Feature ID: FW-46Documentation Index
Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
Use this file to discover all available pages before exploring further.
Status: ✅ Complete
Spec Reference: FW-46-durable-execution-worker.md
Last Updated: 2026-03-16
Overview
FW-46 introduces a durable, queue-backed workflow execution worker that processesfw_workflow_executions records from queued/retry_pending states using pgmq plus scheduled worker invocation. The integration reuses existing FW execution logic (automation-executor) and platform primitives (PF-01 tenant model, PF-10 notification delivery), while adding dead-letter routing and retry-safe checkpointing.
Integration Points (from Spec)
| Dependency | Type | Purpose |
|---|---|---|
| PF-01 (Organizations) | Data / Inbound | Enforce tenant scoping using organization_id on queue messages and execution records |
| PF-10 (Notifications) | Platform / Outbound | Publish worker failure/health alerts to administrators |
| FW-03 (Automation Engine) | Intra-core / Runtime | Reuse automation-executor execution path without duplicating business logic |
| FW-06 (Advanced Workflow Builder) | Intra-core / Data | Process workflow graph (nodes/edges) executions using step-per-message checkpointing |
| FW-16 (Event-Based Triggers) | Intra-core / Event Producer | Extend fw_process_domain_event() flow to enqueue worker messages |
| FW-47 (Dead Letter Queue Management) | Intra-core / Future Consumer | Consume workflow_dlq for inspection/retry/purge UI |
| FW-48 (Execution Checkpointing) | Intra-core / Future Consumer | Build on checkpoint/resume state introduced by worker |
| FW-49 (Execution Timeouts) | Intra-core / Future Consumer | Enforce deadline_at timeout behavior and DLQ routing |
| FW-25 (Advanced Error Recovery) | Intra-core / Future Consumer | Extend retry policy behavior (backoff, compensation actions) |
API / Platform Contracts
- Worker edge function (planned):
workflow-executor-worker- Triggered on schedule and processes batched queue messages.
- Database function (planned):
fw_claim_queued_executions()FOR UPDATE SKIP LOCKEDfallback claim path when queue read path is unavailable.
- RPC function (planned):
fw_enqueue_form_submission_automation()- User-callable enqueue path for form-submission automation bridge with org access validation.
- Shared execution contract: worker delegates to existing FW-03 automation execution logic (single source of execution semantics).
Scheduled Processing Contract
- Job Name:
process-workflow-queue - Schedule:
* * * * *(or*/10 * * * * *when second-level pg_cron is available) - Invocation Target:
workflow-executor-workeredge function - Batch Behavior: process queue in batches, acknowledge success, retry on transient failure, route permanent failures to
workflow_dlq - Concurrency Safety: semaphore/state guard prevents overlapping worker runs
Event Contracts
FW-46 does not introduce a new external cross-core event contract in Phase 1. It extends FW internal event-processing flow by connecting FW-16 queued execution production to worker consumption and execution orchestration.Security and Tenant Isolation
- Queue payloads contain only operational identifiers (
execution_id,rule_id,organization_id), not PHI/PII. - Worker runtime uses service-role credentials via Vault; no end-user token storage in queue messages.
- Organization scoping is verified at message processing time against execution records.
- User-callable enqueue RPC validates org access (
fw_has_org_access()) before accepting requests. - Error persistence uses sanitized messages; internal stack traces are not exposed.