fix(rivetkit-core): gate startup until runtime is ready

[NathanFlurry]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[NathanFlurry]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• fix(rivetkit-core): gate startup until runtime is ready #4736 : 2 dependent PRs (#4737 , #4739 ) 👈 (View in Graphite)
• fix(rivetkit-sqlite): preserve text with embedded nul bytes #4735
• chore(rivetkit): add child spans for logging #4734
• fix(rivetkit-core): orphan engine process and detect crashes #4733
• fix(rivetkit-core): return None for empty inspector state to avoid frontend CBOR decode error #4732
• fix(rivetkit-core): don't install tokio::signal::ctrl_c() handler inside serve_with_config #4731
• refactor(rivetkit-core): use subtle::ConstantTimeEq for inspector token verify #4730
• fix(rivetkit): drop is_read_only_sql classifier, surface RETURNING rows #4728
• docs: require close-code rejection for websocket auth/policy failures #4727
• fix(rivetkit): inspector reports actual config state + real queue messages #4726
• fix(rivetkit-napi): plumb ctx through serializeState TSF and stop panicking on runtime_state Ref drop #4725
• chore(rivetkit): remove legacy metrics & prometheus auth #4724
• chore(rivetkit): remove legacy metrics #4723
• chore(rivetkit): impl inspector token #4722
• chore: disable auth on serverless #4721
• chore: fix cors for envoys #4720
• chore: fix serverless in rivetkit-core #4719
• chore(rivetkit): impl follow up review #4711
• chore: rivetkit core/napi/typescript follow up review #4702
• chore: fix remaining issues with rivetkit-core #4701
• chore: sqlite v1 to v2 data migration #4692 : 1 other dependent PR (#4640 )
• chore: move rivetkit to task model #4680
• chore: rivetkit to rust #4679
• feat(rivetkit): sqlite vfs v2 #4673
• chore: rename sandbox -> kitchen sink #4671 : 1 other dependent PR (#4672 )
• chore: configure TLS trust roots for rustls clients #4667
• fix(rivetkit): update config to match envoys & remove manager references #4663
• chore(publish): pin docker base image refs #4652
• chore(engine): publish engine bases in ci #4649 : 2 other dependent PRs (#4650 , #4666 )
• chore: lockfile lefthook #4647
• fix(rivetkit): surface native sqlite kv errors to callers #4645
• fix(rivetkit): prevent sleep races during disconnect and db work #4644
• fix(rivetkit): isolate engine envoys and propagate startup failures #4643
• test(rivetkit): remove wasm sqlite-only fixtures and coverage #4642
• chore(sqlite-vfs): remove wasm sqlite packages and workspace wiring #4641
• chore(rivetkit): remove wasm sqlite runtime #4614
• fix(sqlite-native): restore native startup kv preload #4639
• fix(sqlite-native): delete metadata before chunk range #4638
• fix(sqlite-native): keep truncate cache coherent #4637
• fix(sqlite-vfs): use delete range for truncate cleanup #4636
• fix(sqlite-native): restore kv error hook #4635
• perf(sqlite-native): avoid cloning cached read chunks #4634
• perf(sqlite-native): gate kv operation labels #4633
• perf(sqlite-native): reuse read cache for partial writes #4632
• perf(sqlite-native): remove delete file existence probe #4631
• fix(sqlite-native): gate native read cache behind env var #4630
• fix(pegboard): isolate runner config dc lookup failures #4625 : 1 other dependent PR (#4626 )
• docs(pegboard): note runner config upsert split write risk #4624
• fix(pegboard): unpack global runner config keys correctly #4623
• fix(pegboard-gateway): enforce tunnel message state #4622
• fix(pegboard-runner): clear terminal tunnel routes #4621
• fix(pegboard): skip protocol version keys in runner pool backfill #4620
• fix(pegboard): create missing normal runner configs #4619
• fix(epoxy): reuse cached optimistic value #4618
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

Review of PR #4736: gate startup until runtime is ready

This is a solid and necessary fix. Gating active_actor on ctx.ready() closes a real race where a client request could arrive at an Active instance that has not completed its startup preamble, causing silent misbehavior. The TypeScript client changes are symmetrical and correctly extend the stale-identity retry logic to cover starting. A few things worth addressing:

ISSUES

1. warn_work_sent_to_stopping_instance is the wrong diagnostic for the starting state

In rivetkit-rust/packages/rivetkit-core/src/registry/mod.rs (around the not-yet-ready Active instance branch), the code calls warn_work_sent_to_stopping_instance(active_actor).

This warning fires when an Active instance is not yet ready() -- meaning it is still starting, not stopping. The metric name inc_direct_subsystem_shutdown_warning and the log message work sent to stopping actor instance will mislead operators into thinking an actor is shutting down. This should use a distinct diagnostic path (e.g. warn_work_sent_to_starting_instance) or at minimum emit a different log message. The actual stopping path below uses the same helper correctly.

2. actor.starting maps to 500 Internal Server Error from framework routes

In rivetkit-rust/packages/rivetkit-core/src/registry/http.rs (framework_error_status):

The function has no arm for (actor, starting), so it falls through to StatusCode::INTERNAL_SERVER_ERROR. The correct status for actor is still starting up, retry soon is 503 Service Unavailable. Consider adding (actor, starting) (and by symmetry stopping, destroying) mapping to StatusCode::SERVICE_UNAVAILABLE in framework_error_status.

3. sendActionNow uses an inline setTimeout instead of waitForRetryWindow

In rivetkit-typescript/packages/rivetkit/src/client/actor-handle.ts (the starting/stopping retry branch inside sendActionNow): the inline 100ms delay is inconsistent with all other retry paths which call waitForRetryWindow(). Use the shared helper instead.

4. isStaleResolvedActorError in actor-query.ts is missing destroying

In rivetkit-typescript/packages/rivetkit/src/client/actor-query.ts: The isStaleResolvedActorError function includes starting and stopping but not destroying. Meanwhile shouldRetryDynamicLifecycleError in actor-handle.ts includes destroying in its retry set. This means actor.destroying skips resolved-actor-ID invalidation. Since the PR explicitly updated both files to add starting, it would be consistent to add destroying to isStaleResolvedActorError in the same change.

5. Missing trailing newline on actor.starting.json artifact

rivetkit-rust/engine/artifacts/errors/actor.starting.json is missing a trailing newline. All sibling files (actor.stopping.json, etc.) end with a newline.

MINOR OBSERVATIONS

• sql-loader in pnpm-lock.yaml: The lockfile picks up @rivetkit/sql-loader@2.2.1 from npm for examples/kitchen-sink, while the workspace package is at 2.3.0-rc.4. Adding @rivetkit/sql-loader: workspace:* to root resolutions would align it with the other @rivetkit/* packages.

• No new tests: The core behavioral change (rejecting active_actor when ready() is false) has no test coverage. A test in rivetkit-rust/packages/rivetkit-core/tests/ that calls active_actor on a mid-startup instance and asserts an actor.starting error would prevent regressions.

[github-actions]

Preview packages published to npm

Install with:

npm install rivetkit@pr-4736

All packages published as 0.0.0-pr.4736.ed96c00 with tag pr-4736.

Engine binary is shipped via @rivetkit/engine-cli on linux-x64-musl, linux-arm64-musl, darwin-x64, and darwin-arm64. Windows users should use the release installer or set RIVET_ENGINE_BINARY.

Docker images:

docker pull rivetdev/engine:slim-ed96c00
docker pull rivetdev/engine:full-ed96c00

Individual packages

npm install rivetkit@pr-4736
npm install @rivetkit/react@pr-4736
npm install @rivetkit/rivetkit-napi@pr-4736
npm install @rivetkit/workflow-engine@pr-4736

[NathanFlurry]

Landed in main via stack-merge fast-forward push. Commits are in main; closing to match.