Issues [highway-workflow-engine]

ID	Title	Status	Priority	Created	Due Date	Actions
#379	MEDIUM: ToolRegistry singleton not thread-safe registry.py:305-320 - get_tool_registry() singleton creation has race condition. Multiple threads co...	closed	medium	2025-12-11 21:54	-	Edit
#378	MEDIUM: SchedulerService breaks atomic transaction boundary scheduler_service.py uses autocommit=True but needs atomic scan+submit+update operation. Uses differ...	closed	medium	2025-12-11 21:54	-	Edit
#377	HIGH: WaitOperator uses non-deterministic datetime.now() operators.py:989 uses datetime.now(timezone.utc) to calculate wake_at. On replay, different wake tim...	closed	high	2025-12-11 21:54	-	Edit
#376	HIGH: ForEach results lost on resume operators.py:601-624 - Resumed ForEach loops reinitialize results=[]. Previously completed iteration...	closed	high	2025-12-11 21:54	-	Edit
#375	HIGH: SQL injection pattern in platform.py tenant deletion platform.py:1083-1121 uses f-strings for table names in DELETE queries. Should use psycopg.sql.Ident...	closed	high	2025-12-11 21:54	-	Edit
#374	HIGH: Shell command injection via unescaped variables shell_command.py:278-281 resolves variables and passes directly to shell=True subprocess. If {{user_...	closed	high	2025-12-11 21:54	-	Edit
#373	CRITICAL: Replace unsafe eval() with safe expression parser variable_resolver.py:177-186 uses eval() with empty __builtins__ for condition evaluation. This is i...	closed	critical	2025-12-11 21:54	-	Edit
#372	LOW: Magic numbers should be configurable ## Issue Hardcoded values throughout codebase should be in configuration: - activity_threshold_sec...	closed	low	2025-12-11 21:40	-	Edit
#371	LOW: Logger message missing f-string prefix ## Issue In engine/orchestrator.py:577, logger message uses wrong format string: ```python logger....	closed	low	2025-12-11 21:40	-	Edit
#370	MEDIUM: _save_state not called automatically before sleep/commit ## Issue The _save_state() method in engine/durable_context.py:1462-1496 persists executed_tasks, f...	closed	medium	2025-12-11 21:40	-	Edit
#369	MEDIUM: Circuit breaker cache uses file system flag for reset ## Issue Circuit breaker cache reset in engine/tools/shell_command.py:63-84 relies on flag file /tm...	closed	medium	2025-12-11 21:39	-	Edit
#368	MEDIUM: Silent encryption failure (fail-open security) ## Issue In engine/db.py:131-147, encryption configuration failures are silently swallowed: ```pyt...	closed	medium	2025-12-11 21:39	-	Edit
#367	MEDIUM: Connection leak in get_raw_db_connection docstring example ## Issue The docstring for get_raw_db_connection() in engine/db.py:515-547 shows improper usage: `...	closed	medium	2025-12-11 21:39	-	Edit
#366	HIGH: TenantCache TTL creates stale tenant resolution ## Issue TenantCache in engine/orchestrator.py:55-110 has 5-minute TTL. If a workflow run is delete...	closed	high	2025-12-11 21:39	-	Edit
#365	HIGH: Global determinism state shared across workflows ## Issue Global flags in engine/durable_context.py:39-43 are NOT thread-safe and shared across all ...	closed	high	2025-12-11 21:39	-	Edit
#364	HIGH: ForEach/While loop checkpoints not persisted to database ## Issue ForEach and While loop operators save checkpoints to ctx._checkpoints_cache but do NOT cal...	closed	high	2025-12-11 21:39	-	Edit
#363	CRITICAL: sleeping_tasks.discard() called on dict - AttributeError ## Issue In engine/durable_context.py:1389, the code calls discard() on sleeping_tasks which is a d...	closed	critical	2025-12-11 21:39	-	Edit
#362	CRITICAL: Heartbeat updates not committed to database ## Issue The heartbeat service in engine/services/heartbeat_service.py:179-207 updates heartbeats w...	closed	critical	2025-12-11 21:39	-	Edit
#361	CRITICAL: ctx.now is non-deterministic - breaks replay guarantees ## Issue The ctx.now property in engine/durable_context.py:486-503 returns datetime.now(timezone.ut...	closed	critical	2025-12-11 21:39	-	Edit
#360	CRITICAL: DataShard script storage uses workflow_name+version instead of definition_hash - causes stale data collisions ## Problem When storing Python DSL scripts in DataShard, the key is based on workflow_name + version...	closed	critical	2025-12-11 10:26	-	Edit

Previous Page 22 of 39 Next