Skip to content

fix: convert runner protocol to protobuf #2702

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 07-04-fix_even_more_actor_api_changes
Choose a base branch
from
Open

fix: convert runner protocol to protobuf #2702

wants to merge 1 commit into from

Conversation

MasterPtato
Copy link
Contributor

Changes

This was referenced Jul 3, 2025
Open
Open
Open
Closed
Open
Open
Open
Open
Open
@NathanFlurry NathanFlurry mentioned this pull request Jul 3, 2025
Open
This was referenced Jul 3, 2025
Open
Open
Open
Open
Open
Closed
Open
Open
@NathanFlurry NathanFlurry mentioned this pull request Jul 3, 2025
Open
@MasterPtato MasterPtato mentioned this pull request Jul 3, 2025
Open
@claude Claude
Copy link

claude bot commented Jul 3, 2025
edited
Loading

Claude finished @MasterPtato's task —— View job

PR Review: Convert Runner Protocol to Protobuf

I've completed my review of this PR that converts the runner protocol from JSON to protobuf. Here's my comprehensive feedback:

Review Checklist:

  • Analyze protobuf schema design
  • Review Rust code changes for correctness
  • Check serialization/deserialization logic
  • Assess performance implications
  • Look for security considerations
  • Evaluate error handling
  • Check build configuration
  • Provide comprehensive feedback

🚀 Overall Assessment

This is a solid refactoring that should improve performance and type safety. The protobuf schema design is well-structured and the Rust implementation follows good practices.

Strengths

  1. Clean Schema Design (runner_protocol.proto, kv.proto)

    • Well-organized message hierarchy with clear separation of concerns
    • Proper use of oneof for message variants
    • Good field numbering and optional field usage

  2. Build Configuration (build.rs)

    • Correct prost-build setup for code generation
    • Proper dependency management in Cargo.toml

  3. Performance Improvements

    • Protobuf binary format will be more compact than JSON
    • Faster serialization/deserialization compared to serde_json
    • Better streaming support with the existing LengthDelimitedCodec

⚠️ Issues & Concerns

High Priority

  1. Data Migration Risk (packages/edge/infra/client/actor-kv/src/entry.rs:36)

    // Old: kv_version field
// New: _version field

    The metadata field name changed from kv_version to _version. This could break existing data if there's no migration strategy.

  2. Missing Test Coverage
    No tests were updated to verify the protobuf conversion works correctly. This is critical for a protocol change.

Medium Priority

  1. Error Handling (packages/edge/infra/client/config/src/runner_protocol.rs:52-62)

    pub fn decode_frame<T: Message + Default>(frame: &[u8]) -> Result<([u8; 4], T)> {
    ensure!(frame.len() >= 4, "Frame too short");
    let payload = T::decode(&frame[4..])?;

    Consider more specific error messages for protobuf decode failures to aid debugging.

  2. Type Safety (packages/edge/infra/client/config/src/runner_protocol.rs:23-27)

    pub enum ToActor {
    StateUpdate { state: proto::ActorState },
    Kv(proto::kv::Request),
}

    Still using a separate ToActor enum alongside protobuf types - consider if this duplication is necessary.

Low Priority

  1. Documentation
    The protobuf files could benefit from comments explaining the purpose of each message type.

  2. Field Validation
    Consider adding validation for protobuf message fields (e.g., non-empty actor_id).

🔒 Security Assessment

  • ✅ Improved: Protobuf has stricter parsing than JSON, reducing injection risks
  • ✅ Good: Schema enforcement prevents malformed messages
  • ✅ Safe: No sensitive data exposure in the changes

🚀 Performance Impact

  • ✅ Positive: Binary format is more compact than JSON
  • ✅ Faster: Protobuf serialization/deserialization is typically 2-3x faster
  • ✅ Memory: Lower memory footprint for large messages

📋 Recommendations

  1. Add comprehensive tests covering:

    • Protobuf message serialization/deserialization
    • Backward compatibility if needed
    • Error scenarios with malformed data

  2. Consider migration strategy for existing data with the old metadata format

  3. Add field validation in the protobuf decode paths

  4. Update documentation to reflect the protocol change

🎯 Verdict

Approve with recommendations - This is a well-executed protocol conversion that will improve performance. The main concerns are around testing and potential data migration issues.

This was referenced Jul 3, 2025
Open
Open
Open
@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

cloudflare-workers-and-pages bot commented Jul 3, 2025
edited
Loading

Deploying rivet with  Cloudflare Pages  Cloudflare Pages

Latest commit: f0d06dc
Status:🚫  Build failed.

View logs

@MasterPtato MasterPtato force-pushed the 07-03-fix_convert_runner_protocol_to_protobuf branch from dc69012 to da2e172 Compare July 4, 2025 01:27
@MasterPtato MasterPtato force-pushed the 07-02-chore_flatten_actor_api_spec branch from 9947c69 to afc89a9 Compare July 4, 2025 01:27
@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

cloudflare-workers-and-pages bot commented Jul 4, 2025
edited
Loading

Deploying rivet-studio with  Cloudflare Pages  Cloudflare Pages

Latest commit: f0d06dc
Status:🚫  Build failed.

View logs

@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Jul 4, 2025
edited
Loading

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@MasterPtato Graphite App
Copy link
Contributor Author

MasterPtato commented Jul 4, 2025
edited
Loading

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

@MasterPtato MasterPtato force-pushed the 07-03-fix_convert_runner_protocol_to_protobuf branch from da2e172 to 1ccdcba Compare July 4, 2025 21:48
@MasterPtato MasterPtato changed the base branch from graphite-base/2702 to 07-04-fix_even_more_actor_api_changes July 4, 2025 21:48
@MasterPtato MasterPtato marked this pull request as ready for review July 4, 2025 21:48
@MasterPtato MasterPtato requested a review from NathanFlurry July 4, 2025 21:48
@claude Claude
Copy link

claude bot commented Jul 4, 2025
edited
Loading

Claude finished @MasterPtato's task —— View job

PR Review: Convert Runner Protocol to Protobuf

Review Checklist:

  • Read and analyze protobuf schema files
  • Review Rust implementation changes
  • Check build configuration
  • Assess code quality and best practices
  • Identify potential bugs or issues
  • Evaluate performance considerations
  • Review security concerns
  • Check test coverage
  • Provide comprehensive feedback

🚀 Overall Assessment

This PR successfully converts the runner protocol from JSON to protobuf, providing a solid foundation for improved performance and type safety. The implementation is well-structured and follows protobuf best practices.

Strengths

  1. Excellent Protobuf Schema Design

    • Clean Architecture: Clear separation between ToManager and ToRunner messages with logical hierarchy
    • Proper Field Design: Effective use of oneof for message variants (lines 16-20 in runner_protocol.proto)
    • Consistent Naming: Good field numbering and consistent naming conventions
    • KV Integration: Well-designed KV protocol with proper Request/Response pattern

  2. Solid Rust Implementation

    • Clean Module Structure: Proper prost integration in runner_protocol.rs:6-18
    • Efficient Framing: Good frame encoding/decoding with 4-byte headers (runner_protocol.rs:42-62)
    • Memory Safety: Proper use of #[repr(transparent)] wrapper in key.rs:9-11
    • FoundationDB Integration: Correct TuplePack/TupleUnpack implementation for KV keys

  3. Proper Build Configuration

    • Simple Setup: Clean build.rs with correct prost-build usage
    • Correct Dependencies: Appropriate version constraints (prost = "0.14", prost-build = "0.14")

  4. Performance Benefits

    • Compact Format: Binary protobuf is significantly more compact than JSON
    • Faster Serialization: Protobuf typically 2-3x faster than serde_json
    • Better Type Safety: Compile-time schema validation vs runtime JSON parsing

⚠️ Issues & Concerns

High Priority

  1. Potential Data Migration Risk (kv.proto:82)

    message Metadata {
    bytes _version = 1;  // Previously kv_version
    int64 create_ts = 2;
}

    The metadata field name changed from kv_version to _version. This could break existing data compatibility if there's no migration strategy.

  2. Missing Test Coverage

    • No tests were added/updated to verify protobuf conversion
    • Existing tests in manager/tests/container_lifecycle.rs may still pass but don't validate protobuf-specific scenarios
    • No tests for error handling with malformed protobuf data

Medium Priority

  1. Generic Error Handling (runner_protocol.rs:52-62)

    pub fn decode_frame<T: Message + Default>(frame: &[u8]) -> Result<([u8; 4], T)> {
    ensure!(frame.len() >= 4, "Frame too short");
    let payload = T::decode(&frame[4..])?;  // Generic prost::DecodeError

    Protobuf decode errors could be more descriptive for debugging production issues.

  2. Code Duplication (runner_protocol.rs:21-27)

    pub enum ToActor {
    StateUpdate { state: proto::ActorState },
    Kv(proto::kv::Request),
}

    Still maintains a separate enum alongside protobuf types - consider if this abstraction is necessary.

Low Priority

  1. Missing Documentation

    • Protobuf files lack comments explaining message purposes
    • No migration guide for the protocol change

  2. Field Validation

    • No validation for protobuf message fields (e.g., non-empty actor_id, valid generation numbers)

🔒 Security Assessment

✅ Improvements:

  • Better Parsing: Protobuf's strict schema validation reduces malformed message risks
  • Type Safety: Compile-time type checking prevents runtime type errors
  • Reduced Attack Surface: Binary format is less susceptible to injection attacks than JSON

✅ No Security Issues Found:

  • No sensitive data exposure in changes
  • Proper error handling without information leakage
  • No hardcoded credentials or secrets

🚀 Performance Impact

✅ Significant Expected Improvements:

  • Size: Binary format typically 20-50% smaller than JSON
  • Speed: Protobuf serialization/deserialization is 2-3x faster
  • Memory: Lower memory footprint for message processing
  • CPU: Reduced CPU usage for protocol handling

🧪 Test Coverage Analysis

✅ Existing Infrastructure:

  • Good test coverage in manager/tests/container_lifecycle.rs
  • WebSocket message handling tests should continue working
  • Actor lifecycle tests cover state transitions

❌ Missing Coverage:

  • No protobuf-specific serialization/deserialization tests
  • No backward compatibility testing
  • No malformed message handling tests
  • No performance benchmarks

📋 Recommendations

Before Merge:

  1. Add Comprehensive Tests

    • Test protobuf message roundtrip serialization/deserialization
    • Test error handling with malformed protobuf data
    • Test KV protocol integration scenarios

  2. Address Migration Strategy

    • Document the metadata field name change
    • Consider backward compatibility needs
    • Add migration utilities if required

Follow-up Improvements:

  1. Enhanced Error Handling

    • Wrap protobuf decode errors with more context
    • Add specific error types for different failure modes

  2. Documentation

    • Add comments to protobuf files explaining message purposes
    • Update relevant documentation about the protocol change

  3. Performance Validation

    • Add benchmarks to validate expected performance improvements
    • Monitor production metrics after deployment

🎯 Code Quality Notes

  • Protobuf Design: Excellent use of message hierarchy and field types
  • Rust Integration: Clean prost integration with proper wrapper types
  • Memory Safety: Correct use of #[repr(transparent)] and unsafe transmute in key.rs:16-18
  • Build Process: Simple and maintainable build configuration
  • Error Handling: Functional but could be more descriptive

🏁 Verdict

✅ Approve with Recommendations - This is a well-executed protocol conversion that will provide significant performance benefits. The main concerns are around testing and potential data migration, but the implementation itself is solid and follows best practices.

The changes successfully modernize the runner protocol while maintaining existing functionality. Once comprehensive tests are added and migration concerns are addressed, this will be a valuable improvement to the codebase.

@claude Claude
Copy link

claude bot commented Jul 4, 2025
edited
Loading

Claude finished @MasterPtato's task —— View job

PR Review: Convert Runner Protocol to Protobuf

Review Checklist:

  • Read and analyze protobuf schema files
  • Review Rust implementation changes
  • Check build configuration and dependencies
  • Analyze serialization/deserialization logic
  • Assess potential data migration issues
  • Evaluate error handling and type safety
  • Check security considerations
  • Review performance implications
  • Assess test coverage
  • Provide comprehensive feedback

🚀 Overall Assessment

This is a well-executed protocol conversion that successfully migrates the runner protocol from JSON to protobuf. The implementation is thorough, follows protobuf best practices, and should deliver significant performance improvements. The schema design is clean and the Rust integration is properly implemented.

Strengths

  1. Excellent Protobuf Schema Design (runner_protocol.proto, kv.proto)

    • Clean message hierarchy with logical separation of concerns
    • Proper use of oneof for message variants (e.g., ToManager.message, ToRunner.message)
    • Consistent field numbering and appropriate use of optional fields
    • Good namespace organization (rivet.pegboard.runner_protocol, rivet.pegboard.kv)

  2. Robust Build Configuration (build.rs, Cargo.toml)

    • Simple and effective prost-build setup
    • Proper proto file compilation with correct include paths
    • Dependencies properly added (prost = "0.14", prost-build = "0.14")

  3. Solid Rust Implementation (runner_protocol.rs)

    • Generated protobuf code properly integrated with include!() macros
    • Efficient LengthDelimitedCodec configuration with 4-byte headers
    • Clean encode_frame/decode_frame functions for message framing

  4. Comprehensive Actor-KV Integration (entry.rs, key.rs, list_query.rs)

    • Proper wrapper types with From/Into implementations
    • Efficient protobuf serialization in metadata storage (lib.rs:327-337)
    • Good integration with FoundationDB tuple packing

  5. Strong Manager Integration (manager/src/actor/mod.rs)

    • Complete KV operation handling with proper error responses
    • Efficient message dispatching with pattern matching
    • Proper actor metadata conversion to protobuf

⚠️ Issues & Concerns

High Priority

  1. Metadata Field Migration Risk (kv.proto:82)

    message Metadata {
    bytes _version = 1;  // Changed from kv_version
    int64 create_ts = 2;
}

    Risk: The field name changed from kv_version to _version. If existing data uses the old field name, this could break compatibility.
    Impact: Data corruption or loss for existing KV entries.

  2. Missing Test Coverage

    • No tests added or updated to verify the protobuf conversion
    • No tests for KV protocol message roundtrips
    • No tests for actor state transitions using protobuf
    • Critical for a protocol change of this magnitude

Medium Priority

  1. Generic Error Handling (runner_protocol.rs:52-62)

    pub fn decode_frame<T: Message + Default>(frame: &[u8]) -> Result<([u8; 4], T)> {
    ensure!(frame.len() >= 4, "Frame too short");
    let payload = T::decode(&frame[4..])?;  // Generic prost error

    Issue: Protobuf decode errors are generic and may be difficult to debug.
    Suggestion: Wrap with more contextual error messages.

  2. Type System Duplication (runner_protocol.rs:21-27)

    pub enum ToActor {
    StateUpdate { state: proto::ActorState },
    Kv(proto::kv::Request),
}

    Issue: Still maintains a separate enum alongside protobuf types.
    Question: Is this abstraction necessary, or can we use protobuf types directly?

Low Priority

  1. Missing Documentation

    • Protobuf files lack field-level comments explaining purposes
    • No documentation for the protocol change

  2. Field Validation

    • No validation for critical protobuf fields (e.g., non-empty actor_id, valid generation numbers)
    • Could benefit from validation at decode time

🔒 Security Assessment

✅ Improvements:

  • Reduced Attack Surface: Protobuf's strict schema validation prevents malformed messages
  • Type Safety: Compile-time type checking vs runtime JSON parsing
  • Input Validation: Binary format is less susceptible to injection attacks than JSON

✅ No Security Issues Found:

  • No sensitive data exposure in the changes
  • Proper error handling without information leakage
  • No hardcoded credentials or secrets

🚀 Performance Impact

✅ Significant Improvements Expected:

  • Size: Binary protobuf format typically 20-50% smaller than JSON
  • Speed: Protobuf serialization/deserialization is typically 2-3x faster than serde_json
  • Memory: Lower memory footprint for message processing
  • CPU: Reduced CPU usage for high-throughput scenarios

Specific Benefits:

  • KV operations will be faster due to efficient binary encoding
  • Actor state updates will have lower latency
  • Network bandwidth usage will be reduced

🧪 Test Coverage Analysis

✅ Existing Infrastructure:

  • Good test coverage in manager/tests/container_lifecycle.rs
  • WebSocket communication tests should continue to work
  • Actor lifecycle tests cover state transitions

❌ Missing Coverage:

  • No protobuf-specific tests for serialization/deserialization
  • No KV protocol integration tests within the runner protocol
  • No backward compatibility tests (if needed)
  • No tests for malformed protobuf message handling
  • No performance benchmarks to validate expected improvements

📋 Code Quality Notes

  1. Actor Metadata Conversion (actor/mod.rs:580-668): Well-implemented with proper enum mapping
  2. FoundationDB Integration (key.rs, entry.rs): Good use of protobuf with tuple packing
  3. Message Dispatching (actor/mod.rs:227-380): Comprehensive KV operation handling
  4. Build Configuration: Simple and correct setup with minimal dependencies
  5. Generated Code Usage: Proper integration with prost-generated types

🔧 Technical Implementation Details

Frame Format:

  • 4-byte header (currently unused but reserved)
  • Protobuf payload follows header
  • LengthDelimitedCodec handles framing properly

Message Flow:

  1. Actor → Manager: ToManager messages (state updates, KV requests, pings)
  2. Manager → Actor: ToRunner messages (start/signal commands, KV responses)
  3. Codec Layer: Length-delimited frames with protobuf payloads

📋 Recommendations

Before Merge:

  1. Add comprehensive tests covering:

    • Protobuf message serialization/deserialization roundtrips
    • KV protocol integration scenarios
    • Actor state transition scenarios
    • Error handling with malformed protobuf data

  2. Address metadata field migration for the kv_version_version change

    • Document the breaking change
    • Consider migration utilities if needed

Follow-up Improvements:

  1. Enhanced error handling with more specific protobuf decode error messages
  2. Field validation for critical protobuf message fields
  3. Performance benchmarking to validate expected improvements
  4. Documentation updates reflecting the protocol change

🎯 Verdict

✅ Approve with Conditions - This is a solid protocol conversion that will significantly improve performance and type safety. The implementation is well-executed and follows protobuf best practices.

Main concerns are around testing and potential data migration issues, but the core implementation is sound. Once comprehensive tests are added and the metadata migration is addressed, this will be a valuable improvement to the codebase.

The conversion successfully modernizes the runner protocol while maintaining existing functionality and providing a foundation for future enhancements.

This was referenced Jul 4, 2025
Open
Open
@MasterPtato MasterPtato force-pushed the 07-04-fix_even_more_actor_api_changes branch from a7d9122 to f86bfc5 Compare July 11, 2025 22:23
@MasterPtato MasterPtato force-pushed the 07-03-fix_convert_runner_protocol_to_protobuf branch from 1ccdcba to b5ea8a1 Compare July 11, 2025 22:23
@claude Claude
Copy link

claude bot commented Jul 11, 2025
edited
Loading

Claude finished @MasterPtato's task —— View job

PR Review: Convert Runner Protocol to Protobuf

Review Checklist:

  • Read and understand the protobuf schema files
  • Analyze Rust code changes for correctness
  • Review serialization/deserialization logic
  • Check build configuration and dependencies
  • Assess performance implications
  • Look for security considerations
  • Evaluate error handling
  • Check for potential data migration issues
  • Review test coverage
  • Provide comprehensive feedback

🚀 Overall Assessment

This PR successfully converts the runner protocol from JSON to protobuf, which is a significant infrastructure improvement. The implementation is well-structured, follows protobuf best practices, and should deliver substantial performance benefits. The schema design is clean and the Rust integration is properly implemented.

Strengths

  1. Excellent Protobuf Schema Design (runner_protocol.proto:7-148, kv.proto:5-104)

    • Clean message hierarchy with logical separation of concerns
    • Proper use of oneof for message variants (e.g., ToManager.message, ToRunner.message)
    • Consistent field numbering and appropriate use of optional fields
    • Good namespace organization (rivet.pegboard.runner_protocol, rivet.pegboard.kv)

  2. Solid Rust Implementation (runner_protocol.rs:6-62)

    • Generated protobuf code properly integrated with include!() macros
    • Efficient LengthDelimitedCodec configuration with 4-byte headers
    • Clean encode_frame/decode_frame functions for message framing
    • Proper error handling with anyhow

  3. Comprehensive Integration (manager/src/actor/mod.rs:227-380)

    • Complete KV operation handling with proper error responses
    • Efficient message dispatching with pattern matching
    • Proper actor metadata conversion to protobuf (actor/mod.rs:578-668)

  4. Correct Build Configuration (build.rs:3-13, Cargo.toml:13-23)

    • Simple and effective prost-build setup
    • Proper dependencies (prost = "0.14", prost-build = "0.14")
    • Correct proto file compilation

  5. Performance Benefits

    • Binary protobuf format is significantly more compact than JSON
    • Faster serialization/deserialization (typically 2-3x faster than serde_json)
    • Better type safety with compile-time schema validation

⚠️ Issues & Concerns

High Priority

  1. Metadata Field Migration Risk (kv.proto:82)

    message Metadata {
    bytes _version = 1;  // Changed from kv_version
    int64 create_ts = 2;
}

    Risk: Field name changed from kv_version to _version. This could break existing data compatibility.
    Impact: Data corruption or loss for existing KV entries if no migration strategy exists.

  2. Missing Test Coverage

    • No tests added or updated to verify protobuf conversion
    • No tests for KV protocol message serialization/deserialization
    • No tests for actor state transitions using protobuf
    • No tests for malformed protobuf message handling
    • Critical for a protocol change of this magnitude

Medium Priority

  1. Generic Error Handling (runner_protocol.rs:52-62)

    pub fn decode_frame<T: Message + Default>(frame: &[u8]) -> Result<([u8; 4], T)> {
    ensure!(frame.len() >= 4, "Frame too short");
    let payload = T::decode(&frame[4..])?;  // Generic prost error

    Issue: Protobuf decode errors are generic and may be difficult to debug in production.
    Suggestion: Wrap with more contextual error messages including message type.

  2. Code Architecture Question (runner_protocol.rs:21-27)

    pub enum ToActor {
    StateUpdate { state: proto::ActorState },
    Kv(proto::kv::Request),
}

    Question: Is this abstraction layer necessary, or could protobuf types be used directly?
    Impact: Potential performance overhead and code duplication.

Low Priority

  1. Missing Documentation

    • Protobuf files lack field-level comments explaining purposes
    • No documentation for the protocol change or migration path

  2. Field Validation

    • No validation for critical protobuf fields (e.g., non-empty actor_id, valid generation numbers)
    • Could benefit from validation at decode time

🔒 Security Assessment

✅ Improvements:

  • Better Input Validation: Protobuf's strict schema validation prevents malformed messages
  • Type Safety: Compile-time type checking reduces runtime errors
  • Reduced Attack Surface: Binary format is less susceptible to injection attacks than JSON

✅ No Security Issues Found:

  • No sensitive data exposure in changes
  • Proper error handling without information leakage
  • No hardcoded credentials or secrets

🚀 Performance Impact

✅ Significant Expected Improvements:

  • Size: Binary format typically 20-50% smaller than JSON
  • Speed: Protobuf serialization/deserialization is 2-3x faster than serde_json
  • Memory: Lower memory footprint for message processing
  • Network: Reduced bandwidth usage for high-throughput scenarios

🧪 Test Coverage Analysis

✅ Existing Infrastructure:

  • Good test coverage in manager/tests/container_lifecycle.rs for general protocol communication
  • WebSocket communication tests should continue to work
  • Actor lifecycle tests cover state transitions

❌ Missing Critical Coverage:

  • No protobuf-specific tests for serialization/deserialization
  • No KV protocol integration tests within the runner protocol
  • No backward compatibility tests (if needed)
  • No performance benchmarks to validate expected improvements
  • No tests for error scenarios with malformed protobuf data

📋 Recommendations

Before Merge:

  1. Add comprehensive tests covering:

    • Protobuf message serialization/deserialization roundtrips
    • KV protocol integration scenarios
    • Actor state transition scenarios
    • Error handling with malformed protobuf data

  2. Address metadata field migration for the kv_version_version change:

    • Document the breaking change
    • Consider migration utilities if needed
    • Verify existing data compatibility

Follow-up Improvements:

  1. Enhanced error handling with more specific protobuf decode error messages
  2. Field validation for critical protobuf message fields
  3. Performance benchmarking to validate expected improvements
  4. Documentation updates reflecting the protocol change

🎯 Code Quality Notes

  • Schema Design: Excellent use of message hierarchy and field types
  • Rust Integration: Clean prost integration with proper wrapper types
  • Memory Safety: Correct use of #[repr(transparent)] in key.rs:9-11
  • Build Process: Simple and maintainable configuration
  • Actor Integration: Comprehensive KV operation handling

🏁 Verdict

✅ Approve with Conditions - This is a well-executed protocol conversion that will provide significant performance benefits and improve type safety. The implementation follows protobuf best practices and is architecturally sound.

Main concerns are around testing and potential data migration issues, but the core implementation is excellent. Once comprehensive tests are added and the metadata migration is addressed, this will be a valuable improvement to the codebase.

The conversion successfully modernizes the runner protocol while maintaining existing functionality and providing a foundation for future enhancements.

graphite-app[bot]
graphite-app bot reviewed Jul 11, 2025
View reviewed changes
packages/edge/infra/client/actor-kv/src/key.rs

impl Key {
pub fn convert_vec(value: Vec<kv::Key>) -> Vec<Key> {
// SAFETY: Key is a wrapper around kv::Kky, identical memory layout
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a small typo in the safety comment: kv::Kky should be kv::Key. This might cause confusion for future readers trying to understand the memory layout guarantee being referenced.

Spotted by Diamond

Is this helpful? React 👍 or 👎 to let us know.

@claude Claude
Copy link

claude bot commented Jul 11, 2025
edited
Loading

Claude finished @MasterPtato's task —— View job

PR Review: Convert Runner Protocol to Protobuf

Review Checklist:

  • Read and understand the protobuf schema files
  • Analyze Rust code changes for correctness
  • Review serialization/deserialization logic
  • Check build configuration and dependencies
  • Assess performance implications
  • Look for security considerations
  • Evaluate error handling
  • Check for potential data migration issues
  • Review test coverage
  • Provide comprehensive feedback

🚀 Overall Assessment

This is a well-executed protocol conversion that successfully migrates the runner protocol from JSON to protobuf. The implementation follows protobuf best practices and should deliver significant performance improvements while maintaining type safety.

✅ Strengths

1. Excellent Protobuf Schema Design

  • Clean Architecture: Clear separation between ToManager and ToRunner messages
  • Proper Field Design: Effective use of oneof for message variants
  • Consistent Naming: Good field numbering and naming conventions
  • KV Integration: Well-designed KV protocol with proper Request/Response pattern

2. Solid Rust Implementation

  • Clean Module Structure: Proper prost integration in runner_protocol.rs:6-18
  • Efficient Framing: Good frame encoding/decoding with 4-byte headers
  • Memory Safety: Proper use of #[repr(transparent)] wrapper in key.rs:9-11
  • FoundationDB Integration: Correct TuplePack/TupleUnpack implementation

3. Comprehensive KV Operations

  • Complete Coverage: All KV operations implemented (GET, LIST, PUT, DELETE, DROP)
  • Error Handling: Proper error responses for all operations
  • Efficient Serialization: Protobuf metadata storage (lib.rs:327-337)

4. Performance Benefits

  • Compact Format: Binary protobuf ~20-50% smaller than JSON
  • Faster Serialization: Typically 2-3x faster than serde_json
  • Better Memory Usage: Lower memory footprint for message processing

⚠️ Issues & Concerns

High Priority

  1. Potential Data Migration Risk (kv.proto:82)

    message Metadata {
    bytes _version = 1;  // Changed from kv_version
    int64 create_ts = 2;
}

    Issue: The field name changed from kv_version to _version. This could break existing data compatibility.

  2. Missing Test Coverage

    • No tests added for protobuf conversion
    • No unit tests for frame encoding/decoding
    • No tests for KV protocol message roundtrips
    • Existing tests (container_lifecycle.rs) are integration tests that may still pass but don't validate protobuf-specific scenarios

Medium Priority

  1. Generic Error Handling (runner_protocol.rs:52-62)

    let payload = T::decode(&frame[4..])?;  // Generic prost error

    Issue: Protobuf decode errors are generic and may be difficult to debug in production.

  2. Minor Typo in Safety Comment (key.rs:16)

    // SAFETY: Key is a wrapper around kv::Kky, identical memory layout

    Issue: kv::Kky should be kv::Key (already noted in review comments).

Low Priority

  1. Missing Documentation
    • Protobuf files lack field-level comments
    • No migration guide for the protocol change

🔒 Security Assessment

✅ Improvements:

  • Protobuf's strict schema validation reduces malformed message risks
  • Binary format is less susceptible to injection attacks than JSON
  • Compile-time type checking prevents runtime errors

✅ No Security Issues Found

📋 Recommendations

Before Merge

  1. Add comprehensive tests for protobuf serialization/deserialization
  2. Address the metadata field migration from kv_version to _version
  3. Fix the typo in the safety comment

Post-Merge Improvements

  1. Enhanced error handling with more specific protobuf decode errors
  2. Add documentation for the protocol change
  3. Performance benchmarking to validate expected improvements

🎯 Verdict

✅ Approve with Recommendations - This is a solid protocol conversion that will improve performance and type safety. The main concerns are around testing and potential data migration, but the implementation itself is well-executed and follows best practices.

The changes successfully modernize the runner protocol while maintaining existing functionality. The protobuf schema design is clean and the Rust integration is properly implemented.

@MasterPtato MasterPtato force-pushed the 07-03-fix_convert_runner_protocol_to_protobuf branch from b5ea8a1 to f1fb5cc Compare July 12, 2025 00:40
@claude Claude
Copy link

claude bot commented Jul 12, 2025
edited
Loading

Claude finished @MasterPtato's task —— View job

PR Review: Convert Runner Protocol to Protobuf

Review Checklist:

  • Read and understand the protobuf schema files
  • Check build configuration and dependencies
  • Review serialization/deserialization logic
  • Analyze Rust code changes for correctness
  • Assess performance implications
  • Look for security considerations
  • Evaluate error handling
  • Check for potential data migration issues
  • Review test coverage
  • Provide comprehensive feedback

🚀 Overall Assessment

This is a well-executed protocol conversion that successfully migrates the runner protocol from JSON to protobuf. The implementation follows protobuf best practices and should deliver significant performance improvements while maintaining type safety.

✅ Strengths

1. Excellent Protobuf Schema Design

  • Clean Architecture: Clear separation between ToManager and ToRunner messages in runner_protocol.proto:7-56
  • Proper Field Design: Effective use of oneof for message variants (lines 16-20, 48-55)
  • Consistent Naming: Good field numbering and naming conventions
  • KV Integration: Well-designed KV protocol with proper Request/Response pattern in kv.proto:5-104

2. Solid Rust Implementation

  • Clean Module Structure: Proper prost integration in runner_protocol.rs:6-18
  • Efficient Framing: Good frame encoding/decoding with 4-byte headers (runner_protocol.rs:42-62)
  • Memory Safety: Proper use of #[repr(transparent)] wrapper in key.rs:9-11
  • FoundationDB Integration: Correct TuplePack/TupleUnpack implementation for KV keys

3. Comprehensive KV Operations

  • Complete Coverage: All KV operations implemented (GET, LIST, PUT, DELETE, DROP) in manager/src/actor/mod.rs:231-380
  • Error Handling: Proper error responses for all operations
  • Efficient Serialization: Protobuf metadata storage (lib.rs:327-337)

4. Performance Benefits

  • Compact Format: Binary protobuf ~20-50% smaller than JSON
  • Faster Serialization: Typically 2-3x faster than serde_json
  • Better Memory Usage: Lower memory footprint for message processing

⚠️ Issues & Concerns

High Priority

  1. Potential Data Migration Risk (kv.proto:82)

    message Metadata {
    bytes _version = 1;  // Changed from kv_version
    int64 create_ts = 2;
}

    Issue: The field name changed from kv_version to _version. This could break existing data compatibility.

  2. Missing Test Coverage

    • No tests added for protobuf conversion
    • No unit tests for frame encoding/decoding
    • No tests for KV protocol message roundtrips
    • Existing tests (container_lifecycle.rs) are integration tests that may still pass but don't validate protobuf-specific scenarios

Medium Priority

  1. Generic Error Handling (runner_protocol.rs:52-62)

    let payload = T::decode(&frame[4..])?;  // Generic prost error

    Issue: Protobuf decode errors are generic and may be difficult to debug in production.

  2. Minor Typo in Safety Comment (key.rs:16)

    // SAFETY: Key is a wrapper around kv::Kky, identical memory layout

    Issue: kv::Kky should be kv::Key (already noted in review comments).

Low Priority

  1. Missing Documentation
    • Protobuf files lack field-level comments
    • No migration guide for the protocol change

🔒 Security Assessment

✅ Improvements:

  • Protobuf's strict schema validation reduces malformed message risks
  • Binary format is less susceptible to injection attacks than JSON
  • Compile-time type checking prevents runtime errors

✅ No Security Issues Found

📋 Recommendations

Before Merge

  1. Add comprehensive tests for protobuf serialization/deserialization
  2. Address the metadata field migration from kv_version to _version
  3. Fix the typo in the safety comment

Post-Merge Improvements

  1. Enhanced error handling with more specific protobuf decode errors
  2. Add documentation for the protocol change
  3. Performance benchmarking to validate expected improvements

🎯 Verdict

✅ Approve with Recommendations - This is a solid protocol conversion that will improve performance and type safety. The main concerns are around testing and potential data migration, but the implementation itself is well-executed and follows best practices.

The changes successfully modernize the runner protocol while maintaining existing functionality. The protobuf schema design is clean and the Rust integration is properly implemented.

