Skip to content

chore: bump librtmp2 to 0.4.0 (0.1.5)#82

Open
AlexanderWagnerDev wants to merge 20 commits into
mainfrom
chore/librtmp2-0.4.0
Open

chore: bump librtmp2 to 0.4.0 (0.1.5)#82
AlexanderWagnerDev wants to merge 20 commits into
mainfrom
chore/librtmp2-0.4.0

Conversation

@AlexanderWagnerDev

@AlexanderWagnerDev AlexanderWagnerDev commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Release librtmp2-server 0.1.5 with the published librtmp2 0.4.0 crate.
  • Use the registry-only crates.io dependency with the tls feature instead of the temporary Git revision pin.
  • Update Cargo.lock to the crates.io source and published checksum.
  • Update README, changelog, and agent guidance to document the registry dependency.
  • Keep the RTMP/HTTP E2E test compatible with the current librtmp2::types::Frame API.

Validation

  • Registry checksum verified against the crates.io index
  • cargo check --locked with Rust 1.95
  • Formatting
  • Clippy
  • Build
  • Unit tests
  • RTMP + HTTP E2E tests
  • HTTP API benchmarks

Summary by CodeRabbit

  • New Features

    • Added validation for publish, play, and statistics access keys, including format and minimum-length requirements.
    • Invalid or legacy short access keys are now rejected consistently across HTTP and database lookups.
  • Changed

    • Updated the project to version 0.1.5.
    • Updated protocol, architecture, maturity, and build documentation.
    • Updated the RTMP dependency to version 0.4.0 for improved reproducibility.

AlexanderWagnerDev and others added 2 commits July 14, 2026 22:06
Replace marketing-style feature claims with what is actually wired into
the live session path versus parser-only library code.
Pin librtmp2 0.4.0 via git until crates.io release, update inherited protocol docs, and fix Frame initializer in RTMP HTTP E2E test.

Co-authored-by: Cursor <cursoragent@cursor.com>
@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Changes

Release and librtmp2 integration

Layer / File(s) Summary
librtmp2 release integration
Cargo.toml, AGENTS.md, CHANGELOG.md, README.md, tests/rtmp_http_e2e.rs
The project version moves to 0.1.5, librtmp2 is pinned to git revision 0.4.0, documentation and release links are updated, and the RTMP frame test uses default fields for the expanded frame shape.

Access-key validation

Layer / File(s) Summary
Centralized access-key validation
src/keygen.rs, src/http.rs
Access-key length and character validation, padding helpers, and the shared validation message are centralized in keygen; HTTP validation delegates to them and adds coverage for valid and invalid keys.
Lookup enforcement and authorization tests
src/db.rs, src/rtmp_bridge.rs
Database lookups reject invalid keys before querying, fixtures generate normalized keys, and RTMP bridge tests use keys from inserted stream records.
Legacy-key regression coverage
src/db.rs
A regression test verifies that short publish, play, and stats keys return missing lookup results.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Sequence Diagram(s)

sequenceDiagram
  participant DbLookup
  participant keygen
  participant SQLDatabase
  DbLookup->>keygen: is_valid_access_key(key)
  keygen-->>DbLookup: valid or invalid
  DbLookup->>SQLDatabase: query valid access key
  SQLDatabase-->>DbLookup: lookup result
Loading

Possibly related PRs

Suggested reviewers: claude

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 70.37% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: bumping librtmp2 to 0.4.0 for the 0.1.5 release.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/librtmp2-0.4.0

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Replace rev pin with branch feat/ertmp-v2-multitrack-0.4.0. Document registry-only dependency after librtmp2 merge and crates.io publish.

Co-authored-by: Cursor <cursoragent@cursor.com>
Comment thread .github/workflows/apply-pr82-dependency-fix.yml Outdated
@AlexanderWagnerDev

Copy link
Copy Markdown
Contributor Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit ffc5621. Configure here.

@AlexanderWagnerDev

Copy link
Copy Markdown
Contributor Author

@coderabbitai full review

@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown
✅ Action performed

Full review finished.


Your plan includes PR reviews subject to rate limits. More reviews will be available in 40 minutes.

