March 2026
22 active days · 405 commits · 22 PRs · 15 issues · 17 replies
Effort
avg 6Commits
405Daily Log
Rusty opened two complementary PRs addressing a fundamental limitation in DuckDB: the inability to interleave streaming SELECT queries with DML operations (UPDATE, INSERT, DELETE) within the same transaction.
On duckdb-python, PR #397 introduces a new subcursor() method that enables this pattern at the Python API level. The subcursor shares the parent connection and transaction context, allowing multiple independent streaming operations to coexist. Importantly, subcursors are restricted from managing transactions themselves — attempting to call begin, commit, or rollback on a subcursor will raise an error, ensuring transaction coherence.
In parallel, the core duckdb repository received PR #21569, which implements Suspended Query Contexts at the engine level. This feature removes the hard constraint that previously destroyed in-progress streaming scans whenever any new statement executed on a connection. The PR description illustrates the motivation: a common pattern of streaming rows from a large table, processing them, and updating a separate tracking table — all within a single transaction.
Together, these changes represent significant progress on query interleaving, a long-standing request in the DuckDB community. The paired PRs suggest careful coordination between the C++ query engine and Python bindings to deliver a cohesive feature.
Rusty spent the day coordinating a synchronized v0.6.0 release across the vgi-rpc ecosystem while addressing critical bugs upstream in DuckDB.
Work on vgi-rpc-go included fixing staticcheck warnings by removing a deprecated Record() call and cleaning up an unused medianDuration variable. He also implemented a GCS (Google Cloud Storage) backend for external storage, expanding the supported storage options for the Go implementation.
The vgi-rpc-typescript implementation received the most activity. Beyond the v0.6.0 version bump, Rusty added both GCS and S3 storage backends for external storage capabilities. He also fixed smoke and HTTP conformance tests that were failing due to URL path changes (removing the /vgi prefix to match the new default configuration).
Website updates in vgi-rpc-website reflected the v0.6.0 release cycle—the feature matrix and language cards were refreshed, and test count references were removed from the Go language card description.
Version bumps in vgi-rpc-python brought the implementation in line with the synchronized 0.6.0 release, along with a separate 0.1.28 patch and uv.lock updates for v0.1.27 dependencies.
Upstream in the DuckDB community, Rusty identified and opened PR #21541 to fix a critical bug where DELETE RETURNING silently returned empty results for rows inserted in the same explicit transaction. The root cause was that table.Fetch() only reads from committed row groups, missing rows in transaction-local storage. He also opened issue #21540 to track the DELETE RETURNING behavior and issue #21538 to propose RETURNING projection pushdown optimizations for external catalog write operators—both representing important performance and correctness improvements for DuckDB.
A productive day spanning multiple VGI RPC implementations and upstream contributions. Work centered on standardizing cross-language behavior, adding observability instrumentation, and enhancing external storage support.
VGI RPC Go (vgi-rpc-go) saw significant expansion with 10 commits addressing core protocol features. The describe schema was upgraded from v2 to v3, aligning with language-agnostic specifications. External storage support received major attention: SHA-256 checksums were added to pointer batches, compression and round-trip tests were implemented, and the feature was wired throughout the server dispatch pipeline and input resolution paths. Additionally, an --otel-export flag was added to the conformance worker for cross-implementation testing, and the default HTTP prefix was changed from /vgi to an empty string to match the Python client.
VGI RPC TypeScript (vgi-rpc-typescript) tracked closely with 11 commits implementing parity features. The schema upgrade to v3 was completed, and external storage support was fully integrated with SHA-256 checksums across HTTP client resolution paths and all server dispatch routes. OpenTelemetry instrumentation was added via dispatch hooks, with support for the VGI_OTEL_FILE environment variable in the conformance worker. Several UI improvements rounded out the work: HTML landing page, describe page, and 404 page were implemented, and error propagation to dispatch hooks was fixed in the HTTP handler.
