Umbrella: raw SQL interface audit findings from testing rounds 1–4

[NikolayS]

Summary

This is an umbrella / triage issue for the raw SQL interface audit performed against main at 9b3f89f.

The audit produced issues #95–#112. This issue summarizes them, separates likely release blockers from docs/hardening/design questions, and calls out which findings appear inherited from PgQ assumptions vs locally introduced by PgQue wrappers/additions.

Recommended triage

Keep as real bugs / release blockers

• Security: pgque roles are bypassed by default PUBLIC EXECUTE on functions #96 — Security: PgQue roles are bypassed by default PUBLIC EXECUTE on functions
• Bug: concurrent receive() for same consumer can double-deliver same events #97 — Bug: concurrent receive() for same consumer can double-deliver same events
• Bug: nack() DLQ path trusts caller-supplied pgque.message and allows forged DLQ rows #98 — Bug: nack() DLQ path trusts caller-supplied pgque.message and allows forged DLQ rows
• Security: pgque_admin can escalate via queue_extra_maint executed by SECURITY DEFINER maint() #101 — Security: pgque_admin can escalate via queue_extra_maint executed by SECURITY DEFINER maint()
• Bug: receive() can strand consumer on empty active batch with no batch_id to ack #103 — Bug: receive() can strand consumer on empty active batch with no batch_id to ack
• Bug: batch_retry() fails on xid8 schema (NULL::int8 inserted into ev_txid xid8) #107 — Bug: batch_retry() fails on xid8 schema
• Bug: queue names longer than 57 bytes fail via pg_notify channel name in ticker/create_queue #109 — Bug: queue names >57 bytes fail via pg_notify channel length
• Bug: pgque.maint() VACUUM branch fails because VACUUM cannot run inside PL/pgSQL function #110 — Bug: pgque.maint() VACUUM branch cannot work inside PL/pgSQL
• Client/docs: Python consumer/client contract can drop unhandled messages and misdocuments string payloads #111 — Client/docs: Python consumer/client contract can drop unhandled messages and misdocuments string payloads, if clients are in release scope

Keep, but reframe / downgrade

• Bug: receive(max_return) can return extra row and ack can skip unreturned messages #95 — receive(max_return)

  • Real bug: max_return <= 0 returns one row.
  • But “ack skips unreturned rows” may be intended whole-batch semantics; existing tests already codify it.
  • Suggested reframe: validate max_return, document that ack() finishes the whole underlying batch, and avoid presenting max_return as a safe paging/cursor API.

• Docs: manual scheduler and reference are stale for retry_events, maint(), force_tick(), nack(), grants #99 — Docs drift around manual scheduler, maint_retry_events, force_tick, nack, grants

  • Keep as docs umbrella.

• Hardening: validate queue config values and external ticker monotonicity #100 — Config validation / external ticker / force_tick() hardening

  • Keep as hardening, probably not release blocker unless external ticker is in v0.2 scope.

• Security/docs: get_batch_cursor(extra_where) executes raw SQL predicate and can forge returned rows #108 — get_batch_cursor(extra_where) raw SQL predicate

  • Keep as API/docs hardening.
  • It is not necessarily a vulnerability if only trusted SQL writers can call it, but it must be documented as trusted-SQL-only and not safe for user input.

• Docs: clarify PgQue roles are global/coarse, not per-queue multi-tenant isolation #112 — Roles are global/coarse, not per-queue tenant isolation

  • Keep as explicit API contract docs.

Merge or downgrade depending product decision

• Security: any pgque_writer can ack another consumer/app's active batch by batch_id #102 — any pgque_writer can ack another consumer/app’s active batch by batch_id
• Security: low-level primitives let writers mutate/read other consumers' active batches #106 — low-level primitives let writers mutate/read other consumers’ active batches

These are real behaviors, but may be by design if pgque_writer is a coarse trusted global DB role like old PgQ.

Recommendation:

• Keep Docs: clarify PgQue roles are global/coarse, not per-queue multi-tenant isolation #112 regardless.
• If PgQue does not promise per-app/per-queue isolation, re-label Security: any pgque_writer can ack another consumer/app's active batch by batch_id #102/Security: low-level primitives let writers mutate/read other consumers' active batches #106 as design/docs/future ACL rather than security bugs, or close them as intentional after Docs: clarify PgQue roles are global/coarse, not per-queue multi-tenant isolation #112 is fixed.
• If PgQue wants safer modern wrappers for shared DB apps, keep Security: any pgque_writer can ack another consumer/app's active batch by batch_id #102/Security: low-level primitives let writers mutate/read other consumers' active batches #106 open and add explicit queue/consumer ownership checks or future ACLs.

Merge with related issues if desired

• Bug: repeated nack() of same DLQ-bound message creates duplicate replayable DLQ rows #104 — repeated nack() of same DLQ-bound message creates duplicate replayable DLQ rows

  • Real behavior, but likely fixed together with Bug: nack() DLQ path trusts caller-supplied pgque.message and allows forged DLQ rows #98 by canonicalizing/idempotent terminal handling.
  • Can stay separate for regression coverage or be merged into Bug: nack() DLQ path trusts caller-supplied pgque.message and allows forged DLQ rows #98.

• Docs: README/examples client snippets have invalid ack usage, event-type mismatch, benchmark/version drift #105 — Docs/snippets: invalid ack examples, Python event mismatch, benchmark/version drift

  • Keep as docs polish, or merge selected parts into Docs: manual scheduler and reference are stale for retry_events, maint(), force_tick(), nack(), grants #99 if fewer docs issues are preferred.

PgQ-inherited vs PgQue-local

Likely inherited from PgQ assumptions / primitive API design

• Coarse global role model / no per-queue isolation: Security: any pgque_writer can ack another consumer/app's active batch by batch_id #102, Security: low-level primitives let writers mutate/read other consumers' active batches #106, Docs: clarify PgQue roles are global/coarse, not per-queue multi-tenant isolation #112
• register_consumer_at, event_retry, get_batch_cursor(extra_where), batch_retry primitive shape: Security: low-level primitives let writers mutate/read other consumers' active batches #106, Security/docs: get_batch_cursor(extra_where) executes raw SQL predicate and can forge returned rows #108
• next_batch concurrency assumptions: Bug: concurrent receive() for same consumer can double-deliver same events #97 may be inherited or at least from PgQ-derived primitive code
• queue_extra_maint concept: part of Security: pgque_admin can escalate via queue_extra_maint executed by SECURITY DEFINER maint() #101 may be inherited, but PgQue grants/SECURITY DEFINER packaging make impact concrete

Clearly PgQue-local / introduced by modernization, wrappers, additions, docs, or transformations

• Bug: receive(max_return) can return extra row and ack can skip unreturned messages #95 — modern receive(max_return) wrapper behavior/docs
• Bug: nack() DLQ path trusts caller-supplied pgque.message and allows forged DLQ rows #98 — PgQue DLQ + nack() wrapper trusting caller composite
• Docs: manual scheduler and reference are stale for retry_events, maint(), force_tick(), nack(), grants #99 — docs/reference drift
• Security: pgque_admin can escalate via queue_extra_maint executed by SECURITY DEFINER maint() #101 — inherited mechanism plus PgQue grants/SECURITY DEFINER maint() combination
• Bug: receive() can strand consumer on empty active batch with no batch_id to ack #103 — modern receive() wrapper empty-batch trap
• Bug: repeated nack() of same DLQ-bound message creates duplicate replayable DLQ rows #104 — PgQue DLQ duplicate terminal handling
• Docs: README/examples client snippets have invalid ack usage, event-type mismatch, benchmark/version drift #105 — PgQue docs/snippets/client examples
• Bug: batch_retry() fails on xid8 schema (NULL::int8 inserted into ev_txid xid8) #107 — xid8 transformation bug (NULL::int8 into xid8)
• Bug: queue names longer than 57 bytes fail via pg_notify channel name in ticker/create_queue #109 — PgQue LISTEN/NOTIFY addition
• Bug: pgque.maint() VACUUM branch fails because VACUUM cannot run inside PL/pgSQL function #110 — PgQue PL/pgSQL maint() wrapper executing VACUUM
• Client/docs: Python consumer/client contract can drop unhandled messages and misdocuments string payloads #111 — Python client behavior/docs

Suggested immediate release-blocker shortlist

If the goal is v0.2 readiness, I would prioritize:

1. Security: pgque roles are bypassed by default PUBLIC EXECUTE on functions #96 — role/public execute hardening
2. Security: pgque_admin can escalate via queue_extra_maint executed by SECURITY DEFINER maint() #101 — SECURITY DEFINER queue_extra_maint escalation
3. Bug: nack() DLQ path trusts caller-supplied pgque.message and allows forged DLQ rows #98 + Bug: repeated nack() of same DLQ-bound message creates duplicate replayable DLQ rows #104 — canonical/idempotent nack() / DLQ terminal handling
4. Bug: receive() can strand consumer on empty active batch with no batch_id to ack #103 — empty-batch receive() wrapper trap
5. Bug: batch_retry() fails on xid8 schema (NULL::int8 inserted into ev_txid xid8) #107 — broken batch_retry() on current schema
6. Bug: pgque.maint() VACUUM branch fails because VACUUM cannot run inside PL/pgSQL function #110 — broken maint() VACUUM branch
7. Docs: manual scheduler and reference are stale for retry_events, maint(), force_tick(), nack(), grants #99/Docs: README/examples client snippets have invalid ack usage, event-type mismatch, benchmark/version drift #105 — docs that would cause bad production usage

#97 is also important if same consumer may have multiple workers. If the intended model is “one worker per consumer name,” document it; otherwise fix locking.

Audit note

I do not think #95–#112 are all equally severe. Some are true implementation bugs; some are docs/API contract issues; some are inherited PgQ/global-role design assumptions. This umbrella is meant to prevent overreacting to every finding as a release blocker while keeping the real sharp edges visible.

---

Status update — 2026-04-30 11:50 UTC

Closed / merged to main and locally verified

• Bug: receive(max_return) can return extra row and ack can skip unreturned messages #95 — fixed by PR fix(pgque.receive): reject max_return < 1 and document batch-ownership #114. Verified on main: max_return < 1 rejected; regression suite passes.
• Bug: nack() DLQ path trusts caller-supplied pgque.message and allows forged DLQ rows #98 — fixed by PR fix(pgque.nack): canonical + idempotent DLQ terminal handling #116. Verified on main: forged pgque.message rejected; canonical DLQ values used.
• Bug: receive() can strand consumer on empty active batch with no batch_id to ack #103 — fixed by PR fix(pgque.receive): finish empty batch instead of stranding consumer #117. Verified on main: empty batch no longer strands receive() consumer.
• Bug: repeated nack() of same DLQ-bound message creates duplicate replayable DLQ rows #104 — fixed by PR fix(pgque.nack): canonical + idempotent DLQ terminal handling #116. Verified on main: repeated DLQ-bound nack() is idempotent; one DLQ row.

Verification evidence:

• tests/run_all.sql on current main (ea6199f) passed.
• Custom repro script for Bug: receive(max_return) can return extra row and ack can skip unreturned messages #95/Bug: nack() DLQ path trusts caller-supplied pgque.message and allows forged DLQ rows #98/Bug: receive() can strand consumer on empty active batch with no batch_id to ack #103/Bug: repeated nack() of same DLQ-bound message creates duplicate replayable DLQ rows #104 passed.

Open PRs verified PASS

• Security: pgque roles are bypassed by default PUBLIC EXECUTE on functions #96 + Security: pgque_admin can escalate via queue_extra_maint executed by SECURITY DEFINER maint() #101 — PR fix: revoke PUBLIC EXECUTE and harden SECURITY DEFINER queue_extra_maint #118 (fix/security-roles-and-definer)

  • Verification: PASS.
  • Full regression + acceptance passed.
  • Target repros blocked: public execute count is 0; reader/public cannot mutate; attacker-owned queue_extra_maint hook skipped.
  • CI: green.

• Bug: batch_retry() fails on xid8 schema (NULL::int8 inserted into ev_txid xid8) #107 — PR fix(pgque.batch_retry): cast NULL to xid8 not int8 #120 (fix/batch-retry-xid8)

  • Verification: PASS.
  • batch_retry() no longer hits xid8 mismatch; idempotency/redelivery tests pass.
  • CI: green.

• Bug: queue names longer than 57 bytes fail via pg_notify channel name in ticker/create_queue #109 — PR fix(pgque.create_queue): reject queue names > 57 bytes #122 (fix/queue-name-length)

  • Verification: PASS.
  • 57-byte queue name accepted; 58+ rejected before partial state writes.
  • CI: green.

• Bug: pgque.maint() VACUUM branch fails because VACUUM cannot run inside PL/pgSQL function #110 — PR fix(pgque.maint): drop VACUUM (cannot run inside PL/pgSQL) #119 (fix/maint-vacuum)

  • Verification: PASS locally.
  • pgque.maint() no longer attempts impossible in-function VACUUM; targeted tests pass.
  • Note: GitHub reported no checks for this branch at last check; local full suite passed.

