chore: remove event worker

[adityachoudhari26]

Summary by CodeRabbit

• Removals

  • Event worker and all background job workers/dispatching removed.
  • Cloud resource scanning (AWS, Azure, GCP) features removed.
  • Several API routes for resource/provider/consent and release-target evaluation removed.
  • Redis-backed queuing and related event/dispatch implementations removed.
  • Redis/OpenTelemetry ioredis instrumentation disabled.

• Infrastructure Changes

  • Redis service and volumes removed from deployment configs.
  • Redis-related packages and integrations removed from the codebase.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

This PR removes the apps/event-worker application and its workers, deletes Redis/BullMQ wiring and redis-related clients/config, removes many resource-scan modules and job/queue dispatching code, and disables ioredis OpenTelemetry instrumentation; event dispatching is consolidated to Kafka (eventDispatcher).

Changes

Cohort / File(s)	Summary
Event-worker app removed apps/event-worker/*	Entire app deleted: Dockerfile, CI workflow, README, tsconfig, package.json, eslint config, instrumentation, config, Redis client, and all src/ workers, utilities, resource-scan modules, and index/registration.
Workers index & registrations apps/event-worker/src/workers/index.ts, apps/event-worker/src/workers/*	Removed the workers map/type and all individual worker modules (compute-, delete-, evaluate-release-target, job-dispatch, job-update, new-, update-, updated-resources, etc.).
Resource-scan providers + utils removed apps/event-worker/src/workers/resource-scan/**	Deleted provider scanners and helpers for AWS/Azure/Google (eks, vpc, vm, gke, aks, cluster-to-resource, kube, vcluster, etc.) and utilities like extract-variables.
Events/queue infra removed or rewritten packages/events/src/*, packages/events/package.json, pnpm-workspace.yaml	Removed BullMQ/BullMQ-OTEL and Redis-based implementations: createWorker/getQueue APIs, dispatch-jobs, types (Channel/ChannelMap), redis export; replaced surface centers on KafkaEventDispatcher export. Removed bullmq/ioredis from workspace.
Redis clients & config cleaned packages/db/src/redis.ts, packages/api/src/redis.ts, packages/events/src/redis.ts, packages/*/src/config.ts, apps/webservice/src/env.ts, packages/job-dispatch/src/config.ts	Removed Redis client modules/exports and removed REDIS_URL from server env schemas across packages (db, events, api, job-dispatch, webservice).
Docker compose & service env updates docker-compose.yaml, docker-compose.dev.yaml	Removed redis and redisinsight services and volumes; removed REDIS_URL env references from affected services.
API surface & router changes apps/webservice/src/app/api/**, packages/api/src/router/**	Deleted Azure integration routes (consent/subscription) and release-target evaluate route; replaced many dispatchQueueJob usages with eventDispatcher calls or no-ops; removed resource-scan queue scheduling.
Job dispatch/creation changes packages/job-dispatch/src/job-dispatch.ts	Removed queue enqueue side-effect when creating triggered runbook jobs; now returns created runbook job directly.
OpenTelemetry instrumentation tweaks apps/event-queue/src/instrumentation-node.ts, apps/webservice/src/instrumentation-node.ts	Disabled/removed the ioredis OpenTelemetry instrumentation block; other instrumentations remain.
Package dependency edits packages/db/package.json, packages/events/package.json, packages/api/package.json	Removed ioredis, redis-semaphore, bullmq, bullmq-otel from manifests; added @aws-sdk/client-sts to packages/api.
Dispatch/queue implementation removed packages/events/src/dispatch-jobs.ts, packages/events/src/index.ts	Deleted BullMQ-based dispatch-jobs implementation and removed createWorker/getQueue exports; eventDispatcher now backed by Kafka.
Misc build tweaks apps/pty-proxy/Dockerfile	Added copy step to include workspace-engine-sdk/package.json in the build context.

Sequence Diagram(s)

mermaid
sequenceDiagram
autonumber
participant API as API / Producer
participant Kafka as Kafka (eventDispatcher)
participant Worker as Consumer (worker)
Note right of Kafka #DDEBF7: Current/kept flow: Kafka-based dispatch
API->>Kafka: publish event
Kafka->>Worker: deliver event
Worker->>Worker: process business logic

mermaid
sequenceDiagram
autonumber
participant API as API / Producer
participant Redis as Redis + BullMQ
participant BullWorker as BullMQ Worker
Note right of Redis #FDEBD0: Removed flow: Redis/BullMQ queueing
API->>Redis: enqueue job
Redis->>BullWorker: deliver job
BullWorker->>BullWorker: process business logic

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related PRs

• feat: add bullmq otel #481 — Removes BullMQ/ioredis integrations and the createWorker/getQueue APIs; directly related to the event/queue infra deletions.
• fix: Add otel to event worker #441 — Changes to OpenTelemetry instrumentation (ioredis instrumentation); overlaps with instrumentation edits here.
• feat: Env selector update worker #449 — Large changes to event-worker worker surface; overlaps with the removed worker files and registrations.

Suggested reviewers

• jsbroks

Poem

🐰 I hopped through queues both near and far,

Redis shelved its final jar,
Kafka hums a steadier tune,
Workers rest beneath the moon,
New dispatch — a bright new star ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "chore: remove event worker" directly and accurately describes the primary change in this changeset. The most significant and visible alteration is the deletion of the entire apps/event-worker application, including all source files, configuration, Docker setup, and related infrastructure. While the changeset has broad ripple effects across the codebase—removing BullMQ/queue-based event dispatching, Redis integrations, and worker implementations—the root cause and primary objective is the removal of the event-worker component itself. The title is concise, unambiguous, and specific enough that a developer reviewing git history would immediately understand that this commit removes the event worker from the system.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 8f1713a and af4dc5a.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• packages/events/package.json (1 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

📊 Code Coverage Report

workspace-engine coverage: 46.2%

View detailed coverage report in artifacts

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (5)

packages/job-dispatch/src/job-dispatch.ts (1)

13-18: Add null check for runbook before passing to createTriggeredRunbookJob.

The takeFirst helper can return undefined if no runbook matches the query. Passing an undefined value to createTriggeredRunbookJob (which expects a non-optional schema.Runbook parameter) will cause a runtime error when the function attempts to access runbook properties.

Apply this diff to add a null check:

   const runbook = await db
     .select()
     .from(schema.runbook)
     .where(eq(schema.runbook.id, runbookId))
     .then(takeFirst);
+
+  if (!runbook) {
+    throw new Error(`Runbook not found: ${runbookId}`);
+  }
+
   return createTriggeredRunbookJob(db, runbook, values);

packages/api/src/router/policy/approval/add-record.ts (1)

43-47: Add release-target evaluation trigger for UserApprovalRecordCreated events.

The UserApprovalRecordCreated event is dispatched but the handler at apps/event-queue/src/events/index.ts:76 is a no-op (() => Promise.resolve()). The removed logic previously queried affected release targets and dispatched evaluation jobs. This functionality is now lost—release targets are never evaluated when approval records are created.

You must either:

• Implement the UserApprovalRecordCreated handler to trigger dispatchEvaluateReleaseTarget for affected release targets, or
• Dispatch dispatchEvaluateReleaseTarget directly in the approval record creation endpoints (alongside dispatchUserApprovalRecordCreated)

Ensure the release targets associated with the approval records are re-evaluated after creation.

packages/api/src/router/resource/resource-provider.ts (3)

214-249: Remove unused repeatSeconds parameter from input schema.

The repeatSeconds parameter (line 222) is no longer used after removing the queue-based scan scheduling. This dead parameter should be removed from the input schema to avoid confusion.

Apply this diff:

       update: protectedProcedure
         .input(
           z.object({
             resourceProviderId: z.string().uuid(),
             name: z.string().optional(),
             config: updateResourceProviderGoogle.omit({
               resourceProviderId: true,
             }),
-            repeatSeconds: z.number().min(1).nullable(),
           }),
         )

---

289-328: Remove unused repeatSeconds parameter from input schema.

The repeatSeconds parameter (line 303) is no longer used after removing the queue-based scan scheduling. This dead parameter should be removed from the input schema to avoid confusion.

Apply this diff:

       update: protectedProcedure
         .meta({
           authorizationCheck: ({ canUser, input }) =>
             canUser
               .perform(Permission.ResourceProviderUpdate)
               .on({ type: "resourceProvider", id: input.resourceProviderId }),
         })
         .input(
           z.object({
             resourceProviderId: z.string().uuid(),
             name: z.string().optional(),
             config: updateResourceProviderAws.omit({
               resourceProviderId: true,
             }),
-            repeatSeconds: z.number().min(1).nullable(),
           }),
         )

---

167-175: Replace no-op mutation with error response or restore sync functionality.

The managed.sync mutation has been replaced with a silent no-op while remaining publicly exposed to active UI consumers:

• ProviderActionsDropdown.tsx:45
• PermissionsButton.tsx:18

When these components call this endpoint, they receive Promise.resolve() instead of triggering a resource scan, creating a breaking change with no deprecation notice or error response.

Recommended actions:

• Option 1: Return an error response: throw new Error("Resource provider sync has been deprecated")
• Option 2: Wire up replacement functionality using handleResourceProviderScan and eventDispatcher (already implemented in the codebase)
• Option 3: Remove the endpoint entirely and update all UI consumers

The current state silently breaks production functionality.

🧹 Nitpick comments (1)

packages/api/src/router/policy/approval/add-record.ts (1)

43-47: LGTM: Event dispatching is correct.

The use of Promise.all() ensures atomic dispatch behavior—if any event fails, the entire operation fails, maintaining consistency. This is appropriate for this approval flow.

Optional: If you prefer more resilience (e.g., logging failed dispatches without blocking record creation), consider using Promise.allSettled():

-    await Promise.all(
+    await Promise.allSettled(
       record.map((record) =>
         eventDispatcher.dispatchUserApprovalRecordCreated(record),
       ),
     );

This would allow partial failures to be handled gracefully, though the current fail-fast behavior may be intentional.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between d3e4c84 and a929dbb.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (87)

• apps/event-queue/src/instrumentation-node.ts (0 hunks)
• apps/event-worker/Dockerfile (0 hunks)
• apps/event-worker/README.md (0 hunks)
• apps/event-worker/eslint.config.js (0 hunks)
• apps/event-worker/package.json (0 hunks)
• apps/event-worker/src/config.ts (0 hunks)
• apps/event-worker/src/github-utils.ts (0 hunks)
• apps/event-worker/src/index.ts (0 hunks)
• apps/event-worker/src/instrumentation-node.ts (0 hunks)
• apps/event-worker/src/instrumentation.ts (0 hunks)
• apps/event-worker/src/redis.ts (0 hunks)
• apps/event-worker/src/utils/omit-null-undefined.ts (0 hunks)
• apps/event-worker/src/workers/compute-deployment-resource-selector.ts (0 hunks)
• apps/event-worker/src/workers/compute-environment-resource-selector.ts (0 hunks)
• apps/event-worker/src/workers/compute-policy-target-release-target-selector.ts (0 hunks)
• apps/event-worker/src/workers/compute-systems-release-targets.ts (0 hunks)
• apps/event-worker/src/workers/compute-workspace-policy-targets.ts (0 hunks)
• apps/event-worker/src/workers/delete-deployment.ts (0 hunks)
• apps/event-worker/src/workers/delete-environment.ts (0 hunks)
• apps/event-worker/src/workers/delete-resource.ts (0 hunks)
• apps/event-worker/src/workers/deleted-release-target.ts (0 hunks)
• apps/event-worker/src/workers/evaluate-release-target.ts (0 hunks)
• apps/event-worker/src/workers/index.ts (0 hunks)
• apps/event-worker/src/workers/job-dispatch/github.ts (0 hunks)
• apps/event-worker/src/workers/job-dispatch/index.ts (0 hunks)
• apps/event-worker/src/workers/job-update/concurrency.ts (0 hunks)
• apps/event-worker/src/workers/job-update/db-update-job.ts (0 hunks)
• apps/event-worker/src/workers/job-update/index.ts (0 hunks)
• apps/event-worker/src/workers/job-update/job-metadata.ts (0 hunks)
• apps/event-worker/src/workers/job-update/job-retry.ts (0 hunks)
• apps/event-worker/src/workers/job-update/matched-policies.ts (0 hunks)
• apps/event-worker/src/workers/job-update/trigger-dependent-targets.ts (0 hunks)
• apps/event-worker/src/workers/job-update/utils.ts (0 hunks)
• apps/event-worker/src/workers/new-deployment-version.ts (0 hunks)
• apps/event-worker/src/workers/new-deployment.ts (0 hunks)
• apps/event-worker/src/workers/new-environment.ts (0 hunks)
• apps/event-worker/src/workers/new-policy.ts (0 hunks)
• apps/event-worker/src/workers/new-resource.ts (0 hunks)
• apps/event-worker/src/workers/resource-scan/aws/aws.ts (0 hunks)
• apps/event-worker/src/workers/resource-scan/aws/eks.ts (0 hunks)
• apps/event-worker/src/workers/resource-scan/aws/vpc.ts (0 hunks)
• apps/event-worker/src/workers/resource-scan/azure/aks.ts (0 hunks)
• apps/event-worker/src/workers/resource-scan/azure/cluster-to-resource.ts (0 hunks)
• apps/event-worker/src/workers/resource-scan/google/client.ts (0 hunks)
• apps/event-worker/src/workers/resource-scan/google/cluster-to-resource.ts (0 hunks)
• apps/event-worker/src/workers/resource-scan/google/gke.ts (0 hunks)
• apps/event-worker/src/workers/resource-scan/google/kube.ts (0 hunks)
• apps/event-worker/src/workers/resource-scan/google/vcluster.ts (0 hunks)
• apps/event-worker/src/workers/resource-scan/google/vm.ts (0 hunks)
• apps/event-worker/src/workers/resource-scan/google/vpc.ts (0 hunks)
• apps/event-worker/src/workers/resource-scan/index.ts (0 hunks)
• apps/event-worker/src/workers/resource-scan/utils/extract-variables.ts (0 hunks)
• apps/event-worker/src/workers/update-deployment-variable.ts (0 hunks)
• apps/event-worker/src/workers/update-deployment.ts (0 hunks)
• apps/event-worker/src/workers/update-environment.ts (0 hunks)
• apps/event-worker/src/workers/update-policy.ts (0 hunks)
• apps/event-worker/src/workers/update-resource-variable.ts (0 hunks)
• apps/event-worker/src/workers/updated-resources/index.ts (0 hunks)
• apps/event-worker/src/workers/updated-resources/span.ts (0 hunks)
• apps/event-worker/tsconfig.json (0 hunks)
• apps/webservice/src/app/api/azure/[workspaceId]/[tenantId]/[subscriptionId]/[name]/route.ts (0 hunks)
• apps/webservice/src/app/api/azure/consent/route.ts (0 hunks)
• apps/webservice/src/app/api/v1/release-targets/[releaseTargetId]/evaluate/route.ts (0 hunks)
• apps/webservice/src/env.ts (0 hunks)
• apps/webservice/src/instrumentation-node.ts (0 hunks)
• docker-compose.dev.yaml (0 hunks)
• docker-compose.yaml (0 hunks)
• packages/api/package.json (1 hunks)
• packages/api/src/config.ts (0 hunks)
• packages/api/src/index.ts (0 hunks)
• packages/api/src/redis.ts (0 hunks)
• packages/api/src/router/policy/approval/add-record.ts (1 hunks)
• packages/api/src/router/policy/version-selector.ts (3 hunks)
• packages/api/src/router/redeploy.ts (2 hunks)
• packages/api/src/router/resource/resource-provider.ts (2 hunks)
• packages/db/package.json (0 hunks)
• packages/db/src/config.ts (0 hunks)
• packages/db/src/redis.ts (0 hunks)
• packages/events/package.json (0 hunks)
• packages/events/src/config.ts (0 hunks)
• packages/events/src/dispatch-jobs.ts (0 hunks)
• packages/events/src/index.ts (0 hunks)
• packages/events/src/redis.ts (0 hunks)
• packages/events/src/types.ts (0 hunks)
• packages/job-dispatch/src/config.ts (1 hunks)
• packages/job-dispatch/src/job-dispatch.ts (1 hunks)
• pnpm-workspace.yaml (0 hunks)

