chore: rivetkit core/napi/typescript follow up review#4702
Conversation
|
🚅 Deployed to the rivet-pr-4702 environment in rivet-frontend
|
|
PR 4702 Code Review — Adversarial Review Synthesis The full adversarial review findings (F1-F42) with challenger verdicts are in this comment. The per-diff code review is in the comment below. Key findings verified as REAL in this PR:
|
689feea to
527f1d2
Compare
f102f4d to
8264cd3
Compare
527f1d2 to
ef109dd
Compare
a639b2e to
d7cd40d
Compare
PR #4702 Code ReviewThis PR ships several meaningful improvements: a new Bugs / Correctness1. Clean-exit path skips channel/deadline cleanup When 2. If 3. Catches all errors and logs without re-throwing. The caller fire-and-forgets via 4. Token security: fail-open when token is unset ( When 5. CORS headers emitted on all routes including
6.
7.
CLAUDE.md Violations8. CLAUDE.md: "prefer 9. Inline Per the testing reference, Rust tests for 10. Unused
11. Structured logging violations in CLAUDE.md: "Do not format parameters into the main message. Use structured fields." The Performance / Design12. Split lock-then-await pattern in
13.
Security14.
15. CLAUDE.md "Naming + Data Conventions" requires pool names to match DNS subdomain format. The current code passes any non-empty 16.
Test Coverage Gaps17. Clean-run-exit test covers Add a test case that sends 18. No TypeScript-level integration test for the Rust-level tests cover routing but there are no TS-level tests for 19. CLAUDE.md: driver test flakes must be root-caused and fixed, not papered over with loosened assertions. Restore the precise assertion after fixing the underlying sequencing issue. 20. Hibernatable WebSocket ack state failure unresolved The driver test records: Minor / Nits21. Confirm the new ESM-only path works under all targeted runtimes (Cloudflare Workers, etc.), or document the limitation. 22. TypeScript strips all leading/trailing slashes; Rust preserves the leading slash. If 23. Deprecated workflow loop aliases have no runtime warning
Summary
Highest-priority before merging: Issue 4 (fail-open auth when token unset), Issue 5 (CORS emitted on server-to-server endpoint), Issue 6 (TOCTOU race in |
Preview packages published to npmInstall with: npm install rivetkit@pr-4702All packages published as Engine binary is shipped via Docker images: docker pull rivetdev/engine:slim-a179a52
docker pull rivetdev/engine:full-a179a52Individual packagesnpm install rivetkit@pr-4702
npm install @rivetkit/react@pr-4702
npm install @rivetkit/rivetkit-napi@pr-4702
npm install @rivetkit/workflow-engine@pr-4702 |
Preview packages published to npmInstall with: npm install rivetkit@pr-4702All packages published as Engine binary is shipped via Docker images: docker pull rivetdev/engine:slim-d108c6a
docker pull rivetdev/engine:full-d108c6aIndividual packagesnpm install rivetkit@pr-4702
npm install @rivetkit/react@pr-4702
npm install @rivetkit/rivetkit-napi@pr-4702
npm install @rivetkit/workflow-engine@pr-4702 |
9284ef8 to
f7dae0a
Compare

Description
Please include a summary of the changes and the related issue. Please also include relevant motivation and context.
Type of change
How Has This Been Tested?
Please describe the tests that you ran to verify your changes.
Checklist: