donotmerge: dummy inspector api

[abcxff]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[railway-app]

🚅 Deployed to the rivet-pr-5085 environment in rivet-frontend

Service	Status	Web	Updated (UTC)
website	😴 Sleeping (View Logs)	Web	Jun 2, 2026 at 9:15 pm
frontend-cloud	❌ Build Failed (View Logs)	Web	Jun 2, 2026 at 8:10 pm
frontend-inspector	❌ Build Failed (View Logs)	Web	Jun 2, 2026 at 8:10 pm
kitchen-sink	❌ Build Failed (View Logs)	Web	Jun 2, 2026 at 8:09 pm
ladle	✅ Success (View Logs)	Web	May 21, 2026 at 12:39 am
mcp-hub	✅ Success (View Logs)	Web	May 21, 2026 at 12:35 am

[abcxff]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• donotmerge: dummy inspector api #5085 👈 (View in Graphite)
• donotmerge: insert and clear actor queue #5065
• feat(workflow-engine): add retryOnTimeout opt-in for step timeout retries #5089 : 1 other dependent PR (#5125 )
• fix(rivetkit): wire CancellationToken through waitForNamesAvailable to eliminate KV busy-polling #5063 : 1 other dependent PR (#5050 )
• fix(rivetkit): fix BigInt serialization in inspector workflow history and state deserialization #5058
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

Code Review: donotmerge: dummy inspector api

Note: This PR is explicitly marked donotmerge in both title and branch name. Review is provided for completeness and to flag issues before this pattern is promoted to a real endpoint.

Overview

Adds a POST /inspector/eval endpoint to the native actor registry that executes arbitrary JavaScript strings in the context of a running actor. The endpoint receives ctx, kv, rawKv, sql, db, state, queue, schedule, conns, and a log helper as named arguments. Authentication is enforced via actorVerifyInspectorAuth before any route handler runs, so the eval endpoint is protected by the same inspector token as all other inspector routes.

---

Issues

Bug: Logs silently dropped on non-Error exceptions

The catch block has two paths. When the thrown value is an Error instance, logs is included in the response. When it is anything else, the code falls through to errorResponse(error) which omits logs entirely. Any console output captured before the throw is lost with no way for the caller to recover it.

Fix: pass logs through in both branches, or restructure so there is only one error path.

---

Inconsistency: Silent db access error with no logging

let db: unknown;
try {
    db = actorCtx.db;
} catch {
    db = undefined;
}

Swallowing this error with an empty catch violates the project logging convention. At minimum, log the failure so a developer inspecting a broken eval session knows why db is undefined.

---

Risk: Full actorCtx exposed as ctx to eval code

The eval function receives the complete actorCtx as its ctx parameter, giving eval code access to destructive internal methods: dispose(), initializeState(), closeDatabase(), saveState({ immediate: true }), vars =, etc. Eval code can call ctx.dispose() and terminate the actor mid-session.

For an authenticated admin endpoint this may be intentional, but it should be explicitly documented. If not intentional, the passed object should be a restricted view without destructive methods.

---

Checklist misses (expected for donotmerge, flagging for future landing)

• No tests. The inspector test suite (tests/driver/actor-inspector.test.ts) has 20 cases but none for /inspector/eval. Per inspector-protocol.md, new endpoints must have test coverage.
• No WebSocket counterpart. inspector-protocol.md requires HTTP and WebSocket transports to stay in sync. A WebSocket eval message should be added when this is promoted.
• No docs update. Per inspector-protocol.md, new inspector endpoints should update website/src/metadata/skill-base-rivetkit.md and website/src/content/docs/actors/debugging.mdx.

---

Minor

• jsonSafe(result ?? null) -- the ?? null is redundant if jsonSafe handles undefined already.
• error.stack is returned in the 500 response. Acceptable for an admin debug tool, but worth confirming this is intentional before a real release since it exposes internal file paths.
• The biome-ignore lint/security/noGlobalEval comment is correct and the rationale is clear.