feat(workflow): restore workflows to previous versions#2581
feat(workflow): restore workflows to previous versions#2581jordan-umusu merged 7 commits intomainfrom
Conversation
jordan-umusu
temporarily deployed
to
internal-registry-ci
GitHub Actions
Inactive
jordan-umusu
temporarily deployed
to
internal-registry-ci
GitHub Actions
Inactive
|
✅ No security or compliance issues detected. Reviewed everything up to 95b42e2. Security OverviewDetected Code Changes| Change Type | Relevant files ... (code changes summary truncated to fit VCS comment limits.) |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 77b0b5e51f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
4 issues found across 8 files
Confidence score: 3/5
- There is a concrete regression risk around version selection: in
tracecat/workflow/management/definitions.py, falling back to latest when a pointed version row is missing can return the wrong workflow definition instead of the intended version. - Restore-path validation and alias handling need hardening:
tracecat/workflow/management/router.pyallowsversion=0to bypass exact filtering, andtracecat/workflow/management/management.pycan trigger anIntegrityError/500 by overwriting an alias now owned by another workflow. - This lands at moderate merge risk because multiple medium-severity, high-confidence issues are user-facing (wrong restore target, potential restore failure) rather than purely cosmetic.
- Pay close attention to
tracecat/workflow/management/definitions.py,tracecat/workflow/management/router.py,tracecat/workflow/management/management.py,frontend/src/hooks/use-workflow-definitions.ts- version/restore correctness and cache key consistency could cause wrong data to be restored or shown stale in the UI.
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="tracecat/workflow/management/definitions.py">
<violation number="1" location="tracecat/workflow/management/definitions.py:53">
P2: If the workflow has a version pointer but that version row is missing, this code silently falls back to the latest definition and can return the wrong version. Restrict the fallback to only `current_version is None` and return the pointer-target lookup result directly.</violation>
</file>
<file name="frontend/src/hooks/use-workflow-definitions.ts">
<violation number="1" location="frontend/src/hooks/use-workflow-definitions.ts:67">
P2: Use a consistent workflow key source for cache updates/invalidation. Mixing `workflowId` for reads and `workflow.id` for writes can leave stale query data after restore.</violation>
</file>
<file name="tracecat/workflow/management/router.py">
<violation number="1" location="tracecat/workflow/management/router.py:736">
P2: Validate restore version as a positive integer before lookup; `version=0` currently bypasses exact version filtering and can restore the wrong definition.</violation>
</file>
<file name="tracecat/workflow/management/management.py">
<violation number="1" location="tracecat/workflow/management/management.py:894">
P2: Avoid blindly overwriting the workflow alias during restore; if the snapshot alias is now owned by another workflow, this commit will raise an IntegrityError and return 500. Either preserve the current alias or catch alias conflicts and return a 409.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
jordan-umusu
force-pushed
the
feat/restore-workflow-version
branch
from
77b0b5e to
ed4a49a
Compare
jordan-umusu
temporarily deployed
to
internal-registry-ci
GitHub Actions
Inactive
jordan-umusu
temporarily deployed
to
internal-registry-ci
GitHub Actions
Inactive
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ed4a49a6fc
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
jordan-umusu
temporarily deployed
to
internal-registry-ci
GitHub Actions
Inactive
jordan-umusu
temporarily deployed
to
internal-registry-ci
GitHub Actions
Inactive
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2e8fec199f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
2 issues found across 5 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="tracecat/workflow/management/layout.py">
<violation number="1" location="tracecat/workflow/management/layout.py:54">
P1: Edge-qualified `depends_on` entries (e.g. `action_ref.error`) are ignored because the code checks the raw dep string instead of its source component, causing missing dependents and incorrect layout ordering.</violation>
</file>
<file name="tracecat/workflow/management/management.py">
<violation number="1" location="tracecat/workflow/management/management.py:940">
P2: `restore_workflow_definition` now commits once before layout updates and then runs a second version-checked graph mutation. If that second step fails, the restore is already persisted, causing a partial-success/failed-response outcome.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
jordan-umusu
force-pushed
the
feat/restore-workflow-version
branch
from
2e8fec1 to
94ddaef
Compare
jordan-umusu
force-pushed
the
feat/restore-workflow-version
branch
from
4def0f6 to
3106a95
Compare
jordan-umusu
temporarily deployed
to
internal-registry-ci
GitHub Actions
Inactive
jordan-umusu
temporarily deployed
to
internal-registry-ci
GitHub Actions
Inactive
jordan-umusu
temporarily deployed
to
internal-registry-ci
GitHub Actions
Inactive
jordan-umusu
temporarily deployed
to
internal-registry-ci
GitHub Actions
Inactive
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 895e3741ae
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
jordan-umusu
temporarily deployed
to
internal-registry-ci
GitHub Actions
Inactive
jordan-umusu
temporarily deployed
to
internal-registry-ci
GitHub Actions
Inactive
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f95d6c1c28
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
jordan-umusu
temporarily deployed
to
internal-registry-ci
GitHub Actions
Inactive
jordan-umusu
temporarily deployed
to
internal-registry-ci
GitHub Actions
Inactive
2 participants
Summary by cubic
Restore a workflow to any saved version without altering history. Adds a Versions tab in the builder and an API to set the current published version.
New Features
/workflows/{workflow_id}/definitions/{version}/restorereturnsWorkflowRead; maps duplicate alias to HTTP 409; rejects non-positiveversionwith HTTP 422.restore_workflow_definitionsetsversionandregistry_lock, updates fields, rebuilds actions, and bumpsgraph_version.useWorkflowDefinitions,useRestoreWorkflowDefinition, andworkflowsRestoreWorkflowDefinitionwith types.Refactors
versionpointer; fall back to latest for legacy workflows.Written for commit c17808d701acab815bd6d8804f031762a85e5b04. Summary will update on new commits. Review in cubic