• Client/docs: Python consumer/client contract can drop unhandled messages and misdocuments string payloads #111 — PR fix(clients/python): consumer warns + acks unhandled event types #121 (fix/python-consumer-111)

  • Verification: PASS for requested fix.
  • Python consumer now nack()s unhandled message types instead of silently ack/drop.
  • Compile/tests and targeted live-Postgres regression passed.
  • CI: green.

Docs PRs

• Docs: manual scheduler and reference are stale for retry_events, maint(), force_tick(), nack(), grants #99 + Docs: README/examples client snippets have invalid ack usage, event-type mismatch, benchmark/version drift #105 + Docs: clarify PgQue roles are global/coarse, not per-queue multi-tenant isolation #112 — PR docs: reference + examples + roles cleanup (#99, #105, #112) #126 (docs/reference-roles-examples-cleanup)

  • Content verification: PASS.
  • Covers manual maint_retry_events(), global/coarse roles, safer ack examples, nack() + ack() semantics, force_tick() semantics.
  • CI: green.
  • Blocker: merge conflict / dirty against current main; needs rebase.

• PR docs(README): mention benchmark/ directory #128 (docs/readme-hero-xmin)

  • CI: green, mergeable.
  • Related docs/README polish, not core blocker.

Still open / not fixed yet

• Bug: concurrent receive() for same consumer can double-deliver same events #97 — concurrent same-consumer receive() double-delivery

  • PR [ON HOLD v0.2.1] fix(pgque.receive): prevent double-delivery on concurrent same-consumer calls #125 exists and CI is green, but marked ON HOLD v0.2.1.
  • Product decision: fix now if multiple workers per same consumer are supported; otherwise document one-worker-per-consumer-name.

• Hardening: validate queue config values and external ticker monotonicity #100 — config validation / external ticker monotonicity / force_tick() hardening

  • No fix seen yet.
  • Hardening, probably not v0.2 blocker unless external ticker is in scope.

• Security: any pgque_writer can ack another consumer/app's active batch by batch_id #102 — writer can ack another consumer/app batch

• Security: low-level primitives let writers mutate/read other consumers' active batches #106 — low-level primitives let writers mutate/read other active batches

• Security/docs: get_batch_cursor(extra_where) executes raw SQL predicate and can forge returned rows #108 — get_batch_cursor(extra_where) trusted SQL fragment / row-forgery footgun

  • No direct fixes yet.
  • These are likely global-role/trusted-writer design issues. If PgQue accepts coarse global roles, close/downgrade after Docs: clarify PgQue roles are global/coarse, not per-queue multi-tenant isolation #112 docs land; otherwise future ACL/work needed.

Suggested merge / action order

1. Merge fix: revoke PUBLIC EXECUTE and harden SECURITY DEFINER queue_extra_maint #118 (security roles + SECURITY DEFINER hardening).
2. Merge fix(pgque.batch_retry): cast NULL to xid8 not int8 #120, fix(pgque.create_queue): reject queue names > 57 bytes #122, fix(pgque.maint): drop VACUUM (cannot run inside PL/pgSQL) #119, fix(clients/python): consumer warns + acks unhandled event types #121 (runtime/client fixes already verified).
3. Rebase docs: reference + examples + roles cleanup (#99, #105, #112) #126, then merge docs cleanup.
4. Decide Bug: concurrent receive() for same consumer can double-deliver same events #97 scope: v0.2 now vs v0.2.1 with explicit docs.
5. Triage Security: any pgque_writer can ack another consumer/app's active batch by batch_id #102/Security: low-level primitives let writers mutate/read other consumers' active batches #106/Security/docs: get_batch_cursor(extra_where) executes raw SQL predicate and can forge returned rows #108 as design/docs vs future ACL after Docs: clarify PgQue roles are global/coarse, not per-queue multi-tenant isolation #112 lands.

---

Status update — 2026-04-30 16:55 UTC

Landed / closed since prior update

The main raw-SQL audit fixes have moved significantly. These issues are now closed:

