| #664 |
workflow_run status not updated when task enters sleeping state
When durable_cron workflow sleeps, absurd task state is 'sleeping' but workflow_run.status stayed 'r...
|
closed |
critical |
2025-12-23 20:45 |
- |
|
| #663 |
workflows which sent by (execute=False) doesn't show up in get workflows
curl 'https://highway.rodmena.app/api/v1/workflows' \
-X POST \
-H 'User-Agent: Mozilla/5.0 (X...
|
closed |
critical |
2025-12-23 20:40 |
- |
|
| #662 |
Security Vulnerability: IPC Proxy Exposes Internal Engine API
The IPCServer blindly proxies all method calls to DurableContext. This allows sandboxed apps to call...
|
closed |
critical |
2025-12-22 18:18 |
- |
|
| #661 |
Business logic in API layer should be workflows
Complex business logic in API handlers instead of workflows: platform.py:delete_tenant() has 170 lin...
|
closed |
medium |
2025-12-22 12:46 |
- |
|
| #660 |
Missing tool rate limits for http.request and llm.call
tenant_defaults.yaml only has rate limits for tools.email.send. Missing rate limits for: tools.http....
|
closed |
medium |
2025-12-22 12:46 |
- |
|
| #659 |
Dual implementations of suspend/reactivate - consolidation review
Two different places implement suspension: engine/security/platform.py (deactivate_tenant/reactivate...
|
closed |
low |
2025-12-22 12:46 |
- |
|
| #658 |
Hardcoded URLs in 20+ locations - no public config
https://highway.rodmena.app is hardcoded in 20+ files: tenant_onboard.py, invitations.py (BASE_URL),...
|
closed |
high |
2025-12-22 12:46 |
- |
|
| #657 |
Suspension/reactivation has no notifications
When a tenant is suspended (deactivate_tenant) or reactivated (reactivate_tenant) in engine/security...
|
closed |
medium |
2025-12-22 12:46 |
- |
|
| #656 |
Tenant deletion has no workflow (offboarding)
engine/security/platform.py:delete_tenant() has 170+ lines of synchronous deletion logic: deletes fr...
|
closed |
high |
2025-12-22 12:46 |
- |
|
| #655 |
User welcome email not sent when user created via API
When an admin creates a user via POST /users API (api/blueprints/v1/users.py:create_user), the user ...
|
closed |
high |
2025-12-22 12:46 |
- |
|
| #654 |
Invitation system doesn't send emails
The invitation endpoint (api/blueprints/v1/invitations.py) creates a database record and returns an ...
|
closed |
high |
2025-12-22 12:46 |
- |
|
| #653 |
Bootstrap workflow ignores system_tenants.yaml - hardcoded tenant owner emails
YAML exists but platform_bootstrap.py has hardcoded demo@highway.local and test-admin@highway.test. ...
|
closed |
medium |
2025-12-21 16:01 |
- |
|
| #652 |
Tenant Suspend/Reactivate Workflows
Workflows for tenant lifecycle management.
Workflows on _platform tenant:
- _system.tenant.suspend ...
|
closed |
medium |
2025-12-21 05:45 |
- |
|
| #651 |
Tenant API Key Management Workflows
Workflows for API key lifecycle.
Workflows on _platform tenant:
- _system.tenant.add_api_key - Crea...
|
closed |
medium |
2025-12-21 05:45 |
- |
|
| #650 |
Internal Worker Bootstrap Hook
Auto-bootstrap on internal-worker startup.
Flow:
1. Internal-worker starts
2. Check highway.platfor...
|
closed |
critical |
2025-12-21 05:45 |
- |
|
| #649 |
Health Check Workflows
Scheduled health monitoring workflows.
Workflows on _platform tenant:
- _system.health.api - Check ...
|
closed |
medium |
2025-12-21 05:45 |
- |
|
| #648 |
Internal Health Tools
Implement internal.health.* tools for platform monitoring.
Tools:
- internal.health.check_endpoint ...
|
closed |
medium |
2025-12-21 05:45 |
- |
|
| #647 |
Platform API Endpoints
REST API endpoints for platform tenant management.
Endpoints (require platform_admin role):
- POST ...
|
closed |
high |
2025-12-21 05:45 |
- |
|
| #646 |
Tenant Configuration Files
YAML configuration files for platform bootstrap.
Files:
1. engine/platform/config/system_tenants.ya...
|
closed |
high |
2025-12-21 05:45 |
- |
|
| #645 |
Tenant Welcome Workflow
_system.tenant.welcome workflow sends welcome email after onboarding.
Workflow runs on _platform te...
|
closed |
high |
2025-12-21 05:45 |
- |
|