Issues [highway-workflow-engine]

ID	Title	Status	Priority	Created	Due Date	Actions
#548	[API/Perf] logs.py DataShard tables loaded without caching File: api/blueprints/v1/logs.py:95-124. load_table() called on every request, then _read_table_to_pa...	closed	high	2025-12-17 16:29	-	Edit
#547	[API/Perf] analytics.py heavy PERCENTILE_CONT aggregation File: api/blueprints/v1/analytics.py:520-535. Running p50, p95, p99 percentiles on potentially milli...	closed	high	2025-12-17 16:29	-	Edit
#546	[API/Perf] analytics.py full table scan in list_queue_analytics File: api/blueprints/v1/analytics.py:45-65. Query groups ALL workflow_runs for a tenant with no time...	closed	high	2025-12-17 16:29	-	Edit
#545	[API/Race] tenant_apps.py TOCTOU in set_secret and delete_secret File: api/blueprints/v1/tenant_apps.py:913-1027. SELECT secrets_config, modify in Python, then UPDAT...	closed	high	2025-12-17 16:29	-	Edit
#544	[API/Race] apps.py TOCTOU in create_version File: api/blueprints/v1/apps.py:790-852. Two separate checks (app ownership, version existence) befo...	closed	high	2025-12-17 16:29	-	Edit
#543	[API/Race] apps.py TOCTOU in create_app File: api/blueprints/v1/apps.py:193-236. SELECT checks for duplicate, then INSERT. Between these ope...	closed	high	2025-12-17 16:29	-	Edit
#542	[API/Race] rbac.py TOCTOU in API key validation File: api/middleware/rbac.py:146-209. _validate_api_key performs SELECT then UPDATE without FOR UPDA...	closed	high	2025-12-17 16:29	-	Edit
#541	[API/Perf] auth_wrapper.py N+1 query in get_user_accessible_tenants File: engine/security/auth_wrapper.py:311-330. Loops through ALL tenants making separate auth query ...	closed	high	2025-12-17 16:29	-	Edit
#540	[API/Perf] oauth2.py blocking requests library in async handler File: api/oauth_handlers/oauth2.py:374-401. Uses synchronous requests.post() and requests.get() in a...	closed	high	2025-12-17 16:29	-	Edit
#539	[API/Perf] rbac.py N+1 DB queries - no permission cache File: api/middleware/rbac.py:659-661. Every permission check opens new DB connection and creates new...	closed	high	2025-12-17 16:29	-	Edit
#538	[API/Perf] steps.py full data scan for count-only operation Fixed: Added row_count() to DataShard, steps.py uses parquet metadata for count-only queries	closed	high	2025-12-17 16:29	-	Edit
#537	[API/Perf] signals.py:73 sync function blocks event loop File: api/blueprints/v1/signals.py:73-94. get_signals is a synchronous function (def get_signals) de...	closed	high	2025-12-17 16:29	-	Edit
#536	[API/Race] api/config.py module-level config fetch at import time File: api/config.py:11. Module-level call to get_engine_config() executes Vault fetch at import time...	closed	critical	2025-12-17 16:28	-	Edit
#535	[API/Perf] version.py subprocess in async endpoint without caching File: api/blueprints/v1/version.py:21-48. subprocess.run for git commands runs synchronously in asyn...	closed	critical	2025-12-17 16:28	-	Edit
#534	[API/Race] oauth2.py global config mutation not atomic File: api/oauth_handlers/oauth2.py:37-39,95-106. Global _OAUTH2_CONFIG_CACHE dict assigned separatel...	closed	critical	2025-12-17 16:28	-	Edit
#533	[API/Memory] approvals.py connection leak in ApprovalService factory File: api/blueprints/v1/approvals.py:28-33. get_approval_service() creates direct connection on ever...	closed	critical	2025-12-17 16:28	-	Edit
#532	[API/Bug] workflows.py:2074 - run_id undefined in retry_workflow File: api/blueprints/v1/workflows.py:2074. Variable run_id is referenced but never defined. Function...	closed	critical	2025-12-17 16:28	-	Edit
#531	[API/Memory] signals.py connection leak - every signal operation leaks DB connection File: api/blueprints/v1/signals.py:26-30. get_signal_service() creates DB connection with autocommit...	closed	critical	2025-12-17 16:28	-	Edit
#530	[API/Perf] Multiple database connections for single permission check File: api/middleware/rbac.py:660-680 Problem: Permission check and role retrieval use separ...	closed	low	2025-12-17 15:00	-	Edit
#529	[API/Data] Validation lists should be frozensets Files: - api/middleware/validators.py:123 - valid_statuses list - api/blueprints/v1/apps.py:158-...	closed	low	2025-12-17 15:00	-	Edit

Previous Page 14 of 39 Next