chore: configure TLS trust roots for rustls clients

[NathanFlurry]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[railway-app]

🚅 Deployed to the rivet-pr-4667 environment in rivet-frontend

Service	Status	Web	Updated (UTC)
frontend-cloud	😴 Sleeping (View Logs)	Web	Apr 24, 2026 at 11:37 am
website	😴 Sleeping (View Logs)	Web	Apr 24, 2026 at 10:05 am
kitchen-sink	❌ Build Failed (View Logs)	Web	Apr 24, 2026 at 8:13 am
mcp-hub	✅ Success (View Logs)	Web	Apr 15, 2026 at 10:07 am
ladle	✅ Success (View Logs)	Web	Apr 15, 2026 at 6:26 am
frontend-inspector	❌ Build Failed (View Logs)	Web	Apr 15, 2026 at 6:22 am

[NathanFlurry]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• chore: rename sandbox -> kitchen sink #4671 : 2 dependent PRs (#4672 , #4673 )
• chore: configure TLS trust roots for rustls clients #4667 👈 (View in Graphite)
• fix(rivetkit): update config to match envoys & remove manager references #4663
• chore(publish): pin docker base image refs #4652
• chore(engine): publish engine bases in ci #4649 : 2 other dependent PRs (#4650 , #4666 )
• chore: lockfile lefthook #4647
• fix(rivetkit): surface native sqlite kv errors to callers #4645
• fix(rivetkit): prevent sleep races during disconnect and db work #4644
• fix(rivetkit): isolate engine envoys and propagate startup failures #4643
• test(rivetkit): remove wasm sqlite-only fixtures and coverage #4642
• chore(sqlite-vfs): remove wasm sqlite packages and workspace wiring #4641
• chore(rivetkit): remove wasm sqlite runtime #4614
• fix(sqlite-native): restore native startup kv preload #4639
• fix(sqlite-native): delete metadata before chunk range #4638
• fix(sqlite-native): keep truncate cache coherent #4637
• fix(sqlite-vfs): use delete range for truncate cleanup #4636
• fix(sqlite-native): restore kv error hook #4635
• perf(sqlite-native): avoid cloning cached read chunks #4634
• perf(sqlite-native): gate kv operation labels #4633
• perf(sqlite-native): reuse read cache for partial writes #4632
• perf(sqlite-native): remove delete file existence probe #4631
• fix(sqlite-native): gate native read cache behind env var #4630
• fix(pegboard): isolate runner config dc lookup failures #4625 : 1 other dependent PR (#4626 )
• docs(pegboard): note runner config upsert split write risk #4624
• fix(pegboard): unpack global runner config keys correctly #4623
• fix(pegboard-gateway): enforce tunnel message state #4622
• fix(pegboard-runner): clear terminal tunnel routes #4621
• fix(pegboard): skip protocol version keys in runner pool backfill #4620
• fix(pegboard): create missing normal runner configs #4619
• fix(epoxy): reuse cached optimistic value #4618
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

Code Review

Overview

This PR migrates rustls-based TLS clients (tokio-tungstenite, reqwest in rivetkit-rust) from native-tls/OpenSSL to a dual-roots strategy combining rustls-tls-native-roots and rustls-tls-webpki-roots. It also removes tokio-native-tls from the engine workspace, adds @rivetkit/rivetkit-native to the sandbox example, and contains a large reformatting of the generated engine-runner-protocol file.

---

TLS Strategy (Core Change)

The dual-roots approach is well-reasoned and correctly documented in CLAUDE.md:

• native roots -- works for operator-installed corporate CAs
• webpki roots -- fallback for Distroless/Alpine containers without ca-certificates

The CLAUDE.md note that engine-internal clients (ClickHouse, hyper-tls, guard HTTP proxy) intentionally stay on OpenSSL is a good explicit carve-out that prevents future confusion.

Security note: Enabling both root stores creates a union trust set -- any CA in either store is trusted. This is the correct trade-off for the stated use case, but it does slightly expand the trust surface compared to webpki-only. This appears intentional and acceptable.

---

Issues / Questions

1. Quinn unexpectedly pulled in as a reqwest dependency

In rivetkit-rust/Cargo.lock, quinn appears as a resolved dependency of reqwest (alongside quinn-proto, quinn-udp) even though the http3 feature is not listed in client/Cargo.toml. Quinn is normally only compiled when reqwest's http3 feature is enabled. This may be a transitive resolution from eventsource-client or a change in reqwest 0.12.28's feature graph. Please verify whether HTTP/3 is being inadvertently compiled in -- it adds non-trivial binary size and compile time.

2. default-features = false drops HTTP response compression

The previous reqwest config used default features, which include gzip, brotli, and deflate decompression. The new default-features = false config drops all of these. If the Rivet backend sends compressed responses, the client will silently receive compressed bytes it cannot decode. Please confirm this is intentional or add the relevant compression features back.

3. Large reformatting noise in a generated file

rivetkit-typescript/packages/engine-runner-protocol/src/index.ts is marked // @generated - post-processed by build.rs, but this PR changes roughly 2000 lines of indentation (tabs to spaces) and removes semicolons throughout. This mixes pure style churn into a functional change and makes the diff hard to review. Recommend separating into its own commit, or documenting why the generator output changed.

4. Sandbox example: Vercel equivalent not updated

Per CLAUDE.md, updating examples requires also updating the Vercel equivalent. The examples/sandbox/vite.config.ts and package.json changes do not have a corresponding Vercel example update. Either run ./scripts/vercel-examples/generate-vercel-examples.ts or confirm that Vercel does not apply to this example.

---

Minor Observations

• Removal of rivetkit-typescript/packages/sqlite-vfs and sqlite-native from pnpm-lock is consistent with the CLAUDE.md native-only SQLite policy.
• examples/global-smoke-test removal from pnpm-lock is unexplained in the PR description -- confirm this is intentional.
• The CLAUDE.md note to "bump webpki-roots periodically" is good guidance; consider backing it with a Dependabot/Renovate rule so it does not rely on manual memory.
• Multiple unrelated changes (TLS migration, protocol reformatting, workspace cleanup, sandbox example) are bundled in one PR. Fine for a draft, but worth splitting before merge.

---

Summary

The core TLS migration is solid and the CLAUDE.md documentation is clear and useful. The main items to resolve before merge: verify the unexpected Quinn dependency, confirm whether HTTP compression is still needed, and separate the generated file reformatting from the functional changes.

[claude]

PR #4667 Review: chore: configure TLS trust roots for rustls clients

Summary: This PR configures TLS trust roots for rustls-based clients (tokio-tungstenite in the main workspace, reqwest + tokio-tungstenite in rivetkit-rust) to enable both native OS roots and bundled Mozilla CA roots (webpki-roots). It also removes tokio-native-tls, removes eventsource-client (old hyper 0.14 dependency), fixes reqwest::Client reuse in RemoteManager, adds a new TLS documentation page, and adds @rivetkit/rivetkit-native to the sandbox example.

---

Issues

Em dashes in new CLAUDE.md section

The new "TLS Trust Roots" section added to CLAUDE.md uses em dashes in two bullet points. CLAUDE.md explicitly forbids em dashes and requires periods to separate sentences instead.

Documentation accuracy in tls.mdx

website/src/content/docs/self-hosting/tls.mdx claims Rivet reads the OS trust store for "all outbound HTTPS." This is only half-accurate. The PR's core purpose is adding webpki-roots as a fallback so that Distroless containers, Alpine images without ca-certificates, and Cloud Run environments work when the OS trust store is empty. The docs omit this bundled fallback, which could mislead operators expecting pure OS-store behavior. Also, "all outbound HTTPS" is over-broad since the engine-internal clients (reqwest, ClickHouse pool) stay on hyper-tls/OpenSSL.

Sandbox Vercel parity

CLAUDE.md requires updating the Vercel equivalent when modifying an example. examples/sandbox/package.json adds @rivetkit/rivetkit-native and examples/sandbox/vite.config.ts externalizes it, but examples/sandbox-vercel/ was not updated. Since @rivetkit/rivetkit-native is a native package that Vercel may not support, this should be clarified by either updating sandbox-vercel or adding "skipVercel": true to the sandbox package.json template block.

---

Positive Changes

reqwest::Client sharing in remote_manager.rs: Previously created a new reqwest::Client on every HTTP call (6 locations). The PR moves the client to a struct field and reuses it per CLAUDE.md ("Never build a new reqwest client from scratch"), which improves connection pooling significantly.

eventsource-client removal: The crate pulled in hyper 0.14, hyper-rustls 0.24, and futures as old transitive dependencies. Its removal is good dependency hygiene with no remaining references in source.

TLS root strategy: Adding rustls-tls-native-roots + rustls-tls-webpki-roots together is the correct dual-root approach. Strictly additive; TLS certificate validation is still enforced with the bundled Mozilla CA list serving only as a fallback when the OS trust store is empty.

Generated file engine-runner-protocol/src/index.ts: The large diff is a pure code-style regeneration (tabs to 4-space, semicolon removal) from the @bare-ts/tools compiler. No logic changes.

---

Minor Notes

• tokio-tungstenite version: main workspace pins 0.26.0 while rivetkit-rust pins 0.26.1. Semver-compatible across separate Cargo workspaces, but slightly inconsistent with the new CLAUDE.md note.
• remote_manager.rs has 7 pre-existing uses of the anyhow! macro; CLAUDE.md recommends .context() instead. Not introduced by this PR but worth noting since the file was touched.
• reqwest feature flags in rivetkit-rust omit gzip/deflate/brotli. Worth confirming no Rivet API endpoints return compressed responses.

[github-actions]

Preview packages published to npm

Install with:

npm install rivetkit@pr-4667

All packages published as 0.0.0-pr.4667.da01c89 with tag pr-4667.

Engine binary is shipped via @rivetkit/engine-cli on linux-x64-musl, linux-arm64-musl, darwin-x64, and darwin-arm64. Windows users should use the release installer or set RIVET_ENGINE_BINARY.

Docker images:

docker pull rivetdev/engine:slim-da01c89
docker pull rivetdev/engine:full-da01c89

Individual packages

npm install rivetkit@pr-4667
npm install @rivetkit/react@pr-4667
npm install @rivetkit/rivetkit-native@pr-4667
npm install @rivetkit/workflow-engine@pr-4667

[NathanFlurry]

Landed in main via stack-merge fast-forward push. Commits are in main; closing to match.