fix: figure out actor log shipping

[MasterPtato]

Changes

[MasterPtato]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• fix: get pb manager test working e2e again #2721
• fix: convert runner protocol to protobuf #2702
• fix: even more actor api changes #2714
• chore: flatten actor api spec #2698
• fix: increase default actor kill timeout to 5s #2701
• fix: dont clear ingress ports on reschedule #2700
• fix: add cpu constraints to oci config #2697
• fix: api changes #2692
• fix: fix logs for new actors #2649
• feat: add actor queue #2644
• feat: add actor kv to runners #2638
• feat: get multi actors working e2e on docker compose #2637
• fix: add udp ports to docker compose #2635
• chore: fix merge conflicts #2634
• fix: get new actors working on docker compose #2623
• fix: figure out actor log shipping #2622 👈 (View in Graphite)
• fix(pegboard): convert ws manager socket to unix socket #2478
• fix(pb): get new actor ids working e2e #2471
• feat: implement new actor ids #2467
• feat(pb): get multi-actors working e2e, add resources for builds #2465
• feat(pb): add runner logs #2447
• feat: add runners to pb protocol #2433
• chore(pegboard): add exit code log from container runner #2477
• fix(workflows): fix branch version bug #2475
• chore(pegboard): replace computing image size manually with using tar bytes read #2625
• fix: make pb image downloads random, remove prewarm from pb protocol #2784
• fix: clean up worker threads in the event of an error #2783
• fix: make query_as macros retry #2773
• main

---

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[cloudflare-workers-and-pages]

Deploying rivet with    Cloudflare Pages

Latest commit:	a3d9d03
Status:	🚫  Build failed.

View logs

[cloudflare-workers-and-pages]

Deploying rivet-studio with    Cloudflare Pages

Latest commit:	a3d9d03
Status:	🚫  Build failed.

View logs

[claude]

Claude finished @MasterPtato's task —— View job

---

PR Review: Actor Log Shipping Fix

I've completed a comprehensive review of this PR focusing on code quality, potential bugs, performance, security concerns, and test coverage.

Review Checklist:

• Read and understand all changed files
• Analyze new util/id package structure and implementation
• Review log shipping changes in container-runner
• Examine Docker configuration modifications
• Check test coverage and configuration updates
• Assess code quality and best practices
• Identify potential bugs or security concerns
• Evaluate performance implications
• Provide comprehensive feedback

---

Overview

This PR introduces significant architectural changes:

1. New ID Package: Extracts ID handling from rivet-util into a separate rivet-util-id package
2. Log Shipping Refactor: Updates actor log shipping to use explicit actor IDs rather than parsing from logs
3. Docker Improvements: Enhances container security and build processes

✅ Strengths

Architecture & Organization

• Clean separation: Moving ID handling to a dedicated package improves modularity
• Backward compatibility: V0 UUID support maintains compatibility with existing code
• Clear interfaces: Well-defined trait implementations for serialization, database operations

Security Improvements

• Non-root containers: Echo server now runs as non-root user (good security practice)
• Proper user management: Creates dedicated user in Docker containers

Log Shipping Design

• Explicit actor IDs: Removes brittle log parsing for actor identification
• Robust error handling: Proper timeout and reconnection logic in LogShipper
• Clean protocol: Uses structured JSON messages with Vector

⚠️ Issues & Concerns

Critical Issues

1. Commented Out Actor ID Extraction Logic (log_shipper.rs:93-122)
The entire actor ID extraction logic is commented out, but there's no clear migration strategy:

// // If actor id is not provided, extract from logs
// let actor_id = if self.actor_id.is_some() {
//     // ... parsing logic removed
// };

• Risk: This suggests incomplete implementation - what happens when actor_id is None?
• Impact: Logs might be shipped without proper actor identification

2. Database Schema Compatibility
The new Id type serializes to different byte representations:

• V0: 16 bytes (UUID)

• V1: 19 bytes (1 version byte + 18 data bytes)

• Risk: Existing database constraints expecting UUID types may fail

• Missing: No migration strategy documented

3. Unsafe Code Usage (id/src/lib.rs:206)

let s = unsafe { String::from_utf8_unchecked(buf.to_vec()) };

• Risk: While the comment says "safe as ASCII", this bypasses UTF-8 validation
• Recommendation: Use String::from_utf8() with proper error handling

Medium Priority Issues

4. Missing Documentation

• No changelog or migration guide for the ID system changes
• Limited documentation on when to use V0 vs V1 IDs
• No clear upgrade path for existing systems

5. Test Coverage Gaps

• Tests only cover basic V0/V1 roundtrip scenarios
• No tests for database serialization/deserialization
• Missing edge case testing (malformed inputs, boundary conditions)

6. Error Handling Inconsistencies
In log_shipper.rs, disconnection handling could be improved:

Err(mpsc::RecvTimeoutError::Disconnected) => {
    eprintln!("Log shipper shutdown unexpectedly disconnected");
    break;
}

Should distinguish between expected vs unexpected disconnections.

Minor Issues

7. Code Style

• Inconsistent spacing in Docker commands
• Some functions could benefit from more descriptive names (base36_mod256)

8. Performance Considerations

• V1 IDs require base36 encoding/decoding which is slower than UUID parsing
• String allocation in Display implementation could be optimized for hot paths

📋 Recommendations

Immediate Actions Required

1. Complete Actor ID Migration:

   • Either implement the missing actor ID extraction logic or ensure all callers provide explicit actor IDs
   • Add validation to prevent None actor IDs when required

2. Fix Unsafe Code:

   // Replace unsafe code with:
   let s = String::from_utf8(buf.to_vec())
       .map_err(|_| fmt::Error)?;

3. Add Migration Documentation:

   • Document database schema changes
   • Provide clear migration path for existing IDs

Before Merge

4. Comprehensive Testing:

   • Add database serialization tests
   • Test ID parsing edge cases
   • Verify log shipping works end-to-end

5. Security Audit:

   • Review all uses of the new ID system
   • Ensure proper input validation

Post-Merge

6. Performance Monitoring:

   • Monitor ID conversion performance in production
   • Consider caching for frequently used IDs

7. Documentation Update:

   • Add ID system architecture documentation
   • Update developer guides

🔧 Suggested Code Changes

Fix unsafe string conversion:

// In id/src/lib.rs:206
let s = String::from_utf8(buf.to_vec())
    .map_err(|_| fmt::Error)?;
write!(f, "{}", s)

Add validation in log shipper:

// In log_shipper.rs
let vector_message = if let Some(actor_id) = self.actor_id.as_deref() {
    VectorMessage::Actors {
        runner_id: self.runner_id.as_str(),
        actor_id: Some(actor_id),
        // ... rest of fields
    }
} else {
    // Log warning and potentially skip this message
    eprintln!("Warning: No actor ID available for log message");
    continue;
};

🏁 Conclusion

This PR introduces valuable architectural improvements, particularly the modular ID system and enhanced security practices. However, there are critical implementation gaps (commented-out actor ID logic) and safety concerns (unsafe code) that must be addressed before merging.

The overall direction is positive, but the implementation needs completion and the critical issues resolved.

Recommendation: Request Changes - Address critical issues, complete the actor ID migration, and add comprehensive testing.

---

[claude]

Claude finished @MasterPtato's task —— View job

---

PR Review: Actor Log Shipping Fix

Review Tasks:

• Read repository guidelines (CLAUDE.md)
• Analyze new util/id package implementation
• Review log shipping changes in container-runner
• Examine Docker configuration updates
• Check test coverage and quality
• Assess security implications
• Evaluate performance impact
• Provide comprehensive feedback

---

Overview

This PR introduces significant architectural changes:

1. New ID Package: Extracts ID handling from rivet-util into a separate rivet-util-id package
2. Log Shipping Refactor: Updates actor log shipping to use explicit actor IDs rather than parsing from logs
3. Docker Improvements: Enhances container security and build processes

✅ Strengths

Architecture & Organization

• Clean separation: Moving ID handling to a dedicated package improves modularity
• Backward compatibility: V0 UUID support maintains compatibility with existing code
• Clear interfaces: Well-defined trait implementations for serialization, database operations

Security Improvements

• Non-root containers: Echo server now runs as non-root user (good security practice)
• Proper user management: Creates dedicated user in Docker containers

Log Shipping Design

• Explicit actor IDs: Removes brittle log parsing for actor identification
• Robust error handling: Proper timeout and reconnection logic in LogShipper
• Clean protocol: Uses structured JSON messages with Vector

⚠️ Critical Issues

1. Unsafe Code Usage (id/src/lib.rs:206)

let s = unsafe { String::from_utf8_unchecked(buf.to_vec()) };

• Risk: While the comment says "safe as ASCII", this bypasses UTF-8 validation
• Recommendation: Use String::from_utf8() with proper error handling

2. Commented Out Actor ID Extraction Logic (log_shipper.rs:93-122)

The entire actor ID extraction logic is commented out with no clear migration strategy:

// // If actor id is not provided, extract from logs
// let actor_id = if self.actor_id.is_some() {
//     // ... parsing logic removed
// };

• Risk: This suggests incomplete implementation - what happens when actor_id is None?
• Impact: Logs might be shipped without proper actor identification

3. Database Schema Compatibility

The new Id type serializes to different byte representations:

• V0: 16 bytes (UUID)

• V1: 19 bytes (1 version byte + 18 data bytes)

• Risk: Existing database constraints expecting UUID types may fail

• Missing: No migration strategy documented

🔧 Recommended Fixes

Immediate Actions Required

Fix unsafe string conversion:

// In id/src/lib.rs:206
let s = String::from_utf8(buf.to_vec())
    .map_err(|_| fmt::Error)?;
write!(f, "{}", s)

Add validation in log shipper:

// In log_shipper.rs
let vector_message = if let Some(actor_id) = self.actor_id.as_deref() {
    VectorMessage::Actors {
        runner_id: self.runner_id.as_str(),
        actor_id: Some(actor_id),
        // ... rest of fields
    }
} else {
    // Log warning and potentially skip this message
    eprintln!("Warning: No actor ID available for log message");
    continue;
};

Before Merge

1. Complete Actor ID Migration: Either implement the missing actor ID extraction logic or ensure all callers provide explicit actor IDs
2. Add Migration Documentation: Document database schema changes and provide clear migration path for existing IDs
3. Comprehensive Testing: Add database serialization tests and ID parsing edge cases

🔍 Additional Issues

Medium Priority

• Missing Documentation: No changelog or migration guide for the ID system changes
• Test Coverage Gaps: Tests only cover basic V0/V1 roundtrip scenarios
• Error Handling: Disconnection handling in log_shipper.rs could distinguish between expected vs unexpected disconnections

Minor Issues

• Performance: V1 IDs require base36 encoding/decoding which is slower than UUID parsing
• Code Style: Some functions could benefit from more descriptive names (base36_mod256)

🏁 Conclusion

This PR introduces valuable architectural improvements, particularly the modular ID system and enhanced security practices. However, there are critical implementation gaps (commented-out actor ID logic) and safety concerns (unsafe code) that must be addressed before merging.

Recommendation: Request Changes - Address critical issues, complete the actor ID migration, and add comprehensive testing.

---

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[claude]

Claude finished @MasterPtato's task —— View job

---

PR Review: Actor Log Shipping Fix

Review Tasks:

• Read repository guidelines (CLAUDE.md)
• Analyze new util/id package implementation
• Review log shipping changes in container-runner
• Examine Docker configuration updates
• Check test coverage and quality
• Assess security implications
• Evaluate performance impact
• Provide comprehensive feedback

---

Overview

This PR introduces significant architectural changes:

1. New ID Package: Extracts ID handling from rivet-util into a separate rivet-util-id package
2. Log Shipping Refactor: Updates actor log shipping to use explicit actor IDs rather than parsing from logs
3. Docker Improvements: Enhances container security and build processes

✅ Strengths

Architecture & Organization

• Clean separation: Moving ID handling to a dedicated package improves modularity
• Backward compatibility: V0 UUID support maintains compatibility with existing code
• Clear interfaces: Well-defined trait implementations for serialization, database operations

Security Improvements

• Non-root containers: Echo server now runs as non-root user (good security practice)
• Proper user management: Creates dedicated user in Docker containers

Log Shipping Design

• Explicit actor IDs: Removes brittle log parsing for actor identification
• Robust error handling: Proper timeout and reconnection logic in LogShipper
• Clean protocol: Uses structured JSON messages with Vector

⚠️ Critical Issues

1. Unsafe Code Usage (id/src/lib.rs:206)

let s = unsafe { String::from_utf8_unchecked(buf.to_vec()) };

• Risk: While the comment says "safe as ASCII", this bypasses UTF-8 validation
• Recommendation: Use String::from_utf8() with proper error handling

2. Commented Out Actor ID Extraction Logic (log_shipper.rs:93-122)

The entire actor ID extraction logic is commented out with no clear migration strategy:

// // If actor id is not provided, extract from logs
// let actor_id = if self.actor_id.is_some() {
//     // ... parsing logic removed
// };

• Risk: This suggests incomplete implementation - what happens when actor_id is None?
• Impact: Logs might be shipped without proper actor identification

3. Database Schema Compatibility

The new Id type serializes to different byte representations:

• V0: 16 bytes (UUID)

• V1: 19 bytes (1 version byte + 18 data bytes)

• Risk: Existing database constraints expecting UUID types may fail

• Missing: No migration strategy documented

🔧 Recommended Fixes

Immediate Actions Required

Fix unsafe string conversion:

// In id/src/lib.rs:206
let s = String::from_utf8(buf.to_vec())
    .map_err(|_| fmt::Error)?;
write!(f, "{}", s)

Add validation in log shipper:

// In log_shipper.rs
let vector_message = if let Some(actor_id) = self.actor_id.as_deref() {
    VectorMessage::Actors {
        runner_id: self.runner_id.as_str(),
        actor_id: Some(actor_id),
        // ... rest of fields
    }
} else {
    // Log warning and potentially skip this message
    eprintln!("Warning: No actor ID available for log message");
    continue;
};

Before Merge

1. Complete Actor ID Migration: Either implement the missing actor ID extraction logic or ensure all callers provide explicit actor IDs
2. Add Migration Documentation: Document database schema changes and provide clear migration path for existing IDs
3. Comprehensive Testing: Add database serialization tests and ID parsing edge cases

🔍 Additional Issues

Medium Priority

• Missing Documentation: No changelog or migration guide for the ID system changes
• Test Coverage Gaps: Tests only cover basic V0/V1 roundtrip scenarios
• Error Handling: Disconnection handling in log_shipper.rs could distinguish between expected vs unexpected disconnections

Minor Issues

• Performance: V1 IDs require base36 encoding/decoding which is slower than UUID parsing
• Code Style: Some functions could benefit from more descriptive names (base36_mod256)

🏁 Conclusion

This PR introduces valuable architectural improvements, particularly the modular ID system and enhanced security practices. However, there are critical implementation gaps (commented-out actor ID logic) and safety concerns (unsafe code) that must be addressed before merging.

Recommendation: Request Changes - Address critical issues, complete the actor ID migration, and add comprehensive testing.

---

[claude]

Claude finished @MasterPtato's task —— View job

---

PR Review: Actor Log Shipping Fix

Review Checklist:

• Read repository guidelines (CLAUDE.md)
• Analyze new util/id package implementation
• Review log shipping changes in container-runner
• Examine Docker configuration updates
• Check test coverage and configuration
• Assess code quality and best practices
• Identify potential bugs or security concerns
• Evaluate performance implications
• Provide comprehensive feedback

---

Overview

This PR introduces significant architectural changes:

1. New ID Package: Extracts ID handling from rivet-util into a separate rivet-util-id package
2. Log Shipping Refactor: Updates actor log shipping to use explicit actor IDs rather than parsing from logs
3. Docker Security: Enhances container security by running as non-root users

✅ Strengths

Architecture & Organization

• Clean separation: Moving ID handling to a dedicated package improves modularity
• Backward compatibility: V0 UUID support maintains compatibility with existing code
• Clear interfaces: Well-defined trait implementations for serialization, database operations, and various format conversions

Security Improvements

• Non-root containers: Echo server now runs as non-root user (packages/edge/infra/client/echo/Dockerfile:13-30)
• Proper user management: Creates dedicated user in Docker containers with minimal /etc/passwd and /etc/group files

ID System Design

• Flexible versioning: Supports V0 (UUID) and V1 (UUID + 16-bit label) formats
• Comprehensive integrations: Implements traits for serde, sqlx, FoundationDB, and other systems
• Robust error handling: Well-defined error types with descriptive messages

⚠️ Critical Issues

1. Unsafe Code Usage (packages/common/util/id/src/lib.rs:206)

let s = unsafe { String::from_utf8_unchecked(buf.to_vec()) };

• Risk: While the comment says "safe as ASCII", this bypasses UTF-8 validation
• Recommendation: Use String::from_utf8() with proper error handling:

  let s = String::from_utf8(buf.to_vec()).map_err(|_| fmt::Error)?;

2. Commented Out Actor ID Extraction Logic (packages/edge/infra/client/container-runner/src/log_shipper.rs:96-124)

The entire actor ID extraction logic is commented out with no migration strategy:

// // If actor id is not provided, extract from logs
// let actor_id = if self.actor_id.is_some() {
//     // ... 28 lines of parsing logic removed
// };

• Risk: This suggests incomplete implementation - what happens when actor_id is None?
• Impact: Logs might be shipped without proper actor identification, breaking log aggregation

3. Database Schema Compatibility

The new Id type serializes to different byte representations:

• V0: 16 bytes (UUID)

• V1: 19 bytes (1 version byte + 18 data bytes)

• Risk: Existing database constraints expecting 16-byte UUIDs may fail

• Missing: No migration strategy or documentation for existing systems

🔧 Recommended Fixes

Immediate Actions Required

1. Fix Unsafe Code (packages/common/util/id/src/lib.rs:206):

   let s = String::from_utf8(buf.to_vec()).map_err(|_| fmt::Error)?;
   write!(f, "{}", s)

2. Complete Actor ID Migration (packages/edge/infra/client/container-runner/src/log_shipper.rs):
   Either implement the missing actor ID extraction logic or add validation:

   let vector_message = if let Some(actor_id) = self.actor_id.as_deref() {
       VectorMessage::Actors {
           runner_id: self.runner_id.as_str(),
           actor_id: Some(actor_id),
           // ... rest of fields
       }
   } else {
       eprintln!("Warning: No actor ID available for log message");
       continue; // Skip messages without actor IDs
   };

3. Add Database Migration Documentation: Document the schema changes and provide migration path

📋 Additional Issues

Medium Priority

• Missing Documentation: No changelog or migration guide for ID system changes
• Test Coverage: Tests only cover basic V0/V1 roundtrip scenarios (packages/common/util/id/src/lib.rs:358-381)
• Error Handling: Log shipper disconnection handling could distinguish between expected vs unexpected disconnections

Minor Issues

• Performance: V1 IDs require base36 encoding/decoding which is slower than UUID parsing
• Code Style: The base36_mod256 function name could be more descriptive
• Docker Build: Container runner still uses debug build mode (line 21 in Dockerfile)

🔍 Code Quality Assessment

Good Practices:

• Proper error types with thiserror
• Comprehensive trait implementations
• Clear separation of concerns
• Good test structure (though limited coverage)

Areas for Improvement:

• Remove unsafe code usage
• Add more comprehensive tests
• Document migration strategy
• Complete the actor ID handling implementation

🏁 Conclusion

This PR introduces valuable architectural improvements, particularly the modular ID system and enhanced security practices. However, there are critical implementation gaps (commented-out actor ID logic) and safety concerns (unsafe code) that must be addressed before merging.

The overall direction is positive, but the implementation needs completion and the critical issues resolved.

Recommendation: Request Changes - Address critical issues, complete the actor ID migration, and add comprehensive testing.

---

[claude]

Claude finished @MasterPtato's task —— View job

---

PR Review: Actor Log Shipping Fix

Review Tasks:

• Read repository guidelines (CLAUDE.md)
• Analyze all changed files for code quality issues
• Review new util/id package implementation
• Examine log shipping changes in container-runner
• Check Docker configuration updates
• Assess security implications
• Evaluate performance considerations
• Review test coverage
• Provide comprehensive feedback

---

Overview

This PR introduces significant architectural changes:

1. New ID Package: Extracts ID handling from rivet-util into a separate rivet-util-id package
2. Log Shipping Refactor: Updates actor log shipping to use explicit actor IDs rather than parsing from logs
3. Docker Security: Enhances container security by running as non-root users

✅ Strengths

Architecture & Organization

• Clean separation: Moving ID handling to a dedicated package improves modularity
• Backward compatibility: V0 UUID support maintains compatibility with existing code
• Clear interfaces: Well-defined trait implementations for serialization, database operations, and various format conversions

Security Improvements

• Non-root containers: Echo server now runs as non-root user (packages/edge/infra/client/echo/Dockerfile:13-30)
• Proper user management: Creates dedicated user in Docker containers with minimal /etc/passwd and /etc/group files

ID System Design

• Flexible versioning: Supports V0 (UUID) and V1 (UUID + 16-bit label) formats
• Comprehensive integrations: Implements traits for serde, sqlx, FoundationDB, and other systems
• Robust error handling: Well-defined error types with descriptive messages

⚠️ Critical Issues

1. Unsafe Code Usage (packages/common/util/id/src/lib.rs:206)

let s = unsafe { String::from_utf8_unchecked(buf.to_vec()) };

• Risk: While the comment says "safe as ASCII", this bypasses UTF-8 validation
• Recommendation: Use String::from_utf8() with proper error handling:

  let s = String::from_utf8(buf.to_vec()).map_err(|_| fmt::Error)?;

2. Commented Out Actor ID Extraction Logic (packages/edge/infra/client/container-runner/src/log_shipper.rs:96-124)

The entire actor ID extraction logic is commented out with no migration strategy:

// // If actor id is not provided, extract from logs
// let actor_id = if self.actor_id.is_some() {
//     // ... 28 lines of parsing logic removed
// };

• Risk: This suggests incomplete implementation - what happens when actor_id is None?
• Impact: Logs might be shipped without proper actor identification, breaking log aggregation

3. Database Schema Compatibility

The new Id type serializes to different byte representations:

• V0: 16 bytes (UUID)

• V1: 19 bytes (1 version byte + 18 data bytes)

• Risk: Existing database constraints expecting 16-byte UUIDs may fail

• Missing: No migration strategy or documentation for existing systems

🔧 Recommended Fixes

Immediate Actions Required

1. Fix Unsafe Code (packages/common/util/id/src/lib.rs:206):

   let s = String::from_utf8(buf.to_vec()).map_err(|_| fmt::Error)?;
   write!(f, "{}", s)

2. Complete Actor ID Migration (packages/edge/infra/client/container-runner/src/log_shipper.rs):
   Either implement the missing actor ID extraction logic or add validation:

   let vector_message = if let Some(actor_id) = self.actor_id.as_deref() {
       VectorMessage::Actors {
           runner_id: self.runner_id.as_str(),
           actor_id: Some(actor_id),
           // ... rest of fields
       }
   } else {
       eprintln!("Warning: No actor ID available for log message");
       continue; // Skip messages without actor IDs
   };

3. Add Database Migration Documentation: Document the schema changes and provide migration path

📋 Additional Issues

Medium Priority

• Missing Documentation: No changelog or migration guide for ID system changes
• Test Coverage: Tests only cover basic V0/V1 roundtrip scenarios (packages/common/util/id/src/lib.rs:358-381)
• Error Handling: Log shipper disconnection handling could distinguish between expected vs unexpected disconnections

Minor Issues

• Performance: V1 IDs require base36 encoding/decoding which is slower than UUID parsing
• Code Style: The base36_mod256 function name could be more descriptive
• Docker Build: Container runner still uses debug build mode (line 21 in Dockerfile)

🔍 Code Quality Assessment

Good Practices:

• Proper error types with thiserror
• Comprehensive trait implementations
• Clear separation of concerns
• Good test structure (though limited coverage)

Areas for Improvement:

• Remove unsafe code usage
• Add more comprehensive tests
• Document migration strategy
• Complete the actor ID handling implementation

🏁 Conclusion

This PR introduces valuable architectural improvements, particularly the modular ID system and enhanced security practices. However, there are critical implementation gaps (commented-out actor ID logic) and safety concerns (unsafe code) that must be addressed before merging.

The overall direction is positive, but the implementation needs completion and the critical issues resolved.

Recommendation: Request Changes - Address critical issues, complete the actor ID migration, and add comprehensive testing.

---

View job

[claude]

Claude finished @MasterPtato's task —— View job

---

PR Review: Actor Log Shipping Fix

Review Tasks:

• Read repository guidelines (CLAUDE.md)
• Analyze all changed files for code quality issues
• Review new util/id package implementation
• Examine log shipping changes in container-runner
• Check Docker configuration updates
• Assess security implications
• Evaluate performance considerations
• Review test coverage
• Provide comprehensive feedback

---

Overview

This PR introduces significant architectural changes:

1. New ID Package: Extracts ID handling from rivet-util into a separate rivet-util-id package
2. Log Shipping Refactor: Updates actor log shipping to use explicit actor IDs rather than parsing from logs
3. Docker Security: Enhances container security by running as non-root users

✅ Strengths

Architecture & Organization

• Clean separation: Moving ID handling to a dedicated package improves modularity
• Backward compatibility: V0 UUID support maintains compatibility with existing code
• Clear interfaces: Well-defined trait implementations for serialization, database operations, and various format conversions

Security Improvements

• Non-root containers: Echo server now runs as non-root user (packages/edge/infra/client/echo/Dockerfile:13-30)
• Proper user management: Creates dedicated user in Docker containers with minimal /etc/passwd and /etc/group files

ID System Design

• Flexible versioning: Supports V0 (UUID) and V1 (UUID + 16-bit label) formats
• Comprehensive integrations: Implements traits for serde, sqlx, FoundationDB, and other systems
• Robust error handling: Well-defined error types with descriptive messages

⚠️ Critical Issues

1. Unsafe Code Usage (packages/common/util/id/src/lib.rs:206)

let s = unsafe { String::from_utf8_unchecked(buf.to_vec()) };

• Risk: While the comment says "safe as ASCII", this bypasses UTF-8 validation
• Recommendation: Use String::from_utf8() with proper error handling:

  let s = String::from_utf8(buf.to_vec()).map_err(|_| fmt::Error)?;

2. Commented Out Actor ID Extraction Logic (packages/edge/infra/client/container-runner/src/log_shipper.rs:96-124)

The entire actor ID extraction logic is commented out with no migration strategy:

// // If actor id is not provided, extract from logs
// let actor_id = if self.actor_id.is_some() {
//     // ... 28 lines of parsing logic removed
// };

• Risk: This suggests incomplete implementation - what happens when actor_id is None?
• Impact: Logs might be shipped without proper actor identification, breaking log aggregation

3. Database Schema Compatibility

The new Id type serializes to different byte representations:

• V0: 16 bytes (UUID)

• V1: 19 bytes (1 version byte + 18 data bytes)

• Risk: Existing database constraints expecting 16-byte UUIDs may fail

• Missing: No migration strategy or documentation for existing systems

🔧 Recommended Fixes

Immediate Actions Required

1. Fix Unsafe Code (packages/common/util/id/src/lib.rs:206):

   let s = String::from_utf8(buf.to_vec()).map_err(|_| fmt::Error)?;
   write!(f, "{}", s)

2. Complete Actor ID Migration (packages/edge/infra/client/container-runner/src/log_shipper.rs):
   Either implement the missing actor ID extraction logic or add validation:

   let vector_message = if let Some(actor_id) = self.actor_id.as_deref() {
       VectorMessage::Actors {
           runner_id: self.runner_id.as_str(),
           actor_id: Some(actor_id),
           // ... rest of fields
       }
   } else {
       eprintln!("Warning: No actor ID available for log message");
       continue; // Skip messages without actor IDs
   };

3. Add Database Migration Documentation: Document the schema changes and provide migration path

📋 Additional Issues

Medium Priority

• Missing Documentation: No changelog or migration guide for ID system changes
• Test Coverage: Tests only cover basic V0/V1 roundtrip scenarios (packages/common/util/id/src/lib.rs:358-381)
• Error Handling: Log shipper disconnection handling could distinguish between expected vs unexpected disconnections

Minor Issues

• Performance: V1 IDs require base36 encoding/decoding which is slower than UUID parsing
• Code Style: The base36_mod256 function name could be more descriptive
• Docker Build: Container runner still uses debug build mode (line 21 in Dockerfile)

🔍 Code Quality Assessment

Good Practices:

• Proper error types with thiserror
• Comprehensive trait implementations
• Clear separation of concerns
• Good test structure (though limited coverage)

Areas for Improvement:

• Remove unsafe code usage
• Add more comprehensive tests
• Document migration strategy
• Complete the actor ID handling implementation

🏁 Conclusion

This PR introduces valuable architectural improvements, particularly the modular ID system and enhanced security practices. However, there are critical implementation gaps (commented-out actor ID logic) and safety concerns (unsafe code) that must be addressed before merging.

The overall direction is positive, but the implementation needs completion and the critical issues resolved.

Recommendation: Request Changes - Address critical issues, complete the actor ID migration, and add comprehensive testing.

