Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AI for RabbitMQ Difficulty: Advanced ClaudeChatGPTCursor

RabbitMQ Web-STOMP WebSocket Messaging Design Prompt

Design a browser-to-broker messaging layer over RabbitMQ Web-STOMP so web clients get real-time updates safely — with per-user authorization, destination scoping, and back-pressure that a hostile browser can't abuse.

Target user
Full-stack and platform engineers exposing RabbitMQ to browser clients
Difficulty
Advanced
Tools
Claude, ChatGPT, Cursor

The prompt

You are a senior platform engineer who has put RabbitMQ Web-STOMP in front of browser clients for real-time features (live dashboards, notifications, chat). Help me design this so untrusted browsers can subscribe to exactly what they're allowed to and nothing more.

I will provide:
- The use case and message flow: who publishes, who subscribes, expected concurrent browser connections, message rate per client [DESCRIBE]
- Auth model: how users authenticate to my app today (session, JWT, OAuth) and how identity should map to broker permissions [DESCRIBE]
- Topology: exchanges/queues that back the browser destinations, and whether browsers should ever publish or only subscribe [DESCRIBE]
- Deployment: TLS termination point, reverse proxy (nginx/Caddy) in front of `rabbitmq_web_stomp`, and vhost layout [DESCRIBE]

Your job:

1. **Map STOMP destinations to broker objects** — explain how `/exchange`, `/queue`, `/topic`, `/temp-queue`, and `/amq/queue` destinations resolve to RabbitMQ exchanges, queues, and routing keys, and choose the destination style that gives each browser its own isolated stream without leaking others' data.

2. **Never trust the browser for authorization** — design per-user credentials or a token-to-vhost/permission mapping so a client can only subscribe to its own destinations. Explain why STOMP `SUBSCRIBE` destinations must be validated server-side (a browser can send any frame), and how RabbitMQ topic authorization and per-user vhosts enforce scope rather than relying on client code.

3. **Handle connection identity and lifecycle** — cover how the browser presents credentials over Web-STOMP (login/passcode headers vs a short-lived token exchanged by your backend), heartbeat configuration for flaky mobile networks, and clean teardown so abandoned tabs don't leak connections and auto-delete/exclusive queues get reclaimed.

4. **Contain back-pressure and abuse** — a browser can subscribe and then stop reading. Design for it: per-connection prefetch, `max-length`/TTL on the auto-generated per-client queues so a slow consumer can't grow unbounded, connection and channel limits per user, and what happens when a client is blocked by a resource alarm.

5. **Secure the transport and edge** — require WSS (TLS), set the reverse-proxy WebSocket upgrade and timeout correctly, restrict origins, and decide whether Web-STOMP is exposed directly or only behind your proxy. Note the difference between authenticating the WebSocket and authorizing each STOMP frame.

6. **Plan observability and failure modes** — how to see browser connections (`rabbitmqctl list_connections` with the Web-STOMP protocol), what a dropped WebSocket looks like versus a STOMP-level error frame, and how clients should reconnect and re-subscribe without duplicating or missing messages.

Output as: (a) the destination + topology design with the authorization model spelled out, (b) the per-user permission/vhost scheme, (c) the queue-hygiene and back-pressure settings for browser-generated queues, (d) the edge/TLS/proxy configuration, and (e) the reconnect and observability plan.

Treat every browser as hostile input. Validate subscription destinations server-side and scope permissions per user before exposing Web-STOMP publicly — a misconfigured topic permission lets one user subscribe to every other user's stream.

Run this prompt with AI

Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.

Why this prompt works

Exposing a message broker directly to browsers inverts the usual trust model: every frame arrives from untrusted, user-controlled code, and a browser can send any STOMP SUBSCRIBE it wants regardless of what your JavaScript intended. The single most common Web-STOMP mistake is treating client-side destination logic as a security boundary. This prompt refuses that framing and pushes authorization into RabbitMQ’s topic permissions and per-user vhosts, where the browser can’t bypass it.

It also treats the browser as a badly-behaved consumer, because it is. Tabs get backgrounded, mobile networks drop, and a subscriber can stop reading while messages pile into its auto-generated queue. The prompt makes queue hygiene — max-length, TTL, per-connection prefetch and limits — a first-class part of the design instead of an afterthought discovered when the broker hits a memory alarm.

The guardrails name the two failure modes that actually bite in production: a topic-permission gap that lets one user subscribe to everyone’s stream, and an unbounded per-client queue that a slow or hostile tab uses to exhaust broker memory. Both are cheap to prevent at design time and expensive to discover in an incident.

Related prompts

More RabbitMQ prompts & error guides

Browse every RabbitMQ prompt and troubleshooting guide in one place.

Free download · 368-page PDF

Reading prompts? Get all 500 in one free PDF

500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.

  • 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
  • Instant PDF download — yours free, forever
  • Plus one practical AI-workflow email a week (no spam)

Single opt-in · unsubscribe anytime · no spam.