Issues [highway-workflow-engine]

ID	Title	Status	Priority	Created	Due Date	Actions
#443	P2: Encrypt NULL Values in JSONB Issue #6 from review: NULL leaks information. Location: engine/security/jsonb_encryption.py:119-121....	closed	high	2025-12-16 00:56	-	Edit
#442	P2: Fix Chunked Write O(N²) Performance Issue #9 from review: Write amplification. Location: engine/utils/chunking.py:28. Finding: append() ...	closed	high	2025-12-16 00:56	-	Edit
#441	P1: Add ast.Dict to Safe Expression Evaluator Issue #14 from review: Conditions fail on dict values. Location: engine/interpreters/variable_resolv...	closed	high	2025-12-16 00:56	-	Edit
#437	Missing oauth2_platform.py module causes startup warning The api/app.py imports api.oauth_handlers.oauth2_platform.platform_auth_bp but the module was never ...	closed	high	2025-12-15 09:33	-	Edit
#432	App: AI Content Generator (content_generator) ## Overview Generate marketing content, blog posts, and social media content using LLM with human re...	closed	high	2025-12-14 20:15	-	Edit
#428	App: Webhook Gateway (webhook_gateway) ## Overview Receive webhooks from external services, transform payloads, and forward to email/Slack/...	closed	high	2025-12-14 20:14	-	Edit
#427	App: AI Document Summarizer (doc_summarizer) ## Overview Summarize documents and web pages using LLM, with email delivery of results. ## App Met...	closed	high	2025-12-14 20:14	-	Edit
#426	App: URL Health Monitor (health_monitor) ## Overview Monitor website/API uptime with scheduled checks and email alerts on failures. ## App M...	closed	high	2025-12-14 20:13	-	Edit
#410	ARTIFACT mode in code_versioning doesn't auto-load from code_artifacts table Review Gap 3 incomplete: CodeVersionMode.ARTIFACT is defined but python_task.py doesn't auto-load co...	closed	high	2025-12-12 06:11	-	Edit
#407	HTTP Idempotency-Key auto-injection for exactly-once semantics Review Gap 1: Side-Effect Atomicity. HTTP requests in tools.http.request execute BEFORE transaction ...	closed	high	2025-12-12 06:06	-	Edit
#397	HIGH: Predictable /tmp file path TOCTOU vulnerability in async_deferred_task async_deferred_task.py:103-105 - Creates predictable /tmp/highway_job_{job_id}.py file path. Attacke...	closed	high	2025-12-11 22:44	-	Edit
#390	HIGH: Unsafe getattr() on user-controlled attribute names variable_resolver.py:314-315 - Uses getattr() with user-controlled segment names. Could expose inter...	closed	high	2025-12-11 22:21	-	Edit
#389	HIGH: NOTIFY SQL injection via unsanitized channel/payload durable_context.py:1683-1698 - NOTIFY uses f-string: cur.execute(f"NOTIFY \"{channel}\", '{payload}'...	closed	high	2025-12-11 22:21	-	Edit
#388	HIGH: Race condition in RBAC ClientKeyManager cache (no thread lock) rbac_manager.py:91-135 - ClientKeyManager._cache is plain dict without thread locks. Comment claims ...	closed	high	2025-12-11 22:21	-	Edit
#387	HIGH: Shell command circuit breaker cache lacks TTL (memory leak) shell_command.py:87-150 - Circuit breaker cache has no TTL or max size, unlike http_request.py which...	closed	high	2025-12-11 22:21	-	Edit
#386	HIGH: time.sleep() in retry logic blocks event loop and is non-deterministic operators.py:116-119 - Retry delay uses synchronous time.sleep() which blocks and is non-determinist...	closed	high	2025-12-11 22:21	-	Edit
#377	HIGH: WaitOperator uses non-deterministic datetime.now() operators.py:989 uses datetime.now(timezone.utc) to calculate wake_at. On replay, different wake tim...	closed	high	2025-12-11 21:54	-	Edit
#376	HIGH: ForEach results lost on resume operators.py:601-624 - Resumed ForEach loops reinitialize results=[]. Previously completed iteration...	closed	high	2025-12-11 21:54	-	Edit
#375	HIGH: SQL injection pattern in platform.py tenant deletion platform.py:1083-1121 uses f-strings for table names in DELETE queries. Should use psycopg.sql.Ident...	closed	high	2025-12-11 21:54	-	Edit
#374	HIGH: Shell command injection via unescaped variables shell_command.py:278-281 resolves variables and passes directly to shell=True subprocess. If {{user_...	closed	high	2025-12-11 21:54	-	Edit

Previous Page 9 of 17 Next