Skip to content

chore(rivetkit): update cloudflare workers and nextjs to latest #3803

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
NathanFlurry wants to merge 1 commit into from
Closed

chore(rivetkit): update cloudflare workers and nextjs to latest #3803

NathanFlurry wants to merge 1 commit into from

Conversation

@NathanFlurry
Copy link
Member

@NathanFlurry NathanFlurry commented Jan 9, 2026

No description provided.

@vercel
Copy link

vercel bot commented Jan 9, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
rivet-cloud Error Error Jan 10, 2026 1:38am
rivetkit-serverless Error Error Jan 10, 2026 1:38am
2 Skipped Deployments
Project Deployment Review Updated (UTC)
rivet-inspector Ignored Ignored Preview Jan 10, 2026 1:38am
rivet-site Ignored Ignored Preview Jan 10, 2026 1:38am

@vercel vercel bot temporarily deployed to Preview – rivetkit-serverless January 9, 2026 19:51 Inactive
@railway-app
Copy link

railway-app bot commented Jan 9, 2026
edited
Loading

🚅 Deployed to the rivet-pr-3803 environment in rivet-frontend

Service Status Web Updated (UTC)
website 😴 Sleeping (View Logs) Web Jan 12, 2026 at 10:02 pm
frontend-inspector ❌ Build Failed (View Logs) Web Jan 12, 2026 at 9:51 pm
frontend-cloud 🕒 Building (View Logs) Web Jan 12, 2026 at 9:49 pm

@railway-app railway-app bot temporarily deployed to rivet-frontend / rivet-pr-3803 January 9, 2026 19:51 Destroyed
This was referenced Jan 9, 2026
Closed
Closed
Closed
Closed
@NathanFlurry Graphite App
Copy link
Member Author

NathanFlurry commented Jan 9, 2026
edited
Loading

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

@claude
Copy link

claude bot commented Jan 9, 2026
edited
Loading

PR Review: Cloudflare Workers and Next.js Package Updates

This PR updates Cloudflare Workers and Next.js packages. Here is my comprehensive analysis:

CRITICAL ISSUES

1. Race Condition in Actor Loading (actor-driver.ts:147-156)

  • Waiting requests do not validate generation after promise resolves
  • Could return mismatched generation during concurrent loads
  • Recommendation: Add explicit generation validation after waiting

2. Memory Leak in Global DO State (actor-driver.ts:31-47)

  • Map grows unbounded with no eviction policy
  • Acknowledged HACK relying on isolate restarts
  • Recommendation: Implement LRU cache with size limits

3. Stale State in Generation Resurrection (actor-handler-do.ts:327-329)

  • Only clears actor, not initialized state
  • Subtle footgun risk if refactored

HIGH-SEVERITY ISSUES

4. Missing Error Handling (actor-driver.ts:308-311)

  • Background KV operations fail silently
  • No logging of deletion failures

5. Type Safety Issue (actor-kv.ts:51-62)

  • Function accepts string/number but throws at runtime
  • Remove from type signature or handle properly

6. SQL Performance (actor-kv.ts:30-48)

  • Full table scan O(n) for prefix queries
  • Fetches all rows then filters in JavaScript

MEDIUM-SEVERITY ISSUES

7. JSON Serialization (actor-handler-do.ts:380-385) - No error handling for non-serializable data

8. Dead Code (next-js/src/mod.ts:55-56) - Hardcoded false instead of NODE_ENV check

9. File Watcher Timeout (next-js/src/mod.ts:192) - Memory leak if stream never finishes

10. Stream Error Logging (next-js/src/mod.ts:218-220) - Missing error details

BREAKING CHANGES

Generation Tracking: Actor IDs changed from {doId} to {doId}:{generation}

Impact:

  • Existing code expecting old format will fail
  • KV metadata format changed
  • Migration path not documented

Recommendation: Add migration guide

POSITIVE NOTES

  • Proper structured logging with tracing
  • Good error messages with context
  • TypeScript strict mode
  • Solid generation tracking architecture
  • Concurrent request handling shows good async awareness

RECOMMENDATIONS

Before Merge:

  1. Fix critical race condition
  2. Add LRU cache for DO state
  3. Add error handling to async KV operations
  4. Document breaking changes and migration path
  5. Fix or remove dead code

Post-Merge:

  1. Add integration tests for concurrent operations
  2. Add performance metrics
  3. Implement proper DO lifecycle management

SUMMARY

Category Count Action
Critical 3 Block merge
High 3 Fix before merge
Medium 4 Address or document
Low 3 Can address later

Overall: Good architectural improvements with generation tracking, but critical race conditions and memory management issues need addressing before production.

Review by Claude Code

@NathanFlurry NathanFlurry changed the base branch from 01-08-chore_examples_update_examples_to_standardized_format to graphite-base/3803 January 9, 2026 21:19
@NathanFlurry NathanFlurry force-pushed the 01-09-chore_rivetkit_update_cloudflare_workers_and_nextjs_to_latest branch from b5dedb8 to 16a5dd9 Compare January 10, 2026 01:29
@railway-app railway-app bot temporarily deployed to rivet-frontend / rivet-pr-3803 January 10, 2026 01:29 Destroyed
@NathanFlurry NathanFlurry changed the base branch from graphite-base/3803 to main January 10, 2026 01:29
@NathanFlurry NathanFlurry marked this pull request as ready for review January 10, 2026 01:29
@NathanFlurry NathanFlurry force-pushed the 01-09-chore_rivetkit_update_cloudflare_workers_and_nextjs_to_latest branch from 16a5dd9 to f05e54a Compare January 10, 2026 01:36
@railway-app railway-app bot temporarily deployed to rivet-frontend / rivet-pr-3803 January 10, 2026 01:36 Destroyed
@NathanFlurry NathanFlurry force-pushed the 01-09-chore_rivetkit_update_cloudflare_workers_and_nextjs_to_latest branch from f05e54a to 903dd6e Compare January 10, 2026 01:38
@railway-app railway-app bot temporarily deployed to rivet-frontend / rivet-pr-3803 January 10, 2026 01:38 Destroyed
@NathanFlurry NathanFlurry force-pushed the 01-09-chore_rivetkit_update_cloudflare_workers_and_nextjs_to_latest branch from 903dd6e to fc02439 Compare January 11, 2026 00:48
@railway-app railway-app bot temporarily deployed to rivet-frontend / rivet-pr-3803 January 11, 2026 00:48 Destroyed
@NathanFlurry NathanFlurry force-pushed the 01-09-chore_rivetkit_update_cloudflare_workers_and_nextjs_to_latest branch from fc02439 to 2f552e9 Compare January 12, 2026 06:08
@railway-app railway-app bot temporarily deployed to rivet-frontend / rivet-pr-3803 January 12, 2026 06:08 Destroyed
@railway-app railway-app bot temporarily deployed to rivet-frontend / rivet-pr-3803 January 12, 2026 06:26 Destroyed
@NathanFlurry NathanFlurry force-pushed the 01-09-chore_rivetkit_update_cloudflare_workers_and_nextjs_to_latest branch from db239d2 to 588ff34 Compare January 12, 2026 06:45
@railway-app railway-app bot temporarily deployed to rivet-frontend / rivet-pr-3803 January 12, 2026 06:45 Destroyed
This was referenced Jan 12, 2026
Closed
Closed
@NathanFlurry NathanFlurry force-pushed the 01-09-chore_rivetkit_update_cloudflare_workers_and_nextjs_to_latest branch from 588ff34 to 80f64c3 Compare January 12, 2026 19:12
@railway-app railway-app bot temporarily deployed to rivet-frontend / rivet-pr-3803 January 12, 2026 19:12 Destroyed
@jog1t jog1t force-pushed the 01-11-feat_dashboard_provide_ns_when_querying_kv branch from 71a96c6 to 0f89527 Compare January 12, 2026 19:17
@jog1t jog1t mentioned this pull request Jan 12, 2026
Closed
@NathanFlurry NathanFlurry changed the base branch from 01-11-feat_dashboard_provide_ns_when_querying_kv to graphite-base/3803 January 12, 2026 21:27
@NathanFlurry NathanFlurry force-pushed the 01-09-chore_rivetkit_update_cloudflare_workers_and_nextjs_to_latest branch from 80f64c3 to b29a4f5 Compare January 12, 2026 21:49
@railway-app railway-app bot temporarily deployed to rivet-frontend / rivet-pr-3803 January 12, 2026 21:49 Destroyed
@NathanFlurry NathanFlurry changed the base branch from graphite-base/3803 to 01-11-feat_dashboard_provide_ns_when_querying_kv January 12, 2026 21:49
@jog1t jog1t force-pushed the 01-11-feat_dashboard_provide_ns_when_querying_kv branch from 9c5ca61 to ed7fd2b Compare January 12, 2026 21:52
@NathanFlurry NathanFlurry changed the base branch from 01-11-feat_dashboard_provide_ns_when_querying_kv to graphite-base/3803 January 12, 2026 21:54
@NathanFlurry NathanFlurry mentioned this pull request Jan 12, 2026
Closed
@NathanFlurry NathanFlurry force-pushed the 01-09-chore_rivetkit_update_cloudflare_workers_and_nextjs_to_latest branch from b29a4f5 to fe6e069 Compare January 12, 2026 21:57
@railway-app railway-app bot temporarily deployed to rivet-frontend / rivet-pr-3803 January 12, 2026 21:57 Destroyed
@NathanFlurry NathanFlurry changed the base branch from graphite-base/3803 to main January 12, 2026 21:57
@graphite-app graphite-app bot force-pushed the 01-09-chore_rivetkit_update_cloudflare_workers_and_nextjs_to_latest branch from fe6e069 to 9cf31ec Compare January 12, 2026 21:59
@railway-app railway-app bot temporarily deployed to rivet-frontend / rivet-pr-3803 January 12, 2026 21:59 Destroyed
@claude
Copy link

claude bot commented Jan 12, 2026
edited
Loading

Pull Request Review: Update Cloudflare Workers and Next.js to Latest

This PR re-enables previously commented-out code for Cloudflare Workers and Next.js integrations, updates the architecture to use a new Runtime class, and fixes several integration issues. Overall, this is a solid refactoring with improved structure.

Strengths

Architecture Improvements

  • Runtime class extraction: The new Runtime class properly separates serverless vs runner initialization logic, which is cleaner than the previous monolithic approach
  • Lazy serverless initialization: The ensureServerlessInitialized pattern in Registry avoids unnecessary work and enables efficient request handling
  • Removed RunConfig parameter: Streamlined driver constructors now only need RegistryConfig, ManagerDriver, and inlineClient - this is a good simplification

Bug Fixes

  • Counter.tsx improvements: Using counter.connStatus from the hook is more reliable than manually tracking connection state
  • Wrangler migration config: Changed new_classes to new_sqlite_classes to properly reflect Cloudflares SQLite-backed Durable Objects
  • Missing connect call: Added required connect call for proper client initialization

Issues and Recommendations

1. Security: SQL Injection Risk (High Priority)

Location: rivetkit-typescript/packages/cloudflare-workers/src/actor-driver.ts:301

While WHERE 1=1 works, its an anti-pattern that could be dangerous if this code is copy-pasted elsewhere with dynamic values.

Recommendation: Omit the WHERE clause entirely or use WHERE true

2. Race Condition: Actor Destruction (Medium Priority)

Location: rivetkit-typescript/packages/cloudflare-workers/src/actor-driver.ts:287

callOnStopAsync is called without awaiting and theres no error handling. If actor.onStop throws, the error will be silently swallowed.

Recommendation: Add error handling with catch block

3. Potential Memory Leak (Medium Priority)

Location: rivetkit-typescript/packages/cloudflare-workers/src/actor-driver.ts:33

The dos Map grows unbounded and never removes entries, even after actors are destroyed. Over time, this could lead to memory leaks.

Recommendation: Clean up the Map entry when an actor is destroyed

4. File Watcher Still Disabled (Low Priority)

Location: rivetkit-typescript/packages/next-js/src/mod.ts:56

The file watcher for hot-reload detection is hardcoded to false. This feature is completely disabled with dead code.

Recommendation: Either remove the dead code entirely or add an environment variable to enable it for debugging

5. Testing Gap

This PR re-enables significant functionality but doesnt include new tests or update existing tests to verify the changes work correctly.

Recommendation: Add integration tests for:

  • Cloudflare Workers handler initialization
  • Next.js route handler with the new Runtime class
  • Actor lifecycle with the new driver architecture

Minor Issues

Code Style

  1. Import order: The import for parseActorId should be with other local imports per CLAUDE.md
  2. Logging style: Message should be lowercase per CLAUDE.md conventions

Documentation

TODOs left unaddressed - consider creating follow-up issues to track these

Security Assessment

  • No credential exposure
  • No obvious injection vulnerabilities beyond the WHERE 1=1 anti-pattern
  • Proper WebSocket protocol handling with encoding
  • Memory leak potential from unbounded Map growth

Performance Considerations

  • Lazy initialization pattern is efficient
  • Proper use of WeakMap for GC-friendly actor tracking
  • Regular Map for DO states could grow unbounded
  • Batch KV operations are implemented correctly

Dependencies

  • Added required hono node-server and node-ws dependencies for Next.js
  • Package.json updates are minimal and appropriate
  • No unnecessary version bumps

Summary

This PR makes good architectural improvements, particularly the Runtime class extraction and simplified driver constructors. However, there are a few issues that should be addressed:

Must Fix Before Merge:

  • Memory leak in dos Map (issue 3)
  • Error handling for async destroy (issue 2)

Should Fix:

  • SQL WHERE 1=1 anti-pattern (issue 1)
  • Unused file watcher code (issue 4)

Nice to Have:

  • Add integration tests
  • Clean up TODOs or create follow-up issues

Overall: Approve with changes - The core refactoring is sound, but the memory leak and error handling issues should be fixed before merging.

@graphite-app
Copy link
Contributor

graphite-app bot commented Jan 12, 2026
edited
Loading

Merge activity

  • Jan 12, 10:01 PM UTC: NathanFlurry added this pull request to the Graphite merge queue.
  • Jan 12, 10:02 PM UTC: CI is running for this pull request on a draft pull request (#3842) due to your merge queue CI optimization settings.
  • Jan 12, 10:03 PM UTC: Merged by the Graphite merge queue via draft PR: #3842.

graphite-app bot pushed a commit that referenced this pull request Jan 12, 2026
@NathanFlurry
chore(rivetkit): update cloudflare workers and nextjs to latest (#3803)
da299eb
@graphite-app graphite-app bot closed this Jan 12, 2026
@graphite-app graphite-app bot deleted the 01-09-chore_rivetkit_update_cloudflare_workers_and_nextjs_to_latest branch January 12, 2026 22:03
@claude claude bot mentioned this pull request Jan 12, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NathanFlurry