Skip to content

feat(world-vercel): support new env vars for Vercel Deployment Protection#1824

Merged
TooTallNate merged 6 commits intomainfrom
world-vercel-protection-bypass
Apr 22, 2026
Merged

feat(world-vercel): support new env vars for Vercel Deployment Protection#1824
TooTallNate merged 6 commits intomainfrom
world-vercel-protection-bypass

Conversation

@TooTallNate
Copy link
Copy Markdown
Member

@TooTallNate TooTallNate commented Apr 21, 2026
edited
Loading

Summary

Adds two new environment variables to @workflow/world-vercel for use with Vercel Deployment Protection.

VERCEL_WORKFLOW_SERVER_PROTECTION_BYPASS

When set, the value is sent as the x-vercel-protection-bypass header on every outbound HTTP request made by the Vercel world (via makeRequest, the streamer, refs, and direct api.vercel.com calls in resolve-latest-deployment.ts and encryption.ts).

Needed because workflow-server is getting Vercel Deployment Protection enabled, so external callers need a way to authenticate bypass.

VERCEL_WORKFLOW_SERVER_URL

Replaces the need to edit source to change the workflow-server URL. When set, requests bypass the default production host (https://vercel-workflow.com) and use the override instead. When going through the api.vercel.com/v1/workflow proxy, the value is forwarded via the x-vercel-workflow-api-url header so the proxy routes accordingly.

The existing inline WORKFLOW_SERVER_URL_OVERRIDE const is preserved as an empty-string literal so external CI rewrite tooling continues to work unmodified; the inline const wins over the env var when non-empty.

Implementation

  • New getProtectionBypassHeader() helper in utils.ts returns the bypass header when the env var is set.
  • getHeaders() applies the bypass header automatically (covers makeRequest, streamer, refs).
  • Direct api.vercel.com fetches in resolve-latest-deployment.ts and encryption.ts spread the helper into their headers.
  • New getWorkflowServerUrlOverride() function prefers the inline const, falls back to VERCEL_WORKFLOW_SERVER_URL.
  • The bypass header passes through the api.vercel.com/v1/workflow proxy transparently — http-proxy-middleware forwards all request headers by default, so no proxy-side changes needed.

Testing

  • pnpm --filter @workflow/world-vercel typecheck
  • pnpm --filter @workflow/world-vercel test — 79 tests pass ✅

@TooTallNate
feat(world-vercel): support WORKFLOW_VERCEL_PROTECTION_BYPASS env var
1e58408 
Allows sending a Vercel Deployment Protection bypass secret via the
`x-vercel-protection-bypass` header on all outbound requests made by
the Vercel world, enabling use against protected deployments (e.g.
previews, or workflow-server once protection is enabled).
Copilot AI review requested due to automatic review settings April 21, 2026 21:49
@TooTallNate TooTallNate requested a review from a team as a code owner April 21, 2026 21:49
@vercel
Copy link
Copy Markdown
Contributor

vercel Bot commented Apr 21, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
example-nextjs-workflow-turbopack Ready Ready Preview, Comment Apr 22, 2026 0:36am
example-nextjs-workflow-webpack Ready Ready Preview, Comment Apr 22, 2026 0:36am
example-workflow Ready Ready Preview, Comment Apr 22, 2026 0:36am
workbench-astro-workflow Ready Ready Preview, Comment Apr 22, 2026 0:36am
workbench-express-workflow Ready Ready Preview, Comment Apr 22, 2026 0:36am
workbench-fastify-workflow Ready Ready Preview, Comment Apr 22, 2026 0:36am
workbench-hono-workflow Ready Ready Preview, Comment Apr 22, 2026 0:36am
workbench-nitro-workflow Ready Ready Preview, Comment Apr 22, 2026 0:36am
workbench-nuxt-workflow Ready Ready Preview, Comment Apr 22, 2026 0:36am
workbench-sveltekit-workflow Ready Ready Preview, Comment Apr 22, 2026 0:36am
workbench-vite-workflow Ready Ready Preview, Comment Apr 22, 2026 0:36am
workflow-docs Ready Ready Preview, Comment, Open in v0 Apr 22, 2026 0:36am
workflow-swc-playground Ready Ready Preview, Comment Apr 22, 2026 0:36am
workflow-web Ready Ready Preview, Comment Apr 22, 2026 0:36am

@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Apr 21, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 515010b

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 18 packages
Name Type
@workflow/world-vercel Minor
@workflow/cli Patch
@workflow/core Patch
@workflow/web Patch
workflow Patch
@workflow/world-testing Patch
@workflow/builders Patch
@workflow/next Patch
@workflow/nitro Patch
@workflow/vitest Patch
@workflow/web-shared Patch
@workflow/ai Patch
@workflow/astro Patch
@workflow/nest Patch
@workflow/rollup Patch
@workflow/sveltekit Patch
@workflow/vite Patch
@workflow/nuxt Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 21, 2026
edited
Loading

🧪 E2E Test Results

Some tests failed

Summary

Passed Failed Skipped Total
✅ 💻 Local Development 1054 0 86 1140
✅ 📦 Local Production 1054 0 86 1140
❌ 🐘 Local Postgres 1052 2 86 1140
✅ 🪟 Windows 95 0 0 95
✅ 📋 Other 267 0 18 285
Total 3522 2 276 3800

❌ Failed Tests

🐘 Local Postgres (2 failed)

nuxt-stable (2 failed):

  • fibonacciWorkflow - recursive workflow composition via start()
  • health check (queue-based) - workflow and step endpoints respond to health check messages

Details by Category

✅ 💻 Local Development
App Passed Failed Skipped
✅ astro-stable 89 0 6
✅ express-stable 89 0 6
✅ fastify-stable 89 0 6
✅ hono-stable 89 0 6
✅ nextjs-turbopack-canary 76 0 19
✅ nextjs-turbopack-stable 95 0 0
✅ nextjs-webpack-canary 76 0 19
✅ nextjs-webpack-stable 95 0 0
✅ nitro-stable 89 0 6
✅ nuxt-stable 89 0 6
✅ sveltekit-stable 89 0 6
✅ vite-stable 89 0 6
✅ 📦 Local Production
App Passed Failed Skipped
✅ astro-stable 89 0 6
✅ express-stable 89 0 6
✅ fastify-stable 89 0 6
✅ hono-stable 89 0 6
✅ nextjs-turbopack-canary 76 0 19
✅ nextjs-turbopack-stable 95 0 0
✅ nextjs-webpack-canary 76 0 19
✅ nextjs-webpack-stable 95 0 0
✅ nitro-stable 89 0 6
✅ nuxt-stable 89 0 6
✅ sveltekit-stable 89 0 6
✅ vite-stable 89 0 6
❌ 🐘 Local Postgres
App Passed Failed Skipped
✅ astro-stable 89 0 6
✅ express-stable 89 0 6
✅ fastify-stable 89 0 6
✅ hono-stable 89 0 6
✅ nextjs-turbopack-canary 76 0 19
✅ nextjs-turbopack-stable 95 0 0
✅ nextjs-webpack-canary 76 0 19
✅ nextjs-webpack-stable 95 0 0
✅ nitro-stable 89 0 6
❌ nuxt-stable 87 2 6
✅ sveltekit-stable 89 0 6
✅ vite-stable 89 0 6
✅ 🪟 Windows
App Passed Failed Skipped
✅ nextjs-turbopack 95 0 0
✅ 📋 Other
App Passed Failed Skipped
✅ e2e-local-dev-nest-stable 89 0 6
✅ e2e-local-postgres-nest-stable 89 0 6
✅ e2e-local-prod-nest-stable 89 0 6

📋 View full workflow run

Some E2E test jobs failed:

  • Vercel Prod: failure
  • Local Dev: success
  • Local Prod: success
  • Local Postgres: failure
  • Windows: success

Check the workflow run for details.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 21, 2026
edited
Loading

📊 Benchmark Results

📈 Comparing against baseline from main branch. Green 🟢 = faster, Red 🔺 = slower.

workflow with no steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
💻 Local 🥇 Express 0.033s (-25.1% 🟢) 1.004s (~) 0.971s 10 1.00x
💻 Local Nitro 0.043s (~) 1.005s (~) 0.962s 10 1.30x
🐘 Postgres Next.js (Turbopack) 0.046s 1.009s 0.963s 10 1.39x
💻 Local Next.js (Turbopack) 0.048s 1.006s 0.957s 10 1.45x
🐘 Postgres Express 0.059s (+2.4%) 1.012s (~) 0.953s 10 1.79x
🐘 Postgres Nitro 0.064s (-33.1% 🟢) 1.010s (-3.1%) 0.947s 10 1.92x
workflow with 1 step

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
💻 Local 🥇 Express 1.105s (-1.8%) 2.005s (~) 0.900s 10 1.00x
🐘 Postgres Next.js (Turbopack) 1.116s 2.009s 0.893s 10 1.01x
💻 Local Next.js (Turbopack) 1.123s 2.007s 0.884s 10 1.02x
💻 Local Nitro 1.125s (-0.5%) 2.006s (~) 0.881s 10 1.02x
🐘 Postgres Express 1.144s (~) 2.009s (~) 0.865s 10 1.03x
🐘 Postgres Nitro 1.152s (+1.0%) 2.012s (~) 0.860s 10 1.04x
workflow with 10 sequential steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 10.694s 11.020s 0.326s 3 1.00x
💻 Local Express 10.758s (-1.5%) 11.022s (~) 0.264s 3 1.01x
💻 Local Next.js (Turbopack) 10.827s 11.025s 0.198s 3 1.01x
🐘 Postgres Express 10.847s (-1.1%) 11.020s (~) 0.173s 3 1.01x
💻 Local Nitro 10.934s (~) 11.023s (~) 0.089s 3 1.02x
🐘 Postgres Nitro 10.955s (+0.8%) 11.026s (~) 0.070s 3 1.02x
workflow with 25 sequential steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 14.091s 15.020s 0.929s 4 1.00x
🐘 Postgres Express 14.532s (~) 15.020s (~) 0.488s 4 1.03x
💻 Local Express 14.548s (-2.8%) 15.029s (~) 0.481s 4 1.03x
💻 Local Next.js (Turbopack) 14.628s 15.029s 0.401s 4 1.04x
🐘 Postgres Nitro 14.704s (+0.7%) 15.028s (~) 0.324s 4 1.04x
💻 Local Nitro 14.960s (-0.7%) 15.030s (-6.2% 🟢) 0.070s 4 1.06x
workflow with 50 sequential steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 13.144s 13.881s 0.737s 7 1.00x
🐘 Postgres Express 13.862s (-1.0%) 14.024s (-3.9%) 0.162s 7 1.05x
🐘 Postgres Nitro 14.311s (+2.5%) 15.021s (+5.0%) 0.710s 6 1.09x
💻 Local Express 15.112s (-9.0% 🟢) 16.028s (-5.9% 🟢) 0.916s 6 1.15x
💻 Local Next.js (Turbopack) 16.172s 17.031s 0.859s 6 1.23x
💻 Local Nitro 16.642s (-0.8%) 17.029s (~) 0.387s 6 1.27x
Promise.all with 10 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 1.185s 2.008s 0.823s 15 1.00x
🐘 Postgres Express 1.263s (~) 2.010s (~) 0.747s 15 1.07x
🐘 Postgres Nitro 1.282s (+0.6%) 2.010s (~) 0.728s 15 1.08x
💻 Local Express 1.436s (-3.6%) 2.008s (~) 0.573s 15 1.21x
💻 Local Next.js (Turbopack) 1.525s 2.005s 0.481s 15 1.29x
💻 Local Nitro 1.873s (+14.8% 🔺) 2.392s (+15.3% 🔺) 0.519s 13 1.58x
Promise.all with 25 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 2.349s 3.008s 0.659s 10 1.00x
🐘 Postgres Express 2.363s (~) 3.009s (~) 0.646s 10 1.01x
🐘 Postgres Nitro 2.400s (+2.1%) 3.011s (~) 0.611s 10 1.02x
💻 Local Express 2.521s (-14.6% 🟢) 3.007s (-12.9% 🟢) 0.486s 10 1.07x
💻 Local Next.js (Turbopack) 2.837s 3.565s 0.728s 9 1.21x
💻 Local Nitro 3.050s (-3.0%) 3.760s (-3.2%) 0.711s 8 1.30x
Promise.all with 50 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Express 3.466s (-0.6%) 4.010s (~) 0.544s 8 1.00x
🐘 Postgres Nitro 3.476s (~) 4.011s (~) 0.536s 8 1.00x
🐘 Postgres Next.js (Turbopack) 3.514s 4.010s 0.495s 8 1.01x
💻 Local Express 6.216s (-25.5% 🟢) 6.814s (-24.5% 🟢) 0.599s 5 1.79x
💻 Local Nitro 8.493s (+1.7%) 9.025s (~) 0.532s 4 2.45x
💻 Local Next.js (Turbopack) 8.680s 9.271s 0.591s 4 2.50x
Promise.race with 10 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 1.170s 2.007s 0.837s 15 1.00x
🐘 Postgres Express 1.265s (+0.6%) 2.008s (~) 0.743s 15 1.08x
🐘 Postgres Nitro 1.279s (+1.8%) 2.009s (~) 0.730s 15 1.09x
💻 Local Nitro 1.526s (-18.2% 🟢) 2.005s (-14.3% 🟢) 0.479s 15 1.30x
💻 Local Next.js (Turbopack) 1.553s 2.005s 0.452s 15 1.33x
💻 Local Express 1.583s (-16.4% 🟢) 2.109s (-10.8% 🟢) 0.526s 15 1.35x
Promise.race with 25 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Express 2.345s (~) 3.009s (~) 0.664s 10 1.00x
🐘 Postgres Nitro 2.368s (+1.2%) 3.011s (~) 0.643s 10 1.01x
🐘 Postgres Next.js (Turbopack) 2.418s 3.010s 0.592s 10 1.03x
💻 Local Express 2.505s (-20.0% 🟢) 3.007s (-20.1% 🟢) 0.502s 10 1.07x
💻 Local Next.js (Turbopack) 2.934s 3.759s 0.825s 8 1.25x
💻 Local Nitro 3.017s (-1.6%) 3.759s (-3.3%) 0.742s 8 1.29x
Promise.race with 50 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Express 3.473s (-0.7%) 4.011s (~) 0.538s 8 1.00x
🐘 Postgres Nitro 3.525s (+1.3%) 4.010s (~) 0.485s 8 1.01x
🐘 Postgres Next.js (Turbopack) 3.556s 4.010s 0.454s 8 1.02x
💻 Local Express 6.601s (-25.0% 🟢) 7.222s (-22.1% 🟢) 0.621s 5 1.90x
💻 Local Next.js (Turbopack) 8.335s 8.518s 0.183s 4 2.40x
💻 Local Nitro 8.823s (-3.5%) 9.273s (-7.5% 🟢) 0.450s 4 2.54x
workflow with 10 sequential data payload steps (10KB)

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 0.618s 1.006s 0.388s 60 1.00x
🐘 Postgres Express 0.836s (~) 1.041s (+1.7%) 0.205s 58 1.35x
💻 Local Next.js (Turbopack) 0.851s 1.021s 0.170s 59 1.38x
🐘 Postgres Nitro 0.856s (+4.4%) 1.023s (+1.7%) 0.167s 59 1.39x
💻 Local Express 0.871s (-11.5% 🟢) 1.095s (+1.7%) 0.224s 55 1.41x
💻 Local Nitro 0.983s (~) 1.076s (-1.6%) 0.094s 56 1.59x
workflow with 25 sequential data payload steps (10KB)

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 1.513s 2.008s 0.495s 45 1.00x
🐘 Postgres Express 1.920s (-2.9%) 2.053s (-9.1% 🟢) 0.133s 44 1.27x
🐘 Postgres Nitro 2.079s (+7.9% 🔺) 2.945s (+40.2% 🔺) 0.866s 31 1.37x
💻 Local Express 2.691s (-10.8% 🟢) 3.110s (-13.3% 🟢) 0.420s 29 1.78x
💻 Local Next.js (Turbopack) 2.691s 3.008s 0.317s 30 1.78x
💻 Local Nitro 3.040s (~) 3.842s (+2.2%) 0.802s 24 2.01x
workflow with 50 sequential data payload steps (10KB)

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 3.056s 3.822s 0.766s 32 1.00x
🐘 Postgres Express 3.863s (-3.2%) 4.077s (-6.7% 🟢) 0.214s 30 1.26x
🐘 Postgres Nitro 4.238s (+3.3%) 5.013s (+8.9% 🔺) 0.775s 24 1.39x
💻 Local Express 7.711s (-16.3% 🟢) 8.214s (-18.0% 🟢) 0.503s 15 2.52x
💻 Local Next.js (Turbopack) 8.787s 9.161s 0.374s 14 2.87x
💻 Local Nitro 9.222s (-0.8%) 9.787s (-2.3%) 0.566s 13 3.02x
workflow with 10 concurrent data payload steps (10KB)

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 0.195s 1.006s 0.811s 60 1.00x
🐘 Postgres Express 0.285s (+1.1%) 1.007s (~) 0.722s 60 1.46x
🐘 Postgres Nitro 0.300s (+6.0% 🔺) 1.008s (~) 0.708s 60 1.54x
💻 Local Express 0.505s (-10.0% 🟢) 1.004s (~) 0.499s 60 2.59x
💻 Local Next.js (Turbopack) 0.560s 1.004s 0.445s 60 2.87x
💻 Local Nitro 0.604s (~) 1.022s (~) 0.417s 59 3.10x
workflow with 25 concurrent data payload steps (10KB)

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 0.406s 1.006s 0.599s 90 1.00x
🐘 Postgres Express 0.488s (-4.2%) 1.006s (~) 0.518s 90 1.20x
🐘 Postgres Nitro 0.532s (+7.1% 🔺) 1.007s (~) 0.475s 90 1.31x
💻 Local Express 2.239s (-10.9% 🟢) 3.013s (~) 0.774s 30 5.51x
💻 Local Nitro 2.539s (~) 3.009s (~) 0.471s 30 6.25x
💻 Local Next.js (Turbopack) 2.644s 3.009s 0.365s 30 6.50x
workflow with 50 concurrent data payload steps (10KB)

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 0.621s 1.006s 0.385s 120 1.00x
🐘 Postgres Express 0.800s (-2.3%) 1.008s (-0.9%) 0.208s 120 1.29x
🐘 Postgres Nitro 0.880s (+11.4% 🔺) 1.021s (+1.3%) 0.140s 118 1.42x
💻 Local Express 8.989s (-19.7% 🟢) 9.483s (-20.6% 🟢) 0.494s 13 14.48x
💻 Local Next.js (Turbopack) 10.772s 11.392s 0.620s 11 17.36x
💻 Local Nitro 11.168s (~) 11.756s (+0.8%) 0.588s 11 18.00x
Stream Benchmarks (includes TTFB metrics)
workflow with stream

💻 Local Development

World Framework Workflow Time TTFB Slurp Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 0.166s 1.000s 0.001s 1.010s 0.844s 10 1.00x
💻 Local Next.js (Turbopack) 0.171s 1.003s 0.013s 1.019s 0.848s 10 1.03x
🐘 Postgres Express 0.200s (-2.6%) 0.998s (~) 0.001s (-12.5% 🟢) 1.010s (~) 0.810s 10 1.20x
💻 Local Nitro 0.201s (-5.9% 🟢) 1.004s (~) 0.012s (-4.0%) 1.018s (~) 0.817s 10 1.21x
💻 Local Express 0.202s (+1.3%) 1.003s (~) 0.008s (-35.5% 🟢) 1.013s (-0.5%) 0.811s 10 1.21x
🐘 Postgres Nitro 0.224s (+9.2% 🔺) 0.997s (~) 0.001s (-13.3% 🟢) 1.011s (~) 0.787s 10 1.35x
stream pipeline with 5 transform steps (1MB)

💻 Local Development

World Framework Workflow Time TTFB Slurp Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 0.541s 1.026s 0.003s 1.037s 0.496s 58 1.00x
🐘 Postgres Express 0.609s (-3.3%) 1.005s (~) 0.011s (+194.7% 🔺) 1.031s (+0.8%) 0.422s 59 1.13x
💻 Local Express 0.663s (-12.4% 🟢) 1.028s (~) 0.007s (-28.4% 🟢) 1.036s (~) 0.373s 58 1.23x
🐘 Postgres Nitro 0.682s (+9.3% 🔺) 1.022s (+1.6%) 0.004s (+8.4% 🔺) 1.041s (+1.8%) 0.359s 58 1.26x
💻 Local Next.js (Turbopack) 0.770s 1.030s 0.010s 1.137s 0.367s 53 1.42x
💻 Local Nitro 0.957s (+14.1% 🔺) 1.012s (~) 0.009s (-2.9%) 1.212s (+8.6% 🔺) 0.255s 53 1.77x
10 parallel streams (1MB each)

💻 Local Development

World Framework Workflow Time TTFB Slurp Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 0.888s 1.071s 0.000s 1.077s 0.189s 57 1.00x
🐘 Postgres Express 0.964s (~) 1.239s (-3.0%) 0.000s (-6.1% 🟢) 1.253s (-4.1%) 0.289s 49 1.09x
🐘 Postgres Nitro 1.040s (+7.3% 🔺) 1.604s (+28.6% 🔺) 0.000s (-36.8% 🟢) 1.616s (+28.5% 🔺) 0.576s 38 1.17x
💻 Local Express 1.106s (-9.7% 🟢) 1.951s (-3.4%) 0.000s (+35.5% 🔺) 1.953s (-3.4%) 0.848s 31 1.25x
💻 Local Next.js (Turbopack) 1.263s 2.020s 0.000s 2.023s 0.760s 30 1.42x
💻 Local Nitro 1.397s (+14.2% 🔺) 2.020s (~) 0.000s (+221.4% 🔺) 2.200s (+8.8% 🔺) 0.803s 28 1.57x
fan-out fan-in 10 streams (1MB each)

💻 Local Development

World Framework Workflow Time TTFB Slurp Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 1.751s 2.105s 0.000s 2.120s 0.369s 29 1.00x
🐘 Postgres Express 1.761s (-0.6%) 2.102s (-3.5%) 0.000s (NaN%) 2.113s (-3.9%) 0.352s 29 1.01x
🐘 Postgres Nitro 1.904s (+6.3% 🔺) 2.293s (+7.1% 🔺) 0.000s (+3.7%) 2.307s (+6.1% 🔺) 0.403s 27 1.09x
💻 Local Express 3.308s (-4.6%) 3.779s (-6.3% 🟢) 0.001s (-21.9% 🟢) 3.781s (-6.3% 🟢) 0.474s 16 1.89x
💻 Local Nitro 3.557s (+5.0% 🔺) 4.097s (+1.6%) 0.001s (+12.5% 🔺) 4.100s (+1.6%) 0.543s 15 2.03x
💻 Local Next.js (Turbopack) 3.594s 4.233s 0.001s 4.236s 0.643s 15 2.05x

Summary

Fastest Framework by World

Winner determined by most benchmark wins

World 🥇 Fastest Framework Wins
💻 Local Express 18/21
🐘 Postgres Next.js (Turbopack) 18/21
Fastest World by Framework

Winner determined by most benchmark wins

Framework 🥇 Fastest World Wins
Express 🐘 Postgres 18/21
Next.js (Turbopack) 🐘 Postgres 21/21
Nitro 🐘 Postgres 17/21
Column Definitions
  • Workflow Time: Runtime reported by workflow (completedAt - createdAt) - primary metric
  • TTFB: Time to First Byte - time from workflow start until first stream byte received (stream benchmarks only)
  • Slurp: Time from first byte to complete stream consumption (stream benchmarks only)
  • Wall Time: Total testbench time (trigger workflow + poll for result)
  • Overhead: Testbench overhead (Wall Time - Workflow Time)
  • Samples: Number of benchmark iterations run
  • vs Fastest: How much slower compared to the fastest configuration for this benchmark

Worlds:

  • 💻 Local: In-memory filesystem world (local development)
  • 🐘 Postgres: PostgreSQL database world (local development)
  • ▲ Vercel: Vercel production/preview deployment
  • 🌐 Turso: Community world (local development)
  • 🌐 MongoDB: Community world (local development)
  • 🌐 Redis: Community world (local development)
  • 🌐 Jazz: Community world (local development)

📋 View full workflow run

Some benchmark jobs failed:

  • Local: success
  • Postgres: success
  • Vercel: failure

Check the workflow run for details.

Copilot AI reviewed Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support in @workflow/world-vercel for sending Vercel Deployment Protection bypass credentials via WORKFLOW_VERCEL_PROTECTION_BYPASS, ensuring outbound requests can access protected preview/production deployments.

Changes:

  • Introduces getProtectionBypassHeader() helper to conditionally produce the x-vercel-protection-bypass header.
  • Injects the bypass header into the shared getHeaders() path (covers makeRequest/streamer/refs).
  • Spreads the bypass header into direct fetch() calls in resolve-latest-deployment.ts and encryption.ts.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File Description
packages/world-vercel/src/utils.ts Adds bypass-header helper and includes bypass header in shared header construction.
packages/world-vercel/src/resolve-latest-deployment.ts Adds bypass header to direct Vercel API request headers.
packages/world-vercel/src/encryption.ts Adds bypass header to direct Vercel API request headers.
.changeset/world-vercel-protection-bypass.md Declares a minor release for the new env var behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread packages/world-vercel/src/resolve-latest-deployment.ts Outdated
Comment thread packages/world-vercel/src/encryption.ts Outdated
Comment thread packages/world-vercel/src/utils.ts Outdated
Comment thread packages/world-vercel/src/utils.ts
@TooTallNate
feat(world-vercel): support VERCEL_WORKFLOW_SERVER_URL env var
1dbb42b 
Replace hard-coded WORKFLOW_SERVER_URL_OVERRIDE constant with a function
that reads from the VERCEL_WORKFLOW_SERVER_URL env var. Allows configuring
the workflow-server URL per-deployment (e.g. workbench Preview envs
pointing to a branch deployment) without editing source.
@TooTallNate
ci: expose workflow-server protection bypass env vars to e2e-vercel-prod
7696878 
Set VERCEL_WORKFLOW_SERVER_URL and VERCEL_WORKFLOW_SERVER_PROTECTION_BYPASS
on PR runs so e2e tests hit the protected workflow-server preview; leave
unset on main so production runs use the public default URL.
karthikscale3
karthikscale3 approved these changes Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@karthikscale3 karthikscale3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good. the codex review comments are worth addressing

@TooTallNate
refactor(world-vercel): address PR review comments
515010b 
- Consolidate bypass header logic in getHeaders() to reuse
  getProtectionBypassHeader() instead of duplicating env lookup.
- Use consistent 'Authorization' casing in direct fetch() calls.
- Add unit tests for getProtectionBypassHeader, getHttpUrl, and getHeaders
  covering env var toggling and proxy/override combinations.
@ghost ghost mentioned this pull request Apr 22, 2026
Closed
@TooTallNate TooTallNate mentioned this pull request Apr 27, 2026
Merged
This was referenced Apr 29, 2026
Merged
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@karthikscale3 karthikscale3 karthikscale3 approved these changes

Assignees

No one assigned

Labels

backport-stable Cherry-pick this PR to the stable branch when merged

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@TooTallNate @karthikscale3