Some dependencies are expensive to initialize (TLS-heavy clients, large config loads, SDKs that fetch metadata). I use sync.Once to ensure initialization happens exactly once, even under concurrent access. The important detail is capturing the initial

When an outbound call is slow, it’s not always the server—it can be DNS, connection reuse, or TLS handshakes. net/http/httptrace lets you instrument a single request and see exactly where time is going. I attach a trace to the request context and reco

I generally prefer running migrations in a separate release step, but for smaller deployments it’s sometimes pragmatic to run them at startup. The failure mode to avoid is “every instance runs migrations at once.” The pattern here uses Postgres adviso

Prepared statements are useful when the same query runs in hot loops, but they come with lifecycle responsibilities. I prepare once (usually at startup), store the *sql.Stmt, and always close it on shutdown. The important detail is still using QueryRo

bufio.Scanner is great until it isn’t: by default it refuses tokens larger than 64K, which makes it a bad fit for long log lines or large JSON records. The failure mode is subtle—scan stops and Err() returns a token-too-long error. For production log

CSV imports are where memory usage quietly explodes if you read everything at once. I stream rows with encoding/csv, validate each record, and batch inserts to keep DB overhead low. The important detail is backpressure: if the database is slow, the im

Time parsing bugs are common in APIs: clients send different formats, empty strings, or timezone-less values. I like making time parsing explicit by wrapping time.Time and implementing UnmarshalJSON. The wrapper accepts RFC3339, treats null as “unset,

For gRPC services, GracefulStop is ideal because it allows in-flight RPCs to finish, but it can hang if handlers ignore cancellation or if clients never close streams. I wrap shutdown in a deadline: call GracefulStop in a goroutine, and if it doesn’t

For internal service-to-service calls, mutual TLS is a pragmatic way to get strong identity without bespoke auth headers. The main pitfalls are certificate rotation and trust configuration. I build a x509.CertPool from a dedicated internal CA, load a

For transactional email, the reliability problem is usually latency and retries, not MIME formatting. I prefer an HTTP email provider because requests are easy to bound with context.WithTimeout and easier to observe than raw SMTP. The code below build

YAML configuration is convenient, but it’s also a footgun when typos silently get ignored. I enable KnownFields(true) so unknown keys cause an error, which turns “silent misconfig” into a fast failure. That is especially useful during refactors when f

Even in API-heavy systems, I occasionally render HTML emails or a lightweight admin page. I always use html/template (not text/template) so content is escaped by default, which prevents accidental XSS when variables contain user input. I also keep tem