test(engine): cover envoy Sleep crash policy wake and recovery paths

[NathanFlurry]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[NathanFlurry]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• ci(publish): skip lfs for preview checkouts #4819
• test(engine): cover envoy Sleep crash policy wake and recovery paths #4816 👈 (View in Graphite)
• refactor(sqlite-storage): extract DBHead to vbare-versioned protocol crate #4815
• refactor(sqlite-storage): rename SqliteOrigin variants for clarity #4814
• fix(sqlite-storage): allow invalidate_v1_migration on non-migrating META #4813
• test(engine): stabilize runner and envoy suites #4809
• fix(pegboard): decode envoy actor eviction keys #4803 : 1 other dependent PR (#4804 )
• fix(pegboard-envoy): subscribe before registering envoy #4802
• fix(envoy-client): dedupe replayed commands by index #4811 : 1 other dependent PR (#4812 )
• fix(envoy-client): complete command and request lifecycles #4801
• fix(guard): serialize gateway actor keys correctly #4655 : 1 other dependent PR (#4800 )
• chore(rivetkit): remove inline tests #4668 : 1 other dependent PR (#4657 )
• fix(api): subscribe before namespace workflow dispatch #4654
• fix(rivetkit): restore hibernatable sockets and hydrate serverless starts #4658
• test(rivetkit): stabilize actor db driver tests #4664 : 1 other dependent PR (#4656 )
• fix(test): stabilize lifecycle, sleep, queue, and run edge cases #4660 : 1 other dependent PR (#4665 )
• test(rivetkit): re-enable gateway URL and direct-registry coverage #4659
• fix(rivetkit): keep internal error exposure behavior consistent #4661
• fix(rivetkit): add lifecycle error retry and gateway HTTP routing #4666
• fix(rivetkit-core): remove legacy timeouts #4799
• chore: add CLAUDE.md guidance on test fixtures, SDK regen, and TS client layer #4796
• fix(inspector): stream patched state updates #4795
• fix(rivetkit): refresh stale actor handles #4794
• test(rivetkit-napi): move private tests to crate root #4793
• test(rivetkit-core): move private tests to crate root #4792
• test(runner-configs): assert envoy protocol version #4791
• fix(serverless): split metadata protocol errors #4789 : 1 other dependent PR (#4790 )
• chore(sqlite): add open close lifecycle for envoy actors #4788
• fix(rivetkit): share lifecycle shutdown grace #4810
• fix(pegboard): move sqlite v1 migration into actor workflow #4787 : 1 other dependent PR (#4797 )
• test(rivetkit): cover c.db access from onWake/onSleep/onDestroy #4786
• fix(rivetkit-napi): run onMigrate before createState/onCreate/createVars #4785
• refactor(rivetkit-core): merge ready+started into lifecycle_started, drop redundant napi calls #4784
• fix(rivetkit): drain native sleep side tasks reliably #4782 : 1 other dependent PR (#4783 )
• fix(rivetkit): route raw request fetches to actors #4781
• fix(pegboard): refresh runner config after envoy connect #4778 : 2 other dependent PRs (#4779 , #4798 )
• chore(kitchen-sink): configurable endpoint #4766 : 2 other dependent PRs (#4754 , #4777 )
• refactor(rivetkit-core): rename StopReason to ShutdownKind and kill enum fallthroughs #4765
• chore(envoy-client): log command and event payloads #4751
• fix(rivetkit): minor sleep-cleanup follow-ups #4761
• docs(rivetkit): clean up stale setPreventSleep references in docs and JSDoc #4760
• docs(rivetkit): document keepAwake/waitUntil counter-arm race and surface bridge errors #4759
• test(engine): force overdue branch in alarm-during-sleep test with negative offset #4758
• fix(rivetkit-core): return stopping not starting when sleep/destroy called mid-shutdown #4757
• test(rivetkit): remove sleepWithPreventSleep fixture and tests #4756
• test(engine): add regression test for alarm-during-sleep-transition race #4755
• test(rivetkit-core): cover sleep/destroy guards and prevent_sleep no-op #4750
• docs: add keepAwake vs waitUntil table and internal sleep-sequence invariants #4749
• feat(rivetkit): expose c.keepAwake(promise) through native path #4748
• refactor(rivetkit): deprecate setPreventSleep to no-op in TypeScript #4747
• fix(rivetkit-core): enumerate non-drained counters in grace deadline warn log #4746
• fix(rivetkit-core): abort graceful cleanup task when grace deadline elapses #4745
• fix(rivetkit-core): error on sleep/destroy before startup or already-requested #4743
• fix(rivetkit-core): cap SerializeState shutdown timeout at 15s #4742
• refactor(rivetkit-core): remove prevent_sleep field and deprecate set_prevent_sleep to no-op #4741
• fix(api-public): remove orphan import_export actors module #4764
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

Code Review: PR #4816 — test(engine): cover envoy Sleep crash policy wake and recovery paths

Summary

This PR adds three new integration tests for the envoy actor sleep crash policy, plus a spawn_wake_ping helper:

1. envoy_crash_policy_sleep_wakes_on_request — verifies that a sleeping actor (put to sleep after its first crash) is woken up and becomes connectable when an HTTP request arrives.
2. envoy_crash_policy_sleep_recovers_after_wake_crash — verifies that an actor that crashes twice still eventually becomes connectable (the recovery path survives a second crash after wake).
3. envoy_crash_policy_sleep_persists_on_creation — verifies that CrashPolicy::Sleep set at creation time is durably persisted on the actor record.

All code is in engine/packages/engine/tests/envoy/actors_lifecycle.rs. There is no production code change.

---

Code Quality

Overall: The new tests are well-structured and follow the existing file conventions (same common::run driver, same Arc<Mutex<usize>> pattern for crash counting, same poll-with-timeout loops, same tracing calls). The spawn_wake_ping helper is clearly motivated.

---

Issues Found

Minor: Unbounded inner poll loops produce unhelpful timeout messages

The "wait for crash-induced sleep" loop in both envoy_crash_policy_sleep_wakes_on_request and envoy_crash_policy_sleep_recovers_after_wake_crash has no timeout:

loop {
    let actor = common::try_get_actor(...)...;
    if actor.sleep_ts.is_some() && actor.connectable_ts.is_none() {
        break;
    }
    tokio::time::sleep(tokio::time::Duration::from_millis(50)).await;
}

If the actor never enters sleep (e.g., due to a regression), the test hangs until the outer wall-clock limit fires, producing a generic "test timed out" failure with no actionable message. Wrapping this inner loop with tokio::time::timeout(...) would give a clearer failure message. The existing envoy_crash_policy_sleep test has the same weakness, but it's worth flagging in new tests.

Nit: Redundant asserts after loop exit

In both envoy_crash_policy_sleep_wakes_on_request and envoy_crash_policy_sleep_recovers_after_wake_crash, the outer wait loop only breaks when actor.connectable_ts.is_some(), so the immediately following assert:

assert!(
    actor.connectable_ts.is_some(),
    "actor should be connectable after waking from sleep"
);

is always true at that point and can never fail. The meaningful check is the panic inside the timeout branch. These asserts can be removed to reduce noise (though harmless).

Nit: Em dash in comment violates CLAUDE.md style

In envoy_crash_policy_sleep_recovers_after_wake_crash:

// recovery path tolerates additional crashes after wake without
// abandoning the actor — eventual success is what the test asserts on,

Per CLAUDE.md: "Do not use em dashes (—). Use periods to separate sentences instead." This should be rewritten as two sentences.

Info: reqwest::Client::new() per-spawn in spawn_wake_ping

Creating a new reqwest::Client inside each spawned task skips connection pooling. For a single fire-and-forget test request this is fine and consistent with existing test code in this file, but worth noting.

---

Subtle Assumption in envoy_crash_policy_sleep_persists_on_creation

This test creates an actor and immediately calls assert_actor_exists (a single-shot read, no polling) without waiting for the actor to be scheduled. This assumes the actors_create endpoint returns only after the actor record is durably readable via the list API. This should hold in practice, but it's a subtle invariant worth documenting if the behavior ever changes.

---

Test Coverage Assessment

The three tests cover exactly the gap described in the PR title. The existing envoy_crash_policy_sleep only verified the actor enters sleep state after a crash; it did not verify wake-on-request, recovery after wake-crash, or persistence of the crash policy field. Coverage is appropriate.

The design choice to fire the wake request in the background via spawn_wake_ping (fire-and-forget) is correct: the test cares about the wake effect (actor becomes connectable), not whether the triggering request succeeds, since the actor may crash again before responding.

---

Summary

Severity	Issue
Minor	Two inner poll loops lack a timeout, producing unhelpful failure messages on regression.
Nit	Redundant assert!(actor.connectable_ts.is_some()) after loops that already guarantee this.
Nit	Em dash (—) in a comment block, violating CLAUDE.md style.
Info	reqwest::Client::new() per-spawn is consistent with existing test code but not ideal.

None of the issues are blockers. This is a clean, well-motivated addition of missing test coverage. Recommend merging after addressing the em dash nit (the only CLAUDE.md violation) and optionally wrapping the unbounded inner loops with timeouts for better failure diagnostics.

[NathanFlurry]

Landed in main via stack-merge fast-forward push. Commits are in main; closing to match.

[github-actions]

Preview packages published to npm

Install with:

npm install rivetkit@pr-4816

All packages published as 0.0.0-pr.4816.86daff8 with tag pr-4816.

Engine binary is shipped via @rivetkit/engine-cli on linux-x64-musl, linux-arm64-musl, darwin-x64, and darwin-arm64. Windows users should use the release installer or set RIVET_ENGINE_BINARY.

Docker images:

docker pull rivetdev/engine:slim-86daff8
docker pull rivetdev/engine:full-86daff8

Individual packages

npm install rivetkit@pr-4816
npm install @rivetkit/react@pr-4816
npm install @rivetkit/rivetkit-napi@pr-4816
npm install @rivetkit/workflow-engine@pr-4816