commit · quire · c519d65d

Remove run_id from quire-ci transport

The bearer token alone identifies the run server-side — quire-ci never
used run_id in API requests. The server now always mints the run ID at
creation time instead of borrowing it from the transport session, and
stops passing QUIRE__RUN_ID to the subprocess.

Assisted-by: Owl Alpha via pi

change ruzxmxmqwxopuzvylnmylprkmmzqlmzn

commit c519d65dfb6515cb48c04af5cf7cdcbc73e9e487

author Alpha Chen <alpha@kejadlen.dev>

date 1mo ago

parent vyorwupt

diff --git a/quire-ci/src/main.rs b/quire-ci/src/main.rs
index 9300965..082a5bc 100644
--- a/quire-ci/src/main.rs
+++ b/quire-ci/src/main.rs
@@ -49,8 +49,8 @@ struct Cli {
 
     /// Transport credentials and telemetry settings for
     /// orchestrator-dispatched runs, sourced from `QUIRE__*` env vars:
-    /// `QUIRE__RUN_ID`, `QUIRE__SERVER_URL`, `QUIRE__RUN_TOKEN`,
-    /// `QUIRE__TRANSPORT`, `QUIRE__SENTRY_DSN`.
+    /// `QUIRE__SERVER_URL`, `QUIRE__RUN_TOKEN`, `QUIRE__TRANSPORT`,
+    /// `QUIRE__SENTRY_DSN`.
     #[facet(args::config, args::env_prefix = "QUIRE")]
     quire: QuireConfig,
 
@@ -66,10 +66,6 @@ struct Cli {
 /// `--quire.<field>` on the CLI.
 #[derive(Facet)]
 struct QuireConfig {
-    /// Run UUID assigned by the orchestrator (`QUIRE__RUN_ID`).
-    #[facet(default)]
-    run_id: String,
-
     /// Base URL of quire-server, e.g. `http://127.0.0.1:3000`
     /// (`QUIRE__SERVER_URL`).
     #[facet(default)]
@@ -318,7 +314,6 @@ fn main() -> Result<()> {
             let _enter = rt.enter();
 
             let session = ApiSession {
-                run_id: cli.quire.run_id,
                 server_url: cli.quire.server_url,
                 run_token: cli.quire.run_token,
             };
diff --git a/quire-core/src/ci/transport.rs b/quire-core/src/ci/transport.rs
index c12cfe3..231183f 100644
--- a/quire-core/src/ci/transport.rs
+++ b/quire-core/src/ci/transport.rs
@@ -11,13 +11,11 @@
 /// the bearer token it issued.
 #[derive(Clone, Debug, PartialEq, Eq)]
 pub struct ApiSession {
-    /// Run UUID assigned by the orchestrator. Also the value stored
-    /// in `runs.id` server-side.
-    pub run_id: String,
     /// Base URL of quire-server (e.g. `http://127.0.0.1:3000`).
     pub server_url: String,
     /// Bearer token minted at run creation time. Matches
-    /// `runs.run_token` server-side.
+    /// `runs.run_token` server-side. Also serves as the run
+    /// identifier — the server looks up the run by this token.
     pub run_token: String,
 }
 
diff --git a/quire-server/src/ci/run.rs b/quire-server/src/ci/run.rs
index d4c1c66..d88c8df 100644
--- a/quire-server/src/ci/run.rs
+++ b/quire-server/src/ci/run.rs
@@ -36,7 +36,6 @@ pub enum Executor {
 pub fn new_transport(mode: TransportMode, port: u16) -> Transport {
     Transport {
         session: ApiSession {
-            run_id: uuid::Uuid::now_v7().to_string(),
             server_url: format!("http://127.0.0.1:{port}"),
             run_token: mint_run_token(),
         },
@@ -120,7 +119,10 @@ impl Runs {
     pub fn create(&self, meta: &RunMeta, transport: Option<&Transport>) -> Result<Run> {
         let (id, run_token_str) = match transport {
             None => (uuid::Uuid::now_v7().to_string(), None),
-            Some(t) => (t.session.run_id.clone(), Some(t.session.run_token.as_str())),
+            Some(t) => {
+                let id = uuid::Uuid::now_v7().to_string();
+                (id, Some(t.session.run_token.as_str()))
+            }
         };
         let workspace_path = self.base_dir.join(&id).join("workspace");
 
@@ -340,7 +342,6 @@ impl Run {
                 cmd.arg("--bootstrap").arg(&bootstrap_path);
             }
             Some(t) => {
-                cmd.env("QUIRE__RUN_ID", &t.session.run_id);
                 cmd.env("QUIRE__SERVER_URL", &t.session.server_url);
                 cmd.env("QUIRE__RUN_TOKEN", &t.session.run_token);
                 if t.mode == TransportMode::Api {
@@ -910,7 +911,8 @@ mod tests {
         let transport = new_transport(TransportMode::Filesystem, 3000);
         let run = runs.create(&test_meta(), Some(&transport)).expect("create");
 
-        assert_eq!(run.id(), transport.session.run_id);
+        // Run ID is minted by the server, not taken from the transport.
+        assert!(uuid::Uuid::parse_str(run.id()).is_ok());
 
         let conn = crate::db::open(&quire.db_path()).expect("db");
         let stored: Option<String> = conn
@@ -934,7 +936,8 @@ mod tests {
         let transport = new_transport(TransportMode::Api, 3000);
         let run = runs.create(&test_meta(), Some(&transport)).expect("create");
 
-        assert_eq!(run.id(), transport.session.run_id);
+        // Run ID is minted by the server, not taken from the transport.
+        assert!(uuid::Uuid::parse_str(run.id()).is_ok());
 
         let conn = crate::db::open(&quire.db_path()).expect("db");
         let stored: Option<String> = conn
@@ -973,11 +976,9 @@ mod tests {
                 "token should be alphanumeric, got {:?}",
                 transport.session.run_token
             );
-            assert!(
-                uuid::Uuid::parse_str(&transport.session.run_id).is_ok(),
-                "run_id should be a UUID, got {:?}",
-                transport.session.run_id
-            );
+            // Transport no longer carries a run_id — the server mints
+            // the run ID at creation time and the token alone identifies
+            // the run.
         }
     }