donotmerge: insert and clear actor queue

[abcxff]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[railway-app]

🚅 Deployed to the rivet-pr-5065 environment in rivet-frontend

Service	Status	Web	Updated (UTC)
frontend-inspector	❌ Build Failed (View Logs)	Web	Jun 3, 2026 at 1:14 am
frontend-cloud	❌ Build Failed (View Logs)	Web	Jun 3, 2026 at 1:14 am
kitchen-sink	❌ Build Failed (View Logs)	Web	Jun 3, 2026 at 1:13 am
website	😴 Sleeping (View Logs)	Web	May 30, 2026 at 9:03 pm
ladle	✅ Success (View Logs)	Web	May 19, 2026 at 8:30 pm
mcp-hub	✅ Success (View Logs)	Web	May 19, 2026 at 8:20 pm

[abcxff]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• donotmerge: dummy inspector api #5085
• donotmerge: insert and clear actor queue #5065 👈 (View in Graphite)
• feat(workflow-engine): add retryOnTimeout opt-in for step timeout retries #5089 : 1 other dependent PR (#5125 )
• fix(rivetkit): wire CancellationToken through waitForNamesAvailable to eliminate KV busy-polling #5063 : 1 other dependent PR (#5050 )
• fix(rivetkit): fix BigInt serialization in inspector workflow history and state deserialization #5058
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

Code Review: PR #5065 — Insert and Clear Actor Queue

Two new inspector HTTP endpoints: DELETE /inspector/queue (clear all messages) and POST /inspector/queue (enqueue a message). The cross-layer wiring (Rust core → NAPI → TypeScript native + wasm runtimes) is consistent with how existing inspector routes are structured.

---

Correctness: Race Condition in reset()

queue.rs — ActorContext::reset()

The reset sequence is not atomic with respect to concurrent send() calls:

1. reset() calls list_message_entries() — snapshot of entries A, B
2. A concurrent send() acquires queue_metadata lock and enqueues message C with some ID
3. reset() calls batch_delete([A_key, B_key]) — message C survives in KV
4. reset() writes {next_id: 0, size: 0} to KV and to the in-memory lock

After this sequence: message C is in KV, but both the in-memory metadata and KV metadata report size: 0 and next_id: 0. The next send() reuses ID 1, creating a duplicate-ID collision with message C.

The fix is to hold queue_metadata across the entire operation — acquiring the lock before list_message_entries() and releasing it only after the in-memory update on line 566. That matches how remove_messages() holds the lock around its KV delete + metadata write.

---

Performance: Unbounded Memory Load

list_message_entries() calls kv.list_prefix(limit: None), loading the entire queue into memory in a single call. Fine for the expected inspector use case (small, dev-time queues), but worth a comment noting the no-limit behavior so no one widens the call site to production hot paths.

---

Behavior: Completion Waiter Drops Are Undocumented

clear_async() on queue_completion_waiters silently drops all oneshot::Sender handles. Any concurrent enqueue_and_wait caller will receive QueueCompletionWaiterDropped. This is correct behavior for a "nuke the queue" operation, but a doc comment on reset() noting that in-flight waiters will error would help future maintainers.

---

Minor: Empty name Is Silently Accepted

InspectorEnqueueBody uses #[serde(default)] on the whole struct with name: String, so POST /inspector/queue with body {} enqueues a message named "". Worth deciding if an empty name should be rejected at the HTTP layer, since send() accepts it without error.

---

No Tests

The PR description checklist is unchecked and there are no new tests in the diff. A test covering reset() under concurrent send() would both validate correctness and catch the race described above.

---

Style Nit

inspector.rs line 132: Ok(_) => can be Ok(()) => since reset() returns Result<()>.

---

Summary: The overall structure and cross-runtime wiring is clean and consistent with existing patterns. The main issue is the race in reset() — holding queue_metadata across the full operation (list → delete → put metadata → update in-memory) is the straightforward fix.