Issues [highway-workflow-engine]

ID	Title	Status	Priority	Created	Due Date	Actions
#572	[MEDIUM] steps.py unbounded list growth in batch operations Batch step operations can accumulate large in-memory lists without bounds. For very large workflows ...	closed	medium	2025-12-17 16:32	-	Edit
#571	[MEDIUM] Inconsistent error logging - some use exception() some use error() Error logging is inconsistent across API endpoints. Some use logger.exception() which includes stack...	closed	medium	2025-12-17 16:32	-	Edit
#570	[MEDIUM] Inconsistent timezone handling in API responses Some timestamps use timezone-aware datetimes while others use naive datetimes. This can cause issues...	closed	medium	2025-12-17 16:32	-	Edit
#569	[MEDIUM] analytics.py unused time_range query parameter time_range parameter is parsed but never used in some analytics queries, wasting processing. Fix: Ei...	closed	medium	2025-12-17 16:32	-	Edit
#568	[MEDIUM] Public endpoint lists scattered across files PUBLIC_PATHS and skip-auth endpoint lists are defined in multiple places (rbac.py, auth.py) leading ...	closed	medium	2025-12-17 16:32	-	Edit
#567	[MEDIUM] Missing workflow_id in permission check logs Permission check audit logs in api/middleware/rbac.py don't include workflow_id when checking workfl...	closed	medium	2025-12-17 16:32	-	Edit
#566	[MEDIUM] security_headers.py CSP nonce generated but unused CSP nonce is generated on every request but never actually used in responses. This is wasted computa...	closed	medium	2025-12-17 16:32	-	Edit
#565	[MEDIUM] apps.py N+1 query in list_versions endpoint N+1 query pattern in list_versions endpoint. Each version fetches related data in separate queries i...	closed	medium	2025-12-17 16:32	-	Edit
#564	[MEDIUM] apps.py TOCTOU in update_app/delete_app/publish_version Multiple TOCTOU race conditions in apps.py: 1) update_app(): SELECT then UPDATE without locking 2) d...	closed	medium	2025-12-17 16:32	-	Edit
#563	[API/Memory] logs.py DataFrame copies on every filter operation File: api/blueprints/v1/logs.py:392-410. Multiple filtering operations create 5+ DataFrame copies. F...	closed	medium	2025-12-17 16:30	-	Edit
#562	[API/Perf] logs.py df.iterrows() performance anti-pattern File: api/blueprints/v1/logs.py:412. df.iterrows() is notoriously slow - creates a Series for each r...	closed	medium	2025-12-17 16:30	-	Edit
#561	[API/Memory] tenant_apps.py unbounded tool list in list_available_tools File: api/blueprints/v1/tenant_apps.py:1256-1298. No pagination. Tenant with many installed apps wit...	closed	medium	2025-12-17 16:30	-	Edit
#560	[API/Race] tenant_apps.py TOCTOU in update_configuration File: api/blueprints/v1/tenant_apps.py:746-789. SELECT current config, merge, then UPDATE. Concurren...	closed	medium	2025-12-17 16:30	-	Edit
#559	[API/Race] tenant_apps.py TOCTOU in enable_app/disable_app File: api/blueprints/v1/tenant_apps.py:554-657. SELECT to check current status, then UPDATE. Concurr...	closed	medium	2025-12-17 16:30	-	Edit
#558	[API/Race] tenant_apps.py TOCTOU in upgrade_app File: api/blueprints/v1/tenant_apps.py:442-513. Multiple sequential SELECTs (current installation, t...	closed	medium	2025-12-17 16:30	-	Edit
#528	[API/Perf] Regex compilation in hot paths - multiple locations Files: - api/blueprints/v1/steps.py:377 - search regex compiled per-request - api/blueprints/v1/...	closed	medium	2025-12-17 15:00	-	Edit
#524	[API/Race] App installation duplicate on concurrent request File: api/blueprints/v1/tenant_apps.py:174-200 Problem: Check for existing installation (SE...	closed	medium	2025-12-17 15:00	-	Edit
#515	[ENGINE/Perf] Regex compiled inline in durable_context.py File: engine/durable_context.py:1621 Problem: Regex pattern compiled inline rather than at ...	closed	medium	2025-12-17 14:59	-	Edit
#513	[ENGINE/Race] Sidecar telemetry singleton __init__ race File: engine/sidecar_telemetry.py:74-81 Problem: Singleton pattern with __new__ but attribu...	closed	medium	2025-12-17 14:59	-	Edit
#507	Memory: Workflow graph recursion no limit api/blueprints/v1/workflows.py:1283-1307 - _extract_all_tasks recursion has no depth limit. Maliciou...	closed	medium	2025-12-17 02:58	-	Edit

Previous Page 3 of 11 Next