Issues [highway-workflow-engine]

ID	Title	Status	Priority	Created	Due Date	Actions
#524	[API/Race] App installation duplicate on concurrent request File: api/blueprints/v1/tenant_apps.py:174-200 Problem: Check for existing installation (SE...	closed	medium	2025-12-17 15:00	-	Edit
#523	[API/Race] Signal duplicate send - no idempotency File: api/blueprints/v1/signals.py:33-64 Problem: Client retries can send duplicate signals...	closed	high	2025-12-17 14:59	-	Edit
#522	[API/Race] Rate limiter TOCTOU - incorrect quota enforcement File: api/middleware/rate_limiter.py:22-47 Problem: `check_quota()` and `get_tenant_stats()...	closed	high	2025-12-17 14:59	-	Edit
#521	[API/Race] Workflow definition hash collision on concurrent submit File: api/blueprints/v1/workflows.py:236-256 Problem: Two concurrent submissions of same wo...	closed	high	2025-12-17 14:59	-	Edit
#520	[API/Race] Approval double-processing - duplicate workflow signals File: api/blueprints/v1/approvals.py:88-122 Problem: Two users clicking Approve simultaneou...	closed	critical	2025-12-17 14:59	-	Edit
#519	[API/Memory] Workflow graph generation - unbounded recursion File: api/blueprints/v1/workflows.py:1283-1307, 1488-1526 Problem: Deeply nested workflows ...	closed	high	2025-12-17 14:59	-	Edit
#518	[API/Memory] Workflow list query - unbounded days filter File: api/blueprints/v1/workflows.py:814-885 Problem: User can request `?days=36500` (100 y...	closed	high	2025-12-17 14:59	-	Edit
#517	[API/Memory] DataShard table unbounded memory loading File: api/blueprints/v1/logs.py:90-119 Problem: `_read_table_to_pandas()` loads ENTIRE Data...	closed	critical	2025-12-17 14:59	-	Edit
#516	[ENGINE/Data] Sensitive keyword patterns should use frozenset Files: - engine/apps/executor.py:841 - engine/services/event_gateway_service.py:625 **Problem:...	closed	low	2025-12-17 14:59	-	Edit
#515	[ENGINE/Perf] Regex compiled inline in durable_context.py File: engine/durable_context.py:1621 Problem: Regex pattern compiled inline rather than at ...	closed	medium	2025-12-17 14:59	-	Edit
#514	[ENGINE/Perf] Regex compiled on every call in activity_context.py hot path File: engine/activity_context.py:151-160 Problem: Pattern `r"\{\{([^}]+)\}\}"` is compiled ...	closed	high	2025-12-17 14:59	-	Edit
#513	[ENGINE/Race] Sidecar telemetry singleton __init__ race File: engine/sidecar_telemetry.py:74-81 Problem: Singleton pattern with __new__ but attribu...	closed	medium	2025-12-17 14:59	-	Edit
#512	[ENGINE/Race] Tenant config cache snapshot TOCTOU race File: engine/config.py:640-661 Problem: TOCTOU between cache snapshot and cleanup - another...	closed	high	2025-12-17 14:58	-	Edit
#511	[ENGINE/Race] Circuit breaker storage singleton missing lock File: engine/config.py:337-365 Problem: Missing lock for singleton initialization. Two thre...	closed	high	2025-12-17 14:58	-	Edit
#510	[ENGINE/Memory] Vault secret cache entries never proactively removed File: engine/config.py:82-83 Problem: Cache entries are checked for expiration on read but ...	closed	high	2025-12-17 14:58	-	Edit
#509	[ENGINE/Memory] Unbounded tenant config cache cleanup File: engine/config.py:593-610 Problem: The tenant config cache can grow unbounded if tenan...	closed	high	2025-12-17 14:58	-	Edit
#508	Race: Rate limiter TOCTOU api/middleware/rate_limiter.py:22-47 - check_quota and get_tenant_stats in separate calls. Stats may...	closed	low	2025-12-17 02:58	-	Edit
#507	Memory: Workflow graph recursion no limit api/blueprints/v1/workflows.py:1283-1307 - _extract_all_tasks recursion has no depth limit. Maliciou...	closed	medium	2025-12-17 02:58	-	Edit
#506	Performance: Constant list should be tuple (tasks.py) api/blueprints/v1/tasks.py:23 - QUEUES is mutable list. FIX: Use tuple for immutability.	closed	low	2025-12-17 02:58	-	Edit
#505	Performance: Constant list should be tuple (apps.py) api/blueprints/v1/apps.py:158-167 - valid_categories is mutable list. FIX: Use tuple or frozenset fo...	closed	low	2025-12-17 02:57	-	Edit

Previous Page 15 of 39 Next