chore(rivetkit): enforce limits on fs driver kv api to match engine

[NathanFlurry]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[NathanFlurry]

• refactor(rivetkit): extract shared db utilities and improve sqlite bindings #4278
• chore(rivetkit): enforce limits on fs driver kv api to match engine #4273 👈 (View in Graphite)
• chore(rivetkit): fix run engine config #4268 : 1 other dependent PR (#4271 )
• chore: multiplayer cookbook patterns #4261 : 1 other dependent PR (#4266 )
• docs: document queue with interval pattern #4265
• chore(rivetkit): migrate to sqlite instance per-actor for concurrency optimizations #4264
• docs: workflows #4256
• chore(rivetkit): update conns to be hibernatable #4260
• chore(inspector): add back database tab #4255
• chore: impl canInvoke for matchmaker #4253
• chore: multiplayer cookbook #4200 : 1 other dependent PR (#4201 )
• feat(dashboard): bring new tabs back #4249
• fix(rivetkit): fix sqlite teardown logic #4259
• main

---

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[railway-app]

🚅 Deployed to the rivet-pr-4273 environment in rivet-frontend

Service	Status	Web	Updated (UTC)
frontend-inspector	❌ Build Failed (View Logs)	Web	Feb 24, 2026 at 2:59 am
mcp-hub	✅ Success (View Logs)	Web	Feb 24, 2026 at 2:58 am
website	❌ Build Failed (View Logs)	Web	Feb 24, 2026 at 2:58 am
frontend-cloud	❌ Build Failed (View Logs)	Web	Feb 24, 2026 at 2:58 am
ladle	❌ Build Failed (View Logs)	Web	Feb 24, 2026 at 2:58 am

[claude]

PR Review: enforce limits on fs driver KV API to match engine

Good change — enforcing consistent KV limits between the filesystem driver and the production engine is important for catching limit-related bugs during local development. The new kv-limits.ts file is well-structured and the sync comments on both sides are appreciated.

---

Issues

validateKvEntries iterates entries twice unnecessarily

The function loops over entries once to compute payloadSize, then again to validate individual keys/values. These can be merged into a single pass without changing semantics, which also avoids the slightly confusing pattern of computing aggregate size checks before checking individual per-key/value limits. Minor readability nit, not a correctness issue.

---

Storage size estimate excludes key wrapper overhead

estimateKvSize uses SUM(LENGTH(key) + LENGTH(value)) from SQLite, which measures raw key bytes. The Rust engine uses FDB's get_estimated_range_size_bytes which measures encoded bytes on disk (includes KeyWrapper overhead). validateKvEntries then adds KV_KEY_WRAPPER_OVERHEAD_SIZE to the payload size but compares it against a totalSize that was measured without that overhead. This makes storage utilization estimates between the two environments slightly inconsistent.

For a local dev driver this is acceptable, but it means users could hit storage-full errors from the engine at slightly different thresholds than locally. Worth a comment noting this:

// Note: measures raw key/value bytes. The production engine uses FDB's estimated
// size which includes encoding overhead, so thresholds may differ slightly.

---

Missing human-readable comment on KV_MAX_STORAGE_SIZE

The Rust constant has // 1 GiB but the TypeScript constant at line 8 of kv-limits.ts does not. Minor — 1024 * 1024 * 1024 is less immediately readable without it.

---

Nit: Inconsistent error message casing

validateKvKeys throws "a maximum of 128 keys is allowed" (lowercase) while validateKvEntries throws "A maximum of 128 key-value entries is allowed" (uppercase). This mirrors the existing inconsistency in the Rust code, so not a regression. If there's ever a cleanup pass on the Rust messages, both sides should be updated together.

---

No issues with

• The MAX_VALUE_SIZE / 1024 fix in Rust (better than a hardcoded 128)
• Placement of validateKvKeys inside the write lock for kvBatchDelete
• validateKvKey applied to prefix in kvListPrefix
• estimateKvSize called inside #withActorWrite for accurate snapshot
• Payload size math (key.byteLength + KV_KEY_WRAPPER_OVERHEAD_SIZE + value.byteLength) matching Rust's KeyWrapper::tuple_len
• Storage remaining using Math.max(0, ...) matching Rust's saturating_sub