VGI RPC Python (vgi-rpc-python) received 3 commits implementing SHA-256 checksum support for external storage pointer batches, with corresponding test coverage added to both unit tests and the HTTP conformance suite.
Upstream contributions included opening PR #1558 on community-extensions to update the hashfuncs extension to its latest commits, and filing issue #21533 on duckdb requesting the addition of OPTIONS to the HTTPUtil RequestType enum. Rusty also responded to a community request on httpclient regarding v1.5.0 compilation support. A demo video was initialized in lindel_video to showcase the lindel extension.
Private repository activity included 10 commits across 3 repositories.
Rusty wrapped up work on the xxh3_128_hex() feature, merging PR #4 on hashfuncs and updating documentation to reflect the new function that returns a canonical hex VARCHAR representation. He also bumped the version of hashfuncs in community-extensions to keep the extension catalog in sync.
On the DuckDB side, Rusty engaged in community stewardship across two projects. He reviewed and provided feedback on PR #21502 in duckdb regarding profiler and progress bar interactions, and chimed in on PR #1554 in community-extensions to discuss updates needed for the http_client extension with v1.15.0 compatibility.
Beyond the public repositories, Rusty made progress across 4 private projects with 6 commits, indicating parallel work on internal initiatives.
A productive day of dependency management, feature additions, and community support across the Query-farm ecosystem and DuckDB extensions.
DuckDB Community Extensions
Rusty submitted three PRs to keep extensions in sync with their latest upstream work. PR #1557 and #1555 both update httpclient to incorporate recent commits, while PR #1556 brings inflector to its latest version. These version bumps ensure the community extension versions stay current with active development.
HTTP Client Library
In httpclient, Rusty fixed a test suite issue by replacing references to the deprecated httpbingo.org service with httpbin.org, ensuring tests remain reliable. He also updated submodules to pull in the latest dependencies.
RPC Libraries
Both vgi-rpc-typescript and vgi-rpc-python received significant updates. A key change across both libraries involved shifting the default HTTP prefix from "/vgi" to "" (root), simplifying the API surface. The TypeScript implementation gained support for client-side device code OAuth fields and signing algorithm configuration, along with an authentication example. In vgi-rpc-python, lint and format issues were resolved, with a new guideline added to CLAUDE.md emphasizing reformatting before pushing. The Python version was bumped to 0.1.27.
Inflector Extension
The inflector extension received two notable improvements. A Linux ARM64 build issue was resolved by adding a missing expression_executor include. More notably, he implemented a new strip_accents option for the inflect() function, enabling users to remove diacritical marks from text—addressing community interest in the feature as evidenced by a comment reply on issue #4.
Community Engagement
Rusty provided support across multiple repos: clarifying the release status for httpserver (issue #50), explaining the architectural differences between his lindel spatial indexing implementation and ST_Hilbert, and responding to the diacritics removal inquiry on inflector that directly motivated the new feature.
Private Work
Additional development activity across 6 private repositories totaled 17 commits.
Rusty spent the day working on the vgi-rpc-website repository, making 26 commits focused on refining the capabilities data handling. The key change involved removing automated capability matrix overwriting and fixing the capabilities data structure, which suggests he was resolving conflicts or inconsistencies in how capability information is stored and managed on the site.
Beyond the public work, he also made 25 commits to a private repository, indicating parallel development efforts that warrant continued attention.
Rusty worked on deployment configuration handling in superfly/flyctl today, addressing how image configurations are substituted during the deploy process. The commit message indicates he resolved an issue where image config references using "." notation needed to be properly mapped to the actual build image, likely improving the consistency and reliability of deployments when using relative image path syntax.
Beyond the primary work on flyctl, he also made progress across 2 private repositories with 3 commits, suggesting concurrent development on internal or proprietary tools.
Rusty spent the day working across multiple codebases, with activity primarily focused on the vgi-rpc-python repository and several private projects.
In vgi-rpc-python, he merged a dependabot update for Black 26.3.1, keeping the project's code formatting tooling current. This maintenance work ensures the codebase continues to benefit from the latest improvements in Python code style enforcement.
Beyond the public activity, Rusty made commits across four private repositories, suggesting ongoing work on internal projects or experimental features. The mix of public maintenance and private development indicates a balanced day of both open-source stewardship and internal iteration.
duckdb/community-extensions
Rusty addressed a workflow automation issue affecting pull request builds. The case() expression in build.yml that determines the COMMUNITY_EXTENSION_VCPKG_COMMIT was referencing inputs.duckdb_version directly, a workflow_dispatch input that remains empty during pull_request triggers. This caused version-specific conditions (like inputs.duckdb_version == 'v1.5.0') to always evaluate false on PRs. He opened PR #1513 to add a fallback mechanism, ensuring the workflow behaves correctly regardless of trigger type. This work was tracked alongside issue #1512, which documents the root cause for future reference.
In addition, Rusty updated the adbc_scanner extension to pull in the latest commits via PR #1511, keeping the community extension current with upstream changes.
Query-farm/adbc_scanner
Work on the adbc_scanner repository focused on build stability and compatibility. A Windows CI fix was applied to resolve platform-specific build issues. Further refinement addressed build warnings and corrected syntax—specifically an extraneous parenthesis—introduced during a DuckDB 1.5.0 upgrade. These fixes ensure the scanner builds cleanly across platforms and remains compatible with the latest DuckDB release.
Private repositories
Additional work spanned three private repositories with a total of 5 commits, details of which are not publicly visible.
## VGI Container Infrastructure
Work on the vgi-entrypoint and vgi-injector repositories focused on improving container configuration handling and developer experience. The vgi-entrypoint project received updates to support WorkingDir and Env directives sourced from image configuration, enabling more flexible container setup. Additionally, he pinned Node.js 24 in GitHub Actions to ensure consistent CI/CD behavior. Over in vgi-injector, a small but intentional change normalized the log prefix casing from VGI-Injector to vgi-injector for consistency.
## Arrow.js and DuckDB Ecosystem
Rusty contributed an upstream fix to apache/arrow-js (PR #404) addressing a bug where Struct makeData calls were missing explicit length parameters—a type safety improvement that prevents silent data construction errors. This reflects continued engagement with the broader Arrow ecosystem.
## Fly.io CLI Enhancement
Work on superfly/flyctl tackled a deployment configuration gap. Rusty opened PR #4772, which extends the updateContainerImage() function to properly substitute image_config references of "." (representing the build image) during deployment. The change applies to both top-level machine file configurations and per-container file references, closing issue #4771 and aligning behavior with existing conventions for container image substitution.
## DuckDB Investigation and Reporting
Three new issues were opened against DuckDB projects, indicating investigation into feature gaps and expected behaviors:
duckdb-web: Issue #6590 flagged unexpected behavior with Python replacement scans when using plain Python objectsduckdb: Issue #21342 identified missing support for the COMPRESS option when passed toduckdb.connect()for in-memory databasesduckdb-web: Issue #6588 raised questions about in-memory database checkpoint behavior
## Private Work
Significant activity continued across private repositories with 19 commits distributed across 3 projects.
Rusty spent the day maintaining and upgrading several repositories, with a focus on dependency updates and CI/CD improvements across the Query-farm ecosystem and DuckDB community extensions.
Work on vgi-entrypoint and vgi-injector centered on modernizing CI pipelines. Both repositories received updates to GitHub Actions versions and the removal of ARM64 builds to streamline the build matrix. Additionally, vgi-injector now uploads UPX binaries as part of its release process, improving distribution options for the compiled binaries.
The a5 crate was upgraded to v0.7.1 in its primary repository, with corresponding version bumps propagated to duckdb/community-extensions. This update cascaded into PR #1493, which brings the DuckDB community extensions version of a5 in line with the latest commits. Similarly, PR #1492 was opened to update the airport extension to its latest commits, maintaining parity across the ecosystem.
