Issues [highway-workflow-engine]

ID	Title	Status	Priority	Created	Due Date	Actions
#265	ReplayContext simulation fails on completed workflows Two bugs in ReplayContext that caused simulation to fail on completed workflows: 1) get_executed_ta...	closed	high	2025-12-06 00:06	-	Edit
#264	Connection Pool Starvation: Link Bulkhead Semaphore to DB Pool Size ## Problem The Orchestrator Bulkhead limit (max_concurrent_tasks) is decoupled from the database con...	closed	medium	2025-12-05 09:01	-	Edit
#263	Code Versioning: Enforce Artifact Loading for Deterministic Replay ## Problem tools.python.run imports code dynamically from sys.path (local disk). If a worker is upda...	closed	high	2025-12-05 09:01	-	Edit
#262	Audit Log Visibility: Implement Sidecar Telemetry for Hard Crash Scenarios ## Problem _spawn_logging_task_if_needed uses the main atomic connection. If a worker suffers a hard...	closed	high	2025-12-05 09:01	-	Edit
#261	Side-Effect Atomicity: Implement Idempotency-Key for HTTP requests ## Problem Database state is atomic, but external side effects (e.g., tools.http.request) execute *b...	open	high	2025-12-05 09:00	-	Edit
#260	CRITICAL: OAuth login allows any Google user to get JWT without tenant membership ## Security Vulnerability ### Problem OAuth login generates JWT for ANY Google user with any tenant...	closed	critical	2025-12-04 18:51	-	Edit
#259	Implement Platform Tenant (_platform) for super admin access ## Overview Implement a special '_platform' tenant that serves as the administrative domain for plat...	closed	critical	2025-12-04 18:17	-	Edit
#258	Implement super admin tenant management APIs Create tenant CRUD endpoints for super admin users to manage customer tenants. Required endpoints: ...	closed	high	2025-12-04 17:50	-	Edit
#257	SECURITY: API Key rotation did not deactivate old keys api-keys security Critical security vulnerability discovered in API key rotation: Issues Found: 1. Rotation kept ...	closed	high	2025-12-04 16:08	-	Edit
#256	test_workflow_with_artifact fails - workflow status is failed instead of completed tests/integration/test_artifact_system.py::TestArtifactWorkflowExecution::test_workflow_with_artifac...	closed	high	2025-12-04 12:10	-	Edit
#255	test_retrieve_artifact fails with 401 unauthorized Test tests/integration/test_artifact_system.py::TestArtifactAPI::test_retrieve_artifact returns 401 ...	closed	high	2025-12-04 12:06	-	Edit
#254	Internal Queue Utilization: Event Triggers, Cron Scheduler, and Workflow Templates ## Overview The `highway_internal` queue exists with a dedicated worker but is completely unused. T...	open	medium	2025-12-04 11:55	-	Edit
#253	Consolidate worker config to config.ini and increase concurrency Current: 8 workflow workers + 4 activity workers, each with batch_size=1 and low concurrency. Goal: ...	closed	high	2025-12-04 11:19	-	Edit
#252	Audit logging not integrated into API endpoints The admin_audit.py utility exists with helper functions (log_api_key_created, log_token_created, log...	closed	high	2025-12-04 09:57	-	Edit
#251	[PHASE 3] DSL Converter Security Hardening Phase 3: DSL converter security improvements: 1. Replace blacklist with whitelist approach 2. Add sa...	closed	high	2025-12-04 09:22	-	Edit
#250	[PHASE 2] Add RBAC Permissions to High Priority Endpoints Phase 2: Add @require_permission decorators to: 1. signals.py - manage_workflows permission 2. queri...	closed	high	2025-12-04 09:22	-	Edit
#249	[PHASE 1] Add RBAC Permissions to Critical Endpoints Phase 1: Add @require_permission decorators to: 1. artifacts.py - manage_artifacts permission 2. app...	closed	critical	2025-12-04 09:22	-	Edit
#248	[CRITICAL] Security Audit: Missing RBAC Permission Checks on Multiple Endpoints COMPREHENSIVE SECURITY AUDIT FINDINGS - See Phase 1 breakdown for fix plan	closed	critical	2025-12-04 09:22	-	Edit
#247	Per-activity circuit breaker configuration via DSL Allow users to optionally configure circuit breaker per activity in DSL. Default: disabled (workflow...	closed	medium	2025-12-03 21:38	-	Edit
#246	Activity worker should use LISTEN/NOTIFY instead of polling Activity workers poll every 1s for new activities. Should use PostgreSQL LISTEN/NOTIFY like orchestr...	closed	critical	2025-12-03 20:51	-	Edit

Previous Page 2 of 13 Next