Skip to content

Week 24 - Capstone Integration, Defense, Final Hardening

24.1 Conceptual Core

The final week is integration, not new material. Bring your chosen capstone (see CAPSTONE_PROJECTS.md) to production-defensible quality.

24.2 The Final Hardening Checklist

By now, every previous module has fed the hardening/ template. Roll it up into one final release-checklist.md:

  • gofmt, go vet, golangci-lint run clean (zero findings, all nolint annotations have a documented reason).
  • All tests pass under - race -count=10`.
  • Fuzz harnesses for every parser/serializer; CI runs them for ≥30s per fuzzer.
  • goleak passes for every package using goroutines.
  • PGO applied; benchmark deltas committed.
  • pprof endpoints behind admin port + auth; documented.
  • OTel traces, Prometheus metrics, slog JSON logs-wired and tested.
  • GOMEMLIMIT set from cgroup memory at startup.
  • runtime.SetMaxStack set to a sane bound (default 1 GiB is too lenient).
  • Cross-compilation matrix green: linux/amd64, linux/arm64, darwin/arm64 minimum.
  • Build is reproducible: - trimpath, pinned toolchain, deterministicDockerfile`.
  • Binary size optimized: - ldflags="-s -w", optionallyupx` if startup time is irrelevant (rarely worth it).
  • SBOM generated (cyclonedx-gomod); release artifacts signed (cosign).
  • RUNBOOK.md, THREAT_MODEL.md, ADRs (≥3), and SECURITY.md present.
  • On-call alarms wired to the metrics that matter (p99 latency, error rate, goroutine count, GC pause p99, memory headroom).

24.3 Lab-"Defend the Design"

Schedule a 45-minute mock review with a senior peer (or record yourself). Present: - The architecture diagram. - One slide per non-obvious decision (e.g., "why etcd-io/raft over hashicorp/raft", "why Pebble over BoltDB", "why server-streaming over polling"). - A live demo of the test suite ( - race`, fuzzing, integration). - A live demo of the observability stack (Jaeger, Prometheus, pprof). - A live demo of fault tolerance (kill the leader, watch recovery).

The deliverable is the defense, not the slides. If you cannot answer "what is the worst-case write latency under leader change?" or "what is your goroutine count under 10× load?", you have not yet finished the curriculum.

24.4 Idiomatic & golangci-lint Drill

  • Final pass: golangci-lint run --enable-all --disable=lll,wsl --timeout=10m. Either fix or //nolint:linter // reason with a justification. Zero unjustified suppressions.

24.5 Production Hardening Slice

  • Tag the capstone repo v1.0.0. Generate a release artifact with goreleaser. Sign with cosign. Publish a CHANGELOG. The final commit hash is the artifact you reference on your resume.

Month 6 Deliverable

The chosen capstone (see CAPSTONE_PROJECTS.md)-running, defensible, hardened. Plus the hardening/ template, now a publishable Go-module starter under your name.

You are done. The next steps are no longer pedagogical; they are professional.

Comments