Rusty provided community support on the airport repository, responding to issue #46 regarding git tag setup for DuckDB 1.5.0 and reviewing PR #45 which addresses Arrow status compatibility at version 144.
An issue was opened on nktrchk/tiny-parquet requesting zstd support, signaling interest in compression enhancements for the Parquet library.
Beyond public repositories, significant activity occurred across 4 private repositories with 24 commits, indicating ongoing parallel development efforts.
A productive day across multiple repositories with a focus on dependency updates and new feature development.
Work on a5 included a significant upgrade to v0.7.0 along with the addition of 7 new functions to the crate. This substantial update represents meaningful expansion of the library's capabilities.
Over in community-extensions, Rusty opened two PRs to keep DuckDB community extensions current. PR #1482 updates the adbc_scanner to the latest commits, while PR #1481 brings the a5 extension in line with the newest version of the upstream crate. A corresponding version bump commit ensures the extension's metadata stays synchronized with the dependency changes.
A new project, tomographic-digest, was initialized with its first commit. The details of this effort remain to be seen as development progresses.
Beyond the public repositories, significant activity across 4 private codebases accumulated 24 commits, suggesting parallel efforts on internal projects or experimental work.
A productive day spanning multiple projects within the Query-farm ecosystem and DuckDB community involvement.
vgi-entrypoint received significant attention with the initial release infrastructure coming together. Rusty established version 0.3.0, added comprehensive documentation including a new CLAUDE.md context file for AI assistants, and expanded the README with architecture diagrams, capability sets, and reference materials. Environmental variable naming was standardized by renaming the VGI_ prefix to VGI_ENTRYPOINT_ for clarity. Core functionality additions included logging, debug mode toggling, and version reporting.
vgi-injector saw a focused change to restrict R2 object storage uploads to release tags only, tightening the deployment pipeline. Meanwhile, vgi-rpc-python received UI polish—the 401 Unauthorized and 404 error pages were restyled to match the landing page design language, and a patch bump to 0.1.26 was released.
Rusty also engaged in DuckDB community stewardship, providing feedback on two significant discussion points: a reply to PR #21197 regarding extensibility of dot commands in the DuckDB CLI, and a response to issue #589 in duckdb-spatial about registering GeoArrow extensions by default. This active participation in upstream projects reflects ongoing collaboration with the broader data ecosystem.
Private repository work accounted for 19 commits across a separate project.
Rusty brought VGI Injector to life today — a minimal HTTPS download-and-execute binary written in Zig, now published in the vgi-injector repository. The work spans tooling, deployment, and documentation maturity.
The foundation includes a complete build and distribution pipeline. Multi-architecture builds are now supported, with version embedding baked into binaries and download validation ensuring integrity. Artifacts are published to R2 with versioned paths under an injector/ prefix and a latest alias for convenient access. A CA bundle automation system replaces manual certificate management — the bundle is no longer tracked in source control, reducing maintenance friction.
CI/CD improvements addressed practical deployment concerns: build attestations were removed from the workflow, a chmod +x fix resolved UPX compression ordering, and .gitignore was added to exclude wrangler state and build artifacts.
Documentation and licensing round out the release. A "Why Zig?" section was added to the README with language size comparisons, helping readers understand the choice of implementation language. The project now carries Apache 2.0 license headers across all source files, establishing clear legal footing.
Additionally, Rusty made 2 commits to a private repository, keeping internal work in stride.
OpenTelemetry instrumentation and HTTP optimization work across multiple DuckDB ecosystem projects.
Over on vgi-rpc-python, Rusty added OTel (OpenTelemetry) spans for external data upload and fetch operations, along with a fix for input statistics tracking. This improves observability for RPC-based data transfers.
The focus shifted to the DuckDB community extensions and HTTP ecosystem. On community-extensions, Rusty opened PR #1447 to update adbc_scanner to the latest upstream commits, keeping that extension current with ongoing development.
On duckdb-httpfs, he identified and addressed a bandwidth optimization opportunity. PR #278 enables CURL response decompression by changing CURLOPT_ACCEPT_ENCODING from NULL to "", which allows CURL to advertise and automatically decompress all supported compression encodings (gzip, deflate, br, zstd). This reduces bandwidth usage for HTTP transfers without any behavioral changes for callers—fixes issue #277. He also provided feedback on PR #263 discussing the CURLOPT_ACCEPT_ENCODING configuration.
On the adbc_scanner front, Rusty replied to issue #5 regarding float/double value corruption and string WHERE filter failures when querying external ADBC drivers, offering community support for that ongoing investigation.
Rusty spent the day advancing OAuth and authentication capabilities across the vgi-rpc language bindings. The work centered on standardizing and expanding security features across three language implementations.
In vgi-rpc-go, he added support for use_id_token_as_bearer to OAuth resource metadata and introduced client_secret and device_code fields alongside multi-audience JWT support. These changes align the Go implementation with broader authentication patterns across the project.
vgi-rpc-typescript received parallel updates: clientSecret and useIdTokenAsBearer were added to OAuth metadata, and device code OAuth fields were introduced along with multi-audience JWT and mTLS authentication capabilities. This ensures feature parity with the Go implementation.
The vgi-rpc-python implementation saw the most activity across six commits. Rusty bumped the version from 0.1.22 through 0.1.25, addressing multiple feature areas:
- Multiple JWT audiences in the jwt_authenticate function (v0.1.23)
- Custom X-VGI encoding headers for zstd compression support (v0.1.25)
- Device code OAuth fields for device authorization flow (v0.1.22)
- Enhanced OTel and Sentry auth observability for better debugging
- Improved OAuth diagnostics (v0.1.24)
- Code quality fixes including removal of unused type ignore comments and import ordering (E402 compliance)
The overall pattern reflects a systematic push to standardize OAuth 2.0 device flow, multi-audience JWT handling, and authentication observability across the vgi-rpc suite.
Rusty spent the day advancing authentication and security across the VGI RPC ecosystem, with particular focus on standardizing OAuth and mutual TLS support across multiple language implementations.
In vgi-rpc-go, he added comprehensive authentication capabilities including optional HTTP authentication via AuthenticateFunc callbacks, RFC 9728 OAuth Protected Resource Metadata support with JWT helpers, bearer token authentication, and mutual TLS helpers for proxy-terminated connections. These changes establish a foundation for secure client-server communication across the VGI RPC protocol.
The TypeScript implementation in vgi-rpc-typescript received parallel updates. He implemented authentication and OAuth discovery following RFC 9728, added bearer token and chain authenticate combinators, and fixed an exchange hang that occurred with incompatible column names in the pipe transport. Version 0.4.0 was released with these improvements.
Similarly, vgi-rpc-python received a comprehensive authentication overhaul with bearer token support, mTLS authentication, and chain authenticate combinator functionality. The OAuth Resource Metadata implementation gained use_id_token_as_bearer, client_id, and client_secret fields. Multiple version bumps (0.1.17 through 0.1.21) reflect incremental improvements including build provenance attestations and cache optimization (reducing max-age to 60s). Test formatting and import sorting cleanup were also applied.
On adbc_scanner, he merged PR #8 addressing projection ID handling in ADBC scans to prevent crashes on filtered queries, and provided feedback on the fix.
Contributing to the broader Apache Arrow ecosystem, Rusty opened a fix on apache/arrow-js (PR #402) to preserve numRows for zero-column RecordBatches in IPC serialization.
On the DuckDB side, he opened two significant PRs: PR #21201 on duckdb/duckdb proposing a minimal, shell-only approach for allowing extensions to register dot commands (as an alternative to carlopi's extensible dot commands work), and PR #1440 and #1439 on duckdb/community-extensions to update the adbc_scanner and a5 extensions to their latest commits.
A productive day across the vgi-rpc ecosystem and open-source contributions, with 61 commits across public repositories plus significant private work.
vgi-rpc-go received substantial improvements: producer batch limiting and state rehydration were added for better resource management, while two new conformance methods (exchange_zero_columns and exchange_cast_compatible) were implemented to validate schema compatibility. The CI pipeline was also updated to rely on PyPI's vgi-rpc package instead of local checkpoints, reducing coupling and improving reproducibility.
vgi-rpc-typescript saw the most activity with 18 commits focused on stability and conformance. Version bumps progressed from 0.3.2 through 0.3.4, incorporating cast-compatible exchange conformance tests, fixes for FixedSizeList empty data handling, and biome linter/formatter integration for code quality. The package now pulls Apache Arrow from npm's @query-farm/apache-arrow and uses PyPI releases in CI for better dependency isolation.
vgi-rpc-python was updated across 10 commits with version progression to 0.1.16. Key additions include moving the conformance pytest suite into the package for cross-language testing, a --describe flag for introspection, zero-column and cast-compatible exchange tests, and a significant new feature: RFC 9728 OAuth discovery support with JWT authentication. Windows CI logging warnings during interpreter shutdown were also resolved.
vgi-rpc-website received a documentation refresh with a new "Three Files, That's It" example section and cleaned-up Python code samples to improve onboarding.
Rusty also opened two PRs and two issues on apache/arrow-js in pursuit of zero-column RecordBatch correctness. PR #404 ensures Struct makeData preserves batch row counts by passing explicit length parameters, while PR #402 addresses a bug where zero-column RecordBatches lose their numRows during IPC deserialization. Issues #403 and #401 document these edge cases for community visibility. This work reflects ongoing stewardship of the Arrow JavaScript ecosystem.
Private repositories received 26 commits across 4 repos, suggesting parallel work on related infrastructure or internal tooling.
A productive day spanning multiple projects across the DuckDB ecosystem and broader open-source initiatives.
duckdb-httpfs received a bugfix where the CURL client's Post() method was not properly tracking received bytes. Rusty identified that while the Get() method updated state->total_bytes_received, the Post() implementation was missing this instrumentation, causing HTTPFS profiling to report in: 0 bytes for POST-only workloads. He opened issue #271 documenting the problem and followed with PR #272 that adds the same byte-tracking pattern already present in Get() to the Post() method, aligning it with the HTTPLib client's behavior.
vgi-rpc-typescript saw significant activity focused on publishing and package management. He bumped the version to v0.2.0, set up an npm publish workflow with OIDC trusted publishing support (requiring an npm upgrade), and added repository metadata fields (repository and homepage in package.json) for npm provenance. The README received polish with corrected links, package name references, and the addition of the VGI logo. Several dependency updates were merged from Dependabot, and cross-runtime smoke tests were added alongside CLA bot configuration.
vgi-rpc-python focused on stream batching improvements and test maintenance. A new max_stream_response_time parameter was added to enable time-based stream batching, the package was bumped to v0.1.9, and test_cli.py was reformatted with ruff while pruning redundant tests without impacting coverage.
Community engagement included thoughtful replies on arrow-adbc regarding GetInfo codes for driver features (PR #4012) and on duckdb-iceberg addressing both write support (issue #37) and Iceberg REST Catalog support (issue #16).
Private repositories received 11 commits across 3 projects, showing continued work on internal initiatives.
Work on vgi-rpc-python focused on HTTP server improvements and deployment compatibility. The package was bumped to version 0.1.8, and Rusty added an --http mode to run_server() along with a new serve_http() convenience function for easier HTTP serving.
Two fixes addressed production concerns: a stream error fix for Cloudflare Workers environments by properly draining unconsumed request bodies, and HTTP header improvements including cache-control headers on GET pages and relocating the powered-by attribution to the page footer.
Beyond the public work, Rusty also made 10 commits across 4 private repositories, indicating parallel development efforts on other projects.