🚅 Deployed to the rivet-pr-4234 environment in rivet-frontend

Service	Status	Web	Updated (UTC)
website	😴 Sleeping (View Logs)	Web	Feb 23, 2026 at 8:48 pm
ladle	❌ Build Failed (View Logs)	Web	Feb 21, 2026 at 1:41 am
frontend-inspector	❌ Build Failed (View Logs)	Web	Feb 19, 2026 at 8:48 pm
mcp-hub	✅ Success (View Logs)	Web	Feb 19, 2026 at 8:48 pm
frontend-cloud	❌ Build Failed (View Logs)	Web	Feb 19, 2026 at 8:48 pm

• fix: always trigger serverless ended early error #4320
• fix: remove useless config params #4319
• fix: add serverless leak fix oneoff #4318
• chore: add log for runners with no alloc idx #4316
• fix(ups): upgrade nats, fix chunking, add chunking tests #4315
• chore: fix tests #4314
• fix: various serverless bug fixes #4313
• fix(guard, runner): enforce http body size and ws msg size #4252
• fix(pegboard): add threshold parameters to runner protocol metadata #4247
• chore: get docker compose working again #4246
• fix(epoxy): make quorum sizes match paper #4234 👈 (View in Graphite)
• fix(rivetkit): stall stop handler until start completes #4192
• main

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

This stack of pull requests is managed by Graphite. Learn more about stacking.

PR Review: fix(epoxy): make quorum sizes match paper

Summary

This PR separates the fanout quorum calculation into its own function (calculate_fanout_quorum) and adds proper edge-case handling for small cluster sizes. The code cleanup in http_client.rs (removing glob imports, simplifying std::result::Result::Ok to Ok) is good and follows the project's conventions.

However, there's a significant concern with the fast quorum formula that deserves attention before merge.

Critical: Fast quorum formula may be smaller than EPaxos section 4.3 requires

The comment cites EPaxos §4.3, which specifies fast quorum size as ⌊3N/4⌋ + 1. The old formula matched this exactly:

// Old (correct per EPaxos §4.3)
QuorumType::Fast => (n * 3) / 4 + 1,

The new formula uses f + (f + 1) / 2 (integer division) where f = (n - 1) / 2:

The new formula consistently produces fast quorums 1 smaller than the paper's requirement. The EPaxos safety argument depends on any two fast quorums intersecting in at least f+1 nodes (so recovery can always find a node that participated). A fast quorum that is one too small violates this intersection property.

Concrete impact in the accept phase — in send_pre_accepts, the fanout waits for calculate_fanout_quorum(n, Fast) responses before deciding the path. For N=5 the old code waited for 3 other replicas (quorum of 4 including sender), but the new code waits for only 2. If those 2 agree, decide_path takes the fast path — but EPaxos requires 3 other agreements (4 total) before that is safe.

Could you clarify which paper edition this formula comes from, or point to the theorem that justifies the smaller values? If the protocol has diverged from stock EPaxos, a note in the code would help future readers.

Minor: QuorumType::Any inconsistency in calculate_fanout_quorum

For n >= 3, calculate_fanout_quorum returns 1 for Any, meaning the fanout waits for one additional replica. But calculate_quorum(n, Any) returns 1 (the sender alone satisfies the quorum), so the fanout should be 0. These two functions give inconsistent answers for Any.

Concretely in get_optimistic.rs, the caller already guards the n == 1 case, so in practice n >= 2 when fanout_to_replicas is called with Any. For n == 2, the fanout correctly requires the one other replica to respond. For n >= 3 it waits for one arbitrary replica, which appears to be the intended semantics for an optimistic read ("confirm with any other node"). If that is intended, the docstring on calculate_quorum for Any should be clarified, since its return value of 1 implies the sender alone suffices, which conflicts with what calculate_fanout_quorum does.

Missing unit tests

Given that this is a correctness-critical fix to consensus quorum sizes, a table-driven unit test (e.g., verifying expected values for calculate_quorum and calculate_fanout_quorum at N = 1, 2, 3, 5, 7) would provide a clear specification and catch regressions. Even something simple in utils.rs would help a lot here:

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn quorum_sizes_match_epaxos() {
        // (n, fast, slow)
        let cases = [(3, 3, 2), (5, 4, 3), (7, 6, 4)];
        for (n, expected_fast, expected_slow) in cases {
            assert_eq\!(calculate_quorum(n, QuorumType::Fast), expected_fast, "n={n}");
            assert_eq\!(calculate_quorum(n, QuorumType::Slow), expected_slow, "n={n}");
        }
    }
}

Positive changes

• Removing the glob import from anyhow follows the CLAUDE.md convention.
• Simplifying std::result::Result::Ok → Ok is cleaner.
• The early return when target_responses == 0 is a good guard (though warn\! level seems noisy for the single-node case; debug\! might be more appropriate).
• Extracting calculate_fanout_quorum makes the "sender is excluded" semantic explicit rather than having it buried in a match arm.
• The n == 0, n == 1, n == 2 edge-case handling is a good addition.

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/cloudflare-workers@4234

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/framework-base@4234

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/next-js@4234

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/react@4234

pnpm add https://pkg.pr.new/rivet-dev/rivet/rivetkit@4234

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/sql-loader@4234

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/sqlite-vfs@4234

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/traces@4234

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/workflow-engine@4234

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/virtual-websocket@4234

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner@4234

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner-protocol@4234

commit: 0027acd