@qodo-code-review

qodo-code-review Bot commented Jul 15, 2026

Copy link
Copy Markdown

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 🔗 Cross-repo conflicts (0) 📜 Skill insights (0)

Context used
✅ Compliance rules (platform): 4 rules
✅ Cross-repo context
  Explored: repo: OpenRTMP/librtmp2 (sha: 99a23475)
  Explored: repo: OpenRTMP/librtmp2-server-panel (sha: 7e8efee9)

Grey Divider


Action required

1. librtmp2 uses git source ✓ Resolved 📘 Rule violation § Compliance
Description
Cargo.toml pins librtmp2 via a git rev, which is not a published crates.io-only dependency.
This violates the requirement to use a published crates.io version for librtmp2 and increases
supply-chain/audit risk.
Code

Cargo.toml[20]

+librtmp2 = { version = "0.4.0", git = "https://github.com/OpenRTMP/librtmp2", rev = "ad021f97631cd2033abaee43e711bc406ca10c17", features = ["tls"] }
Evidence
PR Compliance ID 2107461 requires librtmp2 to be a published crates.io dependency. The modified
dependency line in Cargo.toml uses a git URL and pinned revision instead of a registry-only
dependency declaration.

Rule 2107461: librtmp2 must use a published crates.io version, not a local path dependency
Cargo.toml[20-20]

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`librtmp2` is currently sourced from a git repository + pinned `rev`, but compliance requires using a published crates.io version (and not sourcing it from non-registry locations).

## Issue Context
The dependency entry includes `git = "https://github.com/OpenRTMP/librtmp2"` and `rev = "..."`, which makes builds depend on a git source rather than crates.io.

## Fix Focus Areas
- Cargo.toml[18-20]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


Grey Divider

Previous review results

Review updated until commit 870e3be

Results up to commit a76a527


🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0) 🎨 UX issues (0) 🔗 Cross-repo conflicts (0) 📜 Skill insights (0)


Action required
1. librtmp2 uses git source ✓ Resolved 📘 Rule violation § Compliance
Description
Cargo.toml pins librtmp2 via a git rev, which is not a published crates.io-only dependency.
This violates the requirement to use a published crates.io version for librtmp2 and increases
supply-chain/audit risk.
Code

Cargo.toml[20]

+librtmp2 = { version = "0.4.0", git = "https://github.com/OpenRTMP/librtmp2", rev = "ad021f97631cd2033abaee43e711bc406ca10c17", features = ["tls"] }
Evidence
PR Compliance ID 2107461 requires librtmp2 to be a published crates.io dependency. The modified
dependency line in Cargo.toml uses a git URL and pinned revision instead of a registry-only
dependency declaration.

Rule 2107461: librtmp2 must use a published crates.io version, not a local path dependency
Cargo.toml[20-20]

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`librtmp2` is currently sourced from a git repository + pinned `rev`, but compliance requires using a published crates.io version (and not sourcing it from non-registry locations).

## Issue Context
The dependency entry includes `git = "https://github.com/OpenRTMP/librtmp2"` and `rev = "..."`, which makes builds depend on a git source rather than crates.io.

## Fix Focus Areas
- Cargo.toml[18-20]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


Qodo Logo

Comment thread Cargo.toml Outdated
@qodo-code-review

Copy link
Copy Markdown

Code review by qodo was updated up to the latest commit 6914405

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/update-pr82-librtmp2.yml:
- Around line 17-21: Set persist-credentials to false in the actions/checkout
step for the “Check out PR branch” workflow step, then configure authentication
explicitly only immediately before the final push. Ensure the cargo update and
cargo check steps run without GitHub token credentials available in .git/config.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 24f36fa9-d24c-4d7c-a88c-269ffddfd130

📥 Commits

Reviewing files that changed from the base of the PR and between a76a527 and bb6180d.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (1)
  • .github/workflows/update-pr82-librtmp2.yml

Comment thread .github/workflows/update-pr82-librtmp2.yml Outdated
@cursor

cursor Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_43466939-3be0-4a25-b99b-21659de9a7a8)

@qodo-code-review

Copy link
Copy Markdown

Code review by qodo was updated up to the latest commit 7ce4f51

@qodo-code-review

Copy link
Copy Markdown

Code review by qodo was updated up to the latest commit 870e3be

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant