moonming/a6-recipe-circuit-breaker
skills/a6-recipe-circuit-breaker/SKILL.md
Recipe skill for implementing circuit breaker patterns using the a6 CLI. Covers the api-breaker plugin for automatic upstream circuit breaking, configuring unhealthy thresholds, healthy recovery, response code classification, and integration with health checks.
tools
Updated Apr 21, 2026
$ install --global
skillsauthnpx skillsauth add moonming/a6 a6-recipe-circuit-breakerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 30, 2026, 1:05 PM20.9s1 file scanned
SKILL.md
- name:
- a6-recipe-circuit-breaker
- description:
- >-
- version:
- 1.0.0
- author:
- Apache APISIX Contributors
- license:
- Apache-2.0
- category:
- recipe
- apisix_version:
- >=3.0.0
- plugin_name:
- api-breaker
a6-recipe-circuit-breaker
Overview
A circuit breaker prevents cascading failures by detecting unhealthy upstream services and temporarily stopping requests to them. When the upstream returns too many errors, the circuit "opens" and APISIX returns errors immediately without forwarding requests. After a cooldown period, it "half-opens" to test if the upstream has recovered.
APISIX implements this via the api-breaker plugin, which tracks response
status codes and manages circuit state automatically.
When to Use
- Protect your API from cascading failures when an upstream goes down
- Automatically stop sending traffic to failing backends
- Allow failing services time to recover before retrying
- Return fast error responses instead of waiting for timeouts
Circuit Breaker States
┌─────────┐
│ CLOSED │ ← Normal operation: requests flow through
│(healthy) │
└────┬─────┘
│ Error count exceeds threshold
▼
┌─────────┐
│ OPEN │ ← Breaker tripped: returns 502 immediately
│(tripped) │
└────┬─────┘
│ After cooldown period
▼
┌──────────┐
│HALF-OPEN │ ← Test: allows one request through
│ (testing) │
└─────┬────┘
│
┌───────┴───────┐
│ │
Success Failure
│ │
▼ ▼
CLOSED OPEN (longer cooldown)
Plugin Configuration Reference
| Field | Type | Required | Default | Description |
|-------|------|----------|---------|-------------|
| break_response_code | integer | Yes | — | HTTP status code returned when circuit is open (e.g., 502, 503). |
| break_response_body | string | No | — | Response body returned when circuit is open. |
| break_response_headers | array[object] | No | — | Response headers when circuit is open. Format: [{"key": "name", "value": "val"}]. |
| unhealthy.http_statuses | array[integer] | No | [500] | HTTP status codes from upstream that count as unhealthy. |
| unhealthy.failures | integer | No | 3 | Number of consecutive unhealthy responses before opening the circuit. |
| healthy.http_statuses | array[integer] | No | [200] | HTTP status codes from upstream that count as healthy (for recovery). |
| healthy.successes | integer | No | 3 | Number of consecutive healthy responses to close the circuit. |
| max_breaker_sec | integer | No | 300 | Maximum circuit-open duration in seconds. Cooldown doubles each time but caps here. |
Breaker Timing
When the circuit opens:
- First open: 2 seconds cooldown
- If it opens again: 4 seconds (doubles)
- Next: 8 seconds, 16 seconds, ...
- Caps at
max_breaker_sec(default 300s = 5 minutes)
During cooldown, all requests get the break_response_code immediately.
Step-by-Step: Enable Circuit Breaker
1. Basic circuit breaker
a6 route create -f - <<'EOF'
{
"id": "protected-api",
"uri": "/api/*",
"plugins": {
"api-breaker": {
"break_response_code": 502,
"unhealthy": {
"http_statuses": [500, 502, 503],
"failures": 3
},
"healthy": {
"http_statuses": [200],
"successes": 3
},
"max_breaker_sec": 300
}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"backend:8080": 1
}
}
}
EOF
After 3 consecutive 500/502/503 responses, the circuit opens and returns 502 immediately. After cooldown, it tests with one request. If 3 consecutive 200s come back, the circuit closes and normal operation resumes.
2. Circuit breaker with custom error body
a6 route create -f - <<'EOF'
{
"id": "api-with-error-body",
"uri": "/api/*",
"plugins": {
"api-breaker": {
"break_response_code": 503,
"break_response_body": "{\"error\": \"service temporarily unavailable\", \"retry_after\": 30}",
"break_response_headers": [
{"key": "Content-Type", "value": "application/json"},
{"key": "Retry-After", "value": "30"}
],
"unhealthy": {
"http_statuses": [500, 502, 503, 504],
"failures": 5
},
"healthy": {
"http_statuses": [200, 201, 204],
"successes": 2
},
"max_breaker_sec": 60
}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"backend:8080": 1
}
}
}
EOF
3. Sensitive circuit breaker (trips on first error)
{
"plugins": {
"api-breaker": {
"break_response_code": 503,
"unhealthy": {
"http_statuses": [500, 502, 503],
"failures": 1
},
"healthy": {
"http_statuses": [200],
"successes": 1
},
"max_breaker_sec": 30
}
}
}
Trips on the very first 5xx error. Recovers after one successful response.
Combining with Health Checks
For production, combine the circuit breaker with upstream health checks. The circuit breaker handles per-route protection while health checks manage per-node health at the upstream level.
# Create upstream with health checks
a6 upstream create -f - <<'EOF'
{
"id": "monitored-backend",
"type": "roundrobin",
"nodes": {
"backend-1:8080": 1,
"backend-2:8080": 1
},
"checks": {
"active": {
"type": "http",
"http_path": "/health",
"healthy": {
"interval": 5,
"successes": 2
},
"unhealthy": {
"interval": 3,
"http_failures": 3
}
}
}
}
EOF
# Create route with circuit breaker
a6 route create -f - <<'EOF'
{
"id": "api",
"uri": "/api/*",
"plugins": {
"api-breaker": {
"break_response_code": 503,
"unhealthy": {
"http_statuses": [500, 502, 503],
"failures": 3
},
"healthy": {
"http_statuses": [200],
"successes": 3
}
}
},
"upstream_id": "monitored-backend"
}
EOF
Config Sync Example
version: "1"
routes:
- id: protected-api
uri: /api/*
plugins:
api-breaker:
break_response_code: 503
break_response_body: '{"error": "service unavailable"}'
break_response_headers:
- key: Content-Type
value: application/json
- key: Retry-After
value: "30"
unhealthy:
http_statuses: [500, 502, 503]
failures: 3
healthy:
http_statuses: [200]
successes: 3
max_breaker_sec: 300
upstream_id: backend
upstreams:
- id: backend
type: roundrobin
nodes:
"backend:8080": 1
Troubleshooting
| Symptom | Cause | Fix |
|---------|-------|-----|
| Circuit never opens | unhealthy.http_statuses doesn't include the error code | Add the actual error codes your upstream returns |
| Circuit stays open too long | max_breaker_sec too high | Lower max_breaker_sec for faster recovery |
| Circuit flaps open/closed | Threshold too low with intermittent errors | Increase unhealthy.failures threshold |
| 502 from APISIX (not circuit breaker) | Upstream truly unreachable (connection refused) | Connection errors also count toward unhealthy threshold |
| Recovery too slow | healthy.successes too high | Lower healthy.successes for faster recovery |
Related Skills
moonming/a6-shared
tools
VerifiedTrustedCommunity
Core skill for working with the a6 CLI — the Apache APISIX command-line tool. Provides project conventions, command patterns, architecture overview, and development workflow. Load this skill when working on a6 source code, adding new commands, writing tests, or modifying any a6 component.
SKILL.mdUpdated Apr 21, 2026
moonming/a6-recipe-multi-tenant
tools
VerifiedTrustedCommunity
Recipe skill for implementing multi-tenant API gateway patterns using the a6 CLI. Covers tenant isolation via Consumer Groups, host/path/header-based routing, per-tenant rate limiting, context forwarding with proxy-rewrite, and declarative config sync workflows for multi-tenant management.
SKILL.mdUpdated Apr 21, 2026
moonming/a6-recipe-mtls
tools
VerifiedTrustedCommunity
Recipe skill for configuring mutual TLS (mTLS) using the a6 CLI. Covers SSL certificate management, upstream mTLS to backend services, client certificate verification, and end-to-end mTLS setup from client through APISIX to upstream.
SKILL.mdUpdated Apr 21, 2026
moonming/a6-recipe-health-check
tools
VerifiedTrustedCommunity
Recipe skill for configuring upstream health checks using the a6 CLI. Covers active health checks (HTTP probing), passive health checks (response analysis), combining both, configuring healthy/unhealthy thresholds, and monitoring upstream node status.
SKILL.mdUpdated Apr 21, 2026