fix(sqlite): avoid nested runtime during vfs register

[NathanFlurry]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[NathanFlurry]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• fix(sqlite): disable incomplete preload hint flush #4895
• fix(sqlite): avoid nested runtime during vfs register #4894 👈 (View in Graphite)
• chore(driver-test-runner): add native/wasm runtime matrix to skill #4884 : 3 other dependent PRs (#4892 , #4896 , #4901 )
• chroe: rename rivetkit-sqlite to depot-client #4883
• fix(rivetkit-wasm): fix mem leaks #4880
• chore(rivetkit): wasm support #4860
• feat(sqlite): add cold read benchmarks and simplify optimizations #4857
• feat(sqlite): benchmark cold reads #4848 : 1 other dependent PR (#4864 )
• docs(actors): document manual lifecycle controls #4847
• test(sqlite): expand db stress coverage #4846 : 1 other dependent PR (#4849 )
• test(raw-websocket): add serverless smoke coverage #4845
• feat(serverless): configure drain grace period #4844
• fix(publish): enable frontend build for engine target and use turbo build instead of turbo build:engine #4843
• feat(rivetkit): expose conn handle in onWebSocket context #4842
• fix(rivetkit): normalize waitUntil/keepAwake promises to null to avoid serde undefined error #4841
• fix(rivetkit): remove requirement for token #4839 : 1 other dependent PR (#4840 )
• fix(pegboard-envoy): allow sqlite requests across lifecycle states #4838
• fix(pegboard): route scoped actor key reads by runner dc #4837
• fix(sqlite-storage): let sqlite open take over stale owners #4834
• fix(engine-tests): parallelize multi-DC startup + enable 6 multi-DC tests #4833
• fix(api): honor cursor in actor_ids list path #4832
• fix(api): silently filter invalid IDs from actor_ids query instead of 400 #4831
• fix(api-peer): make actors_delete idempotent for already-destroyed actors #4830
• fix(pegboard): use Iterator streaming mode in list_names so limit param is honored #4829
• chore(engine-tests): convert envoy tests to Sleep crash policy + triage ignored #4828
• feat(engine-tests): wire envoy actor names through prepopulate_actor_names #4827
• chore(depot): fault injection tests #4868
• feat(sqlite): pitr & forking #4859 : 1 other dependent PR (#4863 )
• chore(sqlite): stateless storage refactor #4856
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

PR Review: fix(sqlite): avoid nested runtime during vfs register

Overview

This PR fixes two related SQLite runtime issues:

1. vfs.rs — fetch_initial_main_page was calling Handle::block_on from within an async context, causing a panic ("cannot call block_on from within an async context"). Fixed by wrapping with block_in_place on multi-thread runtimes, and returning an explicit error on current-thread runtimes.

2. connection_manager.rs — NativeConnection and NativeVfsHandle drops were happening directly on the async executor thread, blocking it during SQLite I/O cleanup. Fixed by routing all drops through spawn_blocking.

Both fixes are correct and address real panics/blocking behavior.

---

Code Quality

Strengths:

• The ReadAcquireAction enum cleanly replaces the previous Option<NativeVfsHandle> dual-purpose return, making control flow explicit.
• Refactoring prune_expired_readers to return Vec<IdleReadConnection> instead of usize enables the caller to drop connections outside the mutex — the right approach.
• drop_native_connections_blocking and drop_vfs_blocking are well-factored helpers with appropriate early-return guards.
• The close() fix correctly includes idle_writer in the connections vec. The old code silently dropped the writer inside the lock block without routing it through spawn_blocking.

---

Issues and Suggestions

Minor: awkward Option::into_iter().collect() pattern

In two places:

drop_native_connections_blocking(idle_connection.into_iter().collect()).await;
drop_native_connections_blocking(close_connection.into_iter().collect()).await;

Both are Option<NativeConnection>. Works correctly but is verbose. Consider making the helper accept impl IntoIterator<Item = NativeConnection> or Option<NativeConnection> directly.

Potential: block_in_place error loses context

The CurrentThread early-return error is descriptive, but doesn't include the actor ID. Since this surfaces as a String propagated up through VFS registration, including the actor_id would help operators diagnose which actor triggered it.

Pre-existing gap: Drop still runs on async thread for leaked leases

If a NativeReadConnectionLease or NativeWriteConnectionLease is leaked via a panic without calling release(), the Drop impl only logs a warning and the NativeConnection drop runs on whatever thread unwinds — which may be the async executor. Pre-existing issue, but worth tracking as a follow-up now that the normal paths are fixed.

---

Missing Tests

No tests are added. A regression test covering the panic scenario (calling open_database_from_envoy from within a multi-thread async context and asserting no panic) would prevent regressions. Expected given the DRAFT state; noting for when the PR is ready.

---

Verdict

The core approach is sound. block_in_place in vfs.rs and spawn_blocking-based drop routing in connection_manager.rs are the correct Tokio patterns for these scenarios. Suggestions above are minor polish items for when the PR comes out of draft.