You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The eviction refactoring is a meaningful improvement. Separating LifecycleResult::Evicted from WsError::Eviction and skipping ClearIdx on the eviction path is correct - a freshly evicted runner should not have its alloc index cleared here, since the eviction itself already implies the runner is leaving the pool.
Potential edge case in the result matching:
If ws_to_tunnel_res returns Ok(Evicted) while tunnel_to_ws_res returns something other than Ok(Aborted) (e.g. Ok(Closed)), the third match arm (res, _, _) returns Ok(Closed) and the Evicted result is silently dropped - ClearIdx would then be called when it should not be. This scenario is likely prevented in practice if eviction in one task sends an abort signal to the other (so the other always returns Aborted), but it is fragile. Consider adding a match arm that prefers Evicted over Aborted/Closed.
The if/else pattern here places a comment between } and else. Standard Rust style puts the comment before or inside the else block.
The removal of the "critical:" string prefix from the log message is fine; that was a string prefix rather than a structured field anyway.
The change from tx.exists(&old_alloc_key, Serializable).await? to !draining is a meaningful semantic shift. The old condition checked whether the alloc key actually existed in the index; the new condition checks whether the runner is draining.
These are not equivalent: a non-draining runner could have no alloc key (e.g. never indexed, or already cleared), and a draining runner could still have a stale alloc key. If the goal is "skip alloc index updates while draining," this is intentional and correct - but if a draining runner retains a stale key, it will not be cleaned up by this path. Worth verifying there is no scenario where a draining runner has a stale key that never gets cleared.
The batch read of drain_ts_key and expired_ts_key as booleans via tx.exists in the initial tokio::try_join! is cleaner than the previous in-transaction await call.
engine/packages/pegboard/src/workflows/runner.rs and runner2.rs - ExpiredTsKey removal on Drain
Removing the ExpiredTsKey write from the Draining branch is a correct bug fix. Draining and Expired are distinct states; conflating them was causing the eviction path to incorrectly short-circuit allocation index updates.
The added warning log in runner2.rs for non-empty update_alloc_idx notifications is a useful diagnostic.
This makes specific-actor reads unauthenticated (capability-style: knowing the actor ID grants read access). A few things worth confirming:
Actor IDs as capabilities: Are actor IDs intended to be unguessable (e.g. random UUIDs)? If they are predictable, this pattern exposes actor metadata to anyone who can enumerate them.
What does ctx.skip_auth() do? If it marks auth as satisfied without any credential check, there is zero access control for these reads. Is that intentional, or should there be a softer check (e.g. rate-limiting, project scoping)?
The comment "Reading is allowed, list requires auth" describes the intent, but inline documentation on the endpoint's access model would help future maintainers.
api-types/src/actors/create.rs: Doc comment addition is clear and accurate.
openapi.json: Description matches the doc comment.
universaldb/src/driver/rocksdb/database.rs: Correct fix - %db_path.display() is the right way to log a PathBuf using Display rather than Debug.
tunnel_to_ws_task.rs / ws_to_tunnel_task.rs: The change from Err(WsError::Eviction) to Ok(Err(LifecycleResult::Evicted)) correctly moves error-conversion responsibility to lib.rs, keeping task return types consistent.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
MasterPtato
force-pushed
the
03-17-fix_runner_alloc_idx_logic_api_auth_for_actor_get
branch
from
Description
Please include a summary of the changes and the related issue. Please also include relevant motivation and context.
Type of change
How Has This Been Tested?
Please describe the tests that you ran to verify your changes.
Checklist: