feat(examples): add user-generated-actors example

[NathanFlurry]

No description provided.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
rivet-site	Ready	Preview	Comment	Dec 3, 2025 0:01am
rivetkit-serverless	Ready	Preview	Comment	Dec 3, 2025 0:01am

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
rivet-cloud	Ignored			Dec 3, 2025 0:01am
rivet-inspector	Ignored	Preview		Dec 3, 2025 0:01am

[NathanFlurry]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• feat(site): add templates #3567
• feat(examples): add user-generated-actors example #3560 👈 (View in Graphite)
• feat(frontend): create api key #3556
• fix(frontend): do not show tokens button if not on namespace page #3558
• fix(frontend): update env vars for dev #3557
• docs: clean up last few missing pieces of content #3538
• main

---

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[pkg-pr-new]

More templates

• example-ai-agent
• chat-room
• example-cloudflare-workers
• example-cloudflare-workers-hono
• example-cloudflare-workers-inline-client
• example-counter
• example-counter-next-js
• example-counter-serverless
• example-cursors
• example-cursors-raw-websocket
• example-deno
• example-sqlite
• example-elysia
• example-express
• example-hono
• example-hono-bun
• example-hono-react
• example-kitchen-sink
• example-next-js
• quickstart-actions
• quickstart-cross-actor-actions
• quickstart-multi-region
• quickstart-raw-websockets
• quickstart-realtime
• quickstart-scheduling
• quickstart-state
• example-raw-fetch-handler
• example-raw-websocket-handler
• example-raw-websocket-handler-proxy
• example-react
• starter
• example-stream
• example-trpc
• example-user-and-ai-generated-actors-freestyle

@rivetkit/cloudflare-workers

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/cloudflare-workers@3560

@rivetkit/db

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/db@3560

@rivetkit/framework-base

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/framework-base@3560

@rivetkit/next-js

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/next-js@3560

@rivetkit/react

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/react@3560

rivetkit

pnpm add https://pkg.pr.new/rivet-dev/rivet/rivetkit@3560

@rivetkit/sql-loader

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/sql-loader@3560

@rivetkit/engine-runner

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner@3560

@rivetkit/engine-runner-protocol

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner-protocol@3560

commit: 21892b5

[claude]

PR Review: User-Generated Rivet Actors Freestyle Deployer

This PR replaces the freestyle example with a more comprehensive user-generated actors deployment example. Overall, the implementation is solid and demonstrates a good use case, but there are several security, reliability, and code quality concerns that should be addressed.

---

Critical Issues

1. Security: Arbitrary Code Execution (utils.ts:49, 52)

The application writes user-provided code directly to files and executes it without validation or sandboxing. Users can inject malicious code that executes during the build process.

Recommendations:

• Add code validation/AST parsing before execution
• Implement resource limits (CPU, memory, disk)
• Add rate limiting per user/IP
• Run builds in isolated containers with restricted permissions
• Add explicit warnings in the UI

2. Secret Exposure in Logs (index.ts:48-53, deploy-with-rivet-cloud.ts:18)

API tokens and credentials are logged directly to console.

Recommendations:

• Never log tokens/credentials
• Sanitize error messages before logging
• Use a structured logging library with automatic redaction

3. Command Injection Risk (utils.ts:45)

Using shell command with string interpolation: execSync with template literals.

Recommendations:

• Use fs.cpSync or fs-extra instead of shell commands
• If shell commands are necessary, properly escape paths

---

Major Issues

4. Error Handling: Incomplete Cleanup (utils.ts:55, 162)

Temporary directories are created but never cleaned up on error.

5. Memory Issues: Large Buffers (utils.ts:87)

50MB buffer might not be sufficient for large builds.

6. Race Conditions: Namespace Naming (utils.ts:201-203)

Namespace generation uses timestamp + random string, but no collision detection.

7. API Design: Missing Validation (index.ts:16-67)

No request validation before processing.

8. Reliability: No Deployment Status Tracking

Deployments can take up to 10 minutes, but there's no way to track progress or resume.

---

Code Quality Issues

9. Inconsistent error handling patterns
10. Missing type safety for environment variables
11. Hardcoded configuration values
12. Mixed logging formats
13. TypeScript errors suppressed with @ts-expect-error

---

Testing Concerns

14. Insufficient test coverage - only one test per method, self-hosted test skipped
15. 5-minute test timeouts suggest need for mocking

---

Minor Issues

16. Missing documentation and inline comments
17. No resource management strategy
18. Frontend missing error states and validation
19. Using --no-frozen-lockfile can lead to inconsistent builds
20. Typo in comment (utils.ts:31): deplyo should be deploy

---

Positive Aspects

• Good separation of concerns
• Comprehensive logging for debugging
• Clean template structure
• Dual deployment support (cloud and self-hosted)
• User-friendly UI with Monaco editor
• Error propagation handled appropriately

---

Recommendations Summary

Before Merging (CRITICAL):

1. Fix security issues ([SVC-2555] Set up issue templates #1, [SVC-2479] Send cluster events to PostHog #2, [SVC-2504] Fix 5 GB upload limit for local development from Cloudflare #3)
2. Add request validation ([SVC-2404] Improve internal documentation #7)
3. Implement temp directory cleanup ([SVC-2483] Remove hardcoded uses of rivet.gg #4)
4. Remove token logging ([SVC-2479] Send cluster events to PostHog #2)

Post-Merge Improvements:

• Add code sandboxing/validation
• Implement rate limiting
• Add deployment status tracking
• Improve test coverage
• Add API documentation

---

Verdict

This PR introduces valuable functionality but has critical security concerns that must be addressed before merging. The arbitrary code execution without sandboxing and credential exposure in logs are blockers.

Once security issues are resolved, this will be a great addition to the examples directory.

Recommendation: Request changes for security issues, then approve after fixes.

---

Review by Claude Code

[claude]

Pull Request Review: User and AI Generated Rivet Actors Example

Overview

This PR renames and significantly refactors the freestyle example into user-and-ai-generated-actors-freestyle, transforming it from a simple chat room demo into a more sophisticated example showing how to deploy user or AI-generated Rivet Actor code using sandboxed namespaces and Freestyle.

Code Quality Assessment

Strengths ✅

1. Good separation of concerns: The deployment logic is well-organized into separate modules for Rivet Cloud deployments, self-hosted instances, and shared utilities

2. Proper error handling structure: Global error handlers are set up in src/backend/index.ts:48-55 and template/src/backend/server.ts:6-9

3. Good use of TypeScript discriminated unions: The DeployRequest type uses a discriminated union for kind (cloud vs selfHosted), providing type safety

4. Comprehensive README: Well-structured documentation with clear setup instructions for both Rivet Cloud and self-hosted options

Issues Found 🚨

1. Security: Credentials Exposure Risk (HIGH)

Location: src/backend/index.ts:13-44

The deployment endpoint accepts sensitive credentials via HTTP POST without authentication or rate limiting. This could allow unauthorized users to deploy code using someone else's credentials if exposed publicly.

Recommendation: Add prominent warnings that this is for local development only.

2. Security: Arbitrary Code Execution (CRITICAL)

Location: src/backend/utils.ts:34-48

The setupRepo function writes user-provided code directly to the filesystem without validation. While this is the intended behavior for the example, it's dangerous if deployed publicly.

Recommendations: Add prominent security warnings in the README about not exposing this publicly and document that this example is for development/learning only.

3. Error Handling: Missing Try-Catch in Async Operations

Location: src/backend/utils.ts:58, 61

The buildFrontend function calls external commands without wrapping them in try-catch blocks for better error logging.

4. Potential Resource Leak: Temporary Directory Cleanup

Location: src/backend/utils.ts:34-48

The setupRepo function creates temporary directories but never cleans them up. Over time, this will fill up the temp directory. Add cleanup logic after deployment completes.

5. CLAUDE.md Violation: Inconsistent Logging Pattern

According to CLAUDE.md, log messages should be lowercase unless mentioning specific code symbols. However:

• src/backend/utils.ts:85: "Deploying to Freestyle" should be "deploying to Freestyle"

6. Hardcoded Values

Multiple locations use hardcoded default datacenter "us-west-1". Extract to a constant for consistency.

7. Race Condition Risk

Location: src/backend/utils.ts:40

Using Date.now() for temporary directory names could cause collisions if multiple deployments happen in the same millisecond. Should add randomness like in generateNamespaceName.

Testing

Issues:

1. All tests are skipped: Both test cases use .skip, making them non-functional
2. Long test timeout: 300 seconds per test is very long

Recommendations:

• Add unit tests for utility functions
• Mock external dependencies for faster tests
• Add integration tests that run conditionally

Security Concerns Summary

🔴 CRITICAL: Arbitrary code execution without validation
🔴 HIGH: Unauthenticated API endpoint accepting credentials
🟡 MEDIUM: No rate limiting on deployment endpoint

Note: Since this is an example application meant for local development, these security concerns are acceptable IF properly documented with warnings.

Positive Notes

• The refactoring significantly improves the example's educational value
• Good separation between Rivet Cloud and self-hosted paths
• SSE-based deployment logging provides excellent UX
• The Monaco editor integration is a nice touch
• Clean TypeScript types with proper discriminated unions

Verdict

This PR makes meaningful improvements to the example and transforms it into a valuable educational resource. The code quality is generally good. The security concerns are acceptable for a local development example, but must be clearly documented with warnings.

Recommendation: Approve with minor changes:

1. Add prominent security warning to README
2. Fix logging pattern violation (lowercase)
3. Add cleanup for temporary directories
4. Extract hardcoded datacenter constant

---

Review generated by Claude Code

[graphite-app]

Merge activity

• Dec 3, 11:57 AM UTC: NathanFlurry added this pull request to the Graphite merge queue.
• Dec 3, 11:58 AM UTC: CI is running for this pull request on a draft pull request (#3584) due to your merge queue CI optimization settings.
• Dec 3, 11:59 AM UTC: Merged by the Graphite merge queue via draft PR: #3584.

[claude]

PR Review: AI and User-Generated Actors Freestyle Example

This PR adds a comprehensive example demonstrating how to deploy user or AI-generated Rivet Actor code using a sandboxed namespace and Freestyle. Overall, this is a well-structured example with good separation of concerns.

---

🟢 Strengths

1. Good Architecture: Clean separation between Cloud and Self-Hosted deployment paths
2. Comprehensive Documentation: The README is thorough and user-friendly
3. Error Handling: Global error handlers in place for unhandled rejections
4. SSE Streaming: Good use of Server-Sent Events for real-time deployment logs
5. Type Safety: Strong TypeScript typing throughout

---

🔴 Critical Issues

1. Security: Temp Directory Cleanup Missing (src/backend/utils.ts:40-48)

Issue: Temporary directories are created but never cleaned up. This will leak disk space over time.

Fix: Add cleanup in a try/finally block or use a library like tmp that auto-cleans and ensure cleanup is called after deployment completes/fails.

2. Security: Input Validation Missing (src/backend/index.ts:13-14)

Issue: No validation of user-provided code or configuration. Accepts arbitrary TypeScript/JavaScript code and unvalidated URLs.

Risks: Code injection, resource exhaustion, SSRF attacks

Fix: Add input validation using zod or similar library with size limits and URL validation.

3. Security: Sensitive Data Exposure (deploy-with-rivet-cloud.ts:103-107)

Issue: Tokens are returned in the API response which could be exposed if logged or stored client-side.

Recommendation: Either document this clearly as an example-only pattern or don't return tokens in the response.

---

🟡 Performance & Reliability Issues

4. Resource Management: No Timeout on pnpm install (src/backend/utils.ts:58)

Issue: No timeout on dependency installation. A malicious or corrupted package could hang indefinitely.

Fix: Add timeout parameter to execa call.

5. Error Recovery: Partial State on Failure (deploy-with-rivet-cloud.ts:28-62)

Issue: If deployment fails after creating namespace/tokens, these resources are left orphaned.

Fix: Wrap in try/catch and cleanup namespace on failure.

6. Concurrency: No Rate Limiting (src/backend/index.ts)

Issue: No rate limiting on /api/deploy endpoint. Users could trigger multiple expensive deployments simultaneously.

Fix: Add rate limiting middleware.

---

🔵 Code Quality Issues

7. Code Style: Inconsistent String Quotes (src/backend/index.ts:48-49)

Uses single quotes while codebase standard appears to be double quotes.

8. Missing CORS Configuration (src/backend/index.ts)

No CORS middleware. API calls will fail if frontend served from different origin during development.

9. Hardcoded Values (src/backend/utils.ts:119, 133)

Hardcoded datacenter and timeout values should be configurable.

10. Code Duplication (deploy-with-rivet-cloud.ts & deploy-with-rivet-self-hosted.ts)

Similar code patterns between deployment functions. Consider extracting common logic.

---

🟣 Testing Issues

11. All Tests Skipped (tests/deploy.test.ts:40, 79)

Both integration tests are skipped. Add unit tests for generateNamespaceName format validation, input validation, and error handling paths.

---

📋 Documentation

12. Missing Security Warnings (README.md)

README should warn that this example executes arbitrary user-provided code and should not be exposed to untrusted users without additional sandboxing. Also note it creates billable resources.

---

🎯 Summary

Category	Count
Critical Security Issues	3
Performance/Reliability	3
Code Quality	4
Testing	1
Documentation	1

Must Fix Before Merge:

1. Add temporary directory cleanup (Memory/Disk leak)
2. Add input validation (Security)
3. Add security warnings to README (Documentation)
4. Add error recovery/cleanup on deployment failure (Reliability)

Should Fix:

5. Add rate limiting
6. Add timeouts to external commands
7. Consider not returning sensitive tokens in response

Nice to Have:

8. Add CORS configuration
9. Make hardcoded values configurable
10. Add unit tests
11. Reduce code duplication

---

This is a solid foundation for an example, but needs the critical security and resource management issues addressed. The architecture is sound and the code is generally well-organized.