Skip to content

chore(rivetkit): RIVET_EXPOSE_ERRORS #3671

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
NathanFlurry wants to merge 1 commit into from
Closed

chore(rivetkit): RIVET_EXPOSE_ERRORS #3671

NathanFlurry wants to merge 1 commit into from

Conversation

@NathanFlurry
Copy link
Member

@NathanFlurry NathanFlurry commented Dec 23, 2025

No description provided.

@vercel
Copy link

vercel bot commented Dec 23, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
rivet-site Ready Ready Preview, Comment Jan 6, 2026 2:34am
rivetkit-serverless Error Error Jan 6, 2026 2:34am
2 Skipped Deployments
Project Deployment Review Updated (UTC)
rivet-cloud Ignored Ignored Jan 6, 2026 2:34am
rivet-inspector Ignored Ignored Preview Jan 6, 2026 2:34am

This was referenced Dec 23, 2025
Merged
Closed
@NathanFlurry Graphite App
Copy link
Member Author

NathanFlurry commented Dec 23, 2025
edited
Loading

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

This was referenced Dec 23, 2025
Closed
Closed
Closed
@claude
Copy link

claude bot commented Dec 23, 2025
edited
Loading

PR Review: RIVET_EXPOSE_ERRORS Environment Variable

Summary

This PR implements the RIVET_EXPOSE_ERRORS environment variable feature that allows internal error details to be exposed to clients during development. The implementation is clean and follows the codebase patterns well.

✅ Strengths

  1. Good documentation: The website documentation in website/src/content/docs/actors/errors.mdx is comprehensive and clearly explains:

    • When to use this feature (development only)
    • Security warnings about not using in production
    • How it works with NODE_ENV=development

  2. Consistent implementation: The same logic is applied in both places:

    • rivetkit-typescript/packages/rivetkit/src/actor/protocol/old.ts:291-292
    • rivetkit-typescript/packages/rivetkit/src/actor/router-endpoints.ts:206-209

  3. Clear function documentation: Good JSDoc comment added to getRequestExposeInternalError explaining its behavior

  4. Security-conscious: The documentation appropriately warns users about the security implications

🔍 Issues & Suggestions

1. Critical: Inconsistent Parameter Usage ⚠️

In router-endpoints.ts:205, the _req parameter is prefixed with underscore indicating it's unused:

export function getRequestExposeInternalError(_req: Request): boolean {

However, this function should potentially use the request object to check for request-specific overrides or context. If the parameter is truly not needed, consider:

  • Removing it entirely for clarity
  • Adding a comment explaining why it exists but isn't used (perhaps for future extensibility)

Location: rivetkit-typescript/packages/rivetkit/src/actor/router-endpoints.ts:205

2. Potential: Environment Variable Caching

The getEnvUniversal() function is called twice on every error (and potentially many times during high error scenarios). Consider caching these environment variable reads at module initialization:

const EXPOSE_ERRORS = getEnvUniversal("RIVET_EXPOSE_ERRORS") === "1";
const IS_DEVELOPMENT = getEnvUniversal("NODE_ENV") === "development";

export function getRequestExposeInternalError(_req: Request): boolean {
    return EXPOSE_ERRORS || IS_DEVELOPMENT;
}

Benefit: Reduces overhead during error handling paths
Trade-off: Environment changes wouldn't be picked up without restart (but this is likely acceptable for these specific variables)

3. Documentation: Missing Security Best Practices

The documentation warns about not using in production, but could be strengthened with:

  • Explicit recommendation to use environment-specific configuration
  • Example of how to ensure it's disabled in production (e.g., in deployment configs)
  • Warning about what sensitive information might be exposed (database connection strings, internal paths, etc.)

Location: website/src/content/docs/actors/errors.mdx:345-347

4. Code Duplication

The same boolean logic appears in two places:

  • rivetkit-typescript/packages/rivetkit/src/actor/protocol/old.ts:291-292
  • rivetkit-typescript/packages/rivetkit/src/actor/router-endpoints.ts:206-209

The first location could call getRequestExposeInternalError() instead of duplicating the logic:

// In old.ts:291-292
getRequestExposeInternalError(/* need to pass request */),

However, this would require access to the request object. If that's not available, consider extracting the boolean check into a separate utility function.

5. Minor: Typo in Previous Code

The old code had a typo: "Unipmlemented" → while this is fixed in the PR, it's worth noting it was there.

🧪 Testing Recommendations

This PR lacks tests. Consider adding:

  1. Unit tests for getRequestExposeInternalError():

    • Returns false when neither env var is set
    • Returns true when RIVET_EXPOSE_ERRORS=1
    • Returns true when NODE_ENV=development
    • Returns true when both are set

  2. Integration tests for error exposure:

    • Internal errors show generic message when env vars not set
    • Internal errors show detailed message when RIVET_EXPOSE_ERRORS=1
    • Internal errors show detailed message when NODE_ENV=development

Example test structure:

describe('getRequestExposeInternalError', () => {
  it('should return false by default', () => {
    // Test with clean environment
  });

  it('should return true when RIVET_EXPOSE_ERRORS=1', () => {
    // Test with env var set
  });

  it('should return true when NODE_ENV=development', () => {
    // Test with dev environment
  });
});

📋 Security Considerations

Good: Clear warnings in documentation about production usage
⚠️ Consider:

  • Could add runtime warning logs when RIVET_EXPOSE_ERRORS=1 is detected on startup
  • Consider adding a check that prevents both production NODE_ENV and EXPOSE_ERRORS from being active simultaneously

🎯 Performance Considerations

✨ Code Quality

  • Style: Follows existing patterns ✅
  • Naming: Clear and descriptive ✅
  • Documentation: Good JSDoc comment added ✅
  • Consistency: Matches codebase conventions ✅

📝 Recommendations

Must Fix:

  • None (code is functional)

Should Fix:

  1. Add unit tests for getRequestExposeInternalError()
  2. Consider caching environment variable reads
  3. Address the unused _req parameter (remove or document why it exists)

Nice to Have:

  1. Reduce code duplication between old.ts and router-endpoints.ts
  2. Add runtime warning when error exposure is enabled
  3. Enhance documentation with deployment best practices

Conclusion

This is a solid PR that implements a useful development feature. The code is clean, well-documented, and follows the project's patterns. The main areas for improvement are:

  1. Adding test coverage
  2. Minor performance optimization through caching
  3. Addressing the unused parameter

The PR is ready to merge with the understanding that tests should be added in a follow-up (or before merge, if the team requires test coverage).

Approval: ✅ Approved with suggestions

@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_rivet_expose_errors_ branch from ad3bcfe to adecd9e Compare January 1, 2026 23:24
@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_specialize_context_types_for_better_compiler_errors branch from b716026 to db47c49 Compare January 1, 2026 23:24
@NathanFlurry NathanFlurry mentioned this pull request Jan 1, 2026
Closed
@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_specialize_context_types_for_better_compiler_errors branch from db47c49 to e4a1e83 Compare January 2, 2026 22:30
@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_rivet_expose_errors_ branch from adecd9e to 88139ac Compare January 2, 2026 22:30
@NathanFlurry NathanFlurry mentioned this pull request Jan 2, 2026
Closed
@jog1t jog1t force-pushed the 12-23-chore_rivetkit_specialize_context_types_for_better_compiler_errors branch from e4a1e83 to f96b9d8 Compare January 2, 2026 23:33
@jog1t jog1t force-pushed the 12-23-chore_rivetkit_rivet_expose_errors_ branch from 88139ac to 4fd5ce8 Compare January 2, 2026 23:33
This was referenced Jan 2, 2026
Open
Closed
Closed
@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_rivet_expose_errors_ branch from 4fd5ce8 to 88139ac Compare January 2, 2026 23:59
@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_specialize_context_types_for_better_compiler_errors branch from f96b9d8 to e4a1e83 Compare January 2, 2026 23:59
@jog1t jog1t mentioned this pull request Jan 2, 2026
Closed
@jog1t jog1t force-pushed the 12-23-chore_rivetkit_specialize_context_types_for_better_compiler_errors branch from e4a1e83 to f96b9d8 Compare January 3, 2026 00:05
@jog1t jog1t force-pushed the 12-23-chore_rivetkit_rivet_expose_errors_ branch from 88139ac to 4fd5ce8 Compare January 3, 2026 00:05
@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_rivet_expose_errors_ branch from 4fd5ce8 to 88139ac Compare January 5, 2026 02:45
@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_specialize_context_types_for_better_compiler_errors branch from f96b9d8 to e4a1e83 Compare January 5, 2026 02:45
@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_rivet_expose_errors_ branch from 88139ac to 7c02c03 Compare January 5, 2026 18:22
@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_specialize_context_types_for_better_compiler_errors branch from e4a1e83 to 7554a99 Compare January 5, 2026 18:22
@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_rivet_expose_errors_ branch from 7c02c03 to a3d13ad Compare January 6, 2026 02:04
@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_specialize_context_types_for_better_compiler_errors branch from 7554a99 to b1b4c7d Compare January 6, 2026 02:04
@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_rivet_expose_errors_ branch from a3d13ad to f7c3edc Compare January 6, 2026 02:19
@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_specialize_context_types_for_better_compiler_errors branch from b1b4c7d to a085ec4 Compare January 6, 2026 02:19
@NathanFlurry NathanFlurry mentioned this pull request Jan 6, 2026
Closed
@graphite-app
Copy link
Contributor

graphite-app bot commented Jan 6, 2026
edited
Loading

Merge activity

@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_specialize_context_types_for_better_compiler_errors branch from a085ec4 to fab8941 Compare January 6, 2026 02:30
@NathanFlurry NathanFlurry force-pushed the 12-23-chore_rivetkit_rivet_expose_errors_ branch from f7c3edc to e32769c Compare January 6, 2026 02:30
graphite-app bot pushed a commit that referenced this pull request Jan 6, 2026
@NathanFlurry
chore(rivetkit): RIVET_EXPOSE_ERRORS (#3671)
f4245e2
@graphite-app graphite-app bot closed this Jan 6, 2026
@graphite-app graphite-app bot deleted the 12-23-chore_rivetkit_rivet_expose_errors_ branch January 6, 2026 02:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NathanFlurry