds to a few seconds. Long-running handlers create several problems:

Message visibility timeouts — Messages may become visible to other consumers and get processed twice
Consumer lag — Slow handlers can't keep up with event production, causing queues to grow
Resource exhaustion — Long-running handlers hold connections, memory, and worker threads
Cascading delays — Downstream events are delayed, affecting the entire system

Strategies for Keeping Handlers Fast

•Delegate long-running work — Spawn background jobs or workflows for tasks taking more than a few seconds
•Publish and proceed — Instead of waiting for downstream processing, publish an event and return immediately
•Batch external calls — Combine multiple API calls into batch operations where possible
•Cache frequently accessed data — Avoid repeated database lookups for the same data
•Use async I/O — Don't block threads waiting for I/O; use async/await patterns
•Set handler timeouts — Enforce maximum execution time and fail fast if exceeded

fast-handler.ts
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
// Pattern: Delegate long-running work to background jobs
class VideoUploadedHandler implements EventHandler<VideoUploadedEvent> {
    readonly eventTypes = ['VideoUploaded'];
    
    constructor(
        private readonly jobQueue: JobQueue,
        private readonly videoRepo: VideoRepository
    ) {}
    
    async handle(event: VideoUploadedEvent): Promise<void> {
        // Quick database update
        await this.videoRepo.updateStatus(event.payload.videoId, 'processing');
        
        // Delegate transcoding (takes minutes) to background job
        await this.jobQueue.enqueue('transcode-video', {
            videoId: event.payload.videoId,
            sourceUrl: event.payload.sourceUrl,
            formats: ['720p', '1080p', '4k']
        });
        
        // Delegate thumbnail generation
        await this.jobQueue.enqueue('generate-thumbnails', {
            videoId: event.payload.videoId,
            sourceUrl: event.payload.sourceUrl,
            timestamps: [0, 10, 30, 60]
        });
        
        // Handler completes in milliseconds
        // Background jobs will publish events when they complete
    }
}
 
// Pattern: Publish and proceed
class OrderHandler implements EventHandler<OrderPaidEvent> {
    readonly eventTypes = ['OrderPaid'];
    
    constructor(
        private readonly eventBus: EventBus,
        private readonly orderRepo: OrderRepository
    ) {}
    
    async handle(event: OrderPaidEvent): Promise<void> {
        // Quick: Update order status
        await this.orderRepo.updateStatus(event.payload.orderId, 'paid');
        
        // Publish events for other handlers instead of doing everything here
        await this.eventBus.publish({
            type: 'OrderReadyForFulfillment',
            id: generateId(),
            timestamp: new Date(),
            payload: {
                orderId: event.payload.orderId,
                items: event.payload.items
            }
        });
        
        // Handler completes immediately
        // Fulfillment, notification, etc. happen in separate handlers
    }
}

Observability Principles

In event-driven systems, requests span multiple handlers across multiple services. Without proper observability, debugging becomes guesswork. Handlers must emit sufficient telemetry to trace event flow, identify failures, and measure performance.

Observability Pillars for Handlers

•Structured Logging — Include event ID, correlation ID, handler name, duration, and outcome in every log entry. Use JSON format for machine parsing.
•Distributed Tracing — Propagate trace context from event to handler. Create spans for handler execution and all downstream calls.
•Metrics — Track handler invocations, success/failure rates, latency distributions, retry counts, and DLQ volumes.
•Error Tracking — Send exceptions to error tracking services with full context for debugging.
•Health Checks — Report handler health status including queue depth, consumer lag, and circuit breaker states.

observable-handler.ts
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
class ObservableHandler implements EventHandler<OrderEvent> {
    readonly eventTypes = ['OrderPlaced'];
    
    constructor(
        private readonly orderService: OrderService,
        private readonly logger: Logger,
        private readonly metrics: Metrics,
        private readonly tracer: Tracer
    ) {}
    
    async handle(event: OrderEvent): Promise<void> {
        const startTime = Date.now();
        
        // Create trace span
        const span = this.tracer.startSpan('OrderPlacedHandler.handle', {
            attributes: {
                'event.id': event.id,
                'event.type': event.type,
                'order.id': event.payload.orderId,
                'correlation.id': event.metadata?.correlationId
            }
        });
        
        // Structured log entry
        this.logger.info('Handler started', {
            eventId: event.id,
            eventType: event.type,
            orderId: event.payload.orderId,
            correlationId: event.metadata?.correlationId,
            handler: 'OrderPlacedHandler'
        });
        
        try {
            // Create child span for service call
            const serviceSpan = this.tracer.startSpan('orderService.process', {
                parent: span
            });
            
            await this.orderService.process(event.payload);
            
            serviceSpan.end();
            
            // Record success metrics
            const duration = Date.now() - startTime;
            this.metrics.increment('handler.success', {
                handler: 'OrderPlacedHandler',
                eventType: 'OrderPlaced'
            });
            this.metrics.histogram('handler.duration', duration, {
                handler: 'OrderPlacedHandler'
            });
            
            // Success log
            this.logger.info('Handler completed', {
                eventId: event.id,
                orderId: event.payload.orderId,
                durationMs: duration,
                outcome: 'success'
            });
            
            span.setStatus({ code: SpanStatusCode.OK });
            
        } catch (error) {
            const duration = Date.now() - startTime;
            
            // Record failure metrics
            this.metrics.increment('handler.failure', {
                handler: 'OrderPlacedHandler',
                eventType: 'OrderPlaced',
                errorType: error.constructor.name
            });
            
            // Error log with full context
            this.logger.error('Handler failed', {
                eventId: event.id,
                orderId: event.payload.orderId,
                durationMs: duration,
                outcome: 'failure',
                error: error.message,
                stack: error.stack
            });
            
            span.recordException(error);
            span.setStatus({ 
                code: SpanStatusCode.ERROR, 
                message: error.message 
            });
            
            throw error;
            
        } finally {
            span.end();
        }
    }
}

Correlation IDs Are Essential

Include correlation IDs in every log and span. When an order fails fulfillment, you need to trace back through handler logs across services. Without correlation IDs linking related events, debugging distributed failures becomes nearly impossible.

Summary: Handler Design Principles

We've covered the core principles that distinguish robust event handlers from brittle ones. These principles are battle-tested patterns from production systems handling millions of events daily.

Key Takeaways

•Idempotency is non-negotiable — Every handler must safely process duplicate events. Use deduplication stores, conditional updates, or upserts.
•Classify and handle errors explicitly — Distinguish transient errors (retry) from permanent errors (dead-letter). Never swallow exceptions silently.
•Handlers must be autonomous — Self-contained, no shared state, no ordering assumptions. This enables scaling and parallelization.
•Build in resilience — Retries with backoff, circuit breakers, and timeouts protect handlers from cascading failures.
•Single responsibility applies — One handler, one concern. Split fat handlers into focused, independently testable units.
•Keep handlers fast — Delegate long-running work to background jobs. Quick handlers mean healthy queues.
•Invest in observability — Structured logs, distributed tracing, and metrics are essential for debugging distributed systems.

What's next:

With design principles established, we'll explore the architectural decision of single vs multiple handlers for the same event. When should one handler do everything? When should you split into multiple handlers? The next page examines the trade-offs and provides clear guidance for this common design decision.

Page Complete

You now understand the core principles for designing robust event handlers. These principles—idempotency, error handling, autonomy, resilience, and observability—form the foundation for building production-ready event-driven systems.

2 / 4

Loading learning content...

System Design (LLD)Event Handlers

Event Handlers

LevelIntermediate

Duration55 mins

TopicEvent Handlers

2 / 4

Handler Design Principles

The Principles Behind Robust Event Handlers

What You Will Learn

The Idempotency Imperative

The Duplicate Reality

Strategies for achieving idempotency:

Idempotency Strategies

•Natural Idempotency — Some operations are inherently idempotent. Setting a user's email address to 'foo@bar.com' is idempotent; doing it twice has the same effect as once. Design operations to be naturally idempotent when possible.
•Idempotency Keys — Store a unique event ID in a persistent store before processing. On subsequent attempts, check if the ID exists and skip processing. This is the explicit deduplication approach.
•Conditional Updates — Use database constraints, version numbers, or conditional writes to ensure updates only apply if state hasn't changed. 'UPDATE users SET email = ? WHERE id = ? AND version = ?' fails safely on duplicates.
•Upsert Operations — Use INSERT ON CONFLICT or MERGE semantics to create-or-update atomically. Re-processing simply overwrites with the same data.
•Deduplication at the Source — Some message brokers (like Kafka with idempotent producers) can deduplicate at the transport level, though handlers should still implement their own checks.

idempotency-patterns.ts
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
// Idempotency Pattern 1: Explicit Deduplication Store
class IdempotentPaymentHandler implements EventHandler<OrderPaidEvent> {
    readonly eventTypes = ['OrderPaid'];
    
    constructor(
        private readonly paymentService: PaymentService,
        private readonly idempotencyStore: IdempotencyStore,
        private readonly logger: Logger
    ) {}
    
    async handle(event: OrderPaidEvent): Promise<void> {
        // Check for prior processing using event ID
        if (await this.idempotencyStore.hasProcessed(event.id)) {
            this.logger.info('Event already processed, skipping', { eventId: event.id });
            return;
        }
        
        // Process the payment
        await this.paymentService.capturePayment(event.payload.paymentId);
        
        // Mark as processed AFTER successful completion
        await this.idempotencyStore.markProcessed(event.id, {
            processedAt: new Date(),
            orderId: event.payload.orderId
        });
    }
}
 
// Idempotency Pattern 2: Conditional Update with Version
class IdempotentOrderStatusHandler implements EventHandler<OrderShippedEvent> {
    readonly eventTypes = ['OrderShipped'];
    
    constructor(private readonly orderRepo: OrderRepository) {}
    
    async handle(event: OrderShippedEvent): Promise<void> {
        // Conditional update - only applies if order is in 'processing' state
        // Running twice is safe: second attempt finds order in 'shipped' state and fails gracefully
        const updated = await this.orderRepo.updateStatus({
            orderId: event.payload.orderId,
            newStatus: 'shipped',
            expectedCurrentStatus: 'processing', // Precondition
            trackingNumber: event.payload.trackingNumber,
            shippedAt: event.timestamp
        });
        
        if (!updated) {
            // Order wasn't in 'processing' state - either already shipped or invalid transition
            // This is expected on duplicate events - just log and continue
            console.log('Order status update skipped - precondition not met');
        }
    }
}
 
// Idempotency Pattern 3: Upsert with Event ID
class IdempotentProjectionHandler implements EventHandler<UserCreatedEvent> {
    readonly eventTypes = ['UserCreated'];
    
    constructor(private readonly userReadModelRepo: UserReadModelRepository) {}
    
    async handle(event: UserCreatedEvent): Promise<void> {
        // Upsert is naturally idempotent - insert or update if exists
        await this.userReadModelRepo.upsert({
            userId: event.payload.userId, // Natural key
            email: event.payload.email,
            name: event.payload.name,
            createdAt: event.timestamp,
            lastEventId: event.id,
            lastUpdated: new Date()
        });
        
        // Re-processing simply overwrites with the same (or newer) data
    }
}
 
// The IdempotencyStore interface
interface IdempotencyStore {
    hasProcessed(eventId: string): Promise<boolean>;
    markProcessed(eventId: string, metadata?: Record<string, unknown>): Promise<void>;
}
 
// Redis-based implementation
class RedisIdempotencyStore implements IdempotencyStore {
    constructor(
        private readonly redis: Redis,
        private readonly ttlSeconds: number = 7 * 24 * 60 * 60 // 7 days
    ) {}
    
    async hasProcessed(eventId: string): Promise<boolean> {
        const result = await this.redis.get(`idempotency:${eventId}`);
        return result !== null;
    }
    
    async markProcessed(eventId: string, metadata?: Record<string, unknown>): Promise<void> {
        await this.redis.setex(
            `idempotency:${eventId}`,
            this.ttlSeconds,
            JSON.stringify({ processedAt: new Date(), ...metadata })
        );
    }
}

Idempotency Check First

Error Handling Strategies

Error Classification and Response Strategies
Error Type	Examples	Strategy	Handler Action
Transient	Network timeout, database lock, rate limit	Retry with backoff	Throw/rethrow to trigger retry
Permanent	Invalid data, business rule violation	Dead-letter	Log error, send to DLQ, acknowledge message
Poison Message	Unparseable event, schema mismatch	Dead-letter immediately	Don't retry, send to DLQ for investigation
Expected/Graceful	Entity not found (deleted), already processed	Skip silently	Log at info/debug level, return successfully
Infrastructure	Service unavailable, circuit breaker open	Defer processing	Dead-letter with retry-after timestamp

error-handling.ts
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
// Comprehensive error handling in handlers
class RobustOrderHandler implements EventHandler<OrderPlacedEvent> {
    readonly eventTypes = ['OrderPlaced'];
    
    constructor(
        private readonly orderService: OrderService,
        private readonly deadLetterQueue: DeadLetterQueue,
        private readonly logger: Logger,
        private readonly metrics: Metrics
    ) {}
    
    async handle(event: OrderPlacedEvent): Promise<void> {
        try {
            await this.processOrder(event);
            this.metrics.increment('order.handler.success');
            
        } catch (error) {
            await this.handleError(event, error);
        }
    }
    
    private async processOrder(event: OrderPlacedEvent): Promise<void> {
        // Validate event data
        this.validateEvent(event);
        
        // Process the order
        await this.orderService.processOrder(event.payload);
    }
    
    private validateEvent(event: OrderPlacedEvent): void {
        if (!event.payload.orderId) {
            throw new PermanentError('Missing orderId in event payload');
        }
        if (!event.payload.items?.length) {
            throw new PermanentError('Order must have at least one item');
        }
    }
    
    private async handleError(event: OrderPlacedEvent, error: unknown): Promise<void> {
        this.metrics.increment('order.handler.error');
        
        // Classify the error
        if (error instanceof PermanentError) {
            // Permanent errors go straight to dead-letter
            this.logger.error('Permanent error processing order', {
                eventId: event.id,
                orderId: event.payload.orderId,
                error: error.message
            });
            
            await this.deadLetterQueue.send({
                event,
                error: error.message,
                errorType: 'permanent',
                timestamp: new Date()
            });
            
            // Return successfully - don't retry
            return;
        }
        
        if (error instanceof NotFoundError) {
            // Entity not found - likely deleted between event creation and handling
            this.logger.warn('Order not found, may have been deleted', {
                eventId: event.id,
                orderId: event.payload.orderId
            });
            
            // Return successfully - this is expected in eventually consistent systems
            return;
        }
        
        if (error instanceof CircuitBreakerOpenError) {
            // Downstream service unavailable
            this.logger.warn('Downstream service unavailable', {
                eventId: event.id,
                service: error.serviceName
            });
            
            // Dead-letter with retry-after
            await this.deadLetterQueue.send({
                event,
                error: error.message,
                errorType: 'infrastructure',
                retryAfter: new Date(Date.now() + 5 * 60 * 1000), // 5 minutes
                timestamp: new Date()
            });
            
            return;
        }
        
        // Transient or unknown error - rethrow to trigger retry
        this.logger.error('Transient error processing order, will retry', {
            eventId: event.id,
            orderId: event.payload.orderId,
            error: error instanceof Error ? error.message : String(error)
        });
        
        throw error; // Rethrow for retry
    }
}
 
// Custom error types for classification
class PermanentError extends Error {
    constructor(message: string) {
        super(message);
        this.name = 'PermanentError';
    }
}
 
class NotFoundError extends Error {
    constructor(public readonly entityType: string, public readonly entityId: string) {
        super(`${entityType} not found: ${entityId}`);
        this.name = 'NotFoundError';
    }
}
 
class CircuitBreakerOpenError extends Error {
    constructor(public readonly serviceName: string) {
        super(`Circuit breaker open for service: ${serviceName}`);
        this.name = 'CircuitBreakerOpenError';
    }
}

The Dead-Letter Queue (DLQ)

The Autonomous Handler Principle

Autonomy Checklist

•Event contains sufficient data — The handler shouldn't need to query the publisher for additional context. Events should carry all necessary information.
•No shared mutable state — Handlers mustn't communicate through shared variables. Use databases, message queues, or event publishing instead.
•No ordering assumptions — Unless the system explicitly guarantees order, handlers should work correctly regardless of event sequence.
•Independent failure — One handler's failure shouldn't affect other handlers processing the same or different events.
•Stateless execution — Handler instances should be interchangeable. Any instance can process any event.

Non-Autonomous Handler

•Relies on prior handler to prepare state
•Uses static/global variables for communication
•Assumes events arrive in publication order
•Fails if another handler failed first
•Maintains instance-specific state between events

Autonomous Handler

•Gets all needed data from the event itself
•Persists state to databases or external stores
•Uses timestamps/versions to handle reordering
•Succeeds or fails independently of other handlers
•Stateless—any instance can handle any event

autonomous-handler.ts
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
// Autonomous handler - self-contained and independent
class AutonomousInventoryHandler implements EventHandler<OrderPlacedEvent> {
    readonly eventTypes = ['OrderPlaced'];
    
    constructor(
        private readonly inventoryRepo: InventoryRepository,
        private readonly eventBus: EventBus,
        private readonly logger: Logger
    ) {}
    
    async handle(event: OrderPlacedEvent): Promise<void> {
        // The event contains all necessary data - no external queries needed
        const { orderId, items, timestamp } = event.payload;
        
        // Process independently - other handlers' success/failure doesn't affect us
        for (const item of items) {
            // Use timestamp for handling out-of-order events
            const reserved = await this.inventoryRepo.reserveStock({
                sku: item.sku,
                quantity: item.quantity,
                orderId: orderId,
                reservedAt: timestamp,
                // Only reserve if this is newer than existing reservation
                ifNewerThan: await this.getExistingReservationTime(orderId, item.sku)
            });
            
            if (!reserved) {
                // Insufficient stock - this handler publishes its own event
                await this.eventBus.publish({
                    type: 'InventoryReservationFailed',
                    id: generateId(),
                    timestamp: new Date(),
                    payload: { orderId, sku: item.sku, requestedQuantity: item.quantity }
                });
                return;
            }
        }
        
        // Success - publish downstream event
        await this.eventBus.publish({
            type: 'InventoryReserved',
            id: generateId(),
            timestamp: new Date(),
            payload: { orderId, items }
        });
    }
    
    private async getExistingReservationTime(orderId: string, sku: string): Promise<Date | null> {
        const existing = await this.inventoryRepo.findReservation(orderId, sku);
        return existing?.reservedAt ?? null;
    }
}

Fat Events Enable Autonomy

Resilience Patterns for Handlers

TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
class RetryPolicy {
    constructor(
        private readonly maxAttempts: number = 3,
        private readonly baseDelayMs: number = 100,
        private readonly maxDelayMs: number = 10000
    ) {}
    
    async execute<T>(operation: () => Promise<T>): Promise<T> {
        let lastError: Error | undefined;
        
        for (let attempt = 1; attempt <= this.maxAttempts; attempt++) {
            try {
                return await operation();
            } catch (error) {
                lastError = error as Error;
                
                if (attempt === this.maxAttempts) {
                    break; // No more retries
                }
                
                if (!this.isRetryable(error)) {
                    break; // Non-retryable error
                }
                
                // Calculate delay with exponential backoff + jitter
                const delay = Math.min(
                    this.baseDelayMs * Math.pow(2, attempt - 1) + Math.random() * 100,
                    this.maxDelayMs
                );
                
                console.log(`Attempt ${attempt} failed, retrying in ${delay}ms`);
                await this.sleep(delay);
            }
        }
        
        throw lastError;
    }
    
    private isRetryable(error: unknown): boolean {
        // Retry network errors, timeouts, rate limits
        if (error instanceof Error) {
            const message = error.message.toLowerCase();
            return message.includes('timeout') ||
                   message.includes('network') ||
                   message.includes('rate limit') ||
                   message.includes('503') ||
                   message.includes('429');
        }
        return false;
    }
    
    private sleep(ms: number): Promise<void> {
        return new Promise(resolve => setTimeout(resolve, ms));
    }
}
 
// Usage in handler
class ResilientHandler implements EventHandler<SomeEvent> {
    private readonly retryPolicy = new RetryPolicy(3, 100, 5000);
    
    async handle(event: SomeEvent): Promise<void> {
        await this.retryPolicy.execute(async () => {
            await this.externalService.call(event.payload);
        });
    }
}

Single Responsibility for Handlers

Signs a handler is doing too much:

The handle method is longer than ~50 lines
Multiple unrelated if/else branches
Several different dependencies used for different purposes
Changes to one feature require modifying the same handler as unrelated features
Handler name includes "And" (SendEmailAndUpdateInventoryHandler)

The remedy: Split into multiple focused handlers that each subscribe to the same event.

❌ Violating SRP

TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
// Fat handler doing too many things
class OrderPlacedHandler {
    async handle(event: OrderPlacedEvent) {
        // Concern 1: Inventory
        await this.inventoryService
            .reserve(event.payload.items);
        
        // Concern 2: Notifications
        await this.emailService
            .sendConfirmation(event.payload);
        await this.smsService
            .sendConfirmation(event.payload);
        
        // Concern 3: Analytics
        await this.analyticsService
            .trackOrder(event.payload);
        
        // Concern 4: Fraud detection
        await this.fraudService
            .analyze(event.payload);
        
        // Concern 5: Loyalty points
        await this.loyaltyService
            .awardPoints(event.payload);
    }
}

✅ Following SRP

TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
// Focused handlers - each with one job
class InventoryReservationHandler {
    readonly eventTypes = ['OrderPlaced'];
    async handle(event: OrderPlacedEvent) {
        await this.inventoryService
            .reserve(event.payload.items);
    }
}
 
class OrderConfirmationHandler {
    readonly eventTypes = ['OrderPlaced'];
    async handle(event: OrderPlacedEvent) {
        await this.emailService
            .sendConfirmation(event.payload);
        await this.smsService
            .sendConfirmation(event.payload);
    }
}
 
class OrderAnalyticsHandler {
    readonly eventTypes = ['OrderPlaced'];
    async handle(event: OrderPlacedEvent) {
        await this.analyticsService
            .trackOrder(event.payload);
    }
}
 
class FraudDetectionHandler {
    readonly eventTypes = ['OrderPlaced'];
    async handle(event: OrderPlacedEvent) {
        await this.fraudService
            .analyze(event.payload);
    }
}
 
class LoyaltyPointsHandler {
    readonly eventTypes = ['OrderPlaced'];
    async handle(event: OrderPlacedEvent) {
        await this.loyaltyService
            .awardPoints(event.payload);
    }
}

Benefits of Split Handlers

Keep Handlers Fast

Event handlers should execute quickly—typically completing in milliseconds to a few seconds. Long-running handlers create several problems:

Message visibility timeouts — Messages may become visible to other consumers and get processed twice
Consumer lag — Slow handlers can't keep up with event production, causing queues to grow
Resource exhaustion — Long-running handlers hold connections, memory, and worker threads
Cascading delays — Downstream events are delayed, affecting the entire system

Strategies for Keeping Handlers Fast

•Delegate long-running work — Spawn background jobs or workflows for tasks taking more than a few seconds
•Publish and proceed — Instead of waiting for downstream processing, publish an event and return immediately
•Batch external calls — Combine multiple API calls into batch operations where possible
•Cache frequently accessed data — Avoid repeated database lookups for the same data
•Use async I/O — Don't block threads waiting for I/O; use async/await patterns
•Set handler timeouts — Enforce maximum execution time and fail fast if exceeded

fast-handler.ts
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
// Pattern: Delegate long-running work to background jobs
class VideoUploadedHandler implements EventHandler<VideoUploadedEvent> {
    readonly eventTypes = ['VideoUploaded'];
    
    constructor(
        private readonly jobQueue: JobQueue,
        private readonly videoRepo: VideoRepository
    ) {}
    
    async handle(event: VideoUploadedEvent): Promise<void> {
        // Quick database update
        await this.videoRepo.updateStatus(event.payload.videoId, 'processing');
        
        // Delegate transcoding (takes minutes) to background job
        await this.jobQueue.enqueue('transcode-video', {
            videoId: event.payload.videoId,
            sourceUrl: event.payload.sourceUrl,
            formats: ['720p', '1080p', '4k']
        });
        
        // Delegate thumbnail generation
        await this.jobQueue.enqueue('generate-thumbnails', {
            videoId: event.payload.videoId,
            sourceUrl: event.payload.sourceUrl,
            timestamps: [0, 10, 30, 60]
        });
        
        // Handler completes in milliseconds
        // Background jobs will publish events when they complete
    }
}
 
// Pattern: Publish and proceed
class OrderHandler implements EventHandler<OrderPaidEvent> {
    readonly eventTypes = ['OrderPaid'];
    
    constructor(
        private readonly eventBus: EventBus,
        private readonly orderRepo: OrderRepository
    ) {}
    
    async handle(event: OrderPaidEvent): Promise<void> {
        // Quick: Update order status
        await this.orderRepo.updateStatus(event.payload.orderId, 'paid');
        
