| #678 |
Security: Isolate Python DSL compilation in sandboxed container
CRITICAL SECURITY ISSUE: Python DSL code currently executes on API server with full access to databa...
|
closed |
critical |
2025-12-24 22:51 |
- |
|
| #670 |
CRITICAL: Branch tasks must not update parent workflow_run status
Branch tasks were updating the parent workflow_run status to 'sleeping' even after the parent task h...
|
closed |
critical |
2025-12-24 03:30 |
- |
|
| #665 |
cancel_task() does not update workflow_run status
AbsurdClient.cancel_task() updated absurd task to 'cancelled' but workflow_run.status was updated in...
|
closed |
critical |
2025-12-23 20:45 |
- |
|
| #664 |
workflow_run status not updated when task enters sleeping state
When durable_cron workflow sleeps, absurd task state is 'sleeping' but workflow_run.status stayed 'r...
|
closed |
critical |
2025-12-23 20:45 |
- |
|
| #663 |
workflows which sent by (execute=False) doesn't show up in get workflows
curl 'https://highway.rodmena.app/api/v1/workflows' \
-X POST \
-H 'User-Agent: Mozilla/5.0 (X...
|
closed |
critical |
2025-12-23 20:40 |
- |
|
| #662 |
Security Vulnerability: IPC Proxy Exposes Internal Engine API
The IPCServer blindly proxies all method calls to DurableContext. This allows sandboxed apps to call...
|
closed |
critical |
2025-12-22 18:18 |
- |
|
| #650 |
Internal Worker Bootstrap Hook
Auto-bootstrap on internal-worker startup.
Flow:
1. Internal-worker starts
2. Check highway.platfor...
|
closed |
critical |
2025-12-21 05:45 |
- |
|
| #644 |
Tenant Onboarding Workflow
_system.tenant.onboard workflow for new customer tenants.
Workflow runs on _platform tenant, intern...
|
closed |
critical |
2025-12-21 05:45 |
- |
|
| #643 |
Platform Bootstrap Workflow
_system.platform.bootstrap workflow for fresh deployment.
Workflow runs on _platform tenant, intern...
|
closed |
critical |
2025-12-21 05:45 |
- |
|
| #642 |
Internal Platform Tools
Implement internal.platform.* tools for platform-level operations.
Tools:
- internal.platform.check...
|
closed |
critical |
2025-12-21 05:45 |
- |
|
| #641 |
Internal Tenant Tools
Implement internal.tenant.* tools for tenant lifecycle operations.
Tools:
- internal.tenant.create ...
|
closed |
critical |
2025-12-21 05:44 |
- |
|
| #640 |
Platform Bootstrap Infrastructure
Create engine/platform/ directory structure and database migration.
Directory structure:
- engine/p...
|
closed |
critical |
2025-12-21 05:44 |
- |
|
| #639 |
Epic: Platform Bootstrap & Tenant Lifecycle
Parent epic for self-bootstrapping Highway platform. On fresh deployment, Highway bootstraps itself ...
|
closed |
critical |
2025-12-21 05:44 |
- |
|
| #615 |
CRITICAL: Duplicate task execution in parallel branches due to thundering herd
Ultimate correctness test found that parallel branch completion events cause multiple workers to pic...
|
closed |
critical |
2025-12-18 00:41 |
- |
|
| #603 |
Unbounded cache: api/blueprints/v1/logs.py
FALSE POSITIVE: Cache only stores 2 entries (workflow_logs, task_logs) - bounded by design. Also has...
|
closed |
critical |
2025-12-17 22:27 |
- |
|
| #602 |
Unbounded cache: engine/services/activity_worker.py
FALSE POSITIVE: Already has TTL (30 min) and cleanup function
|
closed |
critical |
2025-12-17 22:27 |
- |
|
| #601 |
Unbounded cache: engine/security/encryption.py
FALSE POSITIVE: Cache is keyed by version string (v1, v2) - bounded by design
|
closed |
critical |
2025-12-17 22:27 |
- |
|
| #600 |
Unbounded cache: engine/tools/llm.py
FALSE POSITIVE: Already has TTL (30 min) and cleanup function
|
closed |
critical |
2025-12-17 22:27 |
- |
|
| #599 |
Unbounded cache: engine/tools/docker/client.py
FALSE POSITIVE: Already has TTL (30 min) and cleanup function
|
closed |
critical |
2025-12-17 22:27 |
- |
|
| #598 |
Unbounded cache: engine/tools/sandbox.py
FALSE POSITIVE: Cache is keyed by known sandbox types - bounded by design
|
closed |
critical |
2025-12-17 22:27 |
- |
|