docs(rfc): propose persistent flow queue and completion webhooks#306
Open
mason5052 wants to merge 2 commits intovxcontrol:feature/next-releasefrom
Open
docs(rfc): propose persistent flow queue and completion webhooks#306mason5052 wants to merge 2 commits intovxcontrol:feature/next-releasefrom
mason5052 wants to merge 2 commits intovxcontrol:feature/next-releasefrom
Conversation
Proposes a design direction for native flow concurrency control and completion notifications. The RFC follows the maintainer's relocated proposal pattern at examples/proposals/<topic>.md and explicitly builds on the lessons from PR vxcontrol#268 (rejected because the in-memory queue was hidden lifecycle state). The RFC covers: - Goals limited to capping concurrent flows, persisting queued flows as first-class lifecycle, replacing external polling with at-least- once webhooks, and preserving the existing createFlow contract. - Non-Goals that explicitly forbid hidden in-memory queues, multi- tenant scheduling, generic event bus features, and changing the meaning of 'finished' for tasks/subtasks/toolcalls. - Design Principles for persistence, visibility, manageability, explicit promotion, clear finished semantics, and at-least-once delivery. - A proposed concurrency model with a new persisted 'queued' status, a single MAX_CONCURRENT_FLOWS knob, an explicit promoter, and full UI/API visibility plus user cancellation. - A proposed completion webhook model with per-flow and global URLs, HMAC-SHA256 signatures, persisted deliveries, bounded retries, and SSRF mitigations. - Storage and API surface sketches that do not commit to a final schema. - Open Questions covering per-user limits, blocking semantics on createFlow, signature alignment with the issue vxcontrol#235 receipt direction, and behavior of resources/uploads against queued flows. - A Suggested First Milestone that lands the queue end-to-end before webhooks, to keep PR sizes reviewable. This is documentation only. No runtime code, schema, GraphQL, REST, or UI behavior changes here. Refs vxcontrol#298 Signed-off-by: mason5052 <ehehwnwjs5052@gmail.com>
There was a problem hiding this comment.
Pull request overview
Adds an RFC proposal documenting a persisted flow queue (with a global concurrency cap) and at-least-once completion webhooks, providing a design direction for addressing orchestration pain points raised in #298 without introducing runtime changes.
Changes:
- Introduces a new design RFC covering a persisted
queuedflow status and explicit promotion model. - Proposes a completion webhook design (configuration, payload, signing, retries, SSRF mitigations).
- Captures open questions and a staged milestone plan for implementation.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…ames Address Copilot review feedback on PR vxcontrol#306: - Lifecycle diagram: show running <-> waiting (waiting is a paused state that resumes to running when user input arrives) and document that both running and waiting can reach the terminal statuses finished or failed. - Replace overloaded 'finished' wording with explicit 'terminal' semantics throughout. finished and failed remain distinct terminal statuses; the queue and webhook layers treat both as terminal. - Align webhook event names with status terminology: flow.finished for success, flow.failed for failure. Update payload example accordingly and note the failed-flow shape. Signed-off-by: mason5052 <ehehwnwjs5052@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a design RFC at
examples/proposals/flow_concurrency.mddescribing a possible direction for native flow concurrency control and completion webhooks, as raised in issue #298. The RFC is documentation only; no runtime, schema, GraphQL, REST, or UI behavior changes here.Problem
Issue #298 covers two real pain points for external orchestrators that drive PentAGI from a pipeline:
createFlowaccepts unlimited concurrent calls, so calling it N times immediately spins up N Kali containers and saturates the host.GET /api/v1/flows/{id}.A naive fix can easily slip back into the anti-pattern PR #268 was rejected for: a hidden in-memory queue with no persistence, no UI/API/DB visibility, and no cancelability. PentAGI maintainers have asked, both in PR #268 and in the assistant flow management direction shipped in PR #292, for explicit, inspectable, manageable flow control instead of implicit background lifecycle.
Solution
The RFC follows the maintainer's relocated proposal pattern at
examples/proposals/<topic>.md(commit 47de4e4 movedbackend/docs/evidence_chain_rfc.mdtoexamples/proposals/evidence_chain.md). It deliberately mirrors the structure ofexamples/proposals/evidence_chain.md(PR #277) and includes:createFlowcontract.finishedmeans for tasks/subtasks/toolcalls.finishedsemantics, and at-least-once delivery.queuedstatus, a singleMAX_CONCURRENT_FLOWSenv var, an explicit promoter, full UI/API visibility (listings, filters, detail, assistant view), and a user-driven cancel path with a documented terminal status.webhookUrlplus a globalFLOW_WEBHOOK_URLfallback, HMAC-SHA256 signed payloads viaX-PentAGI-Signature, stabledelivery_idfor receiver dedup, persistedflow_webhook_deliveriesrows, bounded exponential backoff, and SSRF mitigations (config-time and delivery-time DNS validation, redacted secrets in logs, no retry on most 4xx).createFlowblocking semantics, alignment of the signature scheme with the issue RFC: Cryptographic evidence chain for PentAGI pentest operations #235 receipt direction, and queued-flow handling for resources/uploads/messages.The RFC explicitly rejects in-memory queues, hidden lifecycle state, and implicit promotion semantics, and references the PR #268 lesson directly.
User Impact
MAX_CONCURRENT_FLOWSknob plus signed completion webhooks) and the staged milestones, so they can plan integration work even before any feature ships.Test Plan
git diff --statshows onlyexamples/proposals/flow_concurrency.mdchanged.examples/proposals/evidence_chain.md(Goals / Non-Goals / Proposed model / Open Questions / Suggested First Milestone) and adds an explicit Safety and Security section.Refs #298