> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Durable Execution Worker - Integration

> Feature ID: FW-46 Status: ✅ Complete Spec Reference: FW-46-durable-execution-worker.md Last Updated: 2026-03-16

**Feature ID:** FW-46\
**Status:** ✅ Complete\
**Spec Reference:** [FW-46-durable-execution-worker.md](../../../specs/fw/archive/FW-46-durable-execution-worker.md)\
**Last Updated:** 2026-03-16

***

## Overview

FW-46 introduces a durable, queue-backed workflow execution worker that processes `fw_workflow_executions` records from `queued`/`retry_pending` states using pgmq plus scheduled worker invocation. The integration reuses existing FW execution logic (`automation-executor`) and platform primitives (PF-01 tenant model, PF-10 notification delivery), while adding dead-letter routing and retry-safe checkpointing.

***

## Integration Points (from Spec)

| Dependency                           | Type                         | Purpose                                                                                  |
| ------------------------------------ | ---------------------------- | ---------------------------------------------------------------------------------------- |
| PF-01 (Organizations)                | Data / Inbound               | Enforce tenant scoping using `organization_id` on queue messages and execution records   |
| PF-10 (Notifications)                | Platform / Outbound          | Publish worker failure/health alerts to administrators                                   |
| FW-03 (Automation Engine)            | Intra-core / Runtime         | Reuse `automation-executor` execution path without duplicating business logic            |
| FW-06 (Advanced Workflow Builder)    | Intra-core / Data            | Process workflow graph (`nodes`/`edges`) executions using step-per-message checkpointing |
| FW-16 (Event-Based Triggers)         | Intra-core / Event Producer  | Extend `fw_process_domain_event()` flow to enqueue worker messages                       |
| FW-47 (Dead Letter Queue Management) | Intra-core / Future Consumer | Consume `workflow_dlq` for inspection/retry/purge UI                                     |
| FW-48 (Execution Checkpointing)      | Intra-core / Future Consumer | Build on checkpoint/resume state introduced by worker                                    |
| FW-49 (Execution Timeouts)           | Intra-core / Future Consumer | Enforce `deadline_at` timeout behavior and DLQ routing                                   |
| FW-25 (Advanced Error Recovery)      | Intra-core / Future Consumer | Extend retry policy behavior (backoff, compensation actions)                             |

***

## API / Platform Contracts

* **Worker edge function (planned):** `workflow-executor-worker`
  * Triggered on schedule and processes batched queue messages.
* **Database function (planned):** `fw_claim_queued_executions()`
  * `FOR UPDATE SKIP LOCKED` fallback claim path when queue read path is unavailable.
* **RPC function (planned):** `fw_enqueue_form_submission_automation()`
  * User-callable enqueue path for form-submission automation bridge with org access validation.
* **Shared execution contract:** worker delegates to existing FW-03 automation execution logic (single source of execution semantics).

***

## Scheduled Processing Contract

* **Job Name:** `process-workflow-queue`
* **Schedule:** `* * * * *` (or `*/10 * * * * *` when second-level pg\_cron is available)
* **Invocation Target:** `workflow-executor-worker` edge function
* **Batch Behavior:** process queue in batches, acknowledge success, retry on transient failure, route permanent failures to `workflow_dlq`
* **Concurrency Safety:** semaphore/state guard prevents overlapping worker runs

***

## Event Contracts

FW-46 does not introduce a new external cross-core event contract in Phase 1. It extends FW internal event-processing flow by connecting FW-16 queued execution production to worker consumption and execution orchestration.

***

## Security and Tenant Isolation

* Queue payloads contain only operational identifiers (`execution_id`, `rule_id`, `organization_id`), not PHI/PII.
* Worker runtime uses service-role credentials via Vault; no end-user token storage in queue messages.
* Organization scoping is verified at message processing time against execution records.
* User-callable enqueue RPC validates org access (`fw_has_org_access()`) before accepting requests.
* Error persistence uses sanitized messages; internal stack traces are not exposed.

***

## Related Docs

* [FW-46 Spec](../../../specs/fw/archive/FW-46-durable-execution-worker.md)
* [CROSS\_CORE\_INTEGRATIONS.md](./CROSS_CORE_INTEGRATIONS.md)
* [EVENT\_CONTRACTS.md](./EVENT_CONTRACTS.md)
* [API\_CONTRACTS.md](./API_CONTRACTS.md)
* [PLATFORM\_INTEGRATION\_LAYERS.md](./PLATFORM_INTEGRATION_LAYERS.md)
* [FW-03 Spec](../../../specs/fw/archive/FW-03-automation-engine.md)
* [FW-16 Spec](../../../specs/fw/archive/FW-16-event-based-workflow-triggers.md)