Fix CI: remove unpublished sqlite-native optional deps

[NicholasKissel]

Summary

• Removes unpublished @rivetkit/sqlite-native-* platform packages from optionalDependencies in rivetkit-typescript/packages/sqlite-native/package.json
• These packages were added in feat: native SQLite backend via napi-rs with KV channel protocol #4496 but haven't been published to npm yet, causing ERR_PNPM_OUTDATED_LOCKFILE failures in CI with --frozen-lockfile
• Also fixes a broken @hono/node-server entry in the lockfile
• The napi config and prepublishOnly script remain intact so napi prepublish will re-add the optional deps when the platform packages are actually published

Test plan

• CI build passes with pnpm install --frozen-lockfile

[railway-app]

🚅 Deployed to the rivet-pr-4571 environment in rivet-frontend

Service	Status	Web	Updated (UTC)
website	✅ Success (View Logs)	Web	Apr 7, 2026 at 12:13 am
frontend-cloud	❌ Build Failed (View Logs)	Web	Apr 7, 2026 at 12:00 am
frontend-inspector	❌ Build Failed (View Logs)	Web	Apr 7, 2026 at 12:00 am
mcp-hub	🕗 Deploying (View Logs)	Web	Apr 6, 2026 at 11:59 pm
kitchen-sink	❌ Build Failed (View Logs)	Web	Apr 6, 2026 at 11:59 pm
ladle	❌ Build Failed (View Logs)	Web	Apr 6, 2026 at 11:59 pm

[claude]

PR Review: Fix CI — remove unpublished sqlite-native optional deps

Summary: This is a small, focused CI fix. The changes are minimal, correct, and low-risk.

---

rivetkit-typescript/packages/sqlite-native/package.json

The core change is correct. The napi build toolchain (napi-rs) follows a well-established pattern: the optionalDependencies block is generated by napi prepublish at publish time and populated with the actual published platform-specific packages. Committing those entries before the platform packages exist on npm is a known footgun that breaks --frozen-lockfile installs in CI.

Removing the optionalDependencies block while keeping the napi config and prepublishOnly script intact is the standard remedy.

One thing worth noting: the index.js file auto-generated by napi-rs contains the full platform dispatch table that uses require('@rivetkit/sqlite-native-<platform>') as a fallback when no local .node file is found. Without the optionalDependencies entries, those requires will fail at runtime unless the .node file is co-located. This means the native addon will not work when installed from npm until the platform packages are published and napi prepublish is re-run. That is acceptable for a CI fix, but the platform packages at version 2.1.6 need to be published before @rivetkit/sqlite-native@2.1.6 is usable by end-users on platforms without a local build.

Suggestion (non-blocking): Consider adding a note somewhere (e.g., a PUBLISHING.md or a comment in the prepublishOnly script) that napi prepublish -t npm must be run and platform packages must be published before releasing, so the next person does not wonder why optionalDependencies is absent.

---

pnpm-lock.yaml

The lockfile changes downgrade @hono/node-server from 1.19.12 to 1.19.9 in three places.

A few things to verify:

1. Why is 1.19.12 invalid here? The specifier is ^1.19.1, so 1.19.12 should satisfy it. If pnpm resolved it to 1.19.9 on a clean install because 1.19.12 was not resolvable at that moment, this is fine — but worth documenting if something unusual happened with that version on the registry.

2. The downgrade is consistent. All three lockfile references (importers and both @modelcontextprotocol/sdk snapshots) are updated uniformly, which is correct. Partial version mismatches in the snapshot section would cause resolution failures.

3. No functional regression expected. This is a patch-level version change in a server adapter; no breaking changes are expected between 1.19.9 and 1.19.12.

---

Overall Assessment

Approve with one non-blocking note. The fix is correct, minimal, and follows the established napi-rs publish pattern. The only action item is ensuring platform packages at 2.1.6 get published before @rivetkit/sqlite-native@2.1.6 is released to npm, since the runtime dispatch in index.js will fail on non-local builds without those packages installed.