tracking: p0 correctness hardening #137
Description
Objective
Track highest-priority correctness fixes identified in recent audit.
P0
- scheduled runs reuse workflow_id and can collide activity call keys #126 scheduled runs reuse workflow_id and can collide activity call keys
- moving failed tasks to DLQ can violate task_attempt foreign key #127 moving failed tasks to DLQ can violate task_attempt foreign key
- Stalled tasks with no remaining retries need a clean up mechanism #61 stalled tasks with no remaining retries can become unrecoverable zombies
P1
- graceful_shutdown uses process-local channel and misses other workers #128 graceful_shutdown uses process-local channel and misses other workers
- reconnect loops are not cancellation-aware and can block shutdown #129 reconnect loops are not cancellation-aware and can block shutdown
- worker exits on malformed task_change payload instead of ignoring #130 worker exits on malformed task_change payload instead of ignoring
- concurrency advisory lock key is not queue-scoped #132 concurrency advisory lock key is not queue-scoped
P2
- concurrency key semantics mismatch docs (serialization vs single-flight uniqueness) #131 concurrency key semantics mismatch docs (serialization vs single-flight uniqueness)
- remove panic paths from library runtime code #133 remove panic paths from library runtime code
- scheduler does not apply schedule updates until restart #134 scheduler does not apply schedule updates until restart
- duplicate Activity::NAME registrations silently overwrite handlers #135 duplicate Activity::NAME registrations silently overwrite handlers
- Context::call treats terminal retryable activity failures as retryable task errors #136 Context::call terminal retryable failure semantics
Notes
Proposed immediate implementation focus is P0 in order: #126, #127, then #61.