Issues [highway-workflow-engine]

ID	Title	Status	Priority	Created	Due Date	Actions
#800	Missing tenant filter in replay.py workflow lookup Issue C: Defense-in-depth - replay.py line 67 queried workflow_run without tenant_id filter. While R...	closed	high	2026-01-02 20:23	-	Edit
#799	Cross-tenant data leak in activities.py list endpoint Issue B: CRITICAL SECURITY - The activities.py list endpoint did NOT filter by tenant_id, allowing a...	closed	critical	2026-01-02 20:23	-	Edit
#798	Missing highway schema prefix in code_versioning.py Issue A: code_versioning.py lines 219 and 247 called get_code_version_hash and update_code_version_h...	closed	critical	2026-01-02 20:23	-	Edit
#797	store_audit_log fails with 'data is required' in EOD workflow Error: Task 'store_audit_log' failed after 1 attempts: data is required Symptom: The `store_audit_l...	open	medium	2026-01-02 20:12	-	Edit
#796	Rate limiter function calls missing highway schema prefix ERROR: function release_rate_token(unknown) does not exist Root cause: Python code in tenant_rate_l...	closed	high	2026-01-02 20:12	-	Edit
#795	Workflow marked completed prematurely when main task yields for branches When tools.workflow.execute completes at a fork point to spawn branches, the workflow_run status is ...	closed	critical	2026-01-02 19:37	-	Edit
#794	JumperClient singleton ignores queue_name parameter causing queue contamination Root Cause: get_jumper_client() singleton caches queue_name from first call, ignores subsequent. Whe...	closed	critical	2026-01-02 19:11	-	Edit
#793	Bug Report Test Message bug-report user-submitted User submitted a placeholder bug report stating 'i have a bug, please fix it, this is a test and i h...	closed	medium	2026-01-02 08:06	-	Edit
#792	Bug Report Test Message bug-report user-submitted User submitted a placeholder bug report stating 'i have a bug, please fix it, this is a test and i h...	closed	medium	2026-01-02 08:06	-	Edit
#791	Schema inconsistency: tables split between public and highway schemas Tables are inconsistently placed between schemas: - public: workflow_run, highway_lifecycle_log, hum...	closed	medium	2026-01-02 07:23	-	Edit
#790	send_email fails in IPC mode - Vault SSL cert not accessible in chroot When apps call ctx.send_email() in IPC isolation mode, the email_tool tries to fetch SMTP credential...	closed	high	2026-01-02 05:47	-	Edit
#789	test_retry_exhaustion assertion failure - step_failed event leaking Test expects 0 step_failed events after retry exhaustion (atomic rollback), but got 1. Error: 'Expec...	closed	high	2026-01-02 05:15	-	Edit
#788	Async deferral tests timing out (3 failures) Tests test_async_deferral_basic, test_async_deferral_quick_job, and test_async_deferral_multiple_job...	closed	high	2026-01-02 05:15	-	Edit
#787	HIGH: Alert state lost on service restart causes alert storms _last_alerts dict is in-memory only. On restart, all cooldown tracking lost, duplicate alerts flood ...	closed	high	2026-01-02 03:32	-	Edit
#786	HIGH: Approval tokens not invalidated when workflow completes Tokens stored in DB without automatic invalidation on workflow completion. Stale tokens could be use...	closed	high	2026-01-02 03:32	-	Edit
#785	HIGH: DeadLetterService deletes before confirming DLQ insert success Sequence: INSERT DLQ, DELETE run, DELETE task. If DELETE from run fails, task is in DLQ but still in...	closed	high	2026-01-02 03:32	-	Edit
#784	HIGH: Event subscription silently overwrites existing subscription create_event_subscription INSERT uses ON CONFLICT DO UPDATE, silently replacing existing subscriptio...	closed	high	2026-01-02 03:32	-	Edit
#783	HIGH: complete_run locks run but not task table - state inconsistency risk complete_run locks run row with FOR UPDATE but updates task table without locking. Another process c...	closed	high	2026-01-02 03:32	-	Edit
#782	HIGH: Secret cache TTL too long at 1 hour SecretManager uses 1-hour TTL for secret cache. If a secret is rotated in Vault, workflows use stale...	closed	high	2026-01-02 03:32	-	Edit
#781	HIGH: HeartbeatService SKIP LOCKED may cause premature task timeout HeartbeatService uses FOR UPDATE SKIP LOCKED, skipping rows locked by workflow transaction. If workf...	closed	high	2026-01-02 03:32	-	Edit

Previous Page 2 of 40 Next