chore: disable auth on serverless

[NathanFlurry]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[NathanFlurry]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• fix(rivetkit-core): gate startup until runtime is ready #4736 : 2 dependent PRs (#4737 , #4739 )
• fix(rivetkit-sqlite): preserve text with embedded nul bytes #4735
• chore(rivetkit): add child spans for logging #4734
• fix(rivetkit-core): orphan engine process and detect crashes #4733
• fix(rivetkit-core): return None for empty inspector state to avoid frontend CBOR decode error #4732
• fix(rivetkit-core): don't install tokio::signal::ctrl_c() handler inside serve_with_config #4731
• refactor(rivetkit-core): use subtle::ConstantTimeEq for inspector token verify #4730
• fix(rivetkit): drop is_read_only_sql classifier, surface RETURNING rows #4728
• docs: require close-code rejection for websocket auth/policy failures #4727
• fix(rivetkit): inspector reports actual config state + real queue messages #4726
• fix(rivetkit-napi): plumb ctx through serializeState TSF and stop panicking on runtime_state Ref drop #4725
• chore(rivetkit): remove legacy metrics & prometheus auth #4724
• chore(rivetkit): remove legacy metrics #4723
• chore(rivetkit): impl inspector token #4722
• chore: disable auth on serverless #4721 👈 (View in Graphite)
• chore: fix cors for envoys #4720
• chore: fix serverless in rivetkit-core #4719
• chore(rivetkit): impl follow up review #4711
• chore: rivetkit core/napi/typescript follow up review #4702
• chore: fix remaining issues with rivetkit-core #4701
• chore: sqlite v1 to v2 data migration #4692 : 1 other dependent PR (#4640 )
• chore: move rivetkit to task model #4680
• chore: rivetkit to rust #4679
• feat(rivetkit): sqlite vfs v2 #4673
• chore: rename sandbox -> kitchen sink #4671 : 1 other dependent PR (#4672 )
• chore: configure TLS trust roots for rustls clients #4667
• fix(rivetkit): update config to match envoys & remove manager references #4663
• chore(publish): pin docker base image refs #4652
• chore(engine): publish engine bases in ci #4649 : 2 other dependent PRs (#4650 , #4666 )
• chore: lockfile lefthook #4647
• fix(rivetkit): surface native sqlite kv errors to callers #4645
• fix(rivetkit): prevent sleep races during disconnect and db work #4644
• fix(rivetkit): isolate engine envoys and propagate startup failures #4643
• test(rivetkit): remove wasm sqlite-only fixtures and coverage #4642
• chore(sqlite-vfs): remove wasm sqlite packages and workspace wiring #4641
• chore(rivetkit): remove wasm sqlite runtime #4614
• fix(sqlite-native): restore native startup kv preload #4639
• fix(sqlite-native): delete metadata before chunk range #4638
• fix(sqlite-native): keep truncate cache coherent #4637
• fix(sqlite-vfs): use delete range for truncate cleanup #4636
• fix(sqlite-native): restore kv error hook #4635
• perf(sqlite-native): avoid cloning cached read chunks #4634
• perf(sqlite-native): gate kv operation labels #4633
• perf(sqlite-native): reuse read cache for partial writes #4632
• perf(sqlite-native): remove delete file existence probe #4631
• fix(sqlite-native): gate native read cache behind env var #4630
• fix(pegboard): isolate runner config dc lookup failures #4625 : 1 other dependent PR (#4626 )
• docs(pegboard): note runner config upsert split write risk #4624
• fix(pegboard): unpack global runner config keys correctly #4623
• fix(pegboard-gateway): enforce tunnel message state #4622
• fix(pegboard-runner): clear terminal tunnel routes #4621
• fix(pegboard): skip protocol version keys in runner pool backfill #4620
• fix(pegboard): create missing normal runner configs #4619
• fix(epoxy): reuse cached optimistic value #4618
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

PR #4721 Review: chore: disable auth on serverless

Overview

This PR temporarily disables token authentication on the serverless /start endpoint in rivetkit-core. The root cause is a token mismatch: the incoming x-rivet-token carries the user's API token, but configured_token is expected to be a shared pool secret — a distinction that doesn't yet exist in the envoy-era serverless pool. The PR also removes the subtle crate dep, Forbidden error struct, and constant_time_eq helper.

---

Security Concerns (Primary)

• Unauthenticated endpoint: The /start endpoint is now fully open to any caller that can reach the serverless runtime. No validation that the caller is authorized to start an actor.
• Endpoint + namespace validation remains: The validate_endpoint path still enforces endpoint and namespace matching, which provides some constraint — but this is significantly weaker than token auth.
• No linked follow-up issue: The TODO comment explains the intent to re-enable auth, but there's no issue number referenced (e.g. // TODO(#XXXX):). This increases the risk that the temporary disable becomes permanent. Consider linking a tracking issue before this is merged.

---

Code Quality

Positives:

• The tracing::warn! additions for endpoint/namespace rejection are well-formed: structured fields, lowercase messages, correct conventions per CLAUDE.md.
• Proper cleanup of all now-unused code (constant_time_eq, Forbidden, subtle dep in both Cargo.toml and Cargo.lock).
• The TODO comment clearly explains the why.

Suggestions:

• The commented-out block in validate_start_headers is fairly long. Since git preserves the history, consider deleting it entirely and referencing the tracking issue instead. Commented-out code adds noise and can mislead future readers.
• If the commented-out code must stay, add an issue number to the TODO: // TODO(#XXXX): re-enable once envoy pool carries a shared secret.

---

Summary

The change is a deliberate and documented security regression with a clear rationale. Draft status is appropriate. The main ask before merging is to ensure a tracking issue exists for re-enabling auth, so this doesn't slip through. Everything else (logging, dep cleanup, error removal) looks correct.

[github-actions]

Preview packages published to npm

Install with:

npm install rivetkit@pr-4721

All packages published as 0.0.0-pr.4721.a4e11fe with tag pr-4721.

Engine binary is shipped via @rivetkit/engine-cli on linux-x64-musl, linux-arm64-musl, darwin-x64, and darwin-arm64. Windows users should use the release installer or set RIVET_ENGINE_BINARY.

Docker images:

docker pull rivetdev/engine:slim-a4e11fe
docker pull rivetdev/engine:full-a4e11fe

Individual packages

npm install rivetkit@pr-4721
npm install @rivetkit/react@pr-4721
npm install @rivetkit/rivetkit-napi@pr-4721
npm install @rivetkit/workflow-engine@pr-4721

[NathanFlurry]

Landed in main via stack-merge fast-forward push. Commits are in main; closing to match.