fix(rust): fix rust client

[NathanFlurry]

No description provided.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
rivetkit-serverless	Ready	Preview	Comment	Oct 5, 2025 6:42am

[claude]

Claude finished @NathanFlurry's task —— View job

---

Code Review for Rust Client Fix

I've conducted a comprehensive review of this Rust client refactoring. Here's my analysis:

Todo List:

• Read repository guidelines and setup instructions
• Analyze the scope and purpose of the refactoring
• Review core client implementation changes
• Examine the new remote_manager.rs architecture
• Check protocol and driver modifications
• Assess code quality and best practices
• Identify potential bugs and security concerns
• Evaluate performance implications
• Review test coverage changes
• Provide comprehensive feedback summary

---

Overall Assessment

This is a well-executed refactoring that significantly improves the Rust client architecture by introducing a clean separation of concerns and consolidating HTTP API operations.

✅ Strengths

1. Excellent Architecture Improvements

• Clean separation: The new RemoteManager centralizes all HTTP/REST API communication
• Better abstraction: HTTP operations are now encapsulated and reusable
• Simplified client logic: The main client code is much cleaner and focused

2. Code Quality & Best Practices

• Consistent error handling: Proper use of anyhow::Result throughout
• Good naming conventions: Clear, descriptive function and variable names
• Proper async/await usage: Well-structured async code patterns
• URL encoding: Proper use of urlencoding::encode for safety

3. Security Considerations

• Input validation: URL encoding prevents injection attacks
• Token handling: Secure token passing via headers
• Error messages: Don't expose sensitive internal details

🔍 Areas for Improvement

1. Performance Optimizations

clients/rust/src/remote_manager.rs:75-76, 105-106

let client = reqwest::Client::new();

Issue: Creating a new HTTP client for each request is inefficient
Recommendation: Store a single reqwest::Client instance in RemoteManager and reuse it

2. Error Handling Refinements

clients/rust/src/remote_manager.rs:85, 164, 205

return Err(anyhow!("failed to get actor: {}", res.status()));

Issue: HTTP error responses may contain useful error details that are being discarded
Recommendation:

let error_body = res.text().await.unwrap_or_default();
return Err(anyhow!("failed to get actor: {} - {}", res.status(), error_body));

3. Code Duplication

clients/rust/src/remote_manager.rs:138-143, 179-184
The CBOR encoding logic is duplicated. Consider extracting to a helper function:

fn encode_input(input: Option<serde_json::Value>) -> Result<Option<String>> {
    if let Some(inp) = input {
        let cbor = serde_cbor::to_vec(&inp)?;
        Ok(Some(general_purpose::STANDARD.encode(cbor)))
    } else {
        Ok(None)
    }
}

4. Resource Management

clients/rust/src/handle.rs:74-78

let Ok(query) = self.query.try_borrow() else {
    return Err(anyhow!("Failed to borrow actor query"));
};

Issue: Using RefCell introduces runtime borrow checking that could panic
Recommendation: Consider using Rc<ActorQuery> for immutable sharing or Arc<RwLock<>> for thread-safe mutation

5. WebSocket Protocol Headers

clients/rust/src/remote_manager.rs:319-323

request.headers_mut().insert(
    "Sec-WebSocket-Protocol",
    protocols.join(", ").parse()?,
);

Issue: No validation that the joined protocols create a valid header value
Recommendation: Add validation or handle parse errors more gracefully

🐛 Potential Issues

1. SSE Transport Removal

clients/rust/src/drivers/sse.rs:8-10
The SSE transport is completely disabled. While this may be intentional for the refactoring, ensure this doesn't break existing users who depend on SSE transport.

2. Test Coverage Gap

clients/rust/tests/e2e.rs:28
The test still uses yarn instead of pnpm, which conflicts with the repository's build system configuration.

3. Unused Variables

clients/rust/src/client.rs:165

let _region = opts.region;

The region parameter is collected but not used in the create method.

🔒 Security Assessment

Overall Security: Good ✅

• Proper URL encoding prevents injection attacks
• Secure token handling via headers
• No sensitive data logged in error messages
• Input validation present where needed

🚀 Performance Implications

Positive:

• Consolidation reduces code duplication
• Better connection reuse patterns

Areas for improvement:

• HTTP client reuse (mentioned above)
• Consider connection pooling for high-throughput scenarios

🧪 Test Coverage

The e2e test coverage appears comprehensive, testing the full client workflow including:

• Client creation with different transport/encoding combinations
• Actor creation and resolution
• Action calls (both direct and via connection)
• Event subscription and handling

Recommendation: Add unit tests for the new RemoteManager methods to ensure better coverage of edge cases.

📝 Final Recommendations

1. High Priority: Fix HTTP client reuse for better performance
2. Medium Priority: Improve error handling to include response bodies
3. Medium Priority: Extract CBOR encoding helper to reduce duplication
4. Low Priority: Consider replacing RefCell with safer alternatives
5. Documentation: Consider adding doc comments to public RemoteManager methods

This refactoring successfully modernizes the Rust client architecture while maintaining functionality. The code quality is high, and the architectural improvements will make future development much easier.

[NathanFlurry]

• fix(rust): fix rust client #1354 👈 (View in Graphite)
• main

---

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• merge queue - adds this PR to the back of the merge queue
• hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[pkg-pr-new]

More templates

• example-ai-agent
• example-better-auth-external-db
• chat-room
• example-cloudflare-workers
• example-cloudflare-workers-hono
• example-counter
• example-crdt
• example-database
• example-deno
• example-sqlite
• example-elysia
• example-express
• example-game
• example-hono
• example-hono-react
• example-kitchen-sink
• example-next-js
• example-rate
• example-raw-fetch-handler
• example-raw-websocket-handler-proxy
• example-react
• starter
• example-stream
• example-sync
• example-tenant
• example-trpc

@rivetkit/actor

pnpm add https://pkg.pr.new/rivet-dev/rivetkit/@rivetkit/actor@1354

@rivetkit/cloudflare-workers

pnpm add https://pkg.pr.new/rivet-dev/rivetkit/@rivetkit/cloudflare-workers@1354

@rivetkit/core

pnpm add https://pkg.pr.new/rivet-dev/rivetkit/@rivetkit/core@1354

@rivetkit/db

pnpm add https://pkg.pr.new/rivet-dev/rivetkit/@rivetkit/db@1354

@rivetkit/framework-base

pnpm add https://pkg.pr.new/rivet-dev/rivetkit/@rivetkit/framework-base@1354

@rivetkit/next-js

pnpm add https://pkg.pr.new/rivet-dev/rivetkit/@rivetkit/next-js@1354

@rivetkit/react

pnpm add https://pkg.pr.new/rivet-dev/rivetkit/@rivetkit/react@1354

rivetkit

pnpm add https://pkg.pr.new/rivet-dev/rivetkit@1354

@rivetkit/sql-loader

pnpm add https://pkg.pr.new/rivet-dev/rivetkit/@rivetkit/sql-loader@1354

commit: 36c6e96