chore(guard): clean up guard

[MasterPtato]

No description provided.

[MasterPtato]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• fix(udb): greatly improve reliabilty of postgres driver #4078
• fix(gateway): fix cache key calculation #4077
• fix: remove graceful requirement for metrics aggregator #4060
• fix(guard): cache custom serve routes #4059
• fix(gateway): configure cors for error responses #4058
• chore(guard): clean up guard #4057 👈 (View in Graphite)
• fix: fix active req caculation, add hws metrics #4053
• main

---

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

Pull Request Review: chore(guard): clean up guard

Summary

This PR refactors guard-core, removing ~1500 lines and adding ~1200 for a net reduction of ~300 lines. Changes focus on removing unused analytics, extracting code into dedicated modules (request_context, response_body, route, utils), simplifying proxy service, and removing middleware.rs.

Code Quality & Best Practices

✅ Strengths

1. Good modularization: Extracting RequestContext, ResponseBody, RouteCache, and utilities into separate modules improves organization and maintainability.

2. Following project patterns: Error definitions in errors.rs correctly use the #[derive(RivetError)] pattern.

3. Improved separation of concerns: Moving routing logic and utilities into dedicated modules makes the codebase easier to navigate.

⚠️ Issues & Concerns

1. Hardcoded Configuration Values (Priority: Medium)

Location: request_context.rs:57-70

These rate limit, max in-flight, retry, and timeout values are hardcoded in RequestContext::new(). The PR removed the middleware system that would have allowed per-request configuration.

Questions:

• Is this intentional? Should these be configurable per-actor/route?
• Should they come from rivet_config::Config?
• Consider extracting as module-level constants.

Potential Bugs

🔴 Critical Issues

1. IPv6 Bracketing Logic (Priority: High)

Location: utils.rs:98-102

The logic assumes any string containing colon is an IPv6 address. This will incorrectly bracket hostnames with ports like "hostname:port" if they reach this function.

Test case: If target.host = "example.com:8080", this produces "[example.com:8080]" which is invalid.

Recommendation: Use proper IPv6 detection with parse::std::net::Ipv6Addr() or verify target.host is always just hostname without port.

⚠️ Medium Priority Issues

2. In-Flight Counter Underflow Protection

Location: utils.rs:42-44

Good use of saturating_sub, but underflow scenario suggests logic bug elsewhere. Consider adding warning log.

Performance Considerations

✅ Good Practices:

1. Cache usage with moka::future::Cache is appropriate with sensible TTLs
2. Connection pooling uses hyper-util with 30s idle timeout
3. Random target selection is simple and effective

⚠️ Potential Optimizations:

• Excessive cloning of RouteTarget (contains Strings). Consider Arc if frequently reused.

Security Concerns

✅ Good Practices:

1. X-Forwarded-For handling properly prevents IP spoofing
2. Rivet headers properly stripped before proxying
3. Error handling sanitizes error messages appropriately

⚠️ Minor Concerns:

• WebSocket close frame: verify safe_slice handles UTF-8 boundaries correctly

Test Coverage

❌ Missing Tests - PR removes engine/packages/guard-core/tests/custom_serve.rs but adds no tests for:

1. RequestContext creation and configuration
2. RouteCache behavior (cache hits, misses, TTL)
3. RateLimiter logic (reset, acquire, boundary conditions)
4. InFlightCounter (acquire, release, max limit)
5. IPv6 bracketing logic in proxied_request_builder
6. Request ID collision handling

Recommendation: Add unit tests for new utility modules.

Additional Recommendations

1. Documentation: Add module-level docs to new files explaining purpose/usage
2. Const extraction: Extract magic numbers as named constants
3. Error context: Make error contexts more descriptive
4. Analytics removal: Ensure observability now handled via tracing/metrics

Summary

Solid refactoring improving code organization and reducing complexity.

Must Fix:

• IPv6 bracketing logic (potential incorrect URL construction)
• Consider test coverage for new modules

Should Fix:

• Hardcoded configuration values (extract as constants or make configurable)
• Document removal of per-request middleware configuration

Nice to Have:

• Add module-level documentation
• Improve error context
• Add warning logs for unexpected states

Code follows project conventions well and demonstrates good engineering practices. Great work on the cleanup!

[pkg-pr-new]

More templates

• actor-actions
• actor-actions-vercel
• example-ai-agent
• example-ai-agent-vercel
• example-ai-and-user-generated-actors-freestyle
• chat-room
• chat-room-vercel
• example-cloudflare-workers
• example-cloudflare-workers-hono
• cross-actor-actions
• cross-actor-actions-vercel
• example-cursors
• example-cursors-raw-websocket
• example-cursors-raw-websocket-vercel
• example-cursors-vercel
• custom-serverless
• custom-serverless-vercel
• example-sqlite
• example-elysia
• example-elysia-vercel
• example-experimental-durable-streams-ai-agent
• example-experimental-durable-streams-ai-agent-vercel
• hello-world
• hello-world-vercel
• example-hono
• hono-react
• hono-react-vercel
• example-hono-vercel
• example-kitchen-sink
• example-kitchen-sink-vercel
• multi-region
• multi-region-vercel
• native-websockets
• native-websockets-vercel
• next-js
• example-raw-fetch-handler
• example-raw-fetch-handler-vercel
• example-raw-websocket-handler
• example-raw-websocket-handler-proxy
• example-raw-websocket-handler-proxy-vercel
• example-raw-websocket-handler-vercel
• example-react
• example-react-vercel
• scheduling
• scheduling-vercel
• state
• state-vercel
• example-stream
• example-stream-vercel
• example-trpc
• example-trpc-vercel

@rivetkit/cloudflare-workers

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/cloudflare-workers@4057

@rivetkit/db

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/db@4057

@rivetkit/framework-base

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/framework-base@4057

@rivetkit/next-js

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/next-js@4057

@rivetkit/react

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/react@4057

rivetkit

pnpm add https://pkg.pr.new/rivet-dev/rivet/rivetkit@4057

@rivetkit/sql-loader

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/sql-loader@4057

@rivetkit/virtual-websocket

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/virtual-websocket@4057

@rivetkit/engine-runner

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner@4057

@rivetkit/engine-runner-protocol

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner-protocol@4057

commit: f3beca1

[graphite-app]

Merge activity

• Jan 30, 11:21 PM UTC: MasterPtato added this pull request to the Graphite merge queue.
• Jan 30, 11:22 PM UTC: CI is running for this pull request on a draft pull request (#4080) due to your merge queue CI optimization settings.
• Jan 30, 11:23 PM UTC: Merged by the Graphite merge queue via draft PR: #4080.