donotmerge: dummy inspector api

[abcxff]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[railway-app]

🚅 Deployed to the rivet-pr-5085 environment in rivet-frontend

Service	Status	Web	Updated (UTC)
website	😴 Sleeping (View Logs)	Web	Jun 3, 2026 at 5:12 am
frontend-cloud	❌ Build Failed (View Logs)	Web	Jun 3, 2026 at 1:16 am
frontend-inspector	❌ Build Failed (View Logs)	Web	Jun 3, 2026 at 1:14 am
kitchen-sink	❌ Build Failed (View Logs)	Web	Jun 3, 2026 at 1:13 am
ladle	✅ Success (View Logs)	Web	May 21, 2026 at 12:39 am
mcp-hub	✅ Success (View Logs)	Web	May 21, 2026 at 12:35 am

[abcxff]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• donotmerge: dummy inspector api #5085 👈 (View in Graphite)
• donotmerge: insert and clear actor queue #5065
• feat(workflow-engine): add retryOnTimeout opt-in for step timeout retries #5089 : 1 other dependent PR (#5125 )
• fix(rivetkit): wire CancellationToken through waitForNamesAvailable to eliminate KV busy-polling #5063 : 1 other dependent PR (#5050 )
• fix(rivetkit): fix BigInt serialization in inspector workflow history and state deserialization #5058
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

Code Review: donotmerge: dummy inspector api

Note: This PR is explicitly marked donotmerge in both title and commit message. Review is provided for completeness and to flag issues before this pattern is promoted to a real endpoint.

Overview

Adds a POST /inspector/eval endpoint to the native actor registry that executes arbitrary JavaScript strings in the context of a running actor. The endpoint receives ctx, kv, rawKv, sql, db, state, queue, schedule, conns, and a log helper as named arguments. Authentication is enforced via actorVerifyInspectorAuth before any route handler runs, so the eval endpoint is protected by the same inspector token as all other inspector routes.

---

Issues

Bug: Logs silently dropped on non-Error exceptions

The catch block has two paths. When the thrown value is an Error instance, logs is included in the response. When it is anything else (a string, a number, a plain object), the code falls through to errorResponse(error) which omits logs entirely. Any output captured before the throw is silently lost with no way for the caller to recover it.

Fix: pass logs through in both branches, or consolidate to a single error path.

---

Inconsistency: Silent db access error with no logging

Swallowing the actorCtx.db access error with an empty catch violates the project logging convention. At minimum, write to the logs array so the eval caller knows why db is undefined in their session.

---

Risk: Full actorCtx exposed as ctx to eval code

The eval function receives the complete actorCtx as its ctx parameter, giving eval code access to destructive internal methods (dispose(), initializeState(), closeDatabase(), saveState({ immediate: true }), direct field mutation, etc.). Eval code can call ctx.dispose() and terminate the actor mid-session.

For an authenticated admin debug endpoint this may be intentional, but it should be explicitly documented as a known risk. If not intentional, the passed object should be a restricted view without destructive lifecycle methods.

---

Checklist misses (expected for donotmerge, flagging for future landing)

• No tests. New endpoints require test coverage. The inspector test suite has no /inspector/eval cases.
• No WebSocket counterpart. HTTP and WebSocket inspector transports must stay in sync. A WebSocket eval message type should be added when this is promoted.
• No docs update. New inspector endpoints should update the relevant docs pages when promoted.

---

Minor

• jsonSafe(result ?? null) -- the ?? null is redundant if jsonSafe already handles undefined.
• error.stack is returned verbatim in the 500 response. Acceptable for an admin debug tool but exposes internal file paths; confirm this is intentional before a real release.
• The biome-ignore lint/security/noGlobalEval comment with an explicit rationale is correct and should be kept.