fix: remove serverless token

[MasterPtato]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[MasterPtato]

• chore: remove non-engine drivers #4574 : 2 dependent PRs (#4581 , #4582 )
• feat: dynamic actors #4397
• fix: driver test suite & sqlite reliability #4559
• fix: remove serverless token #4572 👈 (View in Graphite)
• fix: misc token fixes #4569
• fix(pb): clean up actor stop decision handling #4566
• fix(envoy): use global instance, add signal handlers #4565
• chore: misc fixes, add pb snapshot test #4561
• fix(cache): make in memory cache global #4560
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

PR Review: Remove Unused Serverless Token Auth

This PR removes the X-Rivet-Token header mechanism from serverless outbound requests and cleans up the related token refresh logic in the envoy client.

What's Changed

Rust (engine/packages/pegboard-outbound/src/lib.rs):

• Removes the X_RIVET_TOKEN header constant
• Drops the token: Option<&str> parameter from serverless_outbound_req()
• Stops reading config.auth.admin_token for outbound serverless requests

TypeScript (engine/sdks/typescript/envoy-client/src/tasks/envoy/index.ts):

• Removes GLOBAL_SHARED_CTX and the token-refresh logic for repeated startEnvoySync() calls
• Simplifies the global singleton pattern

Concerns

Token expiry on long-lived envoys: The removed TypeScript comment explained the purpose explicitly:

"This is done for serverless envoys where the token normally expires around the same time as the /start request expires. The envoy persists longer than the /start request so it needs an up to date token."

If serverless envoys can still outlive a /start request lifetime, removing the token refresh without a replacement creates a gap where requests may fail silently after expiry. Please confirm this scenario is fully covered (e.g., auth moved to the envoy-side, or tokens no longer expire on this path).

Dead config fields: ctx.config().auth is still present in Rust but the admin token is now ignored for outbound requests. If this is the only consumer, the auth config fields become dead weight worth noting for a follow-up.

No test changes: Given that this removes auth headers from HTTP requests, it would be helpful to see updated or new tests confirming:

• Serverless outbound requests succeed without the token header
• The envoy client singleton no longer attempts token refresh

Minor Notes

• The Rust cleanup is clean and straightforward.
• The TypeScript simplification is correct assuming the token refresh is genuinely no longer needed.
• It would help to have a PR description explaining why this is being removed (architecture change, auth moved elsewhere, deprecation of this mechanism, etc.) so reviewers and future git blame readers have context.

[MasterPtato]

Merge activity

• Apr 8, 8:52 PM UTC: A user started a stack merge that includes this pull request via Graphite.
• Apr 8, 9:05 PM UTC: Graphite rebased this pull request as part of a merge.
• Apr 8, 9:06 PM UTC: @MasterPtato merged this pull request with Graphite.