---

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
rivet-site	Error			Aug 21, 2025 8:22pm

[claude]

Claude finished @MasterPtato's task —— View job

---

PR Review: Actor Log Shipping Fix

Review Tasks:

• Read repository guidelines (CLAUDE.md)
• Analyze new util/id package structure and implementation
• Review log shipping changes in container-runner
• Examine Docker configuration modifications
• Check test coverage and configuration updates
• Assess code quality and best practices
• Identify potential bugs or security concerns
• Evaluate performance implications
• Provide comprehensive feedback

---

Overview

This PR introduces significant architectural changes:

1. New ID Package: Extracts ID handling from rivet-util into a separate rivet-util-id package
2. Log Shipping Refactor: Updates actor log shipping to use explicit actor IDs rather than parsing from logs
3. Docker Security: Enhances container security by running as non-root users

✅ Strengths

Architecture & Organization

• Clean separation: Moving ID handling to a dedicated package improves modularity
• Backward compatibility: V0 UUID support maintains compatibility with existing code
• Clear interfaces: Well-defined trait implementations for serialization, database operations, and various format conversions

Security Improvements

• Non-root containers: Echo server now runs as non-root user (packages/edge/infra/client/echo/Dockerfile:13-30)
• Proper user management: Creates dedicated user in Docker containers with minimal /etc/passwd and /etc/group files

ID System Design

• Flexible versioning: Supports V0 (UUID) and V1 (UUID + 16-bit label) formats
• Comprehensive integrations: Implements traits for serde, sqlx, FoundationDB, and other systems
• Robust error handling: Well-defined error types with descriptive messages

⚠️ Critical Issues

1. Unsafe Code Usage (packages/common/util/id/src/lib.rs:206)

let s = unsafe { String::from_utf8_unchecked(buf.to_vec()) };

• Risk: While the comment says "safe as ASCII", this bypasses UTF-8 validation
• Recommendation: Use String::from_utf8() with proper error handling:

  let s = String::from_utf8(buf.to_vec()).map_err(|_| fmt::Error)?;

2. Commented Out Actor ID Extraction Logic (packages/edge/infra/client/container-runner/src/log_shipper.rs:96-124)

The entire actor ID extraction logic is commented out with no migration strategy:

// // If actor id is not provided, extract from logs
// let actor_id = if self.actor_id.is_some() {
//     // ... 28 lines of parsing logic removed
// };

• Risk: This suggests incomplete implementation - what happens when actor_id is None?
• Impact: Logs might be shipped without proper actor identification, breaking log aggregation

3. Database Schema Compatibility

The new Id type serializes to different byte representations:

• V0: 16 bytes (UUID)

• V1: 19 bytes (1 version byte + 18 data bytes)

• Risk: Existing database constraints expecting 16-byte UUIDs may fail

• Missing: No migration strategy or documentation for existing systems

🔧 Recommended Fixes

Immediate Actions Required

1. Fix Unsafe Code (packages/common/util/id/src/lib.rs:206):

   let s = String::from_utf8(buf.to_vec()).map_err(|_| fmt::Error)?;
   write!(f, "{}", s)

2. Complete Actor ID Migration (packages/edge/infra/client/container-runner/src/log_shipper.rs):
   Either implement the missing actor ID extraction logic or add validation:

   let vector_message = if let Some(actor_id) = self.actor_id.as_deref() {
       VectorMessage::Actors {
           runner_id: self.runner_id.as_str(),
           actor_id: Some(actor_id),
           // ... rest of fields
       }
   } else {
       eprintln!("Warning: No actor ID available for log message");
       continue; // Skip messages without actor IDs
   };

3. Add Database Migration Documentation: Document the schema changes and provide migration path

📋 Additional Issues

Medium Priority

• Missing Documentation: No changelog or migration guide for ID system changes
• Test Coverage: Tests only cover basic V0/V1 roundtrip scenarios (packages/common/util/id/src/lib.rs:358-381)
• Error Handling: Log shipper disconnection handling could distinguish between expected vs unexpected disconnections

Minor Issues

• Performance: V1 IDs require base36 encoding/decoding which is slower than UUID parsing
• Code Style: The base36_mod256 function name could be more descriptive
• Docker Build: Container runner still uses debug build mode (line 21 in Dockerfile)

🔍 Code Quality Assessment

Good Practices:

• Proper error types with thiserror
• Comprehensive trait implementations
• Clear separation of concerns
• Good test structure (though limited coverage)

Areas for Improvement:

• Remove unsafe code usage
• Add more comprehensive tests
• Document migration strategy
• Complete the actor ID handling implementation

🏁 Conclusion

This PR introduces valuable architectural improvements, particularly the modular ID system and enhanced security practices. However, there are critical implementation gaps (commented-out actor ID logic) and safety concerns (unsafe code) that must be addressed before merging.

The overall direction is positive, but the implementation needs completion and the critical issues resolved.

Recommendation: Request Changes - Address critical issues, complete the actor ID migration, and add comprehensive testing.

---

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.