Production breaks at 2 AM. Your cloud portal shows 5,000 messages in the Dead-Letter Queue — but you can't read their bodies or search them without writing throwaway scripts. You manually sample messages one by one, spending hours on what should take minutes.
ServiceHub is an ultra-fast, self-hosted web application that gives engineers full forensic visibility into their cloud message queues — like a debugger, but for Azure Service Bus, AWS SQS/SNS, and GCP Pub/Sub.
Your cloud console shows you counts. ServiceHub shows you answers.
Important
Built for strict environments. Read-only by default (Peek, never consume) · connection strings AES-GCM-256 encrypted at rest · zero external calls by default — pattern analysis runs entirely in your browser and no message data ever leaves your network (telemetry is opt-in and disabled unless you enable it) · destructive actions (replay, send) blocked on production namespaces. Details in Security.
Tip
No credentials? Try the built-in Simulator Mode — runs 3 synthetic namespaces (Azure + AWS + GCP) with 50 seeded messages each. No cloud account needed.
| Capability | Standard Cloud Portals | ServiceHub |
|---|---|---|
| View message body & content | ❌ Count only | ✅ Full body + syntax highlighting |
| Search across message content | ❌ Not available | ✅ Real-time full-text search |
| Dead-letter queue investigation | ❌ One at a time | ✅ Batch analysis + AI patterns |
| AI pattern detection | ❌ Not available | ✅ Client-side clustering, zero data sent |
| Replay from DLQ | ❌ Not available | ✅ One-click or auto-replay rules |
| Delete a single message | ❌ Not available | ✅ Purge (AWS & GCP; Azure SDK has no single-message delete) |
| Multi-namespace support | ❌ Portal only | ✅ Manage multiple connections |
| Correlation ID tracing | ❌ Not available | ✅ Trace journeys across all queues |
| Scheduled message management | ❌ Not available | ✅ View, reschedule, and cancel |
| Cross-cloud message trace | ❌ Not available | ✅ Trace a message across Azure + AWS + GCP |
Everything below serves three jobs: Investigate the failure, Recover the messages, Prevent the repeat. ServiceHub's deepest and most mature features are built natively for Azure Service Bus.
Enter your connection string once and you're browsing messages instantly. Supports Listen-only (read-only), Send, and Manage policies. Connection strings are AES-GCM encrypted at rest — no plain-text secrets stored anywhere.
Browse Active and Dead-Letter queue messages side by side. See full message previews, status badges, enqueue times, and metadata in a virtualized grid that handles thousands of records without breaking a sweat. Auto-refresh every 7 seconds keeps your view live during incidents.
Click any message for complete forensic analysis:
- Body — Full JSON/XML with syntax highlighting and one-click copy.
- Properties — Message ID, sequence number, TTL, delivery count, enqueue time.
- Headers — All custom application properties and correlation IDs.
- AI Insights — Pattern context and remediation hints, computed entirely in-browser.
Click AI Findings to see error pattern clusters detected across your current queue view. The engine groups messages by error type, calculates confidence scores, and surfaces the most impactful clusters — so you know exactly where to look first.
Note
Zero-trust privacy: All analysis runs entirely in your browser. No message content ever leaves your environment.
Select the Dead-Letter tab to inspect failed messages in full. Each DLQ message shows exactly why the broker moved it, the full error text, the assessment in plain English, and one-click actions: Replay it back to the main queue after fixing the root cause, or Purge it permanently (AWS & GCP — Azure's SDK has no reliable single-message delete, so the action is disabled there rather than pretending).
DLQ Intelligence automatically scans your dead-letter queues and stores every finding in a local SQLite database — so you can track failures over time, not just during the current session. Features include a 30-day trend chart, auto-categorization (Transient, MaxDelivery, Expired, DataQuality, Authorization), and CSV/JSON exports.
Define rules that watch DLQ messages and automatically replay them when conditions match. Recover from common failures without manual intervention.
- AI-generated rules or pre-built templates for timeouts and throttles.
- Flexible matching by DLQ reason, error description, entity, delivery count, or regex.
- Safety controls with rate limiting to prevent overwhelming downstream services.
Search across message body, properties, and headers instantly. Filter 1,000+ messages down to exactly what you need in under a second. Paste any Correlation ID to trace a message's full journey across all queues, topics, and namespaces.
See every message queued for future delivery. Reschedule or cancel individual messages directly from the UI.
ServiceHub extends beyond Azure Service Bus to support AWS SQS/SNS and GCP Pub/Sub via the Cloud Bridge.
| Provider | Status | Browse & Search | Dead-Letter | Replay | Purge | Send & Test Tools³ | Cross-Cloud Trace |
|---|---|---|---|---|---|---|---|
| Azure Service Bus | ✅ GA | ✅ | ✅ | ✅ | — (SDK limitation) | ✅ | ✅ |
| AWS SQS / SNS | 🔶 Preview | ✅ | ✅ (redrive DLQ) | ✅ | ✅ | ✅ | ✅¹ |
| GCP Pub/Sub | 🔶 Preview | ✅ | ✅ peek (nack/ack deadline)² | ✅ | ✅ | ✅ | ✅¹ |
¹ Cross-Cloud Trace searches any namespace whose provider is registered in the API's dependency-injection container. Azure is always registered; AWS/GCP registration is disabled by default in this build — use Simulator mode, or register the provider, to exercise AWS/GCP trace search.
² GCP Pub/Sub dead-lettering is policy-driven via MaxDeliveryAttempts; ServiceHub reads the DLQ through the subscription's configured dead-letter topic, and its test tooling moves messages there by republishing through the subscription's dead-letter policy. Message counts are unavailable via the Pub/Sub API and are reported as 0.
³ Test tools (send a message, generate realistic test data, push messages to the DLQ) are available only on DEV namespaces with a Manage-level connection — never in UAT or production.
Connect namespaces from two or more cloud providers and use Multi-Cloud Trace to trace a single Correlation ID or message GUID as it routes from Azure
| Feature | Preview |
|---|---|
| Connect Page | ![]() |
| Message Browser | ![]() |
| Message Detail (JSON) | ![]() |
| DLQ Investigation | ![]() |
| AI Pattern Findings | ![]() |
| DLQ Intelligence | ![]() |
| Auto-Replay Rules | ![]() |
| Correlation Explorer | ![]() |
| Scheduled Messages | ![]() |
| System Health | ![]() |
Problem: 5,000 orders stuck in Dead-Letter Queue. Azure Portal shows counts only. With ServiceHub:
- Browse all 5,000 DLQ messages in seconds.
- AI detects 3 error clusters: Payment Timeout (40%), Invalid Address (35%), Duplicate (25%).
- Create an auto-replay rule for Payment Timeout
$\rightarrow$ replay 2,000 messages automatically. Time saved: 6 hours$\rightarrow$ 45 minutes.
Problem: Customer reports order never processed. Which queue did it land in? With ServiceHub:
- Open Correlation Explorer.
- Paste the order's Correlation ID.
- Trace the message journey across all queues and namespaces in one search.
Time saved: 30 minutes
$\rightarrow$ 30 seconds.
Problem: Need 100 realistic failure scenarios to test error handling. With ServiceHub:
- Open Message Generator
$\rightarrow$ select Payment Gateway scenario. - Generate 100 messages with 30% anomaly rate.
- Verify DLQ behavior and error handling.
Time saved: Hours of manual test data
$\rightarrow$ 2 minutes.
Follow this path before connecting to a production namespace. This protects your live environment and gives you confidence in every operation before it matters.
- DEV: Connect your development namespace. Explore message browsing, DLQ inspection, and auto-replay rules in a safe environment.
- UAT: Validate replay targets, confirm rule logic, and review AI findings with realistic data.
- PROD: Connect only after DEV and UAT validation. Production namespaces enforce read-only browsing by default — Quick Actions (replay, send, generate) are disabled to prevent accidental data modification.
Warning
While ServiceHub is read-only by default, replay and send operations are destructive. Validate your replay rules and message targets in lower environments first.
git clone https://github.com/debdevops/servicehub.git
cd servicehub
./run.shOpen http://localhost:3000 — then connect with your connection string. The script automatically installs .NET 10 SDK and Node.js 20+ if not already present.
./run.sh --simulatorOpen http://localhost:3000 and navigate to Simulator in the sidebar. See SIMULATOR.md for the full guide.
For read-only browsing (recommended for production):
az servicebus namespace authorization-rule create \
--namespace-name <your-namespace> \
--resource-group <your-rg> \
--name servicehub-readonly \
--rights ListenServiceHub is built for strict enterprise environments.
- Read-only by default — Uses
PeekMessagesAsync; messages are never removed or consumed. - AES-GCM encryption — Connection strings encrypted at rest; key stored in local config, never returned to the browser.
- Zero external calls — AI analysis runs entirely in-browser; no message data leaves your environment.
- No message persistence — Messages are displayed in-memory only during your session; never written to a database.
- Log redaction — Backend logging pipeline strips connection strings, API keys, and access tokens.
ServiceHub optionally emits telemetry to Azure Application Insights. When enabled, telemetry is strictly limited to request durations, error codes, and system metrics. Connection strings, message payloads, business IDs, and user inputs are explicitly excluded. Application Insights is disabled by default.
ServiceHub is a modern Single Page Application communicating with a .NET Core backend.
Browser (React 19 SPA)
└── TanStack Query hooks (useMessages, useQueues, useRules, …)
└── Axios API client → Vite dev proxy
└── ASP.NET Core 10 API
├── NamespacesController → AES-GCM encrypted connections
├── DlqHistoryController → SQLite DLQ intelligence (no cloud SDK call)
├── RulesController → auto-replay rule engine
├── SimulatorController → seeded demo data (no credentials)
├── MessagesController ┐
├── QueuesController ├── IMessageOperationsService → CloudProviderRouter
├── TopicsController ┘
└── CrossCloudTraceController → same ICloudMessagingProvider abstraction
(Azure dispatched via IAzureTraceSearcher,
AWS/GCP dispatched directly)
│
▼
ICloudMessagingProvider implementations
├── Azure.Messaging.ServiceBus SDK
├── AWSSDK.SQS / AWSSDK.SNS
└── Google.Cloud.PubSub.V1
For deep-dive architecture details, see ARCHITECTURE.md and the Comprehensive Guide. For exactly which controllers share a routing path today (and which don't yet), see docs/FLOW.md.
ServiceHub exposes a full REST API with interactive documentation interfaces accessible when running locally:
- Scalar (Modern):
http://localhost:5153/scalar/v1 - Swagger UI:
http://localhost:5153/swagger/index.html
Does ServiceHub remove messages from queues?
No. ServiceHub only uses PeekMessagesAsync. Your consumers continue processing normally, unaffected.
Is it safe to point at production? Yes. Listen-only mode is fully read-only. Deploy ServiceHub inside your private network for extra safety. Check out the Self-Hosting Guide.
How does AI analysis work without an API key? ServiceHub uses client-side heuristic pattern detection — pure JavaScript in your browser. No GPT, no external service, no data exfiltration.
Can I delete a single message? On AWS (delete by receipt handle) and GCP (acknowledge), yes — the Purge action, guarded by explicit-intent headers and blocked on production namespaces. Azure Service Bus has no reliable single-message delete in the SDK, so ServiceHub disables the action there instead of faking it.
Bug fixes, features, and documentation improvements are welcome!
# Unit tests (Vitest — 1,100+ tests, ≥60% coverage required)
cd apps/web && npm run test:coverage
# Backend tests (xUnit — 1,500+ unit + integration tests)
cd services/api && dotnet test
# E2E tests (Playwright — requires ./run.sh --simulator)
cd apps/web && npm run test:e2eFor deep backend developer guidelines, refer to the API README.
ServiceHub is built depth-first: make one workflow excellent before adding the next surface.
- Now (MVP) — the forensic core across Azure (GA) and AWS/GCP (preview): explore, search, DLQ investigation, replay, purge, send, auto-replay rules, simulator, live updates.
- Next — operational habit: bulk replay/purge with dry-run preview, DLQ triage inbox, live tail, fleet dashboard across namespaces, Slack/Teams alert cards, Docker packaging.
- Later — team & governance: SSO, role-based access, approval workflows for destructive operations, audit export.
Have a use-case that should shape this? Open a feature request — describe the problem, not just the solution.
ServiceHub — Because your Service Bus messages should not be invisible during incidents.
Built for DevOps, Platform, and SRE Engineers.











