• fix(pegboard): cache none runner pool errors too #3899
• fix(engine-runner): handle shutdown close codes correctly #3896
• chore(gas): add overview and history docs #3879
• fix(otel): enrich http traces #3878
• fix(guard): clean up guard #3862
• fix: add ready_chunks to worker bumps, bumps per tick metric #3855
• fix(epoxy): add metrics #3847
• chore: clean up errors #3846
• fix(pb): have restart policy actors sleep after pending for too long #3837 👈 (View in Graphite)
• fix: set failure reason regardless of crash policy #3835
• feat: add metrics to pb, guard #3815
• fix: clear all pending signals after workflow complete #3798
• fix: remove pending actors metric, fix actor error tracker, engine runner error print #3797
• chore(engine): add support for epoxy debugging #3794
• main

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

This stack of pull requests is managed by Graphite. Learn more about stacking.

RVT-5330 Change behavior of crashpolicy=restart actors to go to sleep after X amount of time pending

PR Review: Fix restart policy actors sleeping after pending timeout

Summary

This PR addresses RVT-5330 by ensuring that Rivet Actors with CrashPolicy::Restart will transition to sleep state if they remain pending (unable to allocate) for more than 60 seconds. This prevents actors from getting stuck in a pending state indefinitely.

Code Quality ✅

Strengths:

• Clean implementation following existing patterns in the codebase
• Good constant naming (RESTART_PENDING_TIMEOUT_MS) with clear documentation
• Proper use of the existing AllocationOverride enum pattern
• Follows the repository's structured logging conventions (lowercase messages, structured fields)

Minor observations:

• The new variant PendingTimeout is well-integrated into the existing enum structure
• Comment formatting follows the CLAUDE.md guidelines (complete sentences, no dashes)

Functionality ✅

The logic is sound:

1. New constant (mod.rs:18): Defines a 60-second timeout for restart policy actors
2. Updated handle_stopped (mod.rs:1057-1074): When a CrashPolicy::Restart actor crashes, it now reschedules with AllocationOverride::PendingTimeout
3. Extended spawn_actor (runtime.rs:766-777): The timeout handling now includes the new PendingTimeout variant alongside DontSleep
4. Correct state transitions: The PR properly handles the SpawnActorOutput::Sleep case (line 1069), which was previously commented as impossible

Potential Issues 🔍

1. Comment removal justification (mod.rs:1057-1070)

The removed comment stated:

// NOTE: Its not possible for `SpawnActorOutput::Sleep` to be returned here, the crash
// policy is `Restart`.

This comment is now obsolete since SpawnActorOutput::Sleep can be returned when the pending timeout expires. However, the PR doesn't add any logging when this transition occurs. Consider:

runtime::SpawnActorOutput::Sleep => {
    tracing::debug!(
        actor_id=?input.actor_id,
        ?RESTART_PENDING_TIMEOUT_MS,
        "restart policy actor sleeping after pending timeout"
    );
}

2. Missing state management

When SpawnActorOutput::Sleep is returned (line 1069), the code doesn't set state.sleeping = true or call SetSleepingInput activity. Looking at other places in the code (e.g., lines 1078-1086), sleeping actors need proper state updates. This could lead to inconsistent state.

Suggested fix:

runtime::SpawnActorOutput::Sleep => {
    state.sleeping = true;

    ctx.activity(runtime::SetSleepingInput {
        actor_id: input.actor_id,
    })
    .await?;
}

3. No failure reason update

When an actor times out pending and goes to sleep, it might be valuable to set or preserve a NoCapacity failure reason so users understand why their restart-policy actor is sleeping. Currently, if the actor had a crash-related failure reason, it would remain, which could be confusing.

Performance Considerations ✅

• No performance concerns
• The timeout mechanism uses existing infrastructure (listen_with_timeout)
• 60-second timeout is reasonable for preventing indefinite pending states

Security Concerns ✅

No security issues identified.

Test Coverage ⚠️

Missing test coverage:

• No tests found for the restart policy pending timeout behavior
• Should add tests verifying:
  • Restart policy actors transition to sleep after 60s pending
  • State is correctly updated when timeout occurs
  • Actors can be woken from this sleep state
  • Behavior differs from CrashPolicy::Sleep actors

Recommendations

Must fix:

1. Add state management when SpawnActorOutput::Sleep is returned (line 1069) - missing state.sleeping = true and SetSleepingInput activity

Should consider:
2. Add debug logging when restart policy actors transition to sleep due to timeout
3. Consider setting/clearing failure reasons appropriately when timeout occurs
4. Add integration tests for this new behavior path

Nice to have:
5. Document the timeout behavior in user-facing documentation if not already present

Verdict

The core logic is correct and well-implemented, but there's a critical state management issue at line 1069 where the sleeping state isn't properly set. This needs to be fixed before merging.

Overall assessment: Needs minor changes ⚠️

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/cloudflare-workers@3837

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/db@3837

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/framework-base@3837

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/next-js@3837

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/react@3837

pnpm add https://pkg.pr.new/rivet-dev/rivet/rivetkit@3837

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/sql-loader@3837

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/virtual-websocket@3837

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner@3837

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner-protocol@3837

commit: e96badf

Merge activity

• Jan 14, 11:40 PM UTC: MasterPtato added this pull request to the Graphite merge queue.
• Jan 14, 11:41 PM UTC: CI is running for this pull request on a draft pull request (#3908) due to your merge queue CI optimization settings.
• Jan 14, 11:42 PM UTC: Merged by the Graphite merge queue via draft PR: #3908.