Issues [highway-workflow-engine]

ID	Title	Status	Priority	Created	Due Date	Actions
#508	Race: Rate limiter TOCTOU api/middleware/rate_limiter.py:22-47 - check_quota and get_tenant_stats in separate calls. Stats may...	closed	low	2025-12-17 02:58	-	Edit
#507	Memory: Workflow graph recursion no limit api/blueprints/v1/workflows.py:1283-1307 - _extract_all_tasks recursion has no depth limit. Maliciou...	closed	medium	2025-12-17 02:58	-	Edit
#506	Performance: Constant list should be tuple (tasks.py) api/blueprints/v1/tasks.py:23 - QUEUES is mutable list. FIX: Use tuple for immutability.	closed	low	2025-12-17 02:58	-	Edit
#505	Performance: Constant list should be tuple (apps.py) api/blueprints/v1/apps.py:158-167 - valid_categories is mutable list. FIX: Use tuple or frozenset fo...	closed	low	2025-12-17 02:57	-	Edit
#504	Performance: List instead of frozenset for membership (validators) api/middleware/validators.py:123 - valid_statuses is list, O(n) lookup. FIX: Use frozenset for O(1).	closed	low	2025-12-17 02:57	-	Edit
#503	Performance: Import inside function (workflows.py) api/blueprints/v1/workflows.py:77 - 'import re' inside convert_python_dsl_to_json function. FIX: Mov...	closed	low	2025-12-17 02:57	-	Edit
#502	Performance: Regex not pre-compiled (DSL main block) api/blueprints/v1/workflows.py:81-86 - re.sub() with inline pattern on every DSL conversion. FIX: Pr...	closed	low	2025-12-17 02:57	-	Edit
#501	Performance: Regex not pre-compiled (app_name) api/blueprints/v1/apps.py:147 - re.match() with inline pattern on every app creation. FIX: Pre-compi...	closed	low	2025-12-17 02:57	-	Edit
#500	Performance: Regex not pre-compiled (semver) api/blueprints/v1/apps.py:69-70 - Regex pattern compiled on every app version creation. FIX: Pre-com...	closed	low	2025-12-17 02:57	-	Edit
#499	Performance: Regex compiled inside hot path (steps) api/blueprints/v1/steps.py:377 - re.compile() called on every log search request. FIX: Module-level ...	closed	medium	2025-12-17 02:57	-	Edit
#498	Memory: Days filter unbounded query DoS api/blueprints/v1/workflows.py:814-885 - No upper bound on days param. User can request days=36500 l...	closed	medium	2025-12-17 02:57	-	Edit
#497	Memory: DataShard table unbounded loading api/blueprints/v1/logs.py:90-119 - _read_table_to_pandas loads ENTIRE parquet tables. No pagination ...	closed	medium	2025-12-17 02:57	-	Edit
#496	Race: Workflow definition hash collision api/blueprints/v1/workflows.py:236-256 - Concurrent submissions of same workflow can fail. FIX: Use ...	closed	medium	2025-12-17 02:57	-	Edit
#495	Race: App installation duplicate api/blueprints/v1/tenant_apps.py:174-200 - TOCTOU in SELECT-then-INSERT. Concurrent installs cause 5...	closed	medium	2025-12-17 02:57	-	Edit
#494	Race: Signal duplicate send without idempotency api/blueprints/v1/signals.py:33-64 - Concurrent POST /signals can create duplicate signals. FIX: Add...	closed	medium	2025-12-17 02:57	-	Edit
#493	Race: Approval double-processing api/blueprints/v1/approvals.py:88-122 - Concurrent approve requests can both succeed, sending duplic...	closed	high	2025-12-17 02:57	-	Edit
#492	Performance: Synchronous subprocess blocks event loop api/blueprints/v1/workflows.py:115-122 - subprocess.run() blocks async handler for up to 10s. Stalls...	closed	high	2025-12-17 02:57	-	Edit
#491	Performance: N+1 query in queue analytics api/blueprints/v1/analytics.py:63-68 - Database query inside loop for each queue. 50 queues = 51 que...	closed	high	2025-12-17 02:57	-	Edit
#490	Performance: JWT config fetched from Vault on EVERY request api/oauth_handlers/oauth2.py:128 - get_oauth2_config() fetches 4 secrets from Vault on every authent...	closed	high	2025-12-17 02:57	-	Edit
#489	Memory: Vault cache expired entries never proactively removed engine/config.py:82 - _vault_cache entries checked on read but expired entries never proactively cle...	closed	medium	2025-12-17 02:25	-	Edit

Previous Page 16 of 39 Next