fix(rivetkit): prevent sleep races during disconnect and db work

[NathanFlurry]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[NathanFlurry]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• chore(engine): publish engine bases in ci #4649
• chore: lockfile lefthook #4647
• fix(rivetkit): surface native sqlite kv errors to callers #4645
• fix(rivetkit): prevent sleep races during disconnect and db work #4644 👈 (View in Graphite)
• fix(rivetkit): isolate engine envoys and propagate startup failures #4643
• test(rivetkit): remove wasm sqlite-only fixtures and coverage #4642
• chore(sqlite-vfs): remove wasm sqlite packages and workspace wiring #4641
• chore(rivetkit): remove wasm sqlite runtime #4614
• fix(sqlite-native): restore native startup kv preload #4639
• fix(sqlite-native): delete metadata before chunk range #4638
• fix(sqlite-native): keep truncate cache coherent #4637
• fix(sqlite-vfs): use delete range for truncate cleanup #4636
• fix(sqlite-native): restore kv error hook #4635
• perf(sqlite-native): avoid cloning cached read chunks #4634
• perf(sqlite-native): gate kv operation labels #4633
• perf(sqlite-native): reuse read cache for partial writes #4632
• perf(sqlite-native): remove delete file existence probe #4631
• fix(sqlite-native): gate native read cache behind env var #4630
• fix(pegboard): isolate runner config dc lookup failures #4625 : 1 other dependent PR (#4626 )
• docs(pegboard): note runner config upsert split write risk #4624
• fix(pegboard): unpack global runner config keys correctly #4623
• fix(pegboard-gateway): enforce tunnel message state #4622
• fix(pegboard-runner): clear terminal tunnel routes #4621
• fix(pegboard): skip protocol version keys in runner pool backfill #4620
• fix(pegboard): create missing normal runner configs #4619
• fix(epoxy): reuse cached optimistic value #4618
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

PR Review: fix(rivetkit): prevent sleep races during disconnect and db work

Summary

A small, focused bug-fix PR (5 additions, 0 deletions) addressing two race conditions where an actor could incorrectly fall asleep:

1. connection-manager.ts - Adds this.#actor.resetSleepTimer() immediately after this.#pendingDisconnectCount += 1 inside connDisconnected. This ensures the sleep timer is reset as soon as a pending disconnect begins being tracked, so the actor stays awake while the async onDisconnect callback and KV cleanup work are still running.

2. mod.ts - Adds a #canSleep() guard inside the setTimeout callback in resetSleepTimer. Previously, a sleep timeout could be scheduled at a moment when sleeping was not yet appropriate, fire later when sleep was blocked mid-disconnect, and call startSleep() anyway. The guard re-checks whether sleeping is allowed at fire time and reschedules the timer if not.

---

Code Quality and Best Practices

The changes are clean and consistent with the existing codebase:

• No new imports introduced; changes are minimal and self-contained.
• The resetSleepTimer() call in connection-manager.ts is consistent with all other call sites (connConnected, connResumed, connHibernated, and the existing one at the end of connDisconnected).
• No logging changes, no style violations, no use of deprecated domains or patterns.

---

Potential Bugs / Issues

The new resetSleepTimer() at the top of connDisconnected may appear redundant given the existing one at the end, but it is not.

Without the new line, there is a window between incrementing #pendingDisconnectCount and the already-pending timer firing. If a sleep timer was scheduled before connDisconnected was called, it could fire in that gap and (without the mod.ts guard) call startSleep() even though pendingDisconnectCount > 0.

After the mod.ts change, the timer guard would catch this case anyway. However, the connection-manager.ts call is good defense-in-depth - it cancels the pending timer eagerly rather than relying on the setTimeout callback to self-correct. Both changes are complementary and correct.

No correctness issues found.

---

Performance

No concerns. clearTimeout + setTimeout in resetSleepTimer is O(1) and is already called on every connect/disconnect/message/HTTP request lifecycle event. Adding one more call site is negligible.

---

Security

No security implications.

---

Test Coverage

No tests are included. Given the race condition depends on a timer firing in a narrow async window, deterministic unit testing would require timer mocking, which is reasonable to defer.

If tests are added later, a useful case would be: start an actor with a very short sleepTimeout, trigger a disconnect, and assert that startSleep is not called until after the onDisconnect callback completes.

---

Verdict

The PR is correct and well-scoped. The mod.ts guard is the core fix; the connection-manager.ts eager reset is a solid complementary improvement. Ready to merge.