refactor(pb): fix actor overdue alarm handling

[MasterPtato]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[MasterPtato]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• fix(pb-envoy): hard abort ws to tunnel on ping error #4776
• fix(outbound): implement drain grace period #4775
• fix(pb): fix pool config defaults #4774
• fix(pb): remove actor sleep ts when allocated #4772
• refactor(gateway): clean up and fix lost tunnel msgs #4771
• refactor(pb): fix actor overdue alarm handling #4770 👈 (View in Graphite)
• fix: update railway docs to include graceful shutdown #4715
• fix: add wf registry command #4714
• chore: move code #4713
• fix(gas): add large txn retries for pulling signals, tighten commit interval for actors #4712
• fix: improve epoxy propose errors, add gcp logging fmt #4698
• fix: autogenerate bare protocol versions #4696
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

PR Review: refactor(pb): fix actor overdue alarm handling (#4770)

File: engine/packages/pegboard/src/workflows/actor2/runtime.rs

Summary

This PR refactors the overdue alarm check in handle_stopped by hoisting it out of the Decision::Sleep match arm and evaluating it before the stopped_res dispatch. The logic is correct and the refactor significantly reduces duplication.

Correctness

The logic change is correct. The previous Decision::Sleep arm duplicated the full Decision::Reallocate dispatch inline. The new approach converts decision from Sleep to Reallocate before the dispatch match, so the overdue-alarm path falls through to the single shared Decision::Reallocate arm. This avoids code duplication while preserving identical observable behavior.

state.alarm_ts is correctly cleared when the alarm has fired, consistent with the existing pattern elsewhere in the file.

The check is correctly scoped to Decision::Sleep only, so alarms do not interfere with Reallocate, Backoff, or Destroy decisions.

Potential Gap: Decision::Backoff with an Overdue Alarm

When an actor stops due to a failed allocation while an alarm is already overdue, both old and new code leave state.alarm_ts set and transition to Reallocating. This is not a regression introduced by this PR, but the intent is undocumented. Consider adding a comment above the alarm check explaining why Backoff is excluded.

Code Quality

The comment // Check alarm (line 564) is a sentence fragment. Per CLAUDE.md conventions, comments should be complete sentences. Suggested replacement: // Check whether an alarm fired while the actor was stopping and wake it immediately.

Workflow Replay Safety

Since GetTsInput {} is an existing #[activity] used in this workflow, hoisting it out of the Decision::Sleep arm changes the activity call order for workflows that previously hit this code path. Any in-flight workflow interrupted after computing Decision::Sleep but before or during the old overdue-alarm allocation block will replay with the new code and encounter GetTsInput at a different position in the event log.

Whether this is safe depends on how Gasoline handles activity sequencing during replay (strict position vs. type+input matching). Please confirm replay safety, or note that this is deployed only after draining any in-flight workflows in the affected state.

PR Description

The description is the default template with no context. For a deterministic workflow change it would be helpful to document: what the original bug was, how this was tested, and whether workflow replay safety was considered.

Overall

The refactor is clean and reduces real duplication. Main items to address: (1) confirm workflow replay safety, (2) optionally add a comment clarifying why Backoff is excluded from the alarm check, (3) expand the sentence-fragment comment on line 564 to a complete sentence.