🚅 Deployed to the rivet-pr-4985 environment in rivet-frontend

Service	Status	Web	Updated (UTC)
website	😴 Sleeping (View Logs)	Web	May 7, 2026 at 5:06 am
kitchen-sink	❌ Build Failed (View Logs)	Web	May 7, 2026 at 1:27 am
frontend-cloud	❌ Build Failed (View Logs)	Web	May 6, 2026 at 3:30 pm
frontend-inspector	❌ Build Failed (View Logs)	Web	May 6, 2026 at 3:30 pm
ladle	❌ Build Failed (View Logs)	Web	May 6, 2026 at 3:28 pm
mcp-hub	✅ Success (View Logs)	Web	May 6, 2026 at 3:28 pm

• donotmerge: rivetkit test #4991
• [slop]fix(rivetkit): surface raw error messages instead of generic #4985 👈 (View in Graphite)
• [slop]fix(rivetkit): remove async drizzle db proxy #4984 : 1 other dependent PR (#4986 )
• fix(rivetkit-napi): demote bridge error decode log from warn to debug #4983
• fix(rivetkit): use keepAwake for websocket callback tracking to prevent c.vars crash after grace deadline #4978 : 1 other dependent PR (#4990 )
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

Code Review

Overview

This PR makes two changes: (1) removes the RIVET_EXPOSE_ERRORS env-var gate so that all internal errors now always surface their raw message to callers, and (2) adds a structured sqlite.query_failed error type for user SQL errors (syntax, constraints, etc.).

Security Regression — build_internal always exposes raw messages

File: engine/packages/error/src/error.rs

The previous expose_internal_errors() gate controlled whether build_internal populated the message field. Without it, every unstructured anyhow::Error that falls through RivetError::extract as INTERNAL_ERROR will now include the raw error string in the message field sent to actor clients.

This directly contradicts CLAUDE.md:

The dev-mode toggle that exposes raw messages lives in core (reads env at build_internal), not in the TS bridge.

The toggle was meant to stay in build_internal — not be removed entirely. In production, an actor client will now receive raw internal error messages (e.g. file paths, DB connection details, internal state) for any unhandled actor error that isn't already a structured RivetError.

Suggested fix: Restore the env-var gate, or replace it with a build-time feature flag if the goal is a cleaner dev/prod split:

message: expose_internal_errors().then(|| format!("{}", error)),

Note: The API builder (engine/packages/api-builder) does its own chain traversal and sanitizes internal errors separately, so REST API responses are unaffected. The exposure is specifically through the rivetkit actor error response path where RivetError::extract is called and its result serialized for the caller.

sqlite.query_failed error type (good addition)

Files: rivetkit-rust/packages/rivetkit-core/src/error.rs, rivetkit-rust/engine/artifacts/errors/sqlite.query_failed.json, rivetkit-rust/packages/rivetkit-core/src/actor/sqlite.rs

The structured QueryFailed variant and its 400 status code mapping are correct. User SQL errors (constraint violations, syntax errors) are caller-triggered and should surface a meaningful message — this is the right classification.

The map_local_worker_error fall-through is reasonable: the function already handles all lifecycle errors (Overloaded, Closed, Dying, Fatal) explicitly, so the remainder are indeed SQLite engine errors from user-provided SQL. If internal VFS-level errors can also reach this path without being classified as lifecycle errors, they'd get a 400 query_failed instead of a 500 — but that's a separate concern from this PR.

Minor Issues

• Missing EOF newline: rivetkit-rust/engine/artifacts/errors/sqlite.query_failed.json is missing a trailing newline.
• PR description is empty: The checklist is unchecked and there is no summary, issue link, or test description. Even for a draft, a one-liner on intent helps reviewers.

Summary