@MasterPtato MasterPtato force-pushed the 07-04-fix_even_more_actor_api_changes branch from 194a145 to d4f1675 Compare July 12, 2025 00:46
@MasterPtato MasterPtato force-pushed the 07-03-fix_convert_runner_protocol_to_protobuf branch from f1fb5cc to 5c2d044 Compare July 12, 2025 00:46
@claude Claude
Copy link

claude bot commented Jul 12, 2025
edited
Loading

Claude finished @MasterPtato's task —— View job

PR Review: Convert Runner Protocol to Protobuf

Review Checklist:

  • Read and understand the protobuf schema files
  • Check build configuration and dependencies
  • Review serialization/deserialization logic
  • Analyze Rust code changes for correctness
  • Assess performance implications
  • Look for security considerations
  • Evaluate error handling
  • Check for potential data migration issues
  • Review test coverage
  • Provide comprehensive feedback

🚀 Overall Assessment

This is a well-executed protocol conversion that successfully migrates the runner protocol from JSON to protobuf. The implementation is thorough, follows protobuf best practices, and should deliver significant performance improvements. The schema design is clean and the Rust integration is properly implemented.

✅ Strengths

1. Excellent Protobuf Schema Design (runner_protocol.proto, kv.proto)

  • Clean message hierarchy with logical separation of concerns
  • Proper use of oneof for message variants (e.g., ToManager.message, ToRunner.message)
  • Consistent field numbering and appropriate use of optional fields
  • Good namespace organization (rivet.pegboard.runner_protocol, rivet.pegboard.kv)

2. Robust Build Configuration (build.rs, Cargo.toml)

  • Simple and effective prost-build setup
  • Proper proto file compilation with correct include paths
  • Dependencies properly added (prost = "0.14", prost-build = "0.14")

3. Solid Rust Implementation (runner_protocol.rs)

  • Generated protobuf code properly integrated with include!() macros
  • Efficient LengthDelimitedCodec configuration with 4-byte headers
  • Clean encode_frame/decode_frame functions for message framing

4. Comprehensive Actor-KV Integration (entry.rs, key.rs, list_query.rs)

  • Proper wrapper types with From/Into implementations
  • Efficient protobuf serialization in metadata storage (lib.rs:327-337)
  • Good integration with FoundationDB tuple packing

5. Strong Manager Integration (manager/src/actor/mod.rs)

  • Complete KV operation handling with proper error responses
  • Efficient message dispatching with pattern matching
  • Proper actor metadata conversion to protobuf

⚠️ Issues & Concerns

High Priority

  1. Metadata Field Migration Risk (kv.proto:82)

    message Metadata {
    bytes _version = 1;  // Changed from kv_version
    int64 create_ts = 2;
}

    Risk: The field name changed from kv_version to _version. If existing data uses the old field name, this could break compatibility.
    Impact: Data corruption or loss for existing KV entries.

  2. Missing Test Coverage

    • No tests added or updated to verify the protobuf conversion
    • No tests for KV protocol message roundtrips
    • No tests for actor state transitions using protobuf
    • Critical for a protocol change of this magnitude

Medium Priority

  1. Generic Error Handling (runner_protocol.rs:52-62)

    pub fn decode_frame<T: Message + Default>(frame: &[u8]) -> Result<([u8; 4], T)> {
    ensure!(frame.len() >= 4, "Frame too short");
    let payload = T::decode(&frame[4..])?;  // Generic prost error

    Issue: Protobuf decode errors are generic and may be difficult to debug in production.
    Suggestion: Wrap with more contextual error messages including message type.

  2. Minor Typo in Safety Comment (key.rs:16)

    // SAFETY: Key is a wrapper around kv::Kky, identical memory layout

    Issue: kv::Kky should be kv::Key (already noted in review comments).

Low Priority

  1. Missing Documentation

    • Protobuf files lack field-level comments explaining purposes
    • No documentation for the protocol change

  2. Field Validation

    • No validation for critical protobuf fields (e.g., non-empty actor_id, valid generation numbers)

🔒 Security Assessment

✅ Improvements:

  • Reduced Attack Surface: Protobuf's strict schema validation prevents malformed messages
  • Type Safety: Compile-time type checking vs runtime JSON parsing
  • Input Validation: Binary format is less susceptible to injection attacks than JSON

✅ No Security Issues Found:

  • No sensitive data exposure in the changes
  • Proper error handling without information leakage
  • No hardcoded credentials or secrets

🚀 Performance Impact

✅ Significant Improvements Expected:

  • Size: Binary protobuf format typically 20-50% smaller than JSON
  • Speed: Protobuf serialization/deserialization is typically 2-3x faster than serde_json
  • Memory: Lower memory footprint for message processing
  • CPU: Reduced CPU usage for high-throughput scenarios

🧪 Test Coverage Analysis

✅ Existing Infrastructure:

  • Good test coverage in manager/tests/container_lifecycle.rs
  • WebSocket communication tests should continue to work
  • Actor lifecycle tests cover state transitions

❌ Missing Coverage:

  • No protobuf-specific tests for serialization/deserialization
  • No KV protocol integration tests within the runner protocol
  • No backward compatibility tests (if needed)
  • No tests for malformed protobuf message handling
  • No performance benchmarks to validate expected improvements

📋 Recommendations

Before Merge:

  1. Add comprehensive tests covering:

    • Protobuf message serialization/deserialization roundtrips
    • KV protocol integration scenarios
    • Actor state transition scenarios
    • Error handling with malformed protobuf data

  2. Address metadata field migration for the kv_version_version change

    • Document the breaking change
    • Consider migration utilities if needed

  3. Fix the typo in the safety comment

Follow-up Improvements:

  1. Enhanced error handling with more specific protobuf decode error messages
  2. Field validation for critical protobuf message fields
  3. Performance benchmarking to validate expected improvements
  4. Documentation updates reflecting the protocol change

🎯 Verdict

✅ Approve with Recommendations - This is a solid protocol conversion that will improve performance and type safety. The main concerns are around testing and potential data migration, but the implementation itself is well-executed and follows best practices.

The changes successfully modernize the runner protocol while maintaining existing functionality. The protobuf schema design is clean and the Rust integration is properly implemented.

@MasterPtato MasterPtato force-pushed the 07-04-fix_even_more_actor_api_changes branch from d4f1675 to 777eff5 Compare July 12, 2025 00:50
@MasterPtato MasterPtato force-pushed the 07-03-fix_convert_runner_protocol_to_protobuf branch from 5c2d044 to 646c8f0 Compare July 12, 2025 00:50
@claude Claude
Copy link

claude bot commented Jul 12, 2025
edited
Loading

Claude finished @MasterPtato's task —— View job

PR Review: Convert Runner Protocol to Protobuf

Review Checklist:

  • Read and understand the protobuf schema files
  • Check build configuration and dependencies
  • Review serialization/deserialization logic
  • Analyze Rust code changes for correctness
  • Assess performance implications
  • Look for security considerations
  • Evaluate error handling
  • Check for potential data migration issues
  • Review test coverage
  • Provide comprehensive feedback

🚀 Overall Assessment

This is a well-executed protocol conversion that successfully migrates the runner protocol from JSON to protobuf. The implementation follows protobuf best practices and should deliver significant performance improvements while maintaining type safety.

✅ Strengths

1. Excellent Protobuf Schema Design

  • Clean Architecture: Clear separation between ToManager and ToRunner messages in runner_protocol.proto:7-56
  • Proper Field Design: Effective use of oneof for message variants (lines 16-20, 48-55)
  • Consistent Naming: Good field numbering and naming conventions
  • KV Integration: Well-designed KV protocol with proper Request/Response pattern in kv.proto:5-104

2. Solid Rust Implementation

  • Clean Module Structure: Proper prost integration in runner_protocol.rs:6-18
  • Efficient Framing: Good frame encoding/decoding with 4-byte headers (runner_protocol.rs:42-62)
  • Memory Safety: Proper use of #[repr(transparent)] wrapper in key.rs:9-11
  • FoundationDB Integration: Correct TuplePack/TupleUnpack implementation for KV keys

3. Comprehensive KV Operations

  • Complete Coverage: All KV operations implemented (GET, LIST, PUT, DELETE, DROP) in manager/src/actor/mod.rs:231-380
  • Error Handling: Proper error responses for all operations
  • Efficient Serialization: Protobuf metadata storage (lib.rs:327-337)

4. Performance Benefits

  • Compact Format: Binary protobuf ~20-50% smaller than JSON
  • Faster Serialization: Typically 2-3x faster than serde_json
  • Better Memory Usage: Lower memory footprint for message processing

⚠️ Issues & Concerns

High Priority

  1. Potential Data Migration Risk (kv.proto:82)

    message Metadata {
    bytes _version = 1;  // Changed from kv_version
    int64 create_ts = 2;
}

    Issue: The field name changed from kv_version to _version. This could break existing data compatibility.

  2. Missing Test Coverage

    • No tests added for protobuf conversion
    • No unit tests for frame encoding/decoding
    • No tests for KV protocol message roundtrips
    • Existing tests (container_lifecycle.rs) are integration tests that may still pass but don't validate protobuf-specific scenarios

Medium Priority

  1. Generic Error Handling (runner_protocol.rs:52-62)

    let payload = T::decode(&frame[4..])?;  // Generic prost error

    Issue: Protobuf decode errors are generic and may be difficult to debug in production.

  2. Minor Typo in Safety Comment (key.rs:16)

    // SAFETY: Key is a wrapper around kv::Kky, identical memory layout

    Issue: kv::Kky should be kv::Key (already noted in review comments).

Low Priority

  1. Missing Documentation
    • Protobuf files lack field-level comments
    • No migration guide for the protocol change

🔒 Security Assessment

✅ Improvements:

  • Protobuf's strict schema validation reduces malformed message risks
  • Binary format is less susceptible to injection attacks than JSON
  • Compile-time type checking prevents runtime errors

✅ No Security Issues Found

📋 Recommendations

Before Merge

  1. Add comprehensive tests for protobuf serialization/deserialization
  2. Address the metadata field migration from kv_version to _version
  3. Fix the typo in the safety comment

Post-Merge Improvements

  1. Enhanced error handling with more specific protobuf decode errors
  2. Add documentation for the protocol change
  3. Performance benchmarking to validate expected improvements

🎯 Verdict

✅ Approve with Recommendations - This is a solid protocol conversion that will improve performance and type safety. The main concerns are around testing and potential data migration, but the implementation itself is well-executed and follows best practices.

The changes successfully modernize the runner protocol while maintaining existing functionality. The protobuf schema design is clean and the Rust integration is properly implemented.

@claude Claude
Copy link

claude bot commented Jul 12, 2025
edited
Loading

Claude finished @MasterPtato's task —— View job

PR Review: Convert Runner Protocol to Protobuf

Review Checklist:

  • Read and understand the protobuf schema files
  • Check build configuration and dependencies
  • Review serialization/deserialization logic
  • Analyze Rust code changes for correctness
  • Assess performance implications
  • Look for security considerations
  • Evaluate error handling
  • Check for potential data migration issues
  • Review test coverage
  • Provide comprehensive feedback

🚀 Overall Assessment

This is a well-executed protocol conversion that successfully migrates the runner protocol from JSON to protobuf. The implementation is thorough, follows protobuf best practices, and should deliver significant performance improvements. The schema design is clean and the Rust integration is properly implemented.

✅ Strengths

1. Excellent Protobuf Schema Design (runner_protocol.proto, kv.proto)

  • Clean message hierarchy with logical separation of concerns
  • Proper use of oneof for message variants (e.g., ToManager.message, ToRunner.message)
  • Consistent field numbering and appropriate use of optional fields
  • Good namespace organization (rivet.pegboard.runner_protocol, rivet.pegboard.kv)

2. Robust Build Configuration (build.rs, Cargo.toml)

  • Simple and effective prost-build setup
  • Proper proto file compilation with correct include paths
  • Dependencies properly added (prost = "0.14", prost-build = "0.14")

3. Solid Rust Implementation (runner_protocol.rs)

  • Generated protobuf code properly integrated with include!() macros
  • Efficient LengthDelimitedCodec configuration with 4-byte headers
  • Clean encode_frame/decode_frame functions for message framing

4. Comprehensive Actor-KV Integration (entry.rs, key.rs, list_query.rs)

  • Proper wrapper types with From/Into implementations
  • Efficient protobuf serialization in metadata storage (lib.rs:327-337)
  • Good integration with FoundationDB tuple packing

5. Strong Manager Integration (manager/src/actor/mod.rs)

  • Complete KV operation handling with proper error responses
  • Efficient message dispatching with pattern matching
  • Proper actor metadata conversion to protobuf

⚠️ Issues & Concerns

High Priority

  1. Metadata Field Migration Risk (kv.proto:82)

    message Metadata {
    bytes _version = 1;  // Changed from kv_version
    int64 create_ts = 2;
}

    Risk: The field name changed from kv_version to _version. If existing data uses the old field name, this could break compatibility.
    Impact: Data corruption or loss for existing KV entries.

  2. Missing Test Coverage

    • No tests added or updated to verify the protobuf conversion
    • No tests for KV protocol message roundtrips
    • No tests for actor state transitions using protobuf
    • Critical for a protocol change of this magnitude

Medium Priority

  1. Generic Error Handling (runner_protocol.rs:52-62)

    pub fn decode_frame<T: Message + Default>(frame: &[u8]) -> Result<([u8; 4], T)> {
    ensure!(frame.len() >= 4, "Frame too short");
    let payload = T::decode(&frame[4..])?;  // Generic prost error

    Issue: Protobuf decode errors are generic and may be difficult to debug in production.
    Suggestion: Wrap with more contextual error messages including message type.

  2. Minor Typo in Safety Comment (key.rs:16)

    // SAFETY: Key is a wrapper around kv::Kky, identical memory layout

    Issue: kv::Kky should be kv::Key (already noted in review comments).

Low Priority

  1. Missing Documentation

    • Protobuf files lack field-level comments explaining purposes
    • No documentation for the protocol change

  2. Field Validation

    • No validation for critical protobuf fields (e.g., non-empty actor_id, valid generation numbers)

🔒 Security Assessment

✅ Improvements:

  • Reduced Attack Surface: Protobuf's strict schema validation prevents malformed messages
  • Type Safety: Compile-time type checking vs runtime JSON parsing
  • Input Validation: Binary format is less susceptible to injection attacks than JSON

✅ No Security Issues Found:

  • No sensitive data exposure in the changes
  • Proper error handling without information leakage
  • No hardcoded credentials or secrets

🚀 Performance Impact

✅ Significant Improvements Expected:

  • Size: Binary protobuf format typically 20-50% smaller than JSON
  • Speed: Protobuf serialization/deserialization is typically 2-3x faster than serde_json
  • Memory: Lower memory footprint for message processing
  • CPU: Reduced CPU usage for high-throughput scenarios

🧪 Test Coverage Analysis

✅ Existing Infrastructure:

  • Good test coverage in manager/tests/container_lifecycle.rs
  • WebSocket communication tests should continue to work
  • Actor lifecycle tests cover state transitions

❌ Missing Coverage:

  • No protobuf-specific tests for serialization/deserialization
  • No KV protocol integration tests within the runner protocol
  • No backward compatibility tests (if needed)
  • No tests for malformed protobuf message handling
  • No performance benchmarks to validate expected improvements

📋 Recommendations

Before Merge:

  1. Add comprehensive tests covering:

    • Protobuf message serialization/deserialization roundtrips
    • KV protocol integration scenarios
    • Actor state transition scenarios
    • Error handling with malformed protobuf data

  2. Address metadata field migration for the kv_version_version change

    • Document the breaking change
    • Consider migration utilities if needed

  3. Fix the typo in the safety comment

Follow-up Improvements:

  1. Enhanced error handling with more specific protobuf decode error messages
  2. Field validation for critical protobuf message fields
  3. Performance benchmarking to validate expected improvements
  4. Documentation updates reflecting the protocol change

🎯 Verdict

✅ Approve with Recommendations - This is a solid protocol conversion that will improve performance and type safety. The main concerns are around testing and potential data migration, but the implementation itself is well-executed and follows best practices.

The changes successfully modernize the runner protocol while maintaining existing functionality. The protobuf schema design is clean and the Rust integration is properly implemented.

@claude Claude
Copy link

claude bot commented Jul 12, 2025
edited
Loading

Claude finished @MasterPtato's task —— View job

PR Review: Convert Runner Protocol to Protobuf

Review Checklist:

  • Read and understand the protobuf schema files
  • Check build configuration and dependencies
  • Review serialization/deserialization logic
  • Analyze Rust code changes for correctness
  • Assess performance implications
  • Look for security considerations
  • Evaluate error handling
  • Check for potential data migration issues
  • Review test coverage
  • Provide comprehensive feedback

🚀 Overall Assessment

This is a well-executed protocol conversion that successfully migrates the runner protocol from JSON to protobuf. The implementation is thorough, follows protobuf best practices, and should deliver significant performance improvements. The schema design is clean and the Rust integration is properly implemented.

✅ Strengths

1. Excellent Protobuf Schema Design (runner_protocol.proto, kv.proto)

  • Clean message hierarchy with logical separation of concerns
  • Proper use of oneof for message variants (e.g., ToManager.message, ToRunner.message)
  • Consistent field numbering and appropriate use of optional fields
  • Good namespace organization (rivet.pegboard.runner_protocol, rivet.pegboard.kv)

2. Robust Build Configuration (build.rs, Cargo.toml)

  • Simple and effective prost-build setup
  • Proper proto file compilation with correct include paths
  • Dependencies properly added (prost = "0.14", prost-build = "0.14")

3. Solid Rust Implementation (runner_protocol.rs)

  • Generated protobuf code properly integrated with include!() macros
  • Efficient LengthDelimitedCodec configuration with 4-byte headers
  • Clean encode_frame/decode_frame functions for message framing

4. Comprehensive Actor-KV Integration (entry.rs, key.rs, list_query.rs)

  • Proper wrapper types with From/Into implementations
  • Efficient protobuf serialization in metadata storage (lib.rs:327-337)
  • Good integration with FoundationDB tuple packing

5. Strong Manager Integration (manager/src/actor/mod.rs)

  • Complete KV operation handling with proper error responses
  • Efficient message dispatching with pattern matching
  • Proper actor metadata conversion to protobuf

⚠️ Issues & Concerns

High Priority

  1. Metadata Field Migration Risk (kv.proto:82)

    message Metadata {
    bytes _version = 1;  // Changed from kv_version
    int64 create_ts = 2;
}

    Risk: The field name changed from kv_version to _version. If existing data uses the old field name, this could break compatibility.
    Impact: Data corruption or loss for existing KV entries.

  2. Missing Test Coverage

    • No tests added or updated to verify the protobuf conversion
    • No tests for KV protocol message roundtrips
    • No tests for actor state transitions using protobuf
    • Critical for a protocol change of this magnitude

Medium Priority

  1. Generic Error Handling (runner_protocol.rs:52-62)

    pub fn decode_frame<T: Message + Default>(frame: &[u8]) -> Result<([u8; 4], T)> {
    ensure!(frame.len() >= 4, "Frame too short");
    let payload = T::decode(&frame[4..])?;  // Generic prost error

    Issue: Protobuf decode errors are generic and may be difficult to debug in production.
    Suggestion: Wrap with more contextual error messages including message type.

  2. Minor Typo in Safety Comment (key.rs:16)

    // SAFETY: Key is a wrapper around kv::Kky, identical memory layout

    Issue: kv::Kky should be kv::Key (already noted in review comments).

Low Priority

  1. Missing Documentation

    • Protobuf files lack field-level comments explaining purposes
    • No documentation for the protocol change

  2. Field Validation

    • No validation for critical protobuf fields (e.g., non-empty actor_id, valid generation numbers)

🔒 Security Assessment

✅ Improvements:

  • Reduced Attack Surface: Protobuf's strict schema validation prevents malformed messages
  • Type Safety: Compile-time type checking vs runtime JSON parsing
  • Input Validation: Binary format is less susceptible to injection attacks than JSON

✅ No Security Issues Found:

  • No sensitive data exposure in the changes
  • Proper error handling without information leakage
  • No hardcoded credentials or secrets

🚀 Performance Impact

✅ Significant Improvements Expected:

  • Size: Binary protobuf format typically 20-50% smaller than JSON
  • Speed: Protobuf serialization/deserialization is typically 2-3x faster than serde_json
  • Memory: Lower memory footprint for message processing
  • CPU: Reduced CPU usage for high-throughput scenarios

🧪 Test Coverage Analysis

✅ Existing Infrastructure:

  • Good test coverage in manager/tests/container_lifecycle.rs
  • WebSocket communication tests should continue to work
  • Actor lifecycle tests cover state transitions

❌ Missing Coverage:

  • No protobuf-specific tests for serialization/deserialization
  • No KV protocol integration tests within the runner protocol
  • No backward compatibility tests (if needed)
  • No tests for malformed protobuf message handling
  • No performance benchmarks to validate expected improvements

📋 Recommendations

Before Merge:

  1. Add comprehensive tests covering:

    • Protobuf message serialization/deserialization roundtrips
    • KV protocol integration scenarios
    • Actor state transition scenarios
    • Error handling with malformed protobuf data

  2. Address metadata field migration for the kv_version_version change

    • Document the breaking change
    • Consider migration utilities if needed

  3. Fix the typo in the safety comment

Follow-up Improvements:

  1. Enhanced error handling with more specific protobuf decode error messages
  2. Field validation for critical protobuf message fields
  3. Performance benchmarking to validate expected improvements
  4. Documentation updates reflecting the protocol change

🎯 Verdict

✅ Approve with Recommendations - This is a solid protocol conversion that will improve performance and type safety. The main concerns are around testing and potential data migration, but the implementation itself is well-executed and follows best practices.

The changes successfully modernize the runner protocol while maintaining existing functionality. The protobuf schema design is clean and the Rust integration is properly implemented.

@MasterPtato MasterPtato force-pushed the 07-03-fix_convert_runner_protocol_to_protobuf branch from 646c8f0 to f0d06dc Compare July 18, 2025 18:51
@MasterPtato MasterPtato force-pushed the 07-04-fix_even_more_actor_api_changes branch from 777eff5 to a42becc Compare July 18, 2025 18:51
@vercel Vercel
Copy link

vercel bot commented Jul 18, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
rivet-site ❌ Failed (Inspect) Jul 18, 2025 6:55pm

@claude Claude
Copy link

claude bot commented Jul 18, 2025
edited
Loading

Claude finished @MasterPtato's task —— View job

PR Review: Convert Runner Protocol to Protobuf

Review Checklist:

  • Read and understand the protobuf schema files
  • Analyze Rust code changes for correctness
  • Review serialization/deserialization logic
  • Check build configuration and dependencies
  • Assess performance implications
  • Look for security considerations
  • Evaluate error handling
  • Check for potential data migration issues
  • Review test coverage
  • Provide comprehensive feedback

🚀 Overall Assessment

This is a well-executed protocol conversion that successfully migrates the runner protocol from JSON to protobuf. The implementation is thorough, follows protobuf best practices, and should deliver significant performance improvements. The schema design is clean and the Rust integration is properly implemented.

✅ Strengths

1. Excellent Protobuf Schema Design (runner_protocol.proto, kv.proto)

  • Clean message hierarchy with logical separation of concerns
  • Proper use of oneof for message variants (e.g., ToManager.message, ToRunner.message)
  • Consistent field numbering and appropriate use of optional fields
  • Good namespace organization (rivet.pegboard.runner_protocol, rivet.pegboard.kv)

2. Robust Build Configuration (build.rs, Cargo.toml)

  • Simple and effective prost-build setup
  • Proper proto file compilation with correct include paths
  • Dependencies properly added (prost = "0.14", prost-build = "0.14")

3. Solid Rust Implementation (runner_protocol.rs)

  • Generated protobuf code properly integrated with include!() macros
  • Efficient LengthDelimitedCodec configuration with 4-byte headers
  • Clean encode_frame/decode_frame functions for message framing

4. Comprehensive Actor-KV Integration (entry.rs, key.rs, list_query.rs)

  • Proper wrapper types with From/Into implementations
  • Efficient protobuf serialization in metadata storage (lib.rs:327-337)
  • Good integration with FoundationDB tuple packing

5. Strong Manager Integration (manager/src/actor/mod.rs)

  • Complete KV operation handling with proper error responses
  • Efficient message dispatching with pattern matching
  • Proper actor metadata conversion to protobuf

⚠️ Issues & Concerns

High Priority

  1. Metadata Field Migration Risk (kv.proto:82)

    message Metadata {
    bytes _version = 1;  // Changed from kv_version
    int64 create_ts = 2;
}

    Risk: The field name changed from kv_version to _version. If existing data uses the old field name, this could break compatibility.
    Impact: Data corruption or loss for existing KV entries.

  2. Missing Test Coverage

    • No tests added or updated to verify the protobuf conversion
    • No tests for KV protocol message roundtrips
    • No tests for actor state transitions using protobuf
    • Critical for a protocol change of this magnitude

Medium Priority

  1. Generic Error Handling (runner_protocol.rs:52-62)

    pub fn decode_frame<T: Message + Default>(frame: &[u8]) -> Result<([u8; 4], T)> {
    ensure!(frame.len() >= 4, "Frame too short");
    let payload = T::decode(&frame[4..])?;  // Generic prost error

    Issue: Protobuf decode errors are generic and may be difficult to debug in production.
    Suggestion: Wrap with more contextual error messages including message type.

  2. Minor Typo in Safety Comment (key.rs:16)

    // SAFETY: Key is a wrapper around kv::Kky, identical memory layout

    Issue: kv::Kky should be kv::Key (already noted in review comments).

Low Priority

  1. Missing Documentation

    • Protobuf files lack field-level comments explaining purposes
    • No documentation for the protocol change

  2. Field Validation

    • No validation for critical protobuf fields (e.g., non-empty actor_id, valid generation numbers)

🔒 Security Assessment

✅ Improvements:

  • Reduced Attack Surface: Protobuf's strict schema validation prevents malformed messages
  • Type Safety: Compile-time type checking vs runtime JSON parsing
  • Input Validation: Binary format is less susceptible to injection attacks than JSON

✅ No Security Issues Found:

  • No sensitive data exposure in the changes
  • Proper error handling without information leakage
  • No hardcoded credentials or secrets

🚀 Performance Impact

✅ Significant Improvements Expected:

  • Size: Binary protobuf format typically 20-50% smaller than JSON
  • Speed: Protobuf serialization/deserialization is typically 2-3x faster than serde_json
  • Memory: Lower memory footprint for message processing
  • CPU: Reduced CPU usage for high-throughput scenarios

🧪 Test Coverage Analysis

✅ Existing Infrastructure:

  • Good test coverage in manager/tests/container_lifecycle.rs
  • WebSocket communication tests should continue to work
  • Actor lifecycle tests cover state transitions

❌ Missing Coverage:

  • No protobuf-specific tests for serialization/deserialization
  • No KV protocol integration tests within the runner protocol
  • No backward compatibility tests (if needed)
  • No tests for malformed protobuf message handling
  • No performance benchmarks to validate expected improvements

📋 Recommendations

Before Merge:

  1. Add comprehensive tests covering:

    • Protobuf message serialization/deserialization roundtrips
    • KV protocol integration scenarios
    • Actor state transition scenarios
    • Error handling with malformed protobuf data

  2. Address metadata field migration for the kv_version_version change

    • Document the breaking change
    • Consider migration utilities if needed

  3. Fix the typo in the safety comment

Follow-up Improvements:

  1. Enhanced error handling with more specific protobuf decode error messages
  2. Field validation for critical protobuf message fields
  3. Performance benchmarking to validate expected improvements
  4. Documentation updates reflecting the protocol change

🎯 Verdict

✅ Approve with Recommendations - This is a solid protocol conversion that will improve performance and type safety. The main concerns are around testing and potential data migration, but the implementation itself is well-executed and follows best practices.

The changes successfully modernize the runner protocol while maintaining existing functionality. The protobuf schema design is clean and the Rust integration is properly implemented.

@claude Claude
Copy link

claude bot commented Jul 18, 2025
edited
Loading

Claude finished @MasterPtato's task —— View job

PR Review: Convert Runner Protocol to Protobuf

Review Checklist:

  • Read and understand the protobuf schema files
  • Analyze Rust code changes for correctness
  • Review serialization/deserialization logic
  • Check build configuration and dependencies
  • Assess performance implications
  • Look for security considerations
  • Evaluate error handling
  • Check for potential data migration issues
  • Review test coverage
  • Provide comprehensive feedback

🚀 Overall Assessment

This is a well-executed protocol conversion that successfully migrates the runner protocol from JSON to protobuf. The implementation is thorough, follows protobuf best practices, and should deliver significant performance improvements. The schema design is clean and the Rust integration is properly implemented.

✅ Strengths

1. Excellent Protobuf Schema Design (runner_protocol.proto, kv.proto)

  • Clean message hierarchy with logical separation of concerns
  • Proper use of oneof for message variants (e.g., ToManager.message, ToRunner.message)
  • Consistent field numbering and appropriate use of optional fields
  • Good namespace organization (rivet.pegboard.runner_protocol, rivet.pegboard.kv)

2. Robust Build Configuration (build.rs, Cargo.toml)

  • Simple and effective prost-build setup
  • Proper proto file compilation with correct include paths
  • Dependencies properly added (prost = "0.14", prost-build = "0.14")

3. Solid Rust Implementation (runner_protocol.rs)

  • Generated protobuf code properly integrated with include!() macros
  • Efficient LengthDelimitedCodec configuration with 4-byte headers
  • Clean encode_frame/decode_frame functions for message framing

4. Comprehensive Actor-KV Integration (entry.rs, key.rs, list_query.rs)

  • Proper wrapper types with From/Into implementations
  • Efficient protobuf serialization in metadata storage (lib.rs:327-337)
  • Good integration with FoundationDB tuple packing

5. Strong Manager Integration (manager/src/actor/mod.rs)

  • Complete KV operation handling with proper error responses
  • Efficient message dispatching with pattern matching
  • Proper actor metadata conversion to protobuf

⚠️ Issues & Concerns

High Priority

  1. Metadata Field Migration Risk (kv.proto:82)

    message Metadata {
    bytes _version = 1;  // Changed from kv_version
    int64 create_ts = 2;
}

    Risk: The field name changed from kv_version to _version. If existing data uses the old field name, this could break compatibility.
    Impact: Data corruption or loss for existing KV entries.

  2. Missing Test Coverage

    • No tests added or updated to verify the protobuf conversion
    • No tests for KV protocol message roundtrips
    • No tests for actor state transitions using protobuf
    • Critical for a protocol change of this magnitude

Medium Priority

  1. Generic Error Handling (runner_protocol.rs:52-62)

    pub fn decode_frame<T: Message + Default>(frame: &[u8]) -> Result<([u8; 4], T)> {
    ensure!(frame.len() >= 4, "Frame too short");
    let payload = T::decode(&frame[4..])?;  // Generic prost error

    Issue: Protobuf decode errors are generic and may be difficult to debug in production.
    Suggestion: Wrap with more contextual error messages including message type.

  2. Minor Typo in Safety Comment (key.rs:16)

    // SAFETY: Key is a wrapper around kv::Kky, identical memory layout

    Issue: kv::Kky should be kv::Key (already noted in review comments).

Low Priority

  1. Missing Documentation

    • Protobuf files lack field-level comments explaining purposes
    • No documentation for the protocol change

  2. Field Validation

    • No validation for critical protobuf fields (e.g., non-empty actor_id, valid generation numbers)

🔒 Security Assessment

✅ Improvements:

  • Reduced Attack Surface: Protobuf's strict schema validation prevents malformed messages
  • Type Safety: Compile-time type checking vs runtime JSON parsing
  • Input Validation: Binary format is less susceptible to injection attacks than JSON

✅ No Security Issues Found:

  • No sensitive data exposure in the changes
  • Proper error handling without information leakage
  • No hardcoded credentials or secrets

🚀 Performance Impact

✅ Significant Improvements Expected:

  • Size: Binary protobuf format typically 20-50% smaller than JSON
  • Speed: Protobuf serialization/deserialization is typically 2-3x faster than serde_json
  • Memory: Lower memory footprint for message processing
  • CPU: Reduced CPU usage for high-throughput scenarios

🧪 Test Coverage Analysis

✅ Existing Infrastructure:

  • Good test coverage in manager/tests/container_lifecycle.rs
  • WebSocket communication tests should continue to work
  • Actor lifecycle tests cover state transitions

❌ Missing Coverage:

  • No protobuf-specific tests for serialization/deserialization
  • No KV protocol integration tests within the runner protocol
  • No backward compatibility tests (if needed)
  • No tests for malformed protobuf message handling
  • No performance benchmarks to validate expected improvements

📋 Recommendations

Before Merge:

  1. Add comprehensive tests covering:

    • Protobuf message serialization/deserialization roundtrips
    • KV protocol integration scenarios
    • Actor state transition scenarios
    • Error handling with malformed protobuf data

  2. Address metadata field migration for the kv_version_version change

    • Document the breaking change
    • Consider migration utilities if needed

  3. Fix the typo in the safety comment

Follow-up Improvements:

  1. Enhanced error handling with more specific protobuf decode error messages
  2. Field validation for critical protobuf message fields
  3. Performance benchmarking to validate expected improvements
  4. Documentation updates reflecting the protocol change

🎯 Verdict

✅ Approve with Recommendations - This is a solid protocol conversion that will improve performance and type safety. The main concerns are around testing and potential data migration, but the implementation itself is well-executed and follows best practices.

The changes successfully modernize the runner protocol while maintaining existing functionality. The protobuf schema design is clean and the Rust integration is properly implemented.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@graphite-app graphite-app[bot] graphite-app[bot] left review comments

@NathanFlurry NathanFlurry Awaiting requested review from NathanFlurry

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MasterPtato