• Bug: receive(max_return) can return extra row and ack can skip unreturned messages #95 — fixed by fix(pgque.receive): reject max_return < 1 and document batch-ownership #114 (receive(max_return) validation + batch ownership docs)
• Security: pgque roles are bypassed by default PUBLIC EXECUTE on functions #96 — fixed by fix: revoke PUBLIC EXECUTE and harden SECURITY DEFINER queue_extra_maint #118 (PUBLIC EXECUTE revoked / explicit grants)
• Bug: nack() DLQ path trusts caller-supplied pgque.message and allows forged DLQ rows #98 — fixed by fix(pgque.nack): canonical + idempotent DLQ terminal handling #116 (nack() canonicalizes event data; forged message rejected)
• Security: pgque_admin can escalate via queue_extra_maint executed by SECURITY DEFINER maint() #101 — fixed by fix: revoke PUBLIC EXECUTE and harden SECURITY DEFINER queue_extra_maint #118 (queue_extra_maint SECURITY DEFINER hardening)
• Bug: receive() can strand consumer on empty active batch with no batch_id to ack #103 — fixed by fix(pgque.receive): finish empty batch instead of stranding consumer #117 (receive() empty-batch trap fixed)
• Bug: repeated nack() of same DLQ-bound message creates duplicate replayable DLQ rows #104 — fixed by fix(pgque.nack): canonical + idempotent DLQ terminal handling #116 (DLQ terminal nack() idempotent)
• Bug: batch_retry() fails on xid8 schema (NULL::int8 inserted into ev_txid xid8) #107 — fixed by fix(pgque.batch_retry): cast NULL to xid8 not int8 #120 (batch_retry() xid8 cast)
• Bug: queue names longer than 57 bytes fail via pg_notify channel name in ticker/create_queue #109 — fixed by fix(pgque.create_queue): reject queue names > 57 bytes #122 (queue names >57 bytes rejected before partial state)
• Bug: pgque.maint() VACUUM branch fails because VACUUM cannot run inside PL/pgSQL function #110 — fixed by fix(pgque.maint): drop VACUUM (cannot run inside PL/pgSQL) #119 (maint() no longer executes VACUUM inside PL/pgSQL)
• Client/docs: Python consumer/client contract can drop unhandled messages and misdocuments string payloads #111 — fixed by fix(clients/python): consumer warns + acks unhandled event types #121/fix(clients/python): make Consumer thread-safe and correct test xact pattern #129 (Python consumer behavior/docs/test transaction pattern)

Also merged and related:

• docs(README): mention benchmark/ directory #128 — README benchmark directory mention
• fix(clients/typescript): per-queue ticker overload, fix nack test schema, serialise vitest #130 — TypeScript live-test fixes; importantly, final version used per-queue ticker semantics rather than changing public forceTick() into global ticker behavior.

Current open audit issues

• Bug: concurrent receive() for same consumer can double-deliver same events #97 — concurrent same-consumer receive() double-delivery

  • PR [ON HOLD v0.2.1] fix(pgque.receive): prevent double-delivery on concurrent same-consumer calls #125 exists, CI green, explicitly ON HOLD v0.2.1.
  • Still open by product decision / scope decision.

• Docs: manual scheduler and reference are stale for retry_events, maint(), force_tick(), nack(), grants #99 — docs/reference scheduler + lifecycle drift

• Docs: README/examples client snippets have invalid ack usage, event-type mismatch, benchmark/version drift #105 — docs snippets / ack examples / benchmark wording / version drift

• Docs: clarify PgQue roles are global/coarse, not per-queue multi-tenant isolation #112 — roles are global/coarse, not per-queue tenant isolation

  • Covered by PR docs: reference + examples + roles cleanup (#99, #105, #112) #126, but PR docs: reference + examples + roles cleanup (#99, #105, #112) #126 is currently CONFLICTING / DIRTY against main.
  • Needs rebase and corrections before merge.
  • Prior review found docs: reference + examples + roles cleanup (#99, #105, #112) #126 still had issues: bad README \gset example for multi-row receive(), stale maint() wording, stale PUBLIC/uninstall/grants wording after fix: revoke PUBLIC EXECUTE and harden SECURITY DEFINER queue_extra_maint #118.

• Hardening: validate queue config values and external ticker monotonicity #100 — config validation / external ticker monotonicity / force_tick() hardening

  • No fix seen yet.
  • Hardening; likely not v0.2 blocker unless external ticker is in scope.

• Security: any pgque_writer can ack another consumer/app's active batch by batch_id #102 — writer can ack another consumer/app batch

• Security: low-level primitives let writers mutate/read other consumers' active batches #106 — low-level primitives let writers mutate/read other active batches

• Security/docs: get_batch_cursor(extra_where) executes raw SQL predicate and can forge returned rows #108 — get_batch_cursor(extra_where) trusted SQL fragment / row-forgery footgun

  • Still open.
  • These are probably global-role/trusted-writer design issues. Once Docs: clarify PgQue roles are global/coarse, not per-queue multi-tenant isolation #112 docs land, decide whether to close/downgrade as “by design for coarse DB-level roles” or keep for future ACL/safe-wrapper work.

Current open PRs relevant to this audit

• docs: reference + examples + roles cleanup (#99, #105, #112) #126 — docs cleanup for Docs: manual scheduler and reference are stale for retry_events, maint(), force_tick(), nack(), grants #99/Docs: README/examples client snippets have invalid ack usage, event-type mismatch, benchmark/version drift #105/Docs: clarify PgQue roles are global/coarse, not per-queue multi-tenant isolation #112

  • Status: CONFLICTING / DIRTY.
  • Needs rebase after fix: revoke PUBLIC EXECUTE and harden SECURITY DEFINER queue_extra_maint #118/fix(pgque.maint): drop VACUUM (cannot run inside PL/pgSQL) #119/fix(clients/python): consumer warns + acks unhandled event types #121/docs(README): mention benchmark/ directory #128/fix(clients/typescript): per-queue ticker overload, fix nack test schema, serialise vitest #130 and fixes for stale docs.

• [ON HOLD v0.2.1] fix(pgque.receive): prevent double-delivery on concurrent same-consumer calls #125 — concurrent receive fix for Bug: concurrent receive() for same consumer can double-deliver same events #97

  • Status: ON HOLD v0.2.1, CI green.

• fix(clients/go): green up live-pg test suite #132 — Go live-PG test fixes

  • Status at last check: mergeable, but GitHub state UNSTABLE / checks pending or recently restarted.
  • Review note: direction is good. It keeps force+ticker behavior in test helpers, not public API. Prefer pgque.ticker(queue) over global pgque.ticker() in helper if touched again.

• ci: client-tests job runs all 3 driver suites against live PG #84 — all-driver live PG CI

  • Current blocker: Go client tests failing; Python and TypeScript passing.
  • fix(clients/go): green up live-pg test suite #132 likely intended to unblock Go tests.

Suggested next actions

1. Finish/merge fix(clients/go): green up live-pg test suite #132 if checks go green; this should unblock Go live tests and help ci: client-tests job runs all 3 driver suites against live PG #84.
2. Rebase/rework docs: reference + examples + roles cleanup (#99, #105, #112) #126 after current main:
   • remove bad \gset multi-row quickstart pattern;
   • update maint() docs after fix(pgque.maint): drop VACUUM (cannot run inside PL/pgSQL) #119;
   • update PUBLIC/grants/uninstall docs after fix: revoke PUBLIC EXECUTE and harden SECURITY DEFINER queue_extra_maint #118;
   • keep global/coarse roles warning from Docs: clarify PgQue roles are global/coarse, not per-queue multi-tenant isolation #112.
3. Decide Bug: concurrent receive() for same consumer can double-deliver same events #97 scope: merge [ON HOLD v0.2.1] fix(pgque.receive): prevent double-delivery on concurrent same-consumer calls #125 now or keep for v0.2.1 with explicit one-worker-per-consumer docs.
4. Decide Security: any pgque_writer can ack another consumer/app's active batch by batch_id #102/Security: low-level primitives let writers mutate/read other consumers' active batches #106/Security/docs: get_batch_cursor(extra_where) executes raw SQL predicate and can forge returned rows #108 after Docs: clarify PgQue roles are global/coarse, not per-queue multi-tenant isolation #112 docs: close/downgrade as trusted-global-role design, or keep for future ACL/safe-wrapper roadmap.
5. Leave Hardening: validate queue config values and external ticker monotonicity #100 as hardening backlog unless v0.2 includes external ticker/config validation work.

[NikolayS]

Closing as completed — all leaf issues from rounds 1–4 have a destination.

Shipped (merged): #95 (#114), #96 + #101 (#118), #98 + #104 (#116), #99 + #105 + #112 (#126), #102 (#163), #103 (#117), #106 (#163, #170), #107 (#120), #108 (#169, #176), #109 (#122), #110 (#119), #111 (#121, #129).

Remaining open and intentional:

• Bug: concurrent receive() for same consumer can double-deliver same events #97 — deferred to v0.2.1+ per maintainer (touches PgQ "sacred" core; one-worker-per-consumer-name documented as the supported model).
• Hardening: validate queue config values and external ticker monotonicity #100 — open as PR fix: harden config / ticker / force_tick (#100) #195 (config validation + external ticker monotonicity + force_tick hardening); CI green, awaiting review.

The umbrella's purpose (preventing every audit finding from being treated as a release blocker, while keeping the real sharp edges visible) has been served.

---

Generated by Claude Code