fix: set failure reason regardless of crash policy

[MasterPtato]

No description provided.

[MasterPtato]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• fix(pegboard): cache none runner pool errors too #3899
• fix(engine-runner): handle shutdown close codes correctly #3896
• chore(gas): add overview and history docs #3879
• fix(otel): enrich http traces #3878
• fix(guard): clean up guard #3862
• fix: add ready_chunks to worker bumps, bumps per tick metric #3855
• fix(epoxy): add metrics #3847
• chore: clean up errors #3846
• fix(pb): have restart policy actors sleep after pending for too long #3837
• fix: set failure reason regardless of crash policy #3835 👈 (View in Graphite)
• feat: add metrics to pb, guard #3815
• fix: clear all pending signals after workflow complete #3798
• fix: remove pending actors metric, fix actor error tracker, engine runner error print #3797
• chore(engine): add support for epoxy debugging #3794
• main

---

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

PR Review: Fix failure reason setting regardless of crash policy

Overview

This PR refactors how failure reasons are set when Rivet Actors stop, ensuring failure reasons are always recorded regardless of the crash policy. The changes improve observability by guaranteeing that crash/failure information is preserved even when actors are configured to sleep on crash.

---

✅ Positive Changes

1. Improved Failure Reason Tracking (mod.rs:879-919)

The refactoring correctly moves failure reason setting earlier in the flow and handles all crash types uniformly:

• Normal crashes with error code: Now properly sets FailureReason::Crashed immediately (lines 889-901)
• Lost actors: Sets runner-related failure reasons early (lines 907-915) before crash policy evaluation
• Comment accuracy: The comment on line 908 correctly explains that failure reasons apply to all crash policies

This is a significant improvement - previously, failure reasons for normal crashes were only set in the CrashPolicy::Sleep branch, meaning crashes with CrashPolicy::Restart or other policies would not record the failure reason.

2. Removed Redundant Code (mod.rs:1073)

The ctx.removed activity call is now correctly placed in the CrashPolicy::Sleep branch. This makes sense because failure reasons are now set upfront for all crash types.

3. Fixed Database Query Bug (debug.rs:663-694)

Good catch changing tx.read() to tx.read_opt() and handling the None case. This prevents crashes when workflows are deleted mid-query during debug operations.

4. Removed Premature State Clearing (runtime.rs:1130)

Removing state.failure_reason = None from set_started is correct. The failure reason should only be cleared when an actor successfully allocates, not when it becomes connectable. This preserves failure history during the actor lifecycle.

---

🔍 Potential Issues & Questions

1. Match Expression Restructuring (mod.rs:879-919)

The match expression is now split into 3 arms instead of 2. While functionally correct, if new StopCode variants are added in the future, this match might not catch them at compile time. A nested match structure could provide better exhaustiveness checking.

2. Test Coverage

I could not find explicit unit tests for the failure reason setting logic. Consider adding tests for:

• Actors crashing with CrashPolicy::Restart should have failure_reason set
• Actors crashing with CrashPolicy::Sleep should have failure_reason set
• Lost actors should have failure_reason set based on the loss reason
• Normal exits should NOT set a failure reason

3. State Management Consistency

The code now has two places where failure_reason is cleared:

• Line 137: In set_allocated when actor is allocated
• Line 478: In reschedule_actor after successful allocation

Question: Are both necessary? It seems like line 478 might be redundant if set_allocated always clears it.

---

🔒 Security & Performance

Security: ✅ No security concerns identified
Performance: ✅ No performance impact

---

📋 Code Quality

Adherence to CLAUDE.md:

• ✅ Logging follows structured logging patterns
• ✅ Comments are complete sentences and clear
• ✅ Error handling follows the repository patterns
• ⚠️ No tests added for the behavioral change

---

📝 Suggestions

1. Add integration tests demonstrating that failure reasons are properly set for all crash policies
2. Document the state lifecycle of failure_reason in the struct docstring to clarify when it is set vs. cleared
3. Verify the double-clear pattern mentioned above
4. Consider exhaustive matching for StopCode variants if the enum might expand

---

Summary

Verdict: ✅ Approve with minor suggestions

This is a solid fix that improves failure tracking across all crash policies. The core logic is sound, and the refactoring makes the code more maintainable. The main suggestion is to add test coverage to prevent regression and document the state lifecycle more clearly.

The bug fix in debug.rs is a good catch that prevents potential crashes. Overall, this PR improves both correctness and observability of the Rivet Actor system.

---

Reviewed by Claude Sonnet 4.5

[pkg-pr-new]

More templates

• actor-actions
• example-ai-agent
• example-ai-and-user-generated-actors-freestyle
• chat-room
• example-cloudflare-workers
• example-cloudflare-workers-hono
• example-cloudflare-workers-inline-client
• cross-actor-actions
• example-cursors
• example-cursors-raw-websocket
• custom-serverless
• example-sqlite
• example-elysia
• example-experimental-durable-streams-ai-agent
• hello-world
• example-hono
• hono-react
• example-kitchen-sink
• multi-region
• native-websockets
• next-js
• example-raw-fetch-handler
• example-raw-websocket-handler
• example-raw-websocket-handler-proxy
• example-react
• scheduling
• state
• example-stream
• example-trpc

@rivetkit/cloudflare-workers

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/cloudflare-workers@3835

@rivetkit/db

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/db@3835

@rivetkit/framework-base

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/framework-base@3835

@rivetkit/next-js

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/next-js@3835

@rivetkit/react

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/react@3835

rivetkit

pnpm add https://pkg.pr.new/rivet-dev/rivet/rivetkit@3835

@rivetkit/sql-loader

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/sql-loader@3835

@rivetkit/virtual-websocket

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/virtual-websocket@3835

@rivetkit/engine-runner

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner@3835

@rivetkit/engine-runner-protocol

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner-protocol@3835

commit: 980dd0a