fix(api): make actor destroy wait for ack

[MasterPtato]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[railway-app]

🚅 Deployed to the rivet-pr-4327 environment in rivet-frontend

Service	Status	Web	Updated (UTC)
frontend-cloud	😴 Sleeping (View Logs)	Web	Feb 28, 2026 at 8:35 pm
website	😴 Sleeping (View Logs)	Web	Feb 28, 2026 at 8:24 pm
frontend-inspector	😴 Sleeping (View Logs)	Web	Feb 27, 2026 at 11:58 pm
mcp-hub	✅ Success (View Logs)	Web	Feb 27, 2026 at 11:49 pm
ladle	❌ Build Failed (View Logs)	Web	Feb 27, 2026 at 11:49 pm

[MasterPtato]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• chore: bump rivetkit protocol version #4329
• fix(udb): add txn tagging #4328
• fix(api): make actor destroy wait for ack #4327 👈 (View in Graphite)
• chore: flatten runtime config #4326
• chore: deploy patch #4324
• main

---

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

Review: fix(api): make actor destroy wait for ack

The approach here is correct and the subscribe-before-fetch ordering is the right pattern to prevent race conditions. A few things worth discussing:

No timeout on destroy_sub.next().await?

The most significant concern is that destroy_sub.next().await? will block indefinitely if the destroy workflow hangs or stalls. Looking at analogous patterns in the codebase (e.g., pegboard_gateway.rs:283), timeouts are used for similar wait scenarios:

_ = tokio::time::sleep(ACTOR_READY_TIMEOUT) => {
    return Err(errors::ActorReadyTimeout { actor_id }.build());
}

The destroy workflow itself (destroy.rs) runs activities that retry on failure, so DestroyComplete should eventually arrive. But if something goes wrong in the workflow engine or the activity retries back-off indefinitely, the HTTP request will hang with no escape hatch. Consider wrapping with a timeout:

tokio::time::timeout(ACTOR_DESTROY_TIMEOUT, destroy_sub.next())
    .await
    .map_err(|_| errors::ActorDestroyTimeout { actor_id }.build())??;

Behavior change for already-destroyed actors

Previously, calling DELETE on an already-destroyed actor (where destroy_ts.is_some()) would:

1. Send the Destroy signal (handled gracefully via graceful_not_found())
2. Return 200 OK

Now it returns NotFound. This is arguably more correct semantically, but it's a breaking API behavior change. If clients are written to be idempotent and call DELETE regardless, they'll now get errors on retry. Worth confirming this is intentional and that the API contract change is acceptable.

Subscription resource usage on invalid requests

The subscription is created unconditionally before validation. If the actor doesn't exist or the namespace doesn't match, the subscription is created, validated against, and then dropped without use. This is fine from a correctness standpoint (Rust's ownership model handles cleanup), but it means every invalid delete request creates a NATS subscription. This is a minor concern and acceptable given the simplicity it buys.

Positive aspects

• Correct race condition prevention: Subscribing before fetching state ensures no window where the DestroyComplete message could be missed between the state check and the signal send.
• Parallel fetch: tokio::try_join\! for the actor and namespace ops is a nice improvement over the sequential fetches in the original code.
• The workflow-not-found path is correctly handled: If the workflow is already gone (res.is_none()), we don't wait on the subscription — avoiding a hang in the common "already stopped" case.

Summary

The core logic is sound. The main ask is to add a timeout to the destroy_sub.next().await? call, and to confirm the behavior change for already-destroyed actors is intentional.

[pkg-pr-new]

More templates

• actor-actions
• actor-actions-vercel
• ai-agent
• ai-agent-vercel
• example-ai-and-user-generated-actors-freestyle
• chat-room
• chat-room-vercel
• example-cloudflare-workers
• example-cloudflare-workers-hono
• collaborative-document
• collaborative-document-vercel
• cross-actor-actions
• cross-actor-actions-vercel
• example-cursors
• example-cursors-raw-websocket
• example-cursors-raw-websocket-vercel
• example-cursors-vercel
• custom-serverless
• example-elysia
• example-experimental-durable-streams-ai-agent
• example-experimental-durable-streams-ai-agent-vercel
• geo-distributed-database
• geo-distributed-database-vercel
• hello-world
• hello-world-vercel
• example-hono
• hono-react
• hono-react-vercel
• example-kitchen-sink
• example-kitchen-sink-vercel
• multi-region-vercel
• multiplayer-game
• example-multiplayer-game-patterns
• example-multiplayer-game-patterns-vercel
• multiplayer-game-vercel
• native-websockets
• native-websockets-vercel
• next-js
• per-tenant-database
• per-tenant-database-vercel
• example-raw-fetch-handler
• example-raw-fetch-handler-vercel
• example-raw-websocket-handler
• example-raw-websocket-handler-proxy
• example-raw-websocket-handler-proxy-vercel
• example-raw-websocket-handler-vercel
• example-react
• example-react-vercel
• sandbox
• sandbox-coding-agent
• sandbox-coding-agent-vercel
• sandbox-vercel
• scheduling
• scheduling-vercel
• example-sqlite-drizzle
• example-sqlite-raw
• state
• state-vercel
• example-stream
• example-stream-vercel
• example-trpc

@rivetkit/cloudflare-workers

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/cloudflare-workers@4327

@rivetkit/framework-base

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/framework-base@4327

@rivetkit/next-js

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/next-js@4327

@rivetkit/react

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/react@4327

rivetkit

pnpm add https://pkg.pr.new/rivet-dev/rivet/rivetkit@4327

@rivetkit/sql-loader

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/sql-loader@4327

@rivetkit/sqlite-vfs

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/sqlite-vfs@4327

@rivetkit/traces

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/traces@4327

@rivetkit/workflow-engine

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/workflow-engine@4327

@rivetkit/virtual-websocket

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/virtual-websocket@4327

@rivetkit/engine-runner

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner@4327

@rivetkit/engine-runner-protocol

pnpm add https://pkg.pr.new/rivet-dev/rivet/@rivetkit/engine-runner-protocol@4327

commit: d8e20e3

[MasterPtato]

This change is part of the following stack:

• chore: deploy patch #4324
  • chore: flatten runtime config #4326
    • fix(api): make actor destroy wait for ack #4327 ◀
      • fix(udb): add txn tagging #4328
        • chore: bump rivetkit protocol version #4329

_{Change managed by git-spice.}