fix: runner alloc idx logic, api auth for actor get

[MasterPtato]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[railway-app]

🚅 Deployed to the rivet-pr-4443 environment in rivet-frontend

Service	Status	Web	Updated (UTC)
frontend-inspector	😴 Sleeping (View Logs)	Web	Mar 17, 2026 at 7:51 pm
frontend-cloud	😴 Sleeping (View Logs)	Web	Mar 17, 2026 at 7:49 pm
website	❌ Build Failed (View Logs)	Web	Mar 17, 2026 at 7:41 pm
mcp-hub	✅ Success (View Logs)	Web	Mar 17, 2026 at 7:39 pm
ladle	❌ Build Failed (View Logs)	Web	Mar 17, 2026 at 7:38 pm

[MasterPtato]

• fix(cache): clean up lib #4457
• fix(config): allow configuring topo dcs via map, fix pg ssl mode config #4456
• fix(api): dont 500 on cross dc response #4449
• chore: update byte units on frontend #4444
• fix: runner alloc idx logic, api auth for actor get #4443 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[pkg-pr-new]

More templates

• actor-actions
• actor-actions-vercel
• ai-agent
• ai-agent-vercel
• example-ai-and-user-generated-actors-freestyle
• chat-room
• chat-room-vercel
• example-cloudflare-workers
• example-cloudflare-workers-hono
• collaborative-document
• collaborative-document-vercel
• cross-actor-actions
• cross-actor-actions-vercel
• example-cursors
• example-cursors-raw-websocket
• example-cursors-raw-websocket-vercel
• example-cursors-vercel
• custom-serverless
• example-elysia
• example-experimental-durable-streams-ai-agent
• example-experimental-durable-streams-ai-agent-vercel
• geo-distributed-database
• geo-distributed-database-vercel
• hello-world
• hello-world-vercel
• example-hono
• hono-react
• hono-react-vercel
• example-kitchen-sink
• example-kitchen-sink-vercel
• multi-region-vercel
• multiplayer-game
• example-multiplayer-game-patterns
• example-multiplayer-game-patterns-vercel
• multiplayer-game-vercel
• native-websockets
• native-websockets-vercel
• next-js
• per-tenant-database
• per-tenant-database-vercel
• example-raw-fetch-handler
• example-raw-fetch-handler-vercel
• example-raw-websocket-handler
• example-raw-websocket-handler-proxy
• example-raw-websocket-handler-proxy-vercel
• example-raw-websocket-handler-vercel
• example-react
• example-react-vercel
• sandbox
• sandbox-coding-agent
• sandbox-coding-agent-vercel
• sandbox-vercel
• scheduling
• scheduling-vercel
• example-sqlite-drizzle
• example-sqlite-raw
• state
• state-vercel
• example-stream
• example-stream-vercel
• example-trpc

@rivetkit/cloudflare-workers

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/cloudflare-workers@4443

@rivetkit/framework-base

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/framework-base@4443

@rivetkit/next-js

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/next-js@4443

@rivetkit/react

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/react@4443

rivetkit

pnpm add https://pkg.pr.new/rivet-dev/rivet/rivetkit@4443

@rivetkit/sql-loader

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/sql-loader@4443

@rivetkit/sqlite-vfs

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/sqlite-vfs@4443

@rivetkit/traces

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/traces@4443

@rivetkit/workflow-engine

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/workflow-engine@4443

@rivetkit/virtual-websocket

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/virtual-websocket@4443

@rivetkit/engine-runner

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner@4443

@rivetkit/engine-runner-protocol

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner-protocol@4443

commit: 65280b5

[claude]

PR Review: fix: runner alloc idx logic, api auth for actor get

Good set of targeted fixes. A few things worth discussing.

Potential Bug: Inconsistent Eviction Paths in tunnel_to_ws_task.rs

The PR introduces LifecycleResult::Evicted so that subscription-based eviction (eviction_sub.next()) skips ClearIdx. However, message-based eviction via ToRunnerClose / ToClientClose in handle_message_mk1/mk2 still returns Err(WsError::Eviction.build()) and was not converted (lines 126 and 220 of tunnel_to_ws_task.rs).

In lib.rs, only Ok(LifecycleResult::Evicted) skips ClearIdx — an Err(WsError::Eviction) falls through the else branch and still runs ClearIdx. So message-based eviction (ToRunnerClose) still triggers ClearIdx, while subscription-based eviction does not. Is this intentional? If both represent the same conceptual eviction (new connection taking over), they should behave consistently.

Security: Auth Bypass Scope in list.rs

The auth bypass allows any unauthenticated caller who knows an actor ID or name+key to read actor state. The intent (actors reading their own state) makes sense, but there is no verification that the requester is the actor being queried — any entity with a known actor ID can read its state. This may be acceptable if actor IDs are treated as secrets/capabilities, but worth a comment explaining the security model. If actor IDs are not confidential (e.g., returned in public responses or logged), this could be an info-disclosure path.

Minor: Condition Semantic Change in update_alloc_idx.rs

Old condition: tx.exists(&old_alloc_key) — only update if the runner was already in the index.
New condition: !draining — update if not draining, regardless of whether the runner was in the index.

This could cause the alloc index to be written for runners that were never added to it. If UpdatePing is only ever sent for already-indexed runners this is fine — just flagging the semantic difference.

Nit: Missing Newline at End of File

engine/artifacts/errors/serverless_runner_pool.failed_to_fetch_metadata.json is missing a trailing newline.

Looks Good

• Removing the spurious ExpiredTsKey write on Draining in both runner.rs and runner2.rs is clearly correct.
• Reading DrainTsKey in the same batch as ExpiredTsKey is a cleaner approach.
• The LifecycleResult::Evicted variant adds clarity to the subscription-based eviction path.
• The notification warning log in mark_eligible improves observability.
• The db_path=%db_path.display() logging fix follows the structured logging convention.