chore(rivetkit): remove legacy metrics & prometheus auth

[NathanFlurry]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[NathanFlurry]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• fix(rivetkit-core): gate startup until runtime is ready #4736 : 2 dependent PRs (#4737 , #4739 )
• fix(rivetkit-sqlite): preserve text with embedded nul bytes #4735
• chore(rivetkit): add child spans for logging #4734
• fix(rivetkit-core): orphan engine process and detect crashes #4733
• fix(rivetkit-core): return None for empty inspector state to avoid frontend CBOR decode error #4732
• fix(rivetkit-core): don't install tokio::signal::ctrl_c() handler inside serve_with_config #4731
• refactor(rivetkit-core): use subtle::ConstantTimeEq for inspector token verify #4730
• fix(rivetkit): drop is_read_only_sql classifier, surface RETURNING rows #4728
• docs: require close-code rejection for websocket auth/policy failures #4727
• fix(rivetkit): inspector reports actual config state + real queue messages #4726
• fix(rivetkit-napi): plumb ctx through serializeState TSF and stop panicking on runtime_state Ref drop #4725
• chore(rivetkit): remove legacy metrics & prometheus auth #4724 👈 (View in Graphite)
• chore(rivetkit): remove legacy metrics #4723
• chore(rivetkit): impl inspector token #4722
• chore: disable auth on serverless #4721
• chore: fix cors for envoys #4720
• chore: fix serverless in rivetkit-core #4719
• chore(rivetkit): impl follow up review #4711
• chore: rivetkit core/napi/typescript follow up review #4702
• chore: fix remaining issues with rivetkit-core #4701
• chore: sqlite v1 to v2 data migration #4692 : 1 other dependent PR (#4640 )
• chore: move rivetkit to task model #4680
• chore: rivetkit to rust #4679
• feat(rivetkit): sqlite vfs v2 #4673
• chore: rename sandbox -> kitchen sink #4671 : 1 other dependent PR (#4672 )
• chore: configure TLS trust roots for rustls clients #4667
• fix(rivetkit): update config to match envoys & remove manager references #4663
• chore(publish): pin docker base image refs #4652
• chore(engine): publish engine bases in ci #4649 : 2 other dependent PRs (#4650 , #4666 )
• chore: lockfile lefthook #4647
• fix(rivetkit): surface native sqlite kv errors to callers #4645
• fix(rivetkit): prevent sleep races during disconnect and db work #4644
• fix(rivetkit): isolate engine envoys and propagate startup failures #4643
• test(rivetkit): remove wasm sqlite-only fixtures and coverage #4642
• chore(sqlite-vfs): remove wasm sqlite packages and workspace wiring #4641
• chore(rivetkit): remove wasm sqlite runtime #4614
• fix(sqlite-native): restore native startup kv preload #4639
• fix(sqlite-native): delete metadata before chunk range #4638
• fix(sqlite-native): keep truncate cache coherent #4637
• fix(sqlite-vfs): use delete range for truncate cleanup #4636
• fix(sqlite-native): restore kv error hook #4635
• perf(sqlite-native): avoid cloning cached read chunks #4634
• perf(sqlite-native): gate kv operation labels #4633
• perf(sqlite-native): reuse read cache for partial writes #4632
• perf(sqlite-native): remove delete file existence probe #4631
• fix(sqlite-native): gate native read cache behind env var #4630
• fix(pegboard): isolate runner config dc lookup failures #4625 : 1 other dependent PR (#4626 )
• docs(pegboard): note runner config upsert split write risk #4624
• fix(pegboard): unpack global runner config keys correctly #4623
• fix(pegboard-gateway): enforce tunnel message state #4622
• fix(pegboard-runner): clear terminal tunnel routes #4621
• fix(pegboard): skip protocol version keys in runner pool backfill #4620
• fix(pegboard): create missing normal runner configs #4619
• fix(epoxy): reuse cached optimistic value #4618
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

PR Review: chore(rivetkit): remove legacy metrics & prometheus auth (#4724)

Summary

This PR does three loosely related things:

1. Renames RIVET_INSPECTOR_TOKEN to _RIVET_TEST_INSPECTOR_TOKEN to clarify it is a test-only override, with production inspector auth relying on the per-actor KV token at key [3].
2. Renames the inspector_token field / RIVET_INSPECTOR_TOKEN env var that gated the Prometheus /metrics endpoint to metrics_token / _RIVET_METRICS_TOKEN, properly separating inspector auth from metrics auth.
3. Adds three new unauthenticated framework HTTP routes (/, /health, /metadata) on every actor, with lightweight perf-timing tracing::debug! instrumentation added to start_actor.
4. Removes the /inspector/metrics tests (because the metrics endpoint is now behind _RITET_METRICS_TOKEN and the old tests used a hardcoded secret that no longer matches).

---

Issues Found

1. Wrong domain in the root response (CLAUDE.md violation)

File: rivetkit-rust/packages/rivetkit-core/src/registry/http.rs

The response body reads "Learn more at https://rivetkit.org". The CLAUDE.md explicitly states: "ALWAYS use rivet.dev" and "ALWAYS use github.com/rivet-dev/rivet - NEVER use rivet-dev/rivetkit". The URL rivetkit.org is not the canonical docs URL — that is https://rivet.dev/docs. This should be corrected.

2. Sleep timer cancelled for unauthenticated health/metadata/root requests

The handle_fetch flow calls instance.ctx.cancel_sleep_timer() unconditionally before routing to framework_http_route. The new /health, /metadata, and / routes match framework_http_route and re-arm the timer afterward. These are probe/healthcheck endpoints that logically should not count as "activity" — an external load balancer pinging /health every 30 seconds will perpetually prevent the actor from sleeping. Consider routing these through an early-exit path before cancel_sleep_timer is called.

3. NODE_ENV environment variable used in Rust code

File: rivetkit-rust/packages/rivetkit-core/src/registry/http.rs

The metadata endpoint checks std::env::var("NODE_ENV").as_deref() == Ok("production") to determine runtime_type. NODE_ENV is a Node.js convention and is unreliable in a pure Rust actor runtime. In production deployments not using Node, this variable may not be set, causing the metadata endpoint to always report "type": "local". A Rivet-native environment variable would be more appropriate here.

4. Grammar error in updated docs

File: website/src/content/docs/actors/debugging.mdx

The text reads "Bearer the actor's inspector token in the Authorization header." — "Bearer" is misused as a verb. This should read something like: "Pass the actor's inspector token as a Bearer token in the Authorization header."

5. Tests deleted without replacement

File: rivetkit-typescript/packages/rivetkit/tests/driver/actor-inspector.test.ts

84 lines of tests covering /inspector/metrics (startup metrics, SQLite commit phase metrics) are deleted. The tests used a hardcoded Authorization: Bearer token header accepted by the old RIVET_INSPECTOR_TOKEN=token env var. These tests could be salvaged by setting _RIVET_METRICS_TOKEN=token in the test environment rather than deleted entirely. Deleting without replacement leaves the metrics endpoint without integration test coverage.

6. Perf log message format inconsistency

File: rivetkit-rust/packages/rivetkit-core/src/actor/task.rs

New tracing::debug! calls embed metric names in the message string (e.g., "perf internal: loadStateMs"). Per CLAUDE.md, log messages should be lowercase unless mentioning specific code symbols. If these metric names are meant to be machine-parsed, they should be structured fields, not embedded in the message string.

7. New HTTP routes undocumented

The PR adds three new public unauthenticated routes (/, /health, /metadata) on every actor but does not document them in the debugging docs or any other reference. Operators and developers have no documentation reference for these endpoints.

---

Positive Aspects

• Separating inspector_token from metrics_token is architecturally correct -- the old code conflated two different auth mechanisms.
• The _RIVET_TEST_INSPECTOR_TOKEN leading underscore convention clearly signals it is not a production mechanism.
• The duration_ms_f64 helper is clean and avoids repetition.
• timing_safe_equal correctly uses constant-time comparison.
• The new method_not_allowed_response is consistent with the existing error response pattern.
• Removing the getRivetkitInspectorToken TS export is correct cleanup.

---

Summary Table

Issue	Severity	Location
rivetkit.org URL (wrong domain per CLAUDE.md)	Medium	registry/http.rs
Health/metadata routes cancel sleep timer unnecessarily	Medium	registry/http.rs
NODE_ENV used in Rust as runtime type signal	Low	registry/http.rs
Grammar: "Bearer the actor's inspector token"	Low	debugging.mdx
84 lines of metrics tests deleted without replacement	Medium	actor-inspector.test.ts
Perf log messages embed metric keys in message string	Low	task.rs
New routes undocumented in endpoint reference	Low	debugging.mdx

[github-actions]

Preview packages published to npm

Install with:

npm install rivetkit@pr-4724

All packages published as 0.0.0-pr.4724.ecbb955 with tag pr-4724.

Engine binary is shipped via @rivetkit/engine-cli on linux-x64-musl, linux-arm64-musl, darwin-x64, and darwin-arm64. Windows users should use the release installer or set RIVET_ENGINE_BINARY.

Docker images:

docker pull rivetdev/engine:slim-ecbb955
docker pull rivetdev/engine:full-ecbb955

Individual packages

npm install rivetkit@pr-4724
npm install @rivetkit/react@pr-4724
npm install @rivetkit/rivetkit-napi@pr-4724
npm install @rivetkit/workflow-engine@pr-4724

[NathanFlurry]

Landed in main via stack-merge fast-forward push. Commits are in main; closing to match.