You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This draft PR was created by the Graphite merge queue.
Trunk will be fast forwarded to the HEAD of this PR when CI passes, and the original PRs will be closed.
This PR combines three related changes (#3609, #3610, #3611) focused on improving cross-datacenter request handling for actors and gateway routing. Overall, the changes are well-structured and address important routing issues.
✅ Strengths
Good Code Reuse: Moving shared types to api-types and the get_or_create implementation to api-peer follows good architectural patterns
Improved Error Handling: Enhanced logging and error context throughout, particularly in api-util and guard-core
Better Separation of Concerns: The refactoring clearly separates datacenter selection logic from the actual get-or-create operation
Consistent Error Messages: The logging improvements use structured logging correctly per CLAUDE.md guidelines
🔍 Code Quality Observations
1. Duplicate Code in extract_duplicate_key_error (engine/packages/api-peer/src/actors/get_or_create.rs:101-139)
The extract_duplicate_key_error function is duplicated from api-public/src/actors/utils.rs. This should be extracted to a shared location:
Consider moving to api-util or creating a shared module
The function is identical in both places, which creates maintenance burden
Good improvement introducing original_path and stripped_path for clarity:
original_path: Full path including actor ID prefix
stripped_path: Path with actor prefix removed
However, in route_request_inner (line 147), only original_path is used when routing to peer datacenters, while stripped_path is used for local routing (line 260). This seems correct but deserves a comment explaining why.
Suggestion: Add a comment explaining:
// Use original_path for peer DC routing since the peer will strip the prefix
path: original_path.to_owned(),
// Use stripped_path for local gateway since prefix already removed
stripped_path.to_string(),
Lines 1493-1497: Changed from debug to warn level - appropriate for errors
Lines 1571-1577, 2107-2113: Consistent error logging before closing WebSocket
Minor issue: Line 1494 uses tracing::warn!(?err, "...") consistently, which is correct per CLAUDE.md.
⚠️ Potential Issues
1. Race Condition in get_or_create (engine/packages/api-peer/src/actors/get_or_create.rs:23-38)
The check-then-create pattern has a race condition:
let existing = ctx.op(pegboard::ops::actor::get_for_key::Input{ ...}).await?;ifletSome(actor) = existing.actor{returnOk(GetOrCreateResponse{ actor,created:false});}// Actor doesn't exist, create itlet actor_id = Id::new_v1(ctx.config().dc_label());match ctx.op(pegboard::ops::actor::create::Input{ ...}).await{ ...}
Issue: Between checking (line 24) and creating (line 43), another request could create the same actor. The duplicate key error handling (lines 64-90) mitigates this, but it's not ideal.
Recommendation: Consider documenting this is expected behavior, or explore whether the database operation can be atomic. The current approach works but relies on error recovery rather than prevention.
2. Missing datacenter Field Validation (engine/packages/api-types/src/actors/get_or_create.rs:15)
The comment says "Ignored in api-peer" but there's no validation that it's actually ignored:
// Ignored in api-peerpub datacenter:Option<String>,
In api-peer/src/actors/get_or_create.rs, line 56 sets datacenter_name: None, which is correct. However, if a client sends this to api-peer directly (bypassing api-public), it will silently ignore the datacenter preference.
Recommendation: Either document this as expected behavior in the function doc comment, or add a warning log if datacenter is set when called via api-peer.
🎯 Performance Considerations
String Cloning: Lines 18, 27, 28, 47, 48, 50 in get_or_create.rs clone strings multiple times. Consider if references could be used instead, though the impact is likely minimal.
Double Parsing: In extract_duplicate_key_error, the actor_id is parsed from string twice (lines 111, 130). This is acceptable given it's an error path.
🔒 Security Considerations
Token Validation: Line 115 in pegboard_gateway.rs has a comment "NOTE: Token validation implemented in EE". This is fine for the open-source version but ensure the EE implementation is in place.
Error Message Exposure: The improved error messages in api-util (lines 185-186, 212, 218) expose internal details like ray_id and response bodies. This is appropriate for debugging but ensure sensitive data isn't logged.
🧪 Test Coverage
Test Updates: The test updates in parse_actor_path.rs correctly reflect the field rename from remaining_path to stripped_path. All tests updated consistently.
Missing Tests: No new tests for the get_or_create cross-datacenter routing logic. Consider adding integration tests for:
get_or_create with existing actor in remote DC
get_or_create with duplicate key race condition
Error handling when remote DC is unavailable
📝 Minor Issues
OpenAPI Schema: Adding "additionalProperties": false to ActorsGetOrCreateResponse is good for API validation.
Import Organization: All imports are at the top of files as required by CLAUDE.md ✓
Structured Logging: All new logging uses structured format correctly (e.g., tracing::warn!(?err, "message")) ✓
Hard Tabs: Assuming rustfmt is handling this correctly ✓
📋 Recommendations Summary
High Priority:
Extract extract_duplicate_key_error to shared location to eliminate duplication
Document the race condition behavior in get_or_create or make it atomic
Add integration tests for cross-datacenter get_or_create scenarios
Medium Priority:
Add explanatory comments for why original_path vs stripped_path are used in different contexts
Document or validate the datacenter field behavior in api-peer
Low Priority:
Consider minor optimizations to reduce string cloning where possible
✨ Overall Assessment
This is a solid PR that improves cross-datacenter routing reliability and observability. The code follows Rivet conventions well, and the error handling improvements are valuable. The main concerns are code duplication and the check-then-create race condition, which should be addressed before merging.
Recommendation: Approve with minor changes requested for code deduplication and documentation.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
vercel
bot
temporarily deployed
to
Production – rivetkit-serverless
graphite-app
bot
deleted the
gtmq_spec_590012_1765504676576-f4911fcb-efdc-4398-80a9-7d33b63e64cd
branch
This draft PR was created by the Graphite merge queue.
Trunk will be fast forwarded to the HEAD of this PR when CI passes, and the original PRs will be closed.
The following PRs are included in this draft PR: