Merged
Conversation
🦋 Changeset detectedLatest commit: 1cf46a6 The changes in this PR will be included in the next version bump. This PR includes changesets to release 18 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Contributor
🧪 E2E Test Results❌ Some tests failed Summary
❌ Failed Tests🌍 Community Worlds (17 failed)mongodb (1 failed):
redis (1 failed):
starter (14 failed):
turso (1 failed):
Details by Category✅ ▲ Vercel Production
✅ 💻 Local Development
✅ 📦 Local Production
✅ 🐘 Local Postgres
✅ 🪟 Windows
❌ 🌍 Community Worlds
|
Contributor
📊 Benchmark Results
workflow with no steps💻 Local Development
▲ Production (Vercel)
🔍 Observability: Next.js (Turbopack) | Express | Nitro workflow with 1 step💻 Local Development
▲ Production (Vercel)
🔍 Observability: Nitro | Next.js (Turbopack) | Express workflow with 10 sequential steps💻 Local Development
▲ Production (Vercel)
🔍 Observability: Next.js (Turbopack) | Express | Nitro Promise.all with 10 concurrent steps💻 Local Development
▲ Production (Vercel)
🔍 Observability: Next.js (Turbopack) | Nitro | Express Promise.all with 25 concurrent steps💻 Local Development
▲ Production (Vercel)
🔍 Observability: Express | Nitro | Next.js (Turbopack) Promise.race with 10 concurrent steps💻 Local Development
▲ Production (Vercel)
🔍 Observability: Express | Nitro | Next.js (Turbopack) Promise.race with 25 concurrent steps💻 Local Development
▲ Production (Vercel)
🔍 Observability: Next.js (Turbopack) | Nitro | Express Stream Benchmarks (includes TTFB metrics)workflow with stream💻 Local Development
▲ Production (Vercel)
🔍 Observability: Express | Next.js (Turbopack) | Nitro SummaryFastest Framework by WorldWinner determined by most benchmark wins
Fastest World by FrameworkWinner determined by most benchmark wins
Column Definitions
Worlds:
|
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![vercel[bot]](https://avatars.githubusercontent.com/in/8329?s=60&v=4){kind=small}
pranaygp
reviewed
Jan 8, 2026
pranaygp
approved these changes
Jan 8, 2026
Contributor
pranaygp
left a comment
pranaygp
left a comment
There was a problem hiding this comment.
very exciting! left some comments tho
* feat(web): add self-hosted mode for world configuration When WORKFLOW_TARGET_WORLD env var is set, the web UI operates in self-hosted mode where the world configuration is locked to server-side environment variables and cannot be changed via query params or UI. - Add getHardcodedConfig server action to detect self-hosted mode - Modify getWorldFromEnv to use server env vars in hardcoded mode - Create WorldConfigContext to provide config state app-wide - Update settings sidