Skip to content

[codex] adapt workerd 20260701#2

Open
cnluzhang wants to merge 12 commits into
mainfrom
codex/workerd-20260701-adaptation
Open

[codex] adapt workerd 20260701#2
cnluzhang wants to merge 12 commits into
mainfrom
codex/workerd-20260701-adaptation

Conversation

@cnluzhang

Copy link
Copy Markdown
Contributor

Summary

Upgrades the bundled workerd and worker type packages to 1.20260701.1 / 4.20260701.1 and adapts WDL to the upstream behavior changes from the 20260617 baseline.

Main changes:

  • remove the broad loaded-worker experimental compatibility flag and allowExperimental, while keeping process-level --experimental only for workerLoader-owning runtimes
  • add control-side prechecks for workerd workerLoader env and module-body limits
  • bound log-tail cleanup independently of async response-body ReadableStream.cancel() to mitigate workerd #6832
  • relax the client-disconnect integration test into a bounded regression anchor for stock 20260701 workerd
  • document compatibility impacts, including experimental surface tightening, SQLite reserved _cf_ names, workerLoader limits, stream disconnect behavior, and ECS capacity implications

Notes

workerd issue #6832 remains open upstream. This PR does not fork workerd or carry a patched binary; WDL bounds its own log-tail resource lifetime and records the tenant-visible streaming behavior change.

D1 no longer runs its child workerd process with --experimental; DO still does because its supervisor loads tenant DO classes through workerLoader.

Validation

  • npm test passed, 1704 tests
  • npm run compile:workerd passed
  • node --test tests/unit/control-env-budget.test.js tests/unit/control-deploy-watch.test.js passed
  • npm run test:integration -- tests/integration/http-features.test.js passed
  • full npm run test:integration passed, 53 files
  • terraform fmt -check -recursive terraform passed
  • git diff --cached --check passed

terraform validate was attempted locally but could not load the cached provider plugins in this environment; the failure was provider plugin startup/handshake, not an HCL validation error.

Upgrade workerd to 1.20260701.1, split process-level and loaded-worker experimental usage, add workerLoader env/code
  guards, bound log-tail cleanup for workerd #6832, and document compatibility and ECS capacity impacts.

Signed-off-by: Lu Zhang <lu@wdl.dev>
@cnluzhang cnluzhang marked this pull request as ready for review July 1, 2026 07:26
@cnluzhang cnluzhang requested a review from Copilot July 1, 2026 07:27

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Upgrades bundled workerd / @cloudflare/workers-types to the 2026-07-01 baseline and adjusts WDL runtime/control behavior to match upstream changes (notably tightening the experimental surface, adding workerLoader size/budget guards, and hard-bounding log-tail session cleanup).

Changes:

  • Remove broad loaded-worker experimental compatibility behavior (compatibilityFlags: ["experimental"] and allowExperimental) while keeping process-level --experimental only where workerLoader still requires it.
  • Add control-plane prechecks for workerLoader limits (64 MiB code total; headroomed 1 MiB serialized user env budget across vars + secrets).
  • Make log-tail cleanup independent of ReadableStream.cancel() and relax the client-disconnect integration test to a bounded regression anchor for current workerd behavior.

Reviewed changes

Copilot reviewed 40 out of 41 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
tests/unit/style-contracts.test.js Extends invariants to ensure --experimental is present only on workerLoader-owning processes across compose/k8s/terraform/supervisor.
tests/unit/runtime-load.test.js Updates loader-callback expectations to ensure allowExperimental is no longer emitted.
tests/unit/runtime-lib.test.js Updates compatibility-flag floor expectations after removing experimental injection.
tests/unit/do-runtime-protocol.test.js Updates DO protocol normalization test to ensure allowExperimental is absent.
tests/unit/control-secret-envelope-handlers.test.js Updates handler stubs/import wiring for added env-budget and version modules and required redis methods.
tests/unit/control-logs-tail.test.js Adds unit coverage for max-session watchdog cleanup even when stream cancel doesn’t occur.
tests/unit/control-lib.test.js Adjusts date validation test harness “today” to avoid false positives with newer bundled workerd.
tests/unit/control-env-budget.test.js New unit tests for merged env precedence, env budget enforcement, and secret decryption used by budget checks.
tests/unit/control-deploy-watch.test.js Adds deploy precheck coverage for env-budget and code-size rejection paths prior to version allocation.
tests/integration/http-features.test.js Relaxes disconnect assertion to accept current workerd behavior impacted by workerd #6832.
terraform/README.md Documents SQLite heap cap change implications for ECS sizing on newer workerd.
terraform/modules/compute/gateway_service.tf Removes --experimental from gateway workerd command line.
rust/supervisor/src/lib.rs Splits DO vs D1 workerd args to selectively include process --experimental.
rust/supervisor/src/config.rs Makes --experimental conditional in workerd_args() and adds unit test.
runtime/load.js Stops adding allowExperimental to generated WorkerCode for loaded workers.
runtime/lib.js Removes experimental compatibility-flag floor injection logic.
runtime/config-user.capnp Removes experimental from runtime loader worker compatibility flags.
runtime/config-system.capnp Removes experimental from runtime loader worker; wires in control-env-budget module and LOG_TAIL_MAX_SESSION_MS.
package.json Bumps workerd and @cloudflare/workers-types versions to 20260701.1.
package-lock.json Locks updated workerd / platform binaries and @cloudflare/workers-types versions.
docs/modules/runtime.zh.md Updates runtime module docs for experimental tightening and new workerLoader budgets (env/code).
docs/modules/runtime.md Updates runtime module docs for experimental tightening and new workerLoader budgets (env/code).
docs/modules/log-tail-observability.zh.md Documents workerd #6832 impact and the new independent max-session watchdog.
docs/modules/log-tail-observability.md Documents workerd #6832 impact and the new independent max-session watchdog.
docs/modules/cli.zh.md Documents deploy-time code-size and env-budget constraints surfaced by control.
docs/modules/cli.md Documents deploy-time code-size and env-budget constraints surfaced by control.
docs/compatibility.zh.md Documents reserved _cf_ SQLite naming restriction and new workerLoader size constraints.
docs/compatibility.md Documents reserved _cf_ SQLite naming restriction and new workerLoader size constraints.
Dockerfile.workerd Updates documented ECS command lines; notes supervisor child workerd includes --experimental for workerLoader.
docker-compose.yml Removes --experimental from gateway-local workerd command.
do-runtime/protocol.js Removes allowExperimental normalization from forwarded WorkerCode.
do-runtime/load.js Removes allowExperimental injection in DO loaded worker code path and updates typedef.
do-runtime/config.capnp Removes experimental from DO runtime worker compatibility flags.
deploy/kubernetes/base/gateway.yaml Removes --experimental from gateway container args.
control/handlers/worker-secrets.js Adds env-budget enforcement for worker secret PUT before promotion; adds envelope error handling.
control/handlers/secret-put.js Returns plaintext alongside encrypted value to support control-side budget prechecks.
control/handlers/ns-secrets.js Adds namespace secret budget validation across active workers before writing the secret.
control/handlers/logs-tail.js Adds independent max-session watchdog and makes cleanup independent of cancel() being invoked.
control/handlers/deploy.js Adds workerLoader code-size precheck and committed env-budget precheck before version allocation.
control/env-budget.js New shared helpers for env merging, byte accounting, budget enforcement, and secret decryption for budget checks.
CLAUDE.md Updates agent guidance for env-budget enforcement and disconnect/cancel unreliability guidance.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread control/env-budget.js Outdated

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7387099a94

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread control/handlers/ns-secrets.js Outdated
Comment thread control/handlers/worker-secrets.js Outdated
Comment thread runtime/lib.js
Comment thread control/handlers/worker-secrets.js Outdated
Comment thread control/handlers/deploy.js
Validate namespace and worker secret mutations against retained worker versions, check DELETE paths that
  reveal lower-precedence env values, and parallelize secret decryption used by env-budget prechecks.

Signed-off-by: Lu Zhang <lu@wdl.dev>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 40 out of 41 changed files in this pull request and generated 2 comments.

Comment thread control/handlers/ns-secrets.js
Comment thread control/env-budget.js Outdated

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5fb5e7b3ff

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread control/handlers/ns-secrets.js Outdated
Comment thread control/handlers/ns-secrets.js Outdated
Comment thread control/handlers/deploy.js
Comment thread control/handlers/worker-secrets.js Outdated
Make namespace-secret env-budget checks atomic with the secret write, validate namespace-secret deletes, and watch namespace secrets during worker-secret checks.
Revalidate deploy env budget inside the deploy commit WATCH window and add bundle metadata parse context for retained-version budget checks.

Signed-off-by: Lu Zhang <lu@wdl.dev>

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6fa169abd3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread control/handlers/logs-tail.js

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 40 out of 41 changed files in this pull request and generated no new comments.

Close the Redis tail session idempotently when cleanup runs and immediately close any session that
  finishes opening after the watchdog has already expired. Add a unit regression test for the pending-open race.

Signed-off-by: Lu Zhang <lu@wdl.dev>

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7e4f4ad816

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread control/env-budget.js Outdated
Include runtime-injected binding and workflow env values in the control-plane workerLoader env budget
  estimate, including required caller secret copies in service binding props. Update docs and add regression coverage for retained versions.

Signed-off-by: Lu Zhang <lu@wdl.dev>
@cnluzhang cnluzhang force-pushed the codex/workerd-20260701-adaptation branch from f5a2809 to 6e26d86 Compare July 1, 2026 14:36
@cnluzhang cnluzhang requested a review from Copilot July 1, 2026 14:39

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 40 out of 41 changed files in this pull request and generated 2 comments.

Comment thread rust/supervisor/src/config.rs
Comment thread rust/supervisor/src/config.rs

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6e26d863bb

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread control/handlers/deploy.js Outdated
Comment thread control/handlers/worker-secrets.js
Comment thread control/handlers/ns-secrets.js
Validate deploy env budget after materialized metadata, budget worker secret bumps with a
  conservative future version estimate, and skip decrypting secret envelopes removed by PUT/DELETE recovery paths.

Signed-off-by: Lu Zhang <lu@wdl.dev>

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7d7a3a6bee

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread control/env-budget.js Outdated
Comment thread control/env-budget.js

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 40 out of 41 changed files in this pull request and generated 2 comments.

Comment thread control/handlers/worker-secrets.js Outdated
Comment thread control/handlers/ns-secrets.js
Count the configured ASSETS_CDN_BASE and do-runtime alarm binding in workerLoader env estimates so deploys and secret mutations fail before cold-load.
Allow same-hash secret DELETE repair budget checks to skip corrupt remaining envelopes while keeping PUT and cross-layer decrypts fail-closed.
Add regression coverage for deploy budget propagation, DO alarm env estimates, and namespace/worker secret repair behavior.

Signed-off-by: Lu Zhang <lu@wdl.dev>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 40 out of 41 changed files in this pull request and generated 1 comment.

Comment thread control/env-budget.js

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 68a2283874

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread control/handlers/logs-tail.js Outdated
Use a null-prototype callerSecrets map so object-prototype secret keys remain data keys during workerLoader env estimates.
Expose RedisSession.hasOpenResources() and use it to close log-tail sessions once open has allocated socket resources, including the pending SELECT window.
Add unit coverage for both review findings and verify with targeted log-tail integration tests.

Signed-off-by: Lu Zhang <lu@wdl.dev>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 42 out of 43 changed files in this pull request and generated 2 comments.

Comment thread shared/redis-session.js
Comment thread tests/unit/control-lib.test.js Outdated

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8ffaf121db

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread control/handlers/worker-secrets.js
Split workerd experimental surface, add workerLoader env/code guards, bound log-tail cleanup without stream cancel, reject unsupported Python/experimental
  tenant metadata, and cap D1/DO runtime container memory for the 0701 SQLite behavior.

Signed-off-by: Lu Zhang <lu@wdl.dev>
@cnluzhang cnluzhang force-pushed the codex/workerd-20260701-adaptation branch from 8753459 to 3531849 Compare July 2, 2026 04:41
@cnluzhang cnluzhang requested a review from Copilot July 2, 2026 08:32

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 69 out of 70 changed files in this pull request and generated no new comments.

Fix the experimental flag mirror and add read-only rollout scanning for retained metadata blockers, including missing metadata, Python modules, experimental flags, and env-size risks without decrypting secrets.
Document the TLS, log-tail, runtime scanner, and Terraform memory boundaries for the 2026-07-01 workerd adaptation.

Signed-off-by: Lu Zhang <lu@wdl.dev>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 70 out of 71 changed files in this pull request and generated 2 comments.

Comment thread control/env-budget.js
Comment thread control/handlers/deploy.js

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 725e40e2df

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread terraform/modules/compute/do_runtime_service.tf Outdated
Document the two-phase env-budget deploy check, pin the Durable Object env estimate to the real runtime shape, and leave explicit task memory headroom for the DO redis-proxy sidecar.
Add regression coverage for the DO env estimate and Terraform memory contract.

Signed-off-by: Lu Zhang <lu@wdl.dev>

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 29d2af630b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread control/handlers/deploy.js

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 71 out of 72 changed files in this pull request and generated 3 comments.

Comment thread control/handlers/ns-secrets.js
Comment thread control/handlers/worker-secrets.js
Comment thread control/handlers/worker-secrets.js
Make deploy env-budget rejection authoritative after version allocation, keep DELETE secret repair paths from being blocked by unrelated corrupt envelopes, and update docs/tests for the revised contracts.

Signed-off-by: Lu Zhang <lu@wdl.dev>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 71 out of 72 changed files in this pull request and generated no new comments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants