Status: ✅ Implemented (2026-03-23)
Spec Reference: FW-53-workflow-rate-limiting-throttling.md
Last Updated: 2026-03-23
Overview
FW-53 adds org- and workflow-scoped execution rate limits, event debounce, cascade-depth protection, and operational counters. Enforcement runs inside the FW-46 durable execution worker at dequeue/start boundaries so excess work remains queued with backpressure instead of being dropped.Integration Points (from Spec)
Worker Contract (FW-46 Extension)
Code anchor:supabase/functions/workflow-executor-worker/index.ts — async function processMessage (queue payload verified against fw_workflow_executions.organization_id; status set to running immediately after rule/execution fetch today — FW-53 inserts evaluation before that update).
- After claiming a queue message, before marking execution
running, call internal evaluation (SQL function or shared module):- Inputs:
organization_id,workflow_definition_id, optionalautomation_rule_id, optional parent/correlation metadata. - Outputs:
{ allowed: boolean, defer_seconds?: number, reason?: string }.
- Inputs:
- If not allowed: set
rate_limit_hold_untilon execution (if column present), nack/defer message withdefer_seconds(with jitter), do not increment concurrent running count. - If allowed: increment counters atomically (transaction) with execution start; decrement on terminal completion paths (existing FW-46 completion hooks).
RPC / SQL Functions (Illustrative Names)
Exact signatures are defined at implementation time; must not expose PHI.
Event Contracts
No new cross-core outbound events in MVP. Optional future:fw.rate_limit.threshold_exceeded for external automation (deferred).
PF-43 (Advisory)
FW settings UI SHOULD call existing quota check withp_resource_type = 'workflow_executions' (see src/platform/quota/constants.ts, useResourceQuota hook) so admins see PF-43 remaining / reset_at alongside FW-53 per-minute and concurrency caps. Enforcement remains separate: PF-43 quotas are global per resource type; FW-53 is fine-grained workflow throttling.
Security and Tenant Isolation
fw_rate_limit_configs: RLS withfw_has_org_access; app enforcesfw.rate_limits.managefor mutations.fw_execution_rate_counters: SELECT for org members; writes from worker/service role or SECURITY DEFINER RPCs only.- Queue payloads remain identifier-only per FW-46.