fix: runner alloc idx logic, api auth for actor get

[MasterPtato]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[railway-app]

🚅 Deployed to the rivet-pr-4443 environment in rivet-frontend

Service	Status	Web	Updated (UTC)
frontend-cloud	😴 Sleeping (View Logs)	Web	Mar 31, 2026 at 5:27 am
frontend-inspector	😴 Sleeping (View Logs)	Web	Mar 19, 2026 at 3:17 pm
website	❌ Build Failed (View Logs)	Web	Mar 17, 2026 at 7:41 pm
mcp-hub	✅ Success (View Logs)	Web	Mar 17, 2026 at 7:39 pm
ladle	❌ Build Failed (View Logs)	Web	Mar 17, 2026 at 7:38 pm

[MasterPtato]

• chore: envoy client #4521 : 2 dependent PRs (#4531 , #4534 )
• feat(pb): actors v3 #4463
• feat(ups): implement queue subs #4486
• feat(cache): add in flight deduping #4459
• fix(cache): clean up lib #4457
• fix(config): allow configuring topo dcs via map, fix pg ssl mode config #4456
• fix(api): dont 500 on cross dc response #4449
• chore: update byte units on frontend #4444
• fix: runner alloc idx logic, api auth for actor get #4443 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[pkg-pr-new]

More templates

• actor-actions
• actor-actions-vercel
• ai-agent
• ai-agent-vercel
• example-ai-and-user-generated-actors-freestyle
• chat-room
• chat-room-vercel
• example-cloudflare-workers
• example-cloudflare-workers-hono
• collaborative-document
• collaborative-document-vercel
• cross-actor-actions
• cross-actor-actions-vercel
• example-cursors
• example-cursors-raw-websocket
• example-cursors-raw-websocket-vercel
• example-cursors-vercel
• custom-serverless
• example-elysia
• example-experimental-durable-streams-ai-agent
• example-experimental-durable-streams-ai-agent-vercel
• geo-distributed-database
• geo-distributed-database-vercel
• hello-world
• hello-world-vercel
• example-hono
• hono-react
• hono-react-vercel
• example-kitchen-sink
• example-kitchen-sink-vercel
• multi-region-vercel
• multiplayer-game
• example-multiplayer-game-patterns
• example-multiplayer-game-patterns-vercel
• multiplayer-game-vercel
• native-websockets
• native-websockets-vercel
• next-js
• per-tenant-database
• per-tenant-database-vercel
• example-raw-fetch-handler
• example-raw-fetch-handler-vercel
• example-raw-websocket-handler
• example-raw-websocket-handler-proxy
• example-raw-websocket-handler-proxy-vercel
• example-raw-websocket-handler-vercel
• example-react
• example-react-vercel
• sandbox
• sandbox-coding-agent
• sandbox-coding-agent-vercel
• sandbox-vercel
• scheduling
• scheduling-vercel
• example-sqlite-drizzle
• example-sqlite-raw
• state
• state-vercel
• example-stream
• example-stream-vercel
• example-trpc

@rivetkit/cloudflare-workers

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/cloudflare-workers@4443

@rivetkit/framework-base

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/framework-base@4443

@rivetkit/next-js

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/next-js@4443

@rivetkit/react

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/react@4443

rivetkit

pnpm add https://pkg.pr.new/rivet-dev/rivet/rivetkit@4443

@rivetkit/sql-loader

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/sql-loader@4443

@rivetkit/sqlite-vfs

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/sqlite-vfs@4443

@rivetkit/traces

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/traces@4443

@rivetkit/workflow-engine

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/workflow-engine@4443

@rivetkit/virtual-websocket

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/virtual-websocket@4443

@rivetkit/engine-runner

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner@4443

@rivetkit/engine-runner-protocol

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner-protocol@4443

commit: d5c2eee

[claude]

PR Review: fix: runner alloc idx logic, api auth for actor get

Summary

The PR addresses two bug fixes: eviction handling in the runner allocation index lifecycle, and relaxing auth requirements on the actor list endpoint when filters are provided. Overall the changes are sound and fix real issues. A few observations below.

---

Runner Allocation Index Logic

Draining vs. Expired separation - The removal of ExpiredTsKey writes in the Draining state (runner.rs:691 and runner2.rs:540) is the correct fix. Previously a draining runner was marked as both draining and expired, causing the allocation index to treat it as permanently gone. Now DrainTsKey and ExpiredTsKey are distinct, which is semantically correct.

Eviction propagation - Moving eviction signalling from Err(WsError::Eviction) to Ok(Err(LifecycleResult::Evicted)) in the two task files is clean. It lets the coordinator in lib.rs decide whether to clear the alloc idx before converting it back to an error.

Minor style nit - The if let / else block in lib.rs:235-255 is valid but slightly unusual Rust. Consider using matches! instead.

UpdatePing condition change in update_alloc_idx.rs:177 - The old guard checked whether the old alloc key existed in the index. The new guard checks whether the runner is not draining. These are not equivalent: if a runner lost its alloc key but is not draining, the new code proceeds where the old code would short-circuit. This is probably fine in practice, but it is a subtle semantic shift worth a comment explaining why the draining check is the correct gate here.

---

API Auth for Actor List (api-public/src/actors/list.rs)

The comment about reading being allowed and list requiring auth is terse. Something like 'Auth is required to enumerate all actors; individual lookups by ID or key are allowed unauthenticated' would make the policy clearer to future readers.

The logic itself looks correct. Note the intentional asymmetry: actor_ids and key are checked with is_none() while actor_id uses is_empty() - this reflects their different types (Option vs String). An explicit empty-string actor_id correctly still triggers the auth path.

---

Other Changes

• runner2.rs mark_eligible: Capturing the response and warning on non-empty notifications is a good observability addition.
• rocksdb/database.rs: Changing debug-format db_path to display-format db_path.display() is the correct structured-logging format per the codebase conventions.
• OpenAPI / type doc: The 'Arbitrary base64 encoded binary data.' description added to input is a useful clarification.

---

Verdict

No blocking issues. The core logic changes are correct and the two bugs (draining-as-expired, premature alloc-idx clear on eviction) are fixed cleanly. The minor points above are suggestions, not blockers.

Generated with Claude Code