OTP child spec for a named actor that auto-registers on (re)start.

Like child_spec, with config.get().default_init_timeout_ms.

Start N supervised actors, registered as name_1 .. name_N.

Returns Error(actor.InitFailed(...)) if size < 1. list.range would otherwise produce a degenerate list of weird worker names (e.g. name_0, name_-1) and silently start a useless supervisor.

Cascading Failure Risk: :global and fixed pools do not mix perfectly. If a single worker in the pool fails its global registration (e.g. because name_4 is legitimately held by a node on the other side of a network split), the worker crashes. The pool supervisor will try to restart it. If the conflict persists, the supervisor exhausts its MaxR restart intensity and crashes the entire pool. This means a collision on 1 worker brings down all N workers, causing the parent supervisor to restart the whole pool. This architectural limit will be solved natively when the syn registry backend is introduced in v4.2.0 (via syn process groups).

Like pool, with config.get().default_init_timeout_ms.

Start a named actor.

Like start, but uses config.get().default_init_timeout_ms as the init timeout.

Start a named actor, with a callback for decode errors.

Useful for logging or metering malformed messages across nodes (e.g. during rolling deploys with mismatched codec versions).

Start an actor and register it globally. Kills the actor if registration fails.

See also: start_registered_default/3 (configured init timeout), start_registered_observed/5 (decode-error hook), start_supervised/4 (auto-restart on crash).

Like start_registered, but uses config.get().default_init_timeout_ms as the init timeout.

Render a StartRegisteredError as a human-readable string. Mirrors the *_error_to_string formatters published by the other error modules so observability paths can io.println an error directly without pattern-matching at every call site.

Start a named actor and register it globally, with a callback for decode errors.

Spawn a dedicated process that owns an external resource and runs close(resource) when lifetime dies for any reason. Workaround for the missing {terminate, Reason} callback in gleam/otp/actor 1.x: external resources (database connections, distributed locks, NIF handles, OS pipes) cannot rely on the actor’s exit to free them, but a dedicated observer process can.

Returns the owner’s PID, in case you need to stop the owner independently of the lifetime PID.

Why this shape

The resource is opened inside the owner, so it is BEAM-process- owned by the owner. That matters for resources whose lifetime is tied to a specific process at the runtime level (ETS tables, ports, gen_tcp controlling process).

The owner is linked to the caller (which is usually the actor’s init function). It also traps exits (process.trap_exits(True)). This guarantees a fail-fast behaviour: if open() crashes before it returns, the owner dies, and because it is linked, it pulls the actor down with it immediately. This prevents the “partial failure” scenario where the actor survives but its critical resource failed to initialize.

The owner uses a process.monitor on lifetime. Monitor delivery is asynchronous but reliable: the BEAM guarantees a DOWN for every monitored PID, and a monitor on an already-dead PID fires immediately. That makes the helper safe to call right after the actor has started: even if there is a microsecond gap before the monitor goes up, the BEAM resolves it correctly.

Usage

import distribute
import distribute/actor as dist_actor
import distribute/global

let assert Ok(gs) =
  distribute.start_registered(name, init, handler)
let assert Ok(actor_pid) = global.owner(gs)
let _owner = dist_actor.start_resource_owner(
  fn() { open_postgres_pool() },
  fn(pool) { close_postgres_pool(pool) },
  actor_pid,
)

If the actor needs to use the resource, have open build a process.Subject the owner serves and pass it through your actor’s init.

Failure modes

• open raises: the owner dies before the resource is opened. Because the owner is linked to the caller (the actor), the actor receives an exit signal and crashes immediately. This fail-fast behaviour avoids partial failures where the actor runs without its resource.
• close raises: the owner dies after the panic, no further cleanup runs. The resource may be in a partially-closed state.
• lifetime is already dead at call time: monitor fires DOWN immediately, close runs on the next scheduler tick.
• The owner is process.kill-ed: cleanup is uncatchable, BEAM reaps the resource via process death (only effective for BEAM-process-tied resources). External handles leak. This is the same uncatchable-kill caveat OTP itself has.

Future

When gleam/otp/actor ships native termination callbacks (gleam-lang/otp#126), this helper becomes redundant for the actor case. The contract will not shift: callers can replace the actor.start_resource_owner(open, close, pid) line with the upstream API and delete the helper call site. The function will stay (deprecated) for the more general “tie cleanup to any PID” pattern.

Start a supervised actor that auto-registers on (re)start.

If registration fails, the worker crashes and the supervisor retries, which is the correct OTP pattern for transient registration failures.

Like start_supervised, with config.get().default_init_timeout_ms.