| #688 |
VAL-01: No circular dependency detection in workflow DSL
Location: highway_dsl/workflow_dsl.py build() method. Issue: No cycle detection in task dependencies...
|
closed |
critical |
2025-12-25 02:55 |
- |
|
| #687 |
TXN-04: Checkpoint not persisted on retry failure paths
Location: operators.py:304-309. Issue: Failed attempt checkpoints saved to ctx._checkpoints_cache (i...
|
closed |
critical |
2025-12-25 02:55 |
- |
|
| #686 |
TXN-03: Missing FOR UPDATE lock on run state transition
Location: orchestrator.py:521-528. Issue: Run state transition from claimed to running uses simple U...
|
closed |
critical |
2025-12-25 02:55 |
- |
|
| #685 |
TXN-02: Race condition in rate limiter token consumption
Location: tenant_rate_limiter.py:72-96. Issue: UPDATE with computation in WHERE clause without FOR U...
|
closed |
critical |
2025-12-25 02:55 |
- |
|
| #684 |
TXN-01: Rate limit lease uses separate connection causing token exhaustion
Location: orchestrator.py:446-459. Issue: Rate limiter consume_with_lease uses its own committed tra...
|
closed |
critical |
2025-12-25 02:55 |
- |
|
| #683 |
SEC-03: Artifact download endpoint lacks authentication
Location: api/blueprints/v1/artifacts.py:260. Issue: Artifacts can be downloaded by anyone who knows...
|
closed |
critical |
2025-12-25 02:55 |
- |
|
| #682 |
SEC-02: Pickle deserialization RCE vulnerability
Location: engine/rag/assistant.py:116. Issue: pickle.loads() on data from database is an RCE vector....
|
closed |
critical |
2025-12-25 02:55 |
- |
|
| #681 |
Health monitor IPC isolation fix
Fixed health_monitor app to use IPC-safe database access method (run_internal_sql) instead of direct...
|
closed |
low |
2025-12-25 01:59 |
- |
|
| #680 |
API workflow endpoints using cursor without dict_row
Bug: Several API endpoints in api/blueprints/v1/workflows.py used conn.cursor() without specifying r...
|
closed |
high |
2025-12-25 00:32 |
- |
|
| #679 |
CLI submit was not storing Python DSL source code
Bug: When submitting Python DSL workflows via CLI, the python_dsl source was not being passed to the...
|
closed |
high |
2025-12-25 00:22 |
- |
|
| #678 |
Security: Isolate Python DSL compilation in sandboxed container
CRITICAL SECURITY ISSUE: Python DSL code currently executes on API server with full access to databa...
|
closed |
critical |
2025-12-24 22:51 |
- |
|
| #677 |
Progress shows <100% for completed workflows with switch/conditional branches
When workflows use switch operators or conditional branches, unexecuted branches count against progr...
|
closed |
high |
2025-12-24 22:29 |
- |
|
| #676 |
Progress shows 93% for completed workflow due to LIMIT 50 dropping early events
When workflows have >50 events, Query 3 (LIMIT 50) drops early step_succeeded events. Example: compl...
|
closed |
high |
2025-12-24 22:08 |
- |
|
| #675 |
Progress percentage bug: branch task events inflating completed_steps count
When workflows use parallel operators (fork/join patterns), the progress.percentage can exceed 100% ...
|
closed |
high |
2025-12-24 21:56 |
- |
|
| #674 |
Implemented real-time visibility fields in GET /workflows/{id} endpoint:
1. Added current_step - shows which step is currently executing/sleeping (extracted from payload->>'step_name')
2. Added progress object with completed_steps, total_steps, percentage
3. Added activities_summary with pending/running/completed/failed counts from highway.activity_queue
4. Added last_event with event_type and timestamp
Fixed SQL query to extract step_name from JSONB payload field using payload->>'step_name' instead of non-existent column.
Tested with parallel activity workflows:
- Successfully shows 'sleeping' status with current step (wait_task1, wait_task2, etc.)
- Progress correctly shows 4/8 (50%) during execution
- Activities summary shows run=3 during execution, done=3 after completion
- Final state shows completed with 8/8 (100%)
Note: SSE/WebSocket for real-time push updates can be added in a future enhancement.
Problem: For long-running workflows, users are blind to progress during execution. They have to poll...
|
closed |
high |
2025-12-24 21:13 |
- |
|
| #673 |
Fix dict_row cursor access bugs in workflows and secrets APIs
Fixed two instances of tuple index access on dict_row cursor results:
1. api/blueprints/v1/workflow...
|
closed |
high |
2025-12-24 20:51 |
- |
|
| #672 |
RAG embedding cache moved to PostgreSQL
Fixed RAG embedding cache that was causing hundreds of /embedding requests. Changed from file-based ...
|
closed |
high |
2025-12-24 04:24 |
- |
|
| #671 |
Add OrphanDetectionService for stuck workflows
Need a background service that periodically scans for orphaned workflows where:
- workflow_run.statu...
|
closed |
high |
2025-12-24 03:30 |
- |
|
| #670 |
CRITICAL: Branch tasks must not update parent workflow_run status
Branch tasks were updating the parent workflow_run status to 'sleeping' even after the parent task h...
|
closed |
critical |
2025-12-24 03:30 |
- |
|
| #669 |
Artifact storage config bug - fallback parameter
The artifact_service.py was using config.get() with fallback= parameter which doesn't exist in our C...
|
closed |
low |
2025-12-23 21:39 |
- |
|