fix(rivetkit): remove client-side connection request size check

[abcxff]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[railway-app]

🚅 Deployed to the rivet-pr-5057 environment in rivet-frontend

Service	Status	Web	Updated (UTC)
website	😴 Sleeping (View Logs)	Web	May 14, 2026 at 6:20 pm
frontend-inspector	❌ Build Failed (View Logs)	Web	May 14, 2026 at 6:13 pm
frontend-cloud	❌ Build Failed (View Logs)	Web	May 14, 2026 at 6:11 pm
ladle	❌ Build Failed (View Logs)	Web	May 14, 2026 at 6:11 pm
mcp-hub	✅ Success (View Logs)	Web	May 14, 2026 at 6:10 pm
kitchen-sink	❌ Build Failed (View Logs)	Web	May 14, 2026 at 6:09 pm

[abcxff]

• [slop]fix(workflow-engine): only commit step state after success #5010 : 2 dependent PRs (#5050 , #5052 )
• fix(rivetkit): bind methods through createWriteThroughProxy #4987
• fix(rivetkit): remove client-side connection request size check #5057 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

Code Review

Overview

This PR removes the client-side message size enforcement for WebSocket ActionRequest messages in actor-conn.ts, delegating the check entirely to the server (Rust core: rivetkit-core/src/registry/websocket.rs:293-297). The server closes the WebSocket with close code 1011 and reason message.incoming_too_long when a message exceeds max_incoming_message_size.

---

Issues

Dead code — DEFAULT_MAX_INCOMING_MESSAGE_SIZE constant is now unused

actor-conn.ts:96 still declares:

const DEFAULT_MAX_INCOMING_MESSAGE_SIZE = 65_536;

The only place that consumed it was the removed check. This constant should be deleted in this PR.

Behavioral regression — connection closed vs. action rejected

The previous client-side path rejected only the specific in-flight action (calling inFlight.reject(error)) and kept the WebSocket connection alive. The server-side path in websocket.rs terminates the entire connection:

if message.data.len() > max_incoming_message_size {
    message.sender.close(Some(1011), Some("message.incoming_too_long".to_owned()));
    return;
}

Any other in-flight actions on the same connection will also fail when a single oversized message is sent. If the intent is to match server semantics (connection close), the test should assert that the connection is unusable after the rejection rather than just calling dispose(). If the intent is per-action surgical rejection, the server-side behavior should send an action-level error frame instead of closing.

Bandwidth waste for oversized messages

Previously the message was serialized and checked but not sent if too large. Now the full serialized payload (~90 KB in the test case) is sent over the wire before the server closes the connection. Consider whether a lightweight client-side pre-flight size check should remain to avoid the unnecessary round trip for clearly oversized messages.

Misleading PR title

"revert remove client-side connection request size check" is a double-negative and ambiguous — it reads as "undo the removal" (add the check back) but this PR actually removes the check. A clearer title: fix(rivetkit): delegate connection message size enforcement to server.

---

Nits

• The updated test comment is helpful, but the test should also assert the connection is closed post-rejection, not just that the action rejects.
• PR description template was not filled in (type of change, test plan, checklist).

---

Summary

Server-side enforcement is confirmed correct (websocket.rs:293-297 enforces the limit). The required fix before merging is removing the now-dead DEFAULT_MAX_INCOMING_MESSAGE_SIZE constant. The behavioral difference (full connection teardown vs. per-action rejection) should be an explicit documented design decision rather than a silent side effect of this change.

[abcxff]

picking up from #5055