fix(rivetkit): keep internal error exposure behavior consistent

[NathanFlurry]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[NathanFlurry]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• fix(rivetkit): keep internal error exposure behavior consistent #4661 👈 (View in Graphite)
• fix(test): stabilize lifecycle, sleep, queue, and run edge cases #4660
• test(rivetkit): re-enable gateway URL and direct-registry coverage #4659
• fix(rivetkit): restore hibernatable sockets and hydrate serverless starts #4658
• fix(rivetkit-native): expose full hibernation metadata to JS #4657
• fix(pegboard): persist and replay hibernating requests #4656
• fix(guard): serialize gateway actor keys correctly #4655
• fix(api): subscribe before namespace workflow dispatch #4654
• chore(engine): publish engine bases in ci #4649 : 2 other dependent PRs (#4650 , #4652 )
• chore: lockfile lefthook #4647
• fix(rivetkit): surface native sqlite kv errors to callers #4645
• fix(rivetkit): prevent sleep races during disconnect and db work #4644
• fix(rivetkit): isolate engine envoys and propagate startup failures #4643
• test(rivetkit): remove wasm sqlite-only fixtures and coverage #4642
• chore(sqlite-vfs): remove wasm sqlite packages and workspace wiring #4641
• chore(rivetkit): remove wasm sqlite runtime #4614
• fix(sqlite-native): restore native startup kv preload #4639
• fix(sqlite-native): delete metadata before chunk range #4638
• fix(sqlite-native): keep truncate cache coherent #4637
• fix(sqlite-vfs): use delete range for truncate cleanup #4636
• fix(sqlite-native): restore kv error hook #4635
• perf(sqlite-native): avoid cloning cached read chunks #4634
• perf(sqlite-native): gate kv operation labels #4633
• perf(sqlite-native): reuse read cache for partial writes #4632
• perf(sqlite-native): remove delete file existence probe #4631
• fix(sqlite-native): gate native read cache behind env var #4630
• fix(pegboard): isolate runner config dc lookup failures #4625 : 1 other dependent PR (#4626 )
• docs(pegboard): note runner config upsert split write risk #4624
• fix(pegboard): unpack global runner config keys correctly #4623
• fix(pegboard-gateway): enforce tunnel message state #4622
• fix(pegboard-runner): clear terminal tunnel routes #4621
• fix(pegboard): skip protocol version keys in runner pool backfill #4620
• fix(pegboard): create missing normal runner configs #4619
• fix(epoxy): reuse cached optimistic value #4618
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

PR Review: fix(rivetkit): keep internal error exposure behavior consistent

Overview

This PR makes two related changes to internal error exposure behavior:

1. Removes NODE_ENV=development as an implicit trigger for exposing internal errors in both router-endpoints.ts and isolate-runtime.ts
2. Fixes a bug in isolate-runtime.ts where RIVET_EXPOSE_ERRORS: "1" was hardcoded in the sandbox environment, meaning internal errors were always exposed in sandboxed processes regardless of actual environment configuration

---

Issues Found

Bug: Missed File — Inconsistency Remains

The PR title says "keep internal error exposure behavior consistent", but protocol/old.ts still retains the old NODE_ENV=development behavior:

// rivetkit-typescript/packages/rivetkit/src/actor/protocol/old.ts:303-304
getEnvUniversal("RIVET_EXPOSE_ERRORS") === "1" ||
    getEnvUniversal("NODE_ENV") === "development",

This file was not updated, leaving the behavior inconsistent across the three implementations of this check.

Security: Hardcoded Sandbox Error Exposure (Good Fix, Worth Calling Out)

The old code unconditionally set RIVET_EXPOSE_ERRORS: "1" in the sandbox environment regardless of the host environment. This was a security bug — it would always expose full internal error details to clients running inside sandboxed actors in production. The new code correctly inherits the value from the parent process only when set.

Developer Experience Impact

Developers who previously relied on NODE_ENV=development to automatically see detailed error messages must now explicitly set RIVET_EXPOSE_ERRORS=1. This is a deliberate tradeoff, but it's a behavioral change that could be surprising. A note in developer-facing documentation would help.

---

Minor Issues

• Function signature inconsistency: getRequestExposeInternalError in isolate-runtime.ts takes no arguments, while the one in router-endpoints.ts takes _req: Request. These parallel implementations have diverged in signature. Consider unifying them or adding a comment explaining the difference.

• No tests: No tests cover the change in RIVET_EXPOSE_ERRORS behavior (e.g., verifying that NODE_ENV=development no longer triggers error exposure, or that the sandbox correctly inherits the flag). Test coverage would prevent regressions.

• Empty PR description: The PR body is unfilled template text. A brief explanation of what was inconsistent and why this change was needed would help reviewers and future git blame readers.

---

Summary

The core intent is correct and the sandbox hardcoding fix is a real security improvement. The main blocker is the missed protocol/old.ts case that leaves the original inconsistency in place.