💤 Files with no reviewable changes (80)

• apps/webservice/src/env.ts
• docker-compose.dev.yaml
• apps/event-worker/package.json
• apps/webservice/src/instrumentation-node.ts
• apps/event-worker/README.md
• packages/events/src/config.ts
• apps/event-worker/src/workers/new-deployment-version.ts
• apps/event-worker/src/instrumentation.ts
• apps/event-worker/src/workers/update-policy.ts
• apps/event-worker/src/utils/omit-null-undefined.ts
• packages/api/src/index.ts
• apps/event-worker/src/workers/job-update/utils.ts
• packages/db/package.json
• apps/event-worker/src/workers/resource-scan/index.ts
• apps/event-worker/src/workers/job-dispatch/github.ts
• apps/event-worker/src/workers/deleted-release-target.ts
• apps/event-worker/eslint.config.js
• apps/event-worker/src/workers/update-deployment-variable.ts
• apps/event-worker/src/redis.ts
• apps/event-worker/src/workers/job-update/matched-policies.ts
• apps/event-worker/src/instrumentation-node.ts
• apps/event-worker/src/workers/compute-systems-release-targets.ts
• apps/event-worker/src/workers/resource-scan/google/vpc.ts
• apps/event-worker/tsconfig.json
• apps/event-worker/src/workers/compute-deployment-resource-selector.ts
• apps/event-worker/src/workers/update-environment.ts
• apps/event-worker/src/workers/new-environment.ts
• apps/event-worker/src/workers/compute-workspace-policy-targets.ts
• apps/event-worker/src/workers/delete-deployment.ts
• apps/event-worker/src/workers/evaluate-release-target.ts
• apps/event-worker/src/workers/delete-resource.ts
• apps/event-worker/src/workers/resource-scan/google/kube.ts
• apps/event-worker/src/workers/compute-policy-target-release-target-selector.ts
• docker-compose.yaml
• apps/event-worker/src/workers/new-policy.ts
• packages/events/package.json
• apps/event-worker/src/index.ts
• apps/event-worker/src/workers/resource-scan/google/client.ts
• apps/event-queue/src/instrumentation-node.ts
• apps/event-worker/src/workers/index.ts
• packages/db/src/config.ts
• apps/event-worker/src/workers/job-update/trigger-dependent-targets.ts
• packages/events/src/redis.ts
• packages/api/src/config.ts
• apps/event-worker/src/workers/resource-scan/google/gke.ts
• apps/event-worker/src/workers/updated-resources/index.ts
• apps/event-worker/src/workers/resource-scan/aws/eks.ts
• apps/event-worker/src/workers/new-resource.ts
• packages/events/src/types.ts
• apps/event-worker/src/workers/resource-scan/azure/aks.ts
• apps/event-worker/src/workers/resource-scan/google/vcluster.ts
• apps/event-worker/src/workers/job-update/job-metadata.ts
• apps/event-worker/src/workers/delete-environment.ts
• apps/event-worker/src/workers/resource-scan/utils/extract-variables.ts
• apps/event-worker/src/workers/resource-scan/aws/vpc.ts
• packages/db/src/redis.ts
• packages/events/src/index.ts
• apps/webservice/src/app/api/v1/release-targets/[releaseTargetId]/evaluate/route.ts
• pnpm-workspace.yaml
• apps/event-worker/src/config.ts
• apps/event-worker/src/workers/job-update/index.ts
• apps/event-worker/src/workers/job-dispatch/index.ts
• apps/event-worker/src/workers/job-update/db-update-job.ts
• packages/api/src/redis.ts
• packages/events/src/dispatch-jobs.ts
• apps/event-worker/src/workers/resource-scan/google/cluster-to-resource.ts
• apps/webservice/src/app/api/azure/consent/route.ts
• apps/event-worker/src/workers/resource-scan/google/vm.ts
• apps/event-worker/src/workers/compute-environment-resource-selector.ts
• apps/event-worker/src/workers/job-update/concurrency.ts
• apps/event-worker/src/workers/resource-scan/azure/cluster-to-resource.ts
• apps/webservice/src/app/api/azure/[workspaceId]/[tenantId]/[subscriptionId]/[name]/route.ts
• apps/event-worker/Dockerfile
• apps/event-worker/src/workers/job-update/job-retry.ts
• apps/event-worker/src/workers/update-deployment.ts
• apps/event-worker/src/github-utils.ts
• apps/event-worker/src/workers/update-resource-variable.ts
• apps/event-worker/src/workers/new-deployment.ts
• apps/event-worker/src/workers/updated-resources/span.ts
• apps/event-worker/src/workers/resource-scan/aws/aws.ts

🧰 Additional context used

📓 Path-based instructions (2)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Use TypeScript with explicit types (prefer interfaces for public APIs)
Import styles: Use named imports, group imports by source (std lib > external > internal)
Consistent type imports: import type { Type } from "module"
Prefer async/await over raw promises
Handle errors explicitly (use try/catch and typed error responses)

Files:

• packages/api/src/router/policy/version-selector.ts
• packages/api/src/router/policy/approval/add-record.ts
• packages/api/src/router/redeploy.ts
• packages/api/src/router/resource/resource-provider.ts
• packages/job-dispatch/src/config.ts
• packages/job-dispatch/src/job-dispatch.ts

---

⚙️ CodeRabbit configuration file

**/*.{ts,tsx}: Note on Error Handling:
Avoid strict enforcement of try/catch blocks. Code may use early returns, Promise chains (.then().catch()), or other patterns for error handling. These are acceptable as long as they maintain clarity and predictability.

Files:

• packages/api/src/router/policy/version-selector.ts
• packages/api/src/router/policy/approval/add-record.ts
• packages/api/src/router/redeploy.ts
• packages/api/src/router/resource/resource-provider.ts
• packages/job-dispatch/src/config.ts
• packages/job-dispatch/src/job-dispatch.ts

**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (CLAUDE.md)

Formatting: Prettier is used with @ctrlplane/prettier-config

Files:

• packages/api/src/router/policy/version-selector.ts
• packages/api/src/router/policy/approval/add-record.ts
• packages/api/package.json
• packages/api/src/router/redeploy.ts
• packages/api/src/router/resource/resource-provider.ts
• packages/job-dispatch/src/config.ts
• packages/job-dispatch/src/job-dispatch.ts

🧬 Code graph analysis (3)

packages/api/src/router/policy/version-selector.ts (3)

packages/db/src/common.ts (1)

• Tx (22-22)

packages/db/src/utils/policies/index.ts (1)

• rulesAndTargets (13-13)

packages/events/src/index.ts (1)

• eventDispatcher (7-7)

packages/api/src/router/redeploy.ts (2)

apps/event-queue/src/job-manager/job-manager.ts (1)

• createReleaseJob (231-260)

packages/db/src/queries/create-release-job.ts (1)

• createReleaseJob (19-95)

packages/job-dispatch/src/job-dispatch.ts (2)

packages/job-dispatch/src/job-creation.ts (1)

• createTriggeredRunbookJob (9-54)

packages/db/src/schema/runbook.ts (1)

• runbook (20-38)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: build (linux/amd64)
• GitHub Check: build (linux/amd64)
• GitHub Check: Typecheck
• GitHub Check: Lint

🔇 Additional comments (8)

packages/api/package.json (1)

27-27: Verify AWS SDK version alignment and usage context.

The STS client version (^3.913.0) is significantly newer than the IAM client (^3.696.0). AWS SDK packages are typically kept in sync to avoid incompatibilities and maintenance burden. Additionally, the relationship between adding STS and removing event-worker-v2 is unclear.

Please verify:

1. Whether the STS client version should be aligned with the IAM client version (^3.696.0).
2. The code changes that introduce the STS client usage in this package to confirm the necessity of this dependency addition and its relationship to the event-worker removal.
3. Whether there are any security advisories or compatibility issues with the chosen version.

packages/job-dispatch/src/config.ts (1)

4-9: The config file is part of the package's public API and should not be removed.

The original review comment incorrectly assumes this file is unused. However, packages/job-dispatch/src/index.ts explicitly exports from config.js: export * from "./config.js";. Since this package has a public export field in package.json, the env export from config.ts is part of the package's public API. Removing it would be a breaking change for consumers.

While the empty server: {} object correctly reflects the removal of REDIS_URL and Redis infrastructure, the file itself serves a legitimate purpose as the centralized environment configuration export point. The structure is appropriate for potential future environment variables.

Likely an incorrect or invalid review comment.

packages/job-dispatch/src/job-dispatch.ts (1)

18-18: All callers correctly handle the direct job return transition.

Verification confirms:

1. packages/api/src/router/runbook.ts:44 — Mutation directly returns dispatchRunbook() result, which is the correct pattern for TRPC mutations.

2. packages/job-dispatch/src/events/handlers/resource-removed.ts:31 — Event handler properly collects promises via map() and awaits them with Promise.all().

Both call sites are appropriately updated and no queue-based dependencies remain in the callers.

packages/api/src/router/policy/version-selector.ts (2)

7-7: LGTM: Import additions are appropriate.

The new imports for rulesAndTargets and eventDispatcher correctly support the transition to Kafka-based event dispatching.

Also applies to: 12-12

---

107-107: Verify: Fire-and-forget event dispatch pattern.

The dispatchPolicyUpdated calls are not awaited, meaning mutations complete before confirming event dispatch succeeded. This introduces potential for event loss if the dispatch fails.

Is this fire-and-forget pattern intentional? Consider:

• If eventual consistency is acceptable: Add error handling (see comment on lines 19-28) to log failures and implement retry logic in the Kafka producer.
• If strong consistency is required: Add await to ensure events are dispatched before mutations complete.

Also applies to: 140-140

packages/api/src/router/policy/approval/add-record.ts (2)

4-4: LGTM: Import simplified correctly.

The import now includes only eventDispatcher, which aligns with the transition from queue-based (dispatchQueueJob) to event-driven processing.

---

28-41: LGTM: Record creation and insertion logic is sound.

The mapping of environment IDs to approval records is clear, and onConflictDoNothing() appropriately handles duplicate entries.

packages/api/src/router/redeploy.ts (1)

9-9: LGTM! Transition to event dispatcher.

The import of eventDispatcher correctly replaces the removed queue-based infrastructure and is properly utilized in the non-force deployment path.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Critical: Missing error handling for event dispatch.

The dispatchPolicyUpdated helper has no error handling. Since it's called without await (lines 107, 140), any failures in the query or event dispatch will result in unhandled promise rejections, causing silent event loss.

Apply this diff to add error handling:

 const dispatchPolicyUpdated = (db: Tx, policyId: string) =>
   db.query.policy
     .findFirst({
       where: eq(schema.policy.id, policyId),
       with: rulesAndTargets,
     })
     .then((fullPolicy) => {
       if (fullPolicy == null) return;
       eventDispatcher.dispatchPolicyUpdated(fullPolicy, fullPolicy);
-    });
+    })
+    .catch((error) => {
+      console.error(
+        `Failed to dispatch policy updated event for policy ${policyId}:`,
+        error,
+      );
+    });

Alternatively, if event dispatch should be synchronous and failures should block mutations, add await at the call sites (lines 107, 140).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const dispatchPolicyUpdated = (db: Tx, policyId: string) =>
	db.query.policy
	.findFirst({
	where: eq(schema.policy.id, policyId),
	with: rulesAndTargets,
	})
	.then((fullPolicy) => {
	if (fullPolicy == null) return;
	eventDispatcher.dispatchPolicyUpdated(fullPolicy, fullPolicy);
	});
	const dispatchPolicyUpdated = (db: Tx, policyId: string) =>
	db.query.policy
	.findFirst({
	where: eq(schema.policy.id, policyId),
	with: rulesAndTargets,
	})
	.then((fullPolicy) => {
	if (fullPolicy == null) return;
	eventDispatcher.dispatchPolicyUpdated(fullPolicy, fullPolicy);
	})
	.catch((error) => {
	console.error(
	`Failed to dispatch policy updated event for policy ${policyId}:`,
	error,
	);
	});

🤖 Prompt for AI Agents

In packages/api/src/router/policy/version-selector.ts around lines 19 to 28,
dispatchPolicyUpdated currently performs async work without any error handling
which leads to unhandled promise rejections when called without await; wrap the
function body in a try/catch that catches errors from the DB query and
eventDispatcher, log the error with context (including policyId and the error
message/stack) and prevent an unhandled rejection (either swallow after logging
or rethrow based on desired behavior), or alternatively update the two call
sites at lines 107 and 140 to await the helper so failures propagate and block
the mutation.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify: Passing the same policy twice to dispatchPolicyUpdated.

The method signature appears to dispatch an update event but receives the same fullPolicy object for both arguments. Typically, update events distinguish between old and new state. If the second parameter should represent the previous state, this is a logic error.

Run this script to verify the method signature:

---

🏁 Script executed:

#!/bin/bash
# Verify the signature of eventDispatcher.dispatchPolicyUpdated

# Find the EventDispatcher interface and KafkaEventDispatcher implementation
ast-grep --pattern $'class KafkaEventDispatcher {
  $$$
  dispatchPolicyUpdated($$$) {
    $$$
  }
  $$$
}'

# Also search for the interface definition
ast-grep --pattern $'interface EventDispatcher {
  $$$
  dispatchPolicyUpdated($$$)
  $$$
}'

# Search for method signature with rg as backup
rg -n -C5 'dispatchPolicyUpdated.*\(' --type=ts

Length of output: 17637

---

Fix: Line 27 passes the same policy twice instead of previous and current states.

The interface signature requires dispatchPolicyUpdated(previous: FullPolicy, current: FullPolicy), but line 27 calls it with the same object twice: eventDispatcher.dispatchPolicyUpdated(fullPolicy, fullPolicy). This breaks the event semantics—all other callers in the codebase (router.ts, approval/router.ts, webservice) correctly pass the previous and current states. The local helper function needs refactoring to track the previous policy state.

🤖 Prompt for AI Agents

In packages/api/src/router/policy/version-selector.ts around line 27, the call
eventDispatcher.dispatchPolicyUpdated(fullPolicy, fullPolicy) incorrectly passes
the same FullPolicy as both previous and current; change the helper so it
captures or retrieves the previous FullPolicy state and pass (previousPolicy,
fullPolicy) to dispatchPolicyUpdated. Concretely: obtain the prior policy before
applying updates (e.g., load from DB or keep a prev variable outside the update
logic), ensure the helper returns or has access to that previousPolicy, and
replace the current call with
eventDispatcher.dispatchPolicyUpdated(previousPolicy, fullPolicy) so event
semantics match other callers.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify that pending jobs are processed after creation.

After creating the release job with createReleaseJob, no dispatch or event is emitted to trigger job processing. Previously, the job was enqueued to a worker queue. In the current implementation, the job is created with status "pending" but it's unclear what mechanism picks it up for execution.

Run the following script to verify the job processing mechanism:

---

🏁 Script executed:

#!/bin/bash
# Search for job polling, Kafka consumers, or other mechanisms that process pending jobs

echo "=== Searching for job status transitions from 'pending' ==="
rg -nP --type=ts -C3 'status.*=.*["\']pending["\']|job\.status.*pending' 

echo -e "\n=== Searching for Kafka consumers or event handlers for job processing ==="
rg -nP --type=ts -C3 'consumer.*job|handleJob|processJob|JOB_CREATED|job.*event'

echo -e "\n=== Searching for job polling or scheduler mechanisms ==="
rg -nP --type=ts -C3 'pollJobs|scheduleJob|job.*scheduler|pending.*jobs'

echo -e "\n=== Searching for eventDispatcher.dispatch calls related to jobs ==="
rg -nP --type=ts -C3 'eventDispatcher\.dispatch.*[Jj]ob'

Length of output: 129

---

Let me fix the script syntax errors and re-run with simpler patterns:The web search results don't provide specific information about the codebase. Let me execute a corrected shell script to search the codebase directly:

---

🏁 Script executed:

#!/bin/bash
# Fixed shell script with simpler patterns

echo "=== Searching for eventDispatcher.dispatch calls ==="
rg -nP --type=ts 'eventDispatcher\.dispatch' -C2

echo -e "\n=== Searching for createReleaseJob usage ==="
rg -nP --type=ts 'createReleaseJob' -C3

echo -e "\n=== Searching for job processing functions ==="
rg -nP --type=ts 'processJob|handleJob|worker|consumer' -C2

echo -e "\n=== Searching for release job status ==="
rg -nP --type=ts 'releaseJob.*status|pending' -C2

Length of output: 77331

---

🏁 Script executed:

#!/bin/bash

echo "=== Checking createReleaseJob implementation ==="
cat packages/db/src/queries/create-release-job.ts

echo -e "\n=== Searching for Kafka event names/topics ==="
rg -nP --type=ts 'topic|TOPIC|event.*name' packages/events/src -C2

echo -e "\n=== Checking event-queue message handler ==="
head -120 apps/event-queue/src/index.ts

Length of output: 7230

---

🏁 Script executed:

#!/bin/bash

echo "=== Searching for job-related event handlers in event-queue ==="
find apps/event-queue/src/events -name "*.ts" -type f | head -20

echo -e "\n=== Checking events index/handler registration ==="
cat apps/event-queue/src/events/index.ts

echo -e "\n=== Searching for job or release event types ==="
rg -nP --type=ts 'JOB|RELEASE' packages/events/src -i | grep -i 'event\|type' | head -30

echo -e "\n=== Searching for polling or scheduler mechanisms for jobs ==="
rg -nP --type=ts 'setInterval|setTimeout|cron|schedule|poll' apps/event-queue/src -C2

Length of output: 8576

---

Dispatch event missing after job creation in force deployment path.

After createReleaseJob at line 41, there's no event dispatch to trigger job processing. While other create operations throughout the codebase follow the pattern: create → eventDispatcher.dispatch* → handler, the job creation in redeploy.ts breaks this pattern. The job is created with status "pending" but nothing consumes or processes it.

The event-queue has handlers for resource/deployment/version creation but no handler for job creation (only Event.JobUpdated exists). Without an event dispatch, the pending job will never be picked up for execution.

await createReleaseJob(tx, existingRelease.release);

Add event dispatch after job creation:

const job = await createReleaseJob(tx, existingRelease.release);
await eventDispatcher.dispatchJobUpdated(null, job); // or create a dispatchJobCreated event

Alternatively, verify if there's a background polling mechanism that processes pending jobs and ensure it's active.

🤖 Prompt for AI Agents

In packages/api/src/router/redeploy.ts around line 41 the code calls
createReleaseJob(tx, existingRelease.release) but does not dispatch an event to
trigger job processing; change it to capture the returned job and immediately
call the event dispatcher (e.g., await eventDispatcher.dispatchJobUpdated(null,
job) or the appropriate dispatchJobCreated variant) so the newly-created pending
job is published to the event system and picked up by handlers; ensure the
dispatch call is awaited and uses the correct eventDispatcher method available
in this module.

[github-actions]

📊 Code Coverage Report

workspace-engine coverage: 46.2%

View detailed coverage report in artifacts