chore(rivetkit): enforce limits on fs driver kv api to match engine (#4273)

NathanFlurry · web-flow · commit 6aa383368893 · 2026-02-23T21:01:51.000-08:00
diff --git a/engine/packages/pegboard/src/actor_kv/mod.rs b/engine/packages/pegboard/src/actor_kv/mod.rs
@@ -13,6 +13,9 @@ mod entry;
 mod utils;
 
 const VERSION: &str = env!("CARGO_PKG_VERSION");
+
+// Keep the KV validation limits below in sync with
+// rivetkit-typescript/packages/rivetkit/src/drivers/file-system/kv-limits.ts.
 const MAX_KEY_SIZE: usize = 2 * 1024;
 const MAX_VALUE_SIZE: usize = 128 * 1024;
 const MAX_KEYS: usize = 128;
diff --git a/engine/packages/pegboard/src/actor_kv/utils.rs b/engine/packages/pegboard/src/actor_kv/utils.rs
@@ -83,7 +83,8 @@ pub fn validate_entries(
 	for value in values {
 		ensure!(
 			value.len() <= MAX_VALUE_SIZE,
-			"value is too large (max 128 KiB)"
+			"value is too large (max {} KiB)",
+			MAX_VALUE_SIZE / 1024
 		);
 	}
 
diff --git a/rivetkit-typescript/packages/rivetkit/src/drivers/file-system/global-state.ts b/rivetkit-typescript/packages/rivetkit/src/drivers/file-system/global-state.ts
@@ -37,6 +37,12 @@ import {
 	type SqliteRuntime,
 	type SqliteRuntimeDatabase,
 } from "./sqlite-runtime";
+import {
+	estimateKvSize,
+	validateKvEntries,
+	validateKvKey,
+	validateKvKeys,
+} from "./kv-limits";
 
 // Actor handler to track running instances
 
@@ -1322,7 +1328,10 @@ export class FileSystemGlobalState {
 				}
 				throw new Error(`Actor ${actorId} state not loaded`);
 			}
+
 			const db = this.#getOrCreateActorKvDatabase(actorId);
+			const totalSize = estimateKvSize(db);
+			validateKvEntries(entries, totalSize);
 			this.#putKvEntriesInDb(db, entries);
 		});
 	}
@@ -1344,6 +1353,8 @@ export class FileSystemGlobalState {
 			}
 		}
 
+		validateKvKeys(keys);
+
 		const db = this.#getOrCreateActorKvDatabase(actorId);
 		const results: (Uint8Array | null)[] = [];
 		for (const key of keys) {
@@ -1372,9 +1383,11 @@ export class FileSystemGlobalState {
 				}
 				throw new Error(`Actor ${actorId} state not loaded`);
 			}
+
 			if (keys.length === 0) {
 				return;
 			}
+			validateKvKeys(keys);
 
 			const db = this.#getOrCreateActorKvDatabase(actorId);
 			db.exec("BEGIN");
@@ -1410,6 +1423,7 @@ export class FileSystemGlobalState {
 				throw new Error(`Actor ${actorId} state not loaded`);
 			}
 		}
+		validateKvKey(prefix, "prefix key");
 
 		const db = this.#getOrCreateActorKvDatabase(actorId);
 		const upperBound = computePrefixUpperBound(prefix);
diff --git a/rivetkit-typescript/packages/rivetkit/src/drivers/file-system/kv-limits.ts b/rivetkit-typescript/packages/rivetkit/src/drivers/file-system/kv-limits.ts
@@ -0,0 +1,70 @@
+import type { SqliteRuntimeDatabase } from "./sqlite-runtime";
+
+// Keep these limits in sync with engine/packages/pegboard/src/actor_kv/mod.rs.
+const KV_MAX_KEY_SIZE = 2 * 1024;
+const KV_MAX_VALUE_SIZE = 128 * 1024;
+const KV_MAX_KEYS = 128;
+const KV_MAX_PUT_PAYLOAD_SIZE = 976 * 1024;
+const KV_MAX_STORAGE_SIZE = 1024 * 1024 * 1024;
+const KV_KEY_WRAPPER_OVERHEAD_SIZE = 2;
+
+export function estimateKvSize(db: SqliteRuntimeDatabase): number {
+	const row = db.get<{ total: number | bigint | null }>(
+		"SELECT COALESCE(SUM(LENGTH(key) + LENGTH(value)), 0) AS total FROM kv",
+	);
+	return row ? Number(row.total ?? 0) : 0;
+}
+
+export function validateKvKey(
+	key: Uint8Array,
+	keyLabel: "key" | "prefix key" = "key",
+): void {
+	if (key.byteLength + KV_KEY_WRAPPER_OVERHEAD_SIZE > KV_MAX_KEY_SIZE) {
+		throw new Error(`${keyLabel} is too long (max 2048 bytes)`);
+	}
+}
+
+export function validateKvKeys(keys: Uint8Array[]): void {
+	if (keys.length > KV_MAX_KEYS) {
+		throw new Error("a maximum of 128 keys is allowed");
+	}
+
+	for (const key of keys) {
+		validateKvKey(key);
+	}
+}
+
+export function validateKvEntries(
+	entries: [Uint8Array, Uint8Array][],
+	totalSize: number,
+): void {
+	if (entries.length > KV_MAX_KEYS) {
+		throw new Error("A maximum of 128 key-value entries is allowed");
+	}
+
+	let payloadSize = 0;
+	for (const [key, value] of entries) {
+		payloadSize +=
+			key.byteLength + KV_KEY_WRAPPER_OVERHEAD_SIZE + value.byteLength;
+	}
+
+	if (payloadSize > KV_MAX_PUT_PAYLOAD_SIZE) {
+		throw new Error("total payload is too large (max 976 KiB)");
+	}
+
+	const storageRemaining = Math.max(0, KV_MAX_STORAGE_SIZE - totalSize);
+	if (payloadSize > storageRemaining) {
+		throw new Error(
+			`not enough space left in storage (${storageRemaining} bytes remaining, current payload is ${payloadSize} bytes)`,
+		);
+	}
+
+	for (const [key, value] of entries) {
+		validateKvKey(key);
+		if (value.byteLength > KV_MAX_VALUE_SIZE) {
+			throw new Error(
+				`value is too large (max ${KV_MAX_VALUE_SIZE / 1024} KiB)`,
+			);
+		}
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,8 @@ pub fn validate_entries(`
`83`	`83`	`for value in values {`
`84`	`84`	`ensure!(`
`85`	`85`	`value.len() <= MAX_VALUE_SIZE,`
`86`		`- "value is too large (max 128 KiB)"`
	`86`	`+ "value is too large (max {} KiB)",`
	`87`	`+ MAX_VALUE_SIZE / 1024`
`87`	`88`	`);`
`88`	`89`	`}`
`89`	`90`
Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,12 @@ import {`
`37`	`37`	`type SqliteRuntime,`
`38`	`38`	`type SqliteRuntimeDatabase,`
`39`	`39`	`} from "./sqlite-runtime";`
	`40`	`+import {`
	`41`	`+ estimateKvSize,`
	`42`	`+ validateKvEntries,`
	`43`	`+ validateKvKey,`
	`44`	`+ validateKvKeys,`
	`45`	`+} from "./kv-limits";`
`40`	`46`
`41`	`47`	`// Actor handler to track running instances`
`42`	`48`
`@@ -1322,7 +1328,10 @@ export class FileSystemGlobalState {`
`1322`	`1328`	`}`
`1323`	`1329`	throw new Error(`Actor ${actorId} state not loaded`);
`1324`	`1330`	`}`
	`1331`	`+`
`1325`	`1332`	`const db = this.#getOrCreateActorKvDatabase(actorId);`
	`1333`	`+ const totalSize = estimateKvSize(db);`
	`1334`	`+ validateKvEntries(entries, totalSize);`
`1326`	`1335`	`this.#putKvEntriesInDb(db, entries);`
`1327`	`1336`	`});`
`1328`	`1337`	`}`
`@@ -1344,6 +1353,8 @@ export class FileSystemGlobalState {`
`1344`	`1353`	`}`
`1345`	`1354`	`}`
`1346`	`1355`
	`1356`	`+ validateKvKeys(keys);`
	`1357`	`+`
`1347`	`1358`	`const db = this.#getOrCreateActorKvDatabase(actorId);`
`1348`	`1359`	`const results: (Uint8Array \| null)[] = [];`
`1349`	`1360`	`for (const key of keys) {`
`@@ -1372,9 +1383,11 @@ export class FileSystemGlobalState {`
`1372`	`1383`	`}`
`1373`	`1384`	throw new Error(`Actor ${actorId} state not loaded`);
`1374`	`1385`	`}`
	`1386`	`+`
`1375`	`1387`	`if (keys.length === 0) {`
`1376`	`1388`	`return;`
`1377`	`1389`	`}`
	`1390`	`+ validateKvKeys(keys);`
`1378`	`1391`
`1379`	`1392`	`const db = this.#getOrCreateActorKvDatabase(actorId);`
`1380`	`1393`	`db.exec("BEGIN");`
`@@ -1410,6 +1423,7 @@ export class FileSystemGlobalState {`
`1410`	`1423`	throw new Error(`Actor ${actorId} state not loaded`);
`1411`	`1424`	`}`
`1412`	`1425`	`}`
	`1426`	`+ validateKvKey(prefix, "prefix key");`
`1413`	`1427`
`1414`	`1428`	`const db = this.#getOrCreateActorKvDatabase(actorId);`
`1415`	`1429`	`const upperBound = computePrefixUpperBound(prefix);`