Skip to content

test(deps): preview build against multistore cross-request-body-io fix#174

Draft
alukach wants to merge 5 commits into
mainfrom
test/multistore-cross-request-fix
Draft

test(deps): preview build against multistore cross-request-body-io fix#174
alukach wants to merge 5 commits into
mainfrom
test/multistore-cross-request-fix

Conversation

@alukach

@alukach alukach commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Draft / temporary — not for merge. Exists to deploy a preview for end-to-end verification of the multistore fix.

What this does

Adds a temporary [patch.crates-io] block pointing all five multistore* crates at the fix/cross-request-body-io branch (developmentseed/multistore#100). No app code changes — only Cargo.toml + Cargo.lock.

What the multistore fix does

Resolves intermittent 500/503 failures on multipart and batch-delete writes under a cold-isolate burst:

[ERROR] multistore::proxy: failed to read request body
  error=arrayBuffer await failed: Cannot perform I/O on behalf of a different request

Root cause: the inbound body was read via array_buffer() after the bucket-lookup and STS awaits; wasm-bindgen-futures' shared microtask queue can resume that read under another concurrent request's I/O context. The fix:

  • Plain UploadPart now streams (UNSIGNED-PAYLOAD header signing, checksums forwarded+signed) instead of buffering — never materialized.
  • Small multipart-control / batch-delete bodies are read at the top of handle_request, in the request's own I/O context, before any cross-request await.

How to verify on the preview

Point the source.coop frontend at this deployment and exercise the cases that reproduced the error:

  • A large batch of object deletes (the original report).
  • A multipart upload of large objects (e.g. the euro-test Zarr writes) — UploadParts and the multipart control ops.

Expect no Cannot perform I/O on behalf of a different request (500/503) on the opening burst, and parts/deletes to complete.

Cleanup

Revert this commit and bump the multistore* deps once developmentseed/multistore#100 is released.

🤖 Generated with Claude Code

Temporary [patch.crates-io] pointing all multistore* crates at
developmentseed/multistore#100, which fixes the 500/503 "Cannot perform I/O on
behalf of a different request" failures on multipart and batch-delete writes
under a cold-isolate burst.

This branch exists to deploy a preview for end-to-end verification: plain
UploadPart now streams (UNSIGNED-PAYLOAD, signed checksums) instead of
buffering, and the small multipart-control/batch-delete bodies are read in the
request's own I/O context before the bucket-lookup and STS awaits. Revert this
commit and bump the multistore* deps once the fix is released.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@claude

claude Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Claude finished @alukach's task in 59s —— View job


Reviewing PR #174

  • Gather context (read diff, Cargo.toml/Cargo.lock changes)
  • Review for correctness/security/best-practice issues
  • Post findings

✅ No blocking issues — safe to merge.

This is a draft/temporary preview PR (explicitly marked "not for merge") that only adds a [patch.crates-io] override pinning the five multistore* crates to a fix branch. The change is mechanical and self-contained:

  • Cargo.toml:79-95 — all five multistore* crates (multistore, multistore-cf-workers, multistore-oidc-provider, multistore-path-mapping, multistore-sts) are patched to the same git source/branch, which is required for their shared types to unify — confirmed consistent.
  • Cargo.lock — all five entries resolve to the identical commit (b3fc487038ec7c3b55d6f73c095482d68a3f30fb), matching the branch pinned in Cargo.toml, and no unrelated lockfile entries were touched.
  • The comment block in Cargo.toml documents the rationale, the temporary nature, and the removal plan (revert + bump once fix: bound buffered-op body size and fail closed on classifier over-match developmentseed/multistore#102 ships in a release), which is good practice for a patch like this.

Minor (non-blocking) note: the PR description still references the original branch name fix/cross-request-body-io, but the code now points at fix/buffered-body-size-guard (per the latest commit history) — just a stale description, not a code issue, and irrelevant once this is reverted post-verification.

No security or correctness concerns: this only affects build-time dependency resolution for the preview deployment and carries no app code changes.

@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown

🚀 Latest commit deployed to https://source-data-proxy-pr-174.source-coop.workers.dev

  • Date: 2026-06-30T22:59:25Z
  • Commit: 6e8e6fd

…56b8487)

Picks up the cf-workers FixedLengthStream change so streamed plain PUT/UploadPart
bodies carry a real Content-Length to S3 (fixes the stalled-PUT regression).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Picks up size-guard-before-pre-read and the fail-closed Forward arm.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
#100 merged to main (unreleased); fix/cross-request-body-io will be deleted.
The new branch carries main + the #102 review follow-ups, so the preview keeps
building the complete un-released fix on a live branch.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Behavior-neutral; keeps the preview lock at the branch HEAD.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant