Issues [highway-workflow-engine]

ID	Title	Status	Priority	Created	Due Date	Actions
#597	Unbounded cache: engine/tools/email_tool.py FALSE POSITIVE: Already has TTL (30 min) and cleanup function	closed	critical	2025-12-17 22:27	-	Edit
#536	[API/Race] api/config.py module-level config fetch at import time File: api/config.py:11. Module-level call to get_engine_config() executes Vault fetch at import time...	closed	critical	2025-12-17 16:28	-	Edit
#535	[API/Perf] version.py subprocess in async endpoint without caching File: api/blueprints/v1/version.py:21-48. subprocess.run for git commands runs synchronously in asyn...	closed	critical	2025-12-17 16:28	-	Edit
#534	[API/Race] oauth2.py global config mutation not atomic File: api/oauth_handlers/oauth2.py:37-39,95-106. Global _OAUTH2_CONFIG_CACHE dict assigned separatel...	closed	critical	2025-12-17 16:28	-	Edit
#533	[API/Memory] approvals.py connection leak in ApprovalService factory File: api/blueprints/v1/approvals.py:28-33. get_approval_service() creates direct connection on ever...	closed	critical	2025-12-17 16:28	-	Edit
#532	[API/Bug] workflows.py:2074 - run_id undefined in retry_workflow File: api/blueprints/v1/workflows.py:2074. Variable run_id is referenced but never defined. Function...	closed	critical	2025-12-17 16:28	-	Edit
#531	[API/Memory] signals.py connection leak - every signal operation leaks DB connection File: api/blueprints/v1/signals.py:26-30. get_signal_service() creates DB connection with autocommit...	closed	critical	2025-12-17 16:28	-	Edit
#526	[API/Perf] JWT config fetched from Vault on EVERY request File: api/oauth_handlers/oauth2.py:115-133 Problem: `verify_jwt_token()` calls `get_oauth2_...	closed	critical	2025-12-17 15:00	-	Edit
#525	[API/Perf] N+1 query in queue analytics endpoint File: api/blueprints/v1/analytics.py:63-68 Problem: For N queues, executes N+1 queries (1 f...	closed	critical	2025-12-17 15:00	-	Edit
#520	[API/Race] Approval double-processing - duplicate workflow signals File: api/blueprints/v1/approvals.py:88-122 Problem: Two users clicking Approve simultaneou...	closed	critical	2025-12-17 14:59	-	Edit
#517	[API/Memory] DataShard table unbounded memory loading File: api/blueprints/v1/logs.py:90-119 Problem: `_read_table_to_pandas()` loads ENTIRE Data...	closed	critical	2025-12-17 14:59	-	Edit
#453	LLM tool asyncio.run() causes worker zombie state via anyio corruption In llm.py lines 573-577, when no event loop is running: ```python try: asyncio.get_running_loop...	closed	critical	2025-12-16 11:24	-	Edit
#440	P1: TimeoutService Must Update workflow_run Status Issue #11 from review: Zombie workflows in UI. Location: engine/services/timeout_service.py. Finding...	closed	critical	2025-12-16 00:56	-	Edit
#439	P1: Enforce HIGHWAY_SANDBOX_SECRET in Production Issue #5 from review: Ephemeral keys break distributed deployments. Location: engine/sandbox/executi...	closed	critical	2025-12-16 00:56	-	Edit
#436	BUG: durable_cron never fires - last_run variable not persisted before first sleep ## Problem The durable_cron tool never actually spawns child workflows. It keeps waking up, recalcu...	closed	critical	2025-12-14 21:04	-	Edit
#411	CRITICAL: Sandbox all user Python code execution Security flaw: tools.python.run gives tenant code raw DB access via ctx.db_connection. In multi-tena...	closed	critical	2025-12-12 06:40	-	Edit
#385	CRITICAL: No strict sandbox mode - unsandboxed execution proceeds with warning only sandbox.py:226-232 - When Docker unavailable and not in container, system logs WARNING but executes ...	closed	critical	2025-12-11 22:21	-	Edit
#384	CRITICAL: SQL injection via dynamic table names in absurd_client absurd_client.py uses f-strings for table names in multiple locations (e.g., line 657-664). While qu...	closed	critical	2025-12-11 22:21	-	Edit
#383	CRITICAL: Fail-open encryption allows insecure DB connections db.py:143-146 and db.py:380-384 - When encryption configuration fails, system logs warning but conti...	closed	critical	2025-12-11 22:21	-	Edit
#373	CRITICAL: Replace unsafe eval() with safe expression parser variable_resolver.py:177-186 uses eval() with empty __builtins__ for condition evaluation. This is i...	closed	critical	2025-12-11 21:54	-	Edit

Previous Page 4 of 9 Next