        // Publish events for other handlers instead of doing everything here
        await this.eventBus.publish({
            type: 'OrderReadyForFulfillment',
            id: generateId(),
            timestamp: new Date(),
            payload: {
                orderId: event.payload.orderId,
                items: event.payload.items
            }
        });
        
        // Handler completes immediately
        // Fulfillment, notification, etc. happen in separate handlers
    }
}

Observability Principles

Observability Pillars for Handlers

•Structured Logging — Include event ID, correlation ID, handler name, duration, and outcome in every log entry. Use JSON format for machine parsing.
•Distributed Tracing — Propagate trace context from event to handler. Create spans for handler execution and all downstream calls.
•Metrics — Track handler invocations, success/failure rates, latency distributions, retry counts, and DLQ volumes.
•Error Tracking — Send exceptions to error tracking services with full context for debugging.
•Health Checks — Report handler health status including queue depth, consumer lag, and circuit breaker states.

observable-handler.ts
TypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
class ObservableHandler implements EventHandler<OrderEvent> {
    readonly eventTypes = ['OrderPlaced'];
    
    constructor(
        private readonly orderService: OrderService,
        private readonly logger: Logger,
        private readonly metrics: Metrics,
        private readonly tracer: Tracer
    ) {}
    
    async handle(event: OrderEvent): Promise<void> {
        const startTime = Date.now();
        
        // Create trace span
        const span = this.tracer.startSpan('OrderPlacedHandler.handle', {
            attributes: {
                'event.id': event.id,
                'event.type': event.type,
                'order.id': event.payload.orderId,
                'correlation.id': event.metadata?.correlationId
            }
        });
        
        // Structured log entry
        this.logger.info('Handler started', {
            eventId: event.id,
            eventType: event.type,
            orderId: event.payload.orderId,
            correlationId: event.metadata?.correlationId,
            handler: 'OrderPlacedHandler'
        });
        
        try {
            // Create child span for service call
            const serviceSpan = this.tracer.startSpan('orderService.process', {
                parent: span
            });
            
            await this.orderService.process(event.payload);
            
            serviceSpan.end();
            
            // Record success metrics
            const duration = Date.now() - startTime;
            this.metrics.increment('handler.success', {
                handler: 'OrderPlacedHandler',
                eventType: 'OrderPlaced'
            });
            this.metrics.histogram('handler.duration', duration, {
                handler: 'OrderPlacedHandler'
            });
            
            // Success log
            this.logger.info('Handler completed', {
                eventId: event.id,
                orderId: event.payload.orderId,
                durationMs: duration,
                outcome: 'success'
            });
            
            span.setStatus({ code: SpanStatusCode.OK });
            
        } catch (error) {
            const duration = Date.now() - startTime;
            
            // Record failure metrics
            this.metrics.increment('handler.failure', {
                handler: 'OrderPlacedHandler',
                eventType: 'OrderPlaced',
                errorType: error.constructor.name
            });
            
            // Error log with full context
            this.logger.error('Handler failed', {
                eventId: event.id,
                orderId: event.payload.orderId,
                durationMs: duration,
                outcome: 'failure',
                error: error.message,
                stack: error.stack
            });
            
            span.recordException(error);
            span.setStatus({ 
                code: SpanStatusCode.ERROR, 
                message: error.message 
            });
            
            throw error;
            
        } finally {
            span.end();
        }
    }
}

Correlation IDs Are Essential

Summary: Handler Design Principles

We've covered the core principles that distinguish robust event handlers from brittle ones. These principles are battle-tested patterns from production systems handling millions of events daily.

Key Takeaways

•Idempotency is non-negotiable — Every handler must safely process duplicate events. Use deduplication stores, conditional updates, or upserts.
•Classify and handle errors explicitly — Distinguish transient errors (retry) from permanent errors (dead-letter). Never swallow exceptions silently.
•Handlers must be autonomous — Self-contained, no shared state, no ordering assumptions. This enables scaling and parallelization.
•Build in resilience — Retries with backoff, circuit breakers, and timeouts protect handlers from cascading failures.
•Single responsibility applies — One handler, one concern. Split fat handlers into focused, independently testable units.
•Keep handlers fast — Delegate long-running work to background jobs. Quick handlers mean healthy queues.
•Invest in observability — Structured logs, distributed tracing, and metrics are essential for debugging distributed systems.

What's next:

Page Complete

2 / 4