Skip to content

feat(frontend): enable version skew protection via deploymentId#4629

Merged
divineforest merged 2 commits into
mainfrom
fix/add-nextjs-deployment-id
May 14, 2026
Merged

feat(frontend): enable version skew protection via deploymentId#4629
divineforest merged 2 commits into
mainfrom
fix/add-nextjs-deployment-id

Conversation

@divineforest
Copy link
Copy Markdown
Contributor

@divineforest divineforest commented May 13, 2026
edited by archestra-contributor-pr-bot Bot
Loading

During rolling deploys, tabs holding the old build can hit the new server's RSC routes and get inconsistent assets or shape-mismatched data. Setting deploymentId lets Next.js stamp assets with ?dpl=<id> and surface x-nextjs-deployment-id on RSC responses; the client router detects the mismatch and hard-reloads onto fresh assets.

Reuses the existing VERSION build arg, sanitized to the [a-zA-Z0-9_-] charset Next.js requires. Declares VERSION on the Turbo build task so strict-mode env filtering doesn't strip it before next build reads it.

Archestra Contributor

@divineforest
feat(frontend): enable version skew protection via deploymentId
a261a59 
During rolling deploys, tabs holding the old build can hit the new
server's RSC routes and get inconsistent assets or shape-mismatched
data. Setting `deploymentId` lets Next.js stamp assets with `?dpl=<id>`
and surface `x-nextjs-deployment-id` on RSC responses; the client
router detects the mismatch and hard-reloads onto fresh assets.

Reuses the existing `VERSION` build arg, sanitized to
the `[a-zA-Z0-9_-]` charset Next.js requires. Declares
`VERSION` on the Turbo build task so strict-mode env filtering doesn't
strip it before `next build` reads it.
@divineforest divineforest requested a review from joeyorlando May 13, 2026 14:10
@divineforest divineforest added the run-e2e add label to run e2e tests on demand on a PR (remove and re-add the label to retrigger) label May 13, 2026
joeyorlando
joeyorlando reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@joeyorlando joeyorlando left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙌

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 13, 2026
edited
Loading

Playwright test results

passed  181 passed
flaky  5 flaky
skipped  15 skipped

Details

stats  201 tests across 37 suites
duration  6 minutes, 49 seconds
commit  1ca25c7

Flaky tests

setup-teams › ../auth.teams.setup.ts › setup teams and assignments
api › mcp-enterprise-managed.ee.spec.ts › Enterprise-managed MCP credentials › exchanges an ID-JAG at a remote MCP server before gateway tool execution
api › mcp-gateway-jwks.ee.spec.ts › MCP Gateway - External IdP JWKS Authentication › should authenticate with external IdP JWT, call tools, and log external identity
api › mcp-gateway-jwt-propagation.ee.spec.ts › MCP Gateway - JWT Propagation to Upstream MCP Server › should propagate JWT to local K8s-orchestrated MCP server via streamable-http
quickstart › quickstart.spec.ts › Quickstart › first-time user can add API key and immediately chat

Skipped tests

chromium › agents.spec.ts › can create and delete an LLM proxy
chromium › agents.spec.ts › can create and delete an MCP gateway
firefox › agents.spec.ts › can create and delete an LLM proxy
firefox › agents.spec.ts › can create and delete an MCP gateway
webkit › agents.spec.ts › can create and delete an LLM proxy
webkit › agents.spec.ts › can create and delete an MCP gateway
chromium › chat-auth-required.spec.ts › Chat - Auth Required Tool › surfaces missing credentials guidance when tool call fails due to missing credentials
chromium › chat.spec.ts › Chat-UI-zhipuai › can send a message and receive a response from ZhipuAI
chromium › mcp-install.spec.ts › MCP Install › Custom remote › Bearer Token
identity-providers › identity-providers.ee.spec.ts › Identity Provider SAML E2E Flow with Keycloak › should configure SAML provider, login via SSO, update, and delete
api › mcp-enterprise-managed.ee.spec.ts › Enterprise-managed MCP credentials › installs a protected remote MCP server without a manual access token
credentials-with-vault › credentials-with-vault.ee.spec.ts › Chat API Keys with Readonly Vault › should create a team scoped chat API key with vault secret
credentials-with-vault › credentials-with-vault.ee.spec.ts › Chat API Keys with Readonly Vault › should create a personal scoped chat API key with vault secret
credentials-with-vault › credentials-with-vault.ee.spec.ts › Test self-hosted MCP server with Readonly Vault › Test self-hosted MCP server with Vault - without prompt on installation
credentials-with-vault › credentials-with-vault.ee.spec.ts › Then we configure vault for Default Team

@divineforest divineforest added run-e2e add label to run e2e tests on demand on a PR (remove and re-add the label to retrigger) and removed run-e2e add label to run e2e tests on demand on a PR (remove and re-add the label to retrigger) labels May 14, 2026
@divineforest divineforest enabled auto-merge May 14, 2026 08:24
@divineforest divineforest added this pull request to the merge queue May 14, 2026
Merged via the queue into main with commit f6c00ad May 14, 2026
51 checks passed
@divineforest divineforest deleted the fix/add-nextjs-deployment-id branch May 14, 2026 08:51
@archestra-ci archestra-ci Bot mentioned this pull request May 14, 2026
Merged
divineforest pushed a commit that referenced this pull request May 14, 2026
@archestra-ci @github-actions
chore(main): release platform 1.2.48 (#4658)
2db16df 
🤖 I have created a release *beep* *boop*
---


##
[1.2.48](platform-v1.2.47...platform-v1.2.48)
(2026-05-14)


### Features

* **frontend:** enable version skew protection via deploymentId
([#4629](#4629))
([f6c00ad](f6c00ad))


### Bug Fixes

* **auth:** don't downgrade existing member role via SSO default-role …
([#4580](#4580))
([3b02507](3b02507))
* **helm:** bound the postgres-wait init container loops
([#4657](#4657))
([03c9d88](03c9d88))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: archestra-ci[bot] <222894074+archestra-ci[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joeyorlando joeyorlando joeyorlando approved these changes

Assignees

No one assigned

Labels

run-e2e add label to run e2e tests on demand on a PR (remove and re-add the label to retrigger)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@divineforest @joeyorlando