milestone: add runtime template state and dlq/retry broker topology

wiki/06-queue-topology.md

@@ -138,6 +138,28 @@ All BEDS queues are:
 
 This is non-negotiable for a production framework. The performance cost of persistence (disk write per message) is acceptable given the correctness guarantee.
 
+## DLQ and Retry Topology (Implemented)
+
+For the active POC queues (`rec.read`, `rec.write`), BEDS now provisions:
+
+- Primary queue: `{tag}rec.read` / `{tag}rec.write`
+- Retry queue: `{tag}rec.read.retry` / `{tag}rec.write.retry`
+- Dead-letter queue: `{tag}rec.read.dlq` / `{tag}rec.write.dlq`
+
+Dead-letter flow:
+
+- Primary queues are configured with dead-letter exchange `beds.dlx`.
+- Non-retryable failures (`nack requeue=false`) route to `*.dlq` via routing keys
+    `rec.read.dlq` and `rec.write.dlq`.
+
+Retry flow:
+
+- Retryable failures are republished to `*.retry` queues.
+- Retry queues apply TTL backoff and dead-letter back to `beds.events` using the
+    original routing keys (`rec.read` / `rec.write`).
+
+This avoids tight immediate requeue loops and creates deterministic failure lanes.
+
 ## The `vhost` Isolation Model
 
 Each environment gets its own RabbitMQ virtual host. A vhost is a completely isolated namespace — queues, exchanges, and bindings in one vhost are invisible to another. A RabbitMQ user is granted access to specific vhosts.