Issues [highway-workflow-engine]

ID	Title	Status	Priority	Created	Due Date	Actions
#725	CRITICAL: Zombie transactions block task recovery when worker pods crash ## Summary When a worker pod crashes during task execution, the PostgreSQL connection may stay open ...	closed	critical	2025-12-28 16:45	-	Edit
#721	Workers become zombies after asyncio crash - container healthy but all threads dead OBSERVED: Workers can crash with asyncio.exceptions.CancelledError during HTTP operations, causing a...	closed	critical	2025-12-27 03:27	-	Edit
#719	Parallel branch retry creates orphaned waits due to absurd_run_id in join_event_name FIXED: When a workflow with parallel branches is retried (e.g., due to worker crash), the join_event...	closed	critical	2025-12-27 02:52	-	Edit
#715	BUG: python_task.py swallows AbsurdSleepError in sandbox fallback path In engine/tools/python_task.py lines 373-376, the except Exception block catches AbsurdSleepError wh...	closed	critical	2025-12-26 00:06	-	Edit
#697	WFL-01: Workflow pause/resume not implemented Location: API missing. Issue: RBAC permissions exist for pause_workflows and resume_workflows but no...	closed	critical	2025-12-25 02:56	-	Edit
#696	OBS-01: No system-level alerting for worker failures Location: Not implemented. Issue: If workers crash at 2 AM, no notification to on-call engineers. No...	closed	critical	2025-12-25 02:56	-	Edit
#695	APP-02: Playwright import allows uncontained browser automation Location: code_loader.py:332. Issue: Playwright can spawn browser processes that bypass multiprocess...	closed	critical	2025-12-25 02:56	-	Edit
#694	APP-01: No resource limits on app child processes Location: executor.py:462. Issue: multiprocessing.Process spawned without CPU/memory/file descriptor...	closed	critical	2025-12-25 02:56	-	Edit
#693	CLI-02: Missing workflow cancel/reset/signal/describe/list commands Location: engine/cli/. Issue: Missing essential CLI operations for incident response: cancel, reset,...	closed	critical	2025-12-25 02:55	-	Edit
#692	CLI-01: Missing workflow terminate command Location: engine/cli/. Issue: Cannot forcibly terminate a stuck/runaway workflow. In airport-critica...	closed	critical	2025-12-25 02:55	-	Edit
#691	VAL-04: DLQ not integrated with retry exhaustion Location: timeout_service.py, dead_letter_service.py. Issue: TimeoutService marks tasks as failed bu...	closed	critical	2025-12-25 02:55	-	Edit
#690	VAL-03: Highway DSL RetryPolicy not implemented Location: engine/interpreters/. Issue: Per-task retry_policy defined in DSL is ignored. Only Absurd-...	closed	critical	2025-12-25 02:55	-	Edit
#689	VAL-02: Missing dependency reference validation in DSL Location: highway_dsl/workflow_dsl.py build() method. Issue: Task dependencies referencing non-exist...	closed	critical	2025-12-25 02:55	-	Edit
#688	VAL-01: No circular dependency detection in workflow DSL Location: highway_dsl/workflow_dsl.py build() method. Issue: No cycle detection in task dependencies...	closed	critical	2025-12-25 02:55	-	Edit
#687	TXN-04: Checkpoint not persisted on retry failure paths Location: operators.py:304-309. Issue: Failed attempt checkpoints saved to ctx._checkpoints_cache (i...	closed	critical	2025-12-25 02:55	-	Edit
#686	TXN-03: Missing FOR UPDATE lock on run state transition Location: orchestrator.py:521-528. Issue: Run state transition from claimed to running uses simple U...	closed	critical	2025-12-25 02:55	-	Edit
#685	TXN-02: Race condition in rate limiter token consumption Location: tenant_rate_limiter.py:72-96. Issue: UPDATE with computation in WHERE clause without FOR U...	closed	critical	2025-12-25 02:55	-	Edit
#684	TXN-01: Rate limit lease uses separate connection causing token exhaustion Location: orchestrator.py:446-459. Issue: Rate limiter consume_with_lease uses its own committed tra...	closed	critical	2025-12-25 02:55	-	Edit
#683	SEC-03: Artifact download endpoint lacks authentication Location: api/blueprints/v1/artifacts.py:260. Issue: Artifacts can be downloaded by anyone who knows...	closed	critical	2025-12-25 02:55	-	Edit
#682	SEC-02: Pickle deserialization RCE vulnerability Location: engine/rag/assistant.py:116. Issue: pickle.loads() on data from database is an RCE vector....	closed	critical	2025-12-25 02:55	-	Edit

Previous Page 2 of 9 Next