refactor(pb): fix actor overdue alarm handling

[MasterPtato]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[MasterPtato]

• fix(pb-outbound): add back serverless token #4817
• fix(pb-envoy): hard abort ws to tunnel on ping error #4776
• fix(outbound): implement drain grace period #4775
• fix(pb): fix pool config defaults #4774
• fix(pb): remove actor sleep ts when allocated #4772
• refactor(gateway): clean up and fix lost tunnel msgs #4771
• refactor(pb): fix actor overdue alarm handling #4770 👈 (View in Graphite)
• fix: update railway docs to include graceful shutdown #4715
• fix: add wf registry command #4714
• chore: move code #4713
• fix(gas): add large txn retries for pulling signals, tighten commit interval for actors #4712
• fix: improve epoxy propose errors, add gcp logging fmt #4698
• fix: autogenerate bare protocol versions #4696
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

PR Review: Overdue Alarm Check Refactor in Pegboard Actor2

Summary

This PR refactors the overdue alarm check in handle_stopped within the Pegboard actor2 lifecycle workflow. The alarm check was previously duplicated inside the Decision::Sleep arm, replicating the full allocate → start → send_outbound path already present in Decision::Reallocate. The refactor lifts that check to before the stopped_res match, converting Decision::Sleep to Decision::Reallocate when the alarm is overdue and sharing the existing allocation path. Net result: -29 lines, no duplication, cleaner intent.

---

Correctness

Behavior preserved in happy path. When an alarm is overdue at Decision::Sleep time, the new code upgrades the decision to Decision::Reallocate, which handles allocation via the same path as the existing Reallocate arm. The actor lifecycle effect is identical.

Alarm guard is correctly scoped. if let (Decision::Sleep, Some(alarm_ts)) = (&decision, state.alarm_ts) limits the override to the only relevant decision — other decisions (Reallocate, Backoff, Destroy) don't need alarm inspection.

alarm_ts cleared on overdue. state.alarm_ts = None is set when the overdue path is taken, matching the deleted code.

Subtle change worth confirming: In the old code, the overdue-alarm branch inside Decision::Sleep did not call SetSleepingInput. In the new code, the post-match block runs unconditionally:

match state.transition {
    Transition::Sleeping | Transition::Reallocating { .. } => {
        ctx.activity(SetSleepingInput {}).await?;
    }
    _ => {}
}

When the overdue-alarm path results in a failed allocation (setting Transition::Reallocating), SetSleepingInput is now called — it wasn't before. This is likely a bug fix (the old code could leave an actor in Transition::Reallocating without marking it as sleeping in UDB), but it's worth confirming that this is intentional.

---

Code Quality

• Deduplication is correct. Sharing the Decision::Reallocate path instead of repeating the allocation logic is the right design.
• Readability improved. The alarm check is visually separated before the match, making the decision sequence easy to read top-to-bottom: initial decision → alarm override → act on decision.
• Enum exhaustiveness. All four Decision variants are explicitly handled in stopped_res. No _ => fall-through on the enum match. Consistent with CLAUDE.md conventions.
• Pre-existing concern (not introduced here). The outer match state.transition at the start of handle_stopped uses _ => to cover several Transition variants (Allocating, Starting, Running, Reallocating, StopIntent). A future Transition variant could be silently swallowed there.
• let mut decision is required since the alarm check may reassign it. Idiomatic.

---

Performance

No concerns. The GetTsInput activity call is still only invoked when decision == Decision::Sleep && state.alarm_ts.is_some(). No additional activities are invoked on the common path.

---

Security

No concerns. This is a pure internal lifecycle state machine refactor with no trust boundary impact.

---

Test Coverage

No tests were added or updated. The changed path (actor stops while in sleep-intent with an overdue alarm) requires:

1. An actor in SleepIntent { rewake_after_stop: false } or equivalent sleep decision
2. alarm_ts set
3. Current time at or past alarm_ts at stop time

An integration test covering this scenario would prevent future regressions, especially since the old code's duplication was the kind of thing that could silently diverge.

---

Verdict

Approve with minor note. The refactor is correct and clearly improves the code. One thing to confirm: the new code now calls SetSleepingInput when the overdue-alarm path ends in Transition::Reallocating (failed allocation), where the old code did not. If this is an intentional bug fix, a brief comment explaining why would help future readers. If unintentional, it should be investigated before merging.