• chore(engine): publish engine bases in ci #4649 : 3 dependent PRs (#4650 , #4652 , #4666 )
• chore: lockfile lefthook #4647
• fix(rivetkit): surface native sqlite kv errors to callers #4645
• fix(rivetkit): prevent sleep races during disconnect and db work #4644
• fix(rivetkit): isolate engine envoys and propagate startup failures #4643
• test(rivetkit): remove wasm sqlite-only fixtures and coverage #4642
• chore(sqlite-vfs): remove wasm sqlite packages and workspace wiring #4641
• chore(rivetkit): remove wasm sqlite runtime #4614
• fix(sqlite-native): restore native startup kv preload #4639
• fix(sqlite-native): delete metadata before chunk range #4638
• fix(sqlite-native): keep truncate cache coherent #4637
• fix(sqlite-vfs): use delete range for truncate cleanup #4636
• fix(sqlite-native): restore kv error hook #4635 👈 (View in Graphite)
• perf(sqlite-native): avoid cloning cached read chunks #4634
• perf(sqlite-native): gate kv operation labels #4633
• perf(sqlite-native): reuse read cache for partial writes #4632
• perf(sqlite-native): remove delete file existence probe #4631
• fix(sqlite-native): gate native read cache behind env var #4630
• fix(pegboard): isolate runner config dc lookup failures #4625 : 1 other dependent PR (#4626 )
• docs(pegboard): note runner config upsert split write risk #4624
• fix(pegboard): unpack global runner config keys correctly #4623
• fix(pegboard-gateway): enforce tunnel message state #4622
• fix(pegboard-runner): clear terminal tunnel routes #4621
• fix(pegboard): skip protocol version keys in runner pool backfill #4620
• fix(pegboard): create missing normal runner configs #4619
• fix(epoxy): reuse cached optimistic value #4618
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

PR Review: fix(sqlite-native): restore kv error hook

This PR restores KV error hooks in the native SQLite implementation, adds a last_error tracking mechanism in the VFS layer, and surfaces meaningful error context to the JavaScript layer. Overall the approach is sound and the implementation is clean.

Correctness Fixes (Good)

notGlobal ?? false (wrapper.js): Genuine bug fix — previously passing undefined to the native binding which expected a boolean.

.as_deref() fix (vfs.rs:681): More type-correct than .as_ref() for getting a &[u8] slice from Option<Vec<u8>>. The previous .as_ref() would produce Option<&Vec<u8>> rather than Option<&[u8]>, which could cause type mismatches silently.

read_cache.as_ref().and_then(...) (vfs.rs:636): Handles read_cache correctly as an Option type. The type definition change driving this is not visible in the diff — if FileState::read_cache changed from a bare HashMap to Option<HashMap> in a parent branch, this fix is correct. Worth confirming that is the case.

Error Tracking Design

The Mutex<Option<String>> approach for last_error in VfsContext is correct for this use case. The split between clone_last_error() (used by SQLite’s kv_vfs_get_last_error) and take_last_error() (used by the JS layer) is a clean design: SQLite can call kv_vfs_get_last_error non-destructively, while the JS side consumes the error once.

The clear_last_error() on success pattern prevents stale errors from leaking across operations.

Potential Issues

Possible TOCTOU in error clearing: After a KV failure, report_kv_error sets last_error. SQLite receives SQLITE_IOERR and may call kv_vfs_get_last_error. However, SQLite may also retry or issue a follow-up VFS operation (e.g. a read on the journal file) that succeeds, triggering clear_last_error() before kv_vfs_get_last_error is called. This is unlikely in practice since SQLite does not retry after IO errors, but the window exists.

wrapNativeStorageError always throws but the call sites are not explicit about it:

try {
    const result = await nativeDb.query(query, bindings);
    return mapRows(result.rows, result.columns);
} catch (error) {
    wrapNativeStorageError(nativeDb, error); // always throws, but a reader cannot tell
}

A reader may wonder why there is no return or throw after the call. Restructuring call sites as throw wrapNativeStorageError(...) would make the intent clear and, if this code is ever compiled via TypeScript, allow never narrowing.

report_kv_error calls on_error after set_last_error: The error is stored before the hook fires. Not a bug, but future on_error implementations that inspect VFS state should be aware the stored error is already set at that point.

Minor Notes

• The error message referencing c.abortSignal is helpful and directly actionable for actor developers.
• sqlite_error_message() properly handles the null-db case, and SQLite docs confirm sqlite3_errmsg is safe to call on a non-null handle even after sqlite3_open_v2 fails.
• kv_vfs_get_last_error now correctly implements the null-terminated string copy contract (bounds check + null terminator) where it was previously a no-op stub.
• The on_error() default no-op in the SqliteKv trait is the right pattern for an optional hook.

Summary

The implementation is solid. The one structural suggestion is to make wrapNativeStorageError call sites explicit about the function always throwing (e.g. throw wrapNativeStorageError(...)). Everything else looks correct and follows codebase conventions.