Issues [highway-workflow-engine]

ID	Title	Status	Priority	Created	Due Date	Actions
#386	HIGH: time.sleep() in retry logic blocks event loop and is non-deterministic operators.py:116-119 - Retry delay uses synchronous time.sleep() which blocks and is non-determinist...	closed	high	2025-12-11 22:21	-	Edit
#385	CRITICAL: No strict sandbox mode - unsandboxed execution proceeds with warning only sandbox.py:226-232 - When Docker unavailable and not in container, system logs WARNING but executes ...	closed	critical	2025-12-11 22:21	-	Edit
#384	CRITICAL: SQL injection via dynamic table names in absurd_client absurd_client.py uses f-strings for table names in multiple locations (e.g., line 657-664). While qu...	closed	critical	2025-12-11 22:21	-	Edit
#383	CRITICAL: Fail-open encryption allows insecure DB connections db.py:143-146 and db.py:380-384 - When encryption configuration fails, system logs warning but conti...	closed	critical	2025-12-11 22:21	-	Edit
#382	CLEANUP: Remove deprecated SchedulerService (superseded by durable_cron) SchedulerService and scheduler_worker.py are dead code. durable_cron (Issue #19) supersedes them com...	closed	low	2025-12-11 22:12	-	Edit
#381	MEDIUM: Docker containers not killed on timeout (resource leak) sandbox.py:341 - When container.wait() times out, container may still be running. Finally block may ...	closed	medium	2025-12-11 21:54	-	Edit
#380	MEDIUM: Unbounded circuit breaker cache (memory leak) http_request.py:136-199 - Per-workflow circuit breakers in _circuit_breaker_cache never cleaned up. ...	closed	medium	2025-12-11 21:54	-	Edit
#379	MEDIUM: ToolRegistry singleton not thread-safe registry.py:305-320 - get_tool_registry() singleton creation has race condition. Multiple threads co...	closed	medium	2025-12-11 21:54	-	Edit
#378	MEDIUM: SchedulerService breaks atomic transaction boundary scheduler_service.py uses autocommit=True but needs atomic scan+submit+update operation. Uses differ...	closed	medium	2025-12-11 21:54	-	Edit
#377	HIGH: WaitOperator uses non-deterministic datetime.now() operators.py:989 uses datetime.now(timezone.utc) to calculate wake_at. On replay, different wake tim...	closed	high	2025-12-11 21:54	-	Edit
#376	HIGH: ForEach results lost on resume operators.py:601-624 - Resumed ForEach loops reinitialize results=[]. Previously completed iteration...	closed	high	2025-12-11 21:54	-	Edit
#375	HIGH: SQL injection pattern in platform.py tenant deletion platform.py:1083-1121 uses f-strings for table names in DELETE queries. Should use psycopg.sql.Ident...	closed	high	2025-12-11 21:54	-	Edit
#374	HIGH: Shell command injection via unescaped variables shell_command.py:278-281 resolves variables and passes directly to shell=True subprocess. If {{user_...	closed	high	2025-12-11 21:54	-	Edit
#373	CRITICAL: Replace unsafe eval() with safe expression parser variable_resolver.py:177-186 uses eval() with empty __builtins__ for condition evaluation. This is i...	closed	critical	2025-12-11 21:54	-	Edit
#372	LOW: Magic numbers should be configurable ## Issue Hardcoded values throughout codebase should be in configuration: - activity_threshold_sec...	closed	low	2025-12-11 21:40	-	Edit
#371	LOW: Logger message missing f-string prefix ## Issue In engine/orchestrator.py:577, logger message uses wrong format string: ```python logger....	closed	low	2025-12-11 21:40	-	Edit
#370	MEDIUM: _save_state not called automatically before sleep/commit ## Issue The _save_state() method in engine/durable_context.py:1462-1496 persists executed_tasks, f...	closed	medium	2025-12-11 21:40	-	Edit
#369	MEDIUM: Circuit breaker cache uses file system flag for reset ## Issue Circuit breaker cache reset in engine/tools/shell_command.py:63-84 relies on flag file /tm...	closed	medium	2025-12-11 21:39	-	Edit
#368	MEDIUM: Silent encryption failure (fail-open security) ## Issue In engine/db.py:131-147, encryption configuration failures are silently swallowed: ```pyt...	closed	medium	2025-12-11 21:39	-	Edit
#367	MEDIUM: Connection leak in get_raw_db_connection docstring example ## Issue The docstring for get_raw_db_connection() in engine/db.py:515-547 shows improper usage: `...	closed	medium	2025-12-11 21:39	-	Edit

Previous Page 22 of 39 Next