🚅 Deployed to the rivet-pr-4702 environment in rivet-frontend

Service	Status	Web	Updated (UTC)
kitchen-sink	❌ Build Failed (View Logs)	Web	Apr 24, 2026 at 12:32 pm
website	😴 Sleeping (View Logs)	Web	Apr 23, 2026 at 3:00 pm
frontend-cloud	❌ Build Failed (View Logs)	Web	Apr 23, 2026 at 9:55 am
ladle	✅ Success (View Logs)	Web	Apr 23, 2026 at 9:55 am
frontend-inspector	❌ Build Failed (View Logs)	Web	Apr 23, 2026 at 9:54 am
mcp-hub	✅ Success (View Logs)	Web	Apr 23, 2026 at 3:55 am

• fix(rivetkit-core): gate startup until runtime is ready #4736 : 2 dependent PRs (#4737 , #4739 )
• fix(rivetkit-sqlite): preserve text with embedded nul bytes #4735
• chore(rivetkit): add child spans for logging #4734
• fix(rivetkit-core): orphan engine process and detect crashes #4733
• fix(rivetkit-core): return None for empty inspector state to avoid frontend CBOR decode error #4732
• fix(rivetkit-core): don't install tokio::signal::ctrl_c() handler inside serve_with_config #4731
• refactor(rivetkit-core): use subtle::ConstantTimeEq for inspector token verify #4730
• fix(rivetkit): drop is_read_only_sql classifier, surface RETURNING rows #4728
• docs: require close-code rejection for websocket auth/policy failures #4727
• fix(rivetkit): inspector reports actual config state + real queue messages #4726
• fix(rivetkit-napi): plumb ctx through serializeState TSF and stop panicking on runtime_state Ref drop #4725
• chore(rivetkit): remove legacy metrics & prometheus auth #4724
• chore(rivetkit): remove legacy metrics #4723
• chore(rivetkit): impl inspector token #4722
• chore: disable auth on serverless #4721
• chore: fix cors for envoys #4720
• chore: fix serverless in rivetkit-core #4719
• chore(rivetkit): impl follow up review #4711
• chore: rivetkit core/napi/typescript follow up review #4702 👈 (View in Graphite)
• chore: fix remaining issues with rivetkit-core #4701
• chore: sqlite v1 to v2 data migration #4692 : 1 other dependent PR (#4640 )
• chore: move rivetkit to task model #4680
• chore: rivetkit to rust #4679
• feat(rivetkit): sqlite vfs v2 #4673
• chore: rename sandbox -> kitchen sink #4671 : 1 other dependent PR (#4672 )
• chore: configure TLS trust roots for rustls clients #4667
• fix(rivetkit): update config to match envoys & remove manager references #4663
• chore(publish): pin docker base image refs #4652
• chore(engine): publish engine bases in ci #4649 : 2 other dependent PRs (#4650 , #4666 )
• chore: lockfile lefthook #4647
• fix(rivetkit): surface native sqlite kv errors to callers #4645
• fix(rivetkit): prevent sleep races during disconnect and db work #4644
• fix(rivetkit): isolate engine envoys and propagate startup failures #4643
• test(rivetkit): remove wasm sqlite-only fixtures and coverage #4642
• chore(sqlite-vfs): remove wasm sqlite packages and workspace wiring #4641
• chore(rivetkit): remove wasm sqlite runtime #4614
• fix(sqlite-native): restore native startup kv preload #4639
• fix(sqlite-native): delete metadata before chunk range #4638
• fix(sqlite-native): keep truncate cache coherent #4637
• fix(sqlite-vfs): use delete range for truncate cleanup #4636
• fix(sqlite-native): restore kv error hook #4635
• perf(sqlite-native): avoid cloning cached read chunks #4634
• perf(sqlite-native): gate kv operation labels #4633
• perf(sqlite-native): reuse read cache for partial writes #4632
• perf(sqlite-native): remove delete file existence probe #4631
• fix(sqlite-native): gate native read cache behind env var #4630
• fix(pegboard): isolate runner config dc lookup failures #4625 : 1 other dependent PR (#4626 )
• docs(pegboard): note runner config upsert split write risk #4624
• fix(pegboard): unpack global runner config keys correctly #4623
• fix(pegboard-gateway): enforce tunnel message state #4622
• fix(pegboard-runner): clear terminal tunnel routes #4621
• fix(pegboard): skip protocol version keys in runner pool backfill #4620
• fix(pegboard): create missing normal runner configs #4619
• fix(epoxy): reuse cached optimistic value #4618
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

PR 4702 Code Review — Adversarial Review Synthesis

The full adversarial review findings (F1-F42) with challenger verdicts are in this comment. The per-diff code review is in the comment below.

Key findings verified as REAL in this PR:

• F3: clean run exit fix (task.rs) - FIXED in this PR
• F12: Registry.handler()/serve() throw - spec written (handler-serve-restoration.md), fix pending
• F14: package exports subpaths removed - ./db and ./db/drizzle restored in this PR
• F18: actor-lifecycle state in napi not core - tracked, not yet fixed
• F19: inspector logic duplicated in TypeScript - tracked, not yet fixed
• F21: 50ms polling loop in native.ts - tracked, not yet fixed
• F32: module-level actor-keyed maps in native.ts - tracked, not yet fixed
• F34: ActorContext.key type widened - tracked, not yet fixed
• F35: sql on ctx but ./db dropped - ./db/drizzle restored in this PR
• F36: ContextOf type helpers removed - tracked for restoration
• F38: inline use in test - tracked
• F41: dead BARE code audit - pending audit
• F42: inline mod tests in src/ - policy added to CLAUDE.md

PR Review: chore: rivetkit core/napi/typescript follow up review

Overview

This is a substantial follow-up cleanup across rivetkit-core, NAPI, and TypeScript layers. Key additions:

• New CoreServerlessRuntime in Rust (serverless.rs) — SSE-based serverless request handler
• New runner_config.rs — auto-registers a local "normal" runner config on localhost endpoints
• Hibernatable WebSocket support in the raw WebSocket handler
• NAPI handleServerlessRequest and serverless config fields wired through JsServeConfig
• Registry.handler() restored with native serverless implementation
• rivetkit/db and rivetkit/db/drizzle entrypoints extracted as first-class exports
• Expanded ActorKv typed API and several driver test fixes

Potential Bugs

1. Race condition in ensure_serverless_runtime (NAPI registry.rs)

// Request A and B both see None here simultaneously
if let Some(runtime) = self.serverless_runtime.lock().as_ref().cloned() {
    return Ok(runtime);
}
// Both proceed to take the registry — second caller gets "registry already serving"
let registry = { let mut guard = self.inner.lock(); guard.take()... };

Two concurrent requests on a cold serverless runtime can both see None, both try take(), and the second gets an error. Fix: combine the check and take under a single lock guard, or use a OnceCell/once_async pattern.

2. maybe_respond_to_raw_hibernatable_ack_state_probe — test protocol in production

fn maybe_respond_to_raw_hibernatable_ack_state_probe(...) -> bool {
    if env::var_os("VITEST").is_none() || message.binary {
        return false;
    }

Test-specific behavior is gated by a VITEST env var check inside the production receive loop. This adds a JSON parse attempt on every incoming text message when VITEST is set. Consider extracting this into a configurable test hook rather than embedding it in the hot path.

3. Sleep timer not reset on clean run exit (actor/task.rs)

When clean_exit && lifecycle == Started, the code returns None without calling self.ctx.reset_sleep_timer(). The sleep timer remains live after the run handler returns, so it could fire and trigger a sleep sequence while the actor is waiting for an engine-driven Stop. The test covers that stop dispatches cleanup, but does not verify the sleep timer is not still ticking.

Security

4. CORS reflects arbitrary origins with credentials: true (serverless.rs)

fn cors_headers(req: &ServerlessRequest) -> HashMap<String, String> {
    let origin = req.headers.get("origin").cloned()
        .unwrap_or_else(|| "*".to_owned());
    headers.insert("access-control-allow-credentials".to_owned(), "true".to_owned());

Reflecting any Origin header value with Access-Control-Allow-Credentials: true means any website can make authenticated cross-origin requests to this server. Typical remediation: maintain an explicit allowlist, or omit credentials: true when the origin is * / unknown.

5. clientToken exposed on the unauthenticated /metadata endpoint

if let Some(client_token) = &self.settings.client_token {
    object.insert("clientToken".to_owned(), json!(client_token));
}

/metadata has no authentication check — any caller can read clientToken. This appears intentional (the client SDK needs it for auto-configuration), but it should be documented and the token must be treated as public. If this token grants write/admin capability, it should be audience-restricted.

Code Quality

6. Backpressure in Registry.handler() should use antiox (registry/index.ts)

const backpressureWaiters: Array<() => void> = [];
const waitForBackpressure = async () => {
    await new Promise<void>((resolve) => { backpressureWaiters.push(resolve); });
};

This is an ad-hoc Promise queue. CLAUDE.md requires using antiox for TypeScript concurrency primitives (e.g. antiox/sync/mpsc) instead of custom channel wrappers.

7. sqlReturnsRows / hasMultipleStatements heuristics (db/drizzle.ts)

function sqlReturnsRows(query: string): boolean {
    // "WITH" branch catches all CTEs, including mutating ones without RETURNING
    return token.startsWith("WITH") || ...
}
function hasMultipleStatements(query: string): boolean {
    // Semicolons inside string literals or comments are false positives
    return trimmed.includes(";");
}

Both functions can be tripped by edge-case SQL. WITH ... DELETE without RETURNING will be treated as returning rows; semicolons in quoted strings trigger the multi-statement path. Acceptable for now, but worth flagging in migration docs.

8. bytes_response spawns a task per response (serverless.rs)

fn bytes_response(...) -> ServerlessResponse {
    let (tx, rx) = mpsc::channel(1);
    tokio::spawn(async move { let _ = tx.send(Ok(body)).await; });

This spawns a Tokio task to enqueue a single message on a channel with capacity 1. The send always completes without blocking, so the spawn is unnecessary overhead on every health/metadata/error response.

Minor Notes

• serverless/configure.ts: Pool configuration failure is caught and logged but not re-thrown. If this silently fails on startup, the serverless deployment will accept requests that never get routed. The error message says "restart this process" but that guidance is only visible in logs.

• normalize_regional_hostname in serverless.rs correctly normalizes api-{region}.rivet.dev → api.rivet.dev, consistent with CLAUDE.md.

• drizzle-orm moved from devDependencies to dependencies — correct since rivetkit/db/drizzle is now a runtime export.

• ensure_local_normal_runner_config has no retry logic. If the engine hasn't fully started when CoreRegistry::serve is called, the call fails hard. A brief retry loop for the local-dev case, or a note that the engine must be healthy before calling serve, would help.

• Test assertion relaxations: Several startCount === 2 assertions were relaxed to toBeGreaterThanOrEqual(2). The fixture comment explains the reason, but tracking this pattern in future PRs is worthwhile to avoid masking restart-count regressions.

This review was updated on 2026-04-24.

Preview packages published to npm

Install with:

npm install rivetkit@pr-4702

All packages published as 0.0.0-pr.4702.76b6c25 with tag pr-4702.

Engine binary is shipped via @rivetkit/engine-cli on linux-x64-musl, linux-arm64-musl, darwin-x64, and darwin-arm64. Windows users should use the release installer or set RIVET_ENGINE_BINARY.

Docker images:

docker pull rivetdev/engine:slim-76b6c25
docker pull rivetdev/engine:full-76b6c25

npm install rivetkit@pr-4702
npm install @rivetkit/react@pr-4702
npm install @rivetkit/rivetkit-napi@pr-4702
npm install @rivetkit/workflow-engine@pr-4702

Preview packages published to npm

Install with:

npm install rivetkit@pr-4702

All packages published as 0.0.0-pr.4702.d108c6a with tag pr-4702.

Engine binary is shipped via @rivetkit/engine-cli on linux-x64-musl, linux-arm64-musl, darwin-x64, and darwin-arm64. Windows users should use the release installer or set RIVET_ENGINE_BINARY.

Docker images:

docker pull rivetdev/engine:slim-d108c6a
docker pull rivetdev/engine:full-d108c6a

npm install rivetkit@pr-4702
npm install @rivetkit/react@pr-4702
npm install @rivetkit/rivetkit-napi@pr-4702
npm install @rivetkit/workflow-engine@pr-4702

Landed in main via stack-merge fast-forward push. Commits are in main; closing to match.