>_
.issue.db
/highway-workflow-engine
Dashboard
Issues
Memory
Lessons
Audit Log
New Issue
Edit Issue #678
Update issue details
Title *
Description
CRITICAL SECURITY ISSUE: Python DSL code currently executes on API server with full access to database, secrets, and network. A malicious user could submit DSL that: - Accesses database and exfiltrates/deletes data - Reads environment variables and secrets - Makes outbound network requests SOLUTION: Dedicated DSL compiler microservice running in isolation: - Only highway_dsl + pydantic installed - No outbound network - No secrets/env vars - Read-only filesystem - Memory/CPU/time limits SCOPE: Only applies when customer submits python_dsl WITHOUT json. When json is present, no conversion needed.
Priority
Low
Medium
High
Critical
Status
Open
In Progress
Closed
Won't Do
Due Date (YYYY-MM-DD)
Tags (comma separated)
Related Issues (IDs)
Enter IDs of issues related to this one. They will be linked as 'related'.
Update Issue
Cancel