Skip to content

feat(todo-worker): add todo worker quickstart template #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
andersonleal merged 1 commit into from
Apr 7, 2026
Merged

feat(todo-worker): add todo worker quickstart template #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ target/
.claude/
.idea/
.DS_Store
docs
docs
node_modules
8 changes: 7 additions & 1 deletion image-resize/example/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,4 +60,10 @@ workers:
logs_batch_size: ${OTEL_LOGS_BATCH_SIZE:100} # Batch size for OTLP logs export (default: 100)
logs_flush_interval_ms: ${OTEL_LOGS_FLUSH_INTERVAL_MS:5000} # Flush interval in milliseconds for OTLP logs export (default: 5000ms)
logs_sampling_ratio: ${OTEL_LOGS_SAMPLING_RATIO:1.0} # Sampling ratio for logs (0.0 to 1.0). 1.0 keeps all logs
logs_console_output: ${OTEL_LOGS_CONSOLE_OUTPUT:true} # Output SDK logs to engine console (default: true)
logs_console_output: ${OTEL_LOGS_CONSOLE_OUTPUT:true} # Output SDK logs to engine console (default: true)

- name: image-resize
image: docker.io/andersonofl/image-resize:latest
config:
III_ENGINE_URL: ws://localhost:49134
Comment on lines +67 to +68
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify how worker config is mapped (env vs args vs config payload) and whether III_ENGINE_URL is consumed.
# Expected: find schema/loader code showing supported fields for worker entries and no consumer of III_ENGINE_URL.

rg -n -C3 'III_ENGINE_URL|III_URL|--url|workers:' 
rg -n -C3 'struct .*Worker|type .*Worker|interface .*Worker|serde.*workers|yaml.*workers|image:'
rg -n -C3 'env:|args:|config:' --iglob '*.yaml' --iglob '*.yml'

Repository: iii-hq/workers

Length of output: 19067

🏁 Script executed:

#!/bin/bash
# Search for config field processing and III_ENGINE_URL consumption
rg -n 'III_ENGINE_URL' --type rust --type ts --type js
rg -n 'config.*field\|parse.*config\|worker.*config' image-resize/src/ -A3
# Check main.rs for argument/env handling
head -50 image-resize/src/main.rs

Repository: iii-hq/workers

Length of output: 1473

🏁 Script executed:

#!/bin/bash
# Search for how worker config field is processed when launching workers
rg -n 'config\[' --type rust --type ts --type js
rg -n 'worker.*config\|docker.*config\|container.*config' -B2 -A2
rg -n 'III_ENGINE_URL' -r . --type rust --type ts --type yaml
# Look for environment variable or arg passing in worker initialization
fd -e rs -e ts -e js | xargs rg -l 'env\[|process\.env\|std::env' | head -5

Repository: iii-hq/workers

Length of output: 123

🏁 Script executed:

#!/bin/bash
# Look for orchestrator/controller code that processes worker definitions
fd -type f -name '*.ts' -o -name '*.js' -o -name '*.rs' | xargs rg -l 'worker.*config|docker.*spawn|container.*launch' | head -10

# Search the entire repo for how `config:` field in yaml is parsed
rg -n 'config:' image-resize/example/config.yaml -B2 -A2

# Check if there's any code handling environment or args from config field
rg -n 'config\s*:\s*\{|config\s*:\s*\[' --type rust --type ts --type yaml

Repository: iii-hq/workers

Length of output: 1520

🏁 Script executed:

#!/bin/bash
# Search for other Docker-based workers (with 'image:' field) to see their config patterns
rg -n 'image:.*docker' -B5 -A5

# Look for any documentation or code about worker launching
fd -type f \( -name 'README*' -o -name '*.md' \) | xargs rg -l 'docker.*worker|image.*worker' 2>/dev/null

# Check if there's any reference to how config field is used for any worker type
rg -n 'config.*env|env.*config|worker.*spawn' -i

Repository: iii-hq/workers

Length of output: 1148

🏁 Script executed:

#!/bin/bash
# Check README for guidance on worker config
cat README.md | grep -A20 -B5 -i 'config\|docker\|worker'

# Look for iii.worker.yaml files to understand worker manifest format
fd -name 'iii.worker.yaml' -exec cat {} \;

# Search for any orchestrator/engine code that might process worker definitions
rg -n 'workers\|worker.*config' README.md

Repository: iii-hq/workers

Length of output: 1839

🏁 Script executed:

#!/bin/bash
# Look at worker manifest files to understand proper worker definition
find . -name 'iii.worker.yaml' -exec echo "=== {} ===" \; -exec cat {} \;

Repository: iii-hq/workers

Length of output: 603

🏁 Script executed:

#!/bin/bash
# Search for env: or args: usage in config.yaml files
rg -n 'env:|args:' image-resize/example/config.yaml todo-worker/config.yaml -B2 -A2

# Check if any worker entries in config.yaml use env: or args:
rg -n '^\s*(env:|args:|image:|config:|name:)' image-resize/example/config.yaml | head -30

Repository: iii-hq/workers

Length of output: 209

🏁 Script executed:

#!/bin/bash
# Search for any engine or launcher code that processes worker definitions
# Look for files that might handle Docker container startup
rg -n 'image.*docker\|docker.*run\|container.*spawn\|worker.*launch' -i

# Check if there are any other example config files
find . -name 'config.yaml' -o -name 'example*.yaml'

# Look for documentation about worker configuration format
find . -name '*.md' -exec rg -l 'worker.*config\|config.*worker' {} \;

Repository: iii-hq/workers

Length of output: 118

🏁 Script executed:

#!/bin/bash
# Final verification: confirm III_ENGINE_URL is truly not used by checking all references
rg -n 'III_ENGINE_URL' --type-add 'all:include,rs,ts,js,yaml,dockerfile' -t all

# Check if there's any schema or documentation about supported config fields
find . -name 'schema*' -o -name '*schema*'

Repository: iii-hq/workers

Length of output: 117

🏁 Script executed:

#!/bin/bash
# Simple final check: find all occurrences of III_ENGINE_URL
grep -r "III_ENGINE_URL" .

Repository: iii-hq/workers

Length of output: 216

Remove config: III_ENGINE_URL — the binary expects --url CLI argument or III_URL env var, not a config field.

The image-resize binary (main.rs, line 21) accepts engine URL via --url flag only; there is no code path consuming III_ENGINE_URL from a config payload. The Dockerfile correctly passes --url in CMD (line 51), but the config.yaml entry (lines 67–68) has no effect.

Compare with the working Dockerfile pattern and the binary's actual argument parsing:

  • Binary accepts: --url ws://host:port (CLI flag)
  • Dockerfile uses: CMD ["--url", "ws://host.containers.internal:49134"]
  • config.yaml uses: config: III_ENGINE_URL: ws://localhost:49134 ✗ (ignored)

Replace the config entry with the mechanism your orchestrator uses to pass environment variables or CLI arguments to the container (e.g., env: or args: if supported for Docker workers in your engine configuration schema).

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@image-resize/example/config.yaml` around lines 67 - 68, The config.yaml entry
"config: III_ENGINE_URL" is ineffective because the image-resize binary
(main.rs) only accepts the engine URL via the CLI flag "--url" or the
environment variable "III_URL"; remove the "config: III_ENGINE_URL" field and
instead supply the URL using your orchestrator's mechanism — e.g., add an env
var "III_URL" with the ws:// value or pass the CLI arg "--url ws://..."
(matching the Dockerfile CMD pattern) so the image-resize binary actually
receives the engine URL.


10 changes: 0 additions & 10 deletions image-resize/example/iii.workers.yaml
View file
Open in desktop

This file was deleted.

14 changes: 14 additions & 0 deletions registry/index.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,20 @@
}
},
"version": "0.1.2"
},
"todo-worker": {
"type": "oci",
"description": "Quickstart CRUD todo worker using the Node.js iii SDK",
"image": "docker.io/andersonofl/todo-worker",
"repo": "iii-hq/workers",
"default_config": {
"name": "todo-worker",
"config": {
"III_URL": "ws://localhost:49134"
}
},
"version": "0.1.0",
"latest": "latest"
}
}
}
17 changes: 17 additions & 0 deletions todo-worker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Stage 1: build
FROM node:22-slim AS build
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci
COPY src/ src/
COPY tsconfig.json .
RUN npx tsc

# Stage 2: runtime
FROM node:22-slim
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci --omit=dev
COPY --from=build /app/dist ./dist
ENV III_URL=ws://localhost:49134
CMD ["node", "/app/dist/index.js"]
Comment on lines +11 to +17
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Run the runtime container as a non-root user.

Line 11–17 currently execute as root, which weakens container isolation and violates baseline hardening guidance.

Suggested hardening patch 
 FROM node:22-slim
 WORKDIR /app
 COPY package.json package-lock.json ./
 RUN npm ci --omit=dev
 COPY --from=build /app/dist ./dist
+RUN chown -R node:node /app
+USER node
 ENV III_URL=ws://localhost:49134
 CMD ["node", "/app/dist/index.js"]
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@todo-worker/Dockerfile` around lines 11 - 17, The Dockerfile is running the
container as root; create and use a non-root user by adding a dedicated
unprivileged user and group, chown the WORKDIR (/app) and any copied files
(e.g., dist) to that user, and add a USER <username> line before CMD to switch
to that user; reference the Dockerfile directives WORKDIR, COPY --from=build
./dist, RUN npm ci, and CMD to locate where to add the user creation, chown, and
USER instructions so the runtime container no longer runs as root.

13 changes: 13 additions & 0 deletions todo-worker/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
.PHONY: build run dev clean

build:
docker build -t todo-worker .

run:
docker run --rm -e III_URL todo-worker

dev:
npm run dev

clean:
rm -rf dist node_modules
31 changes: 31 additions & 0 deletions todo-worker/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
workers:
- name: iii-http
config:
port: 3111
host: 127.0.0.1
default_timeout: 30000
concurrency_request_limit: 1024
cors:
allowed_origins:
- '*'
allowed_methods:
- GET
- POST
- PUT
- DELETE
- OPTIONS

- name: iii-observability
config:
enabled: ${OTEL_ENABLED:true}
service_name: ${OTEL_SERVICE_NAME:iii}
service_version: ${SERVICE_VERSION:0.1.0}
exporter: ${OTEL_EXPORTER_TYPE:memory}
endpoint: ${OTEL_EXPORTER_OTLP_ENDPOINT:http://localhost:4317}
sampling_ratio: 1.0
memory_max_spans: ${OTEL_MEMORY_MAX_SPANS:10000}
metrics_enabled: true
metrics_exporter: ${OTEL_METRICS_EXPORTER:memory}
logs_enabled: ${OTEL_LOGS_ENABLED:true}
logs_exporter: ${OTEL_LOGS_EXPORTER:memory}
logs_console_output: ${OTEL_LOGS_CONSOLE_OUTPUT:true}
18 changes: 18 additions & 0 deletions todo-worker/iii.worker.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
iii: v1
name: todo-worker
version: 0.1.0

env:
III_URL: "ws://localhost:49134"

runtime:
language: typescript
entry: src/index.ts

resources:
memory: 256
cpus: 1

scripts:
install: "npm install"
start: "npm run dev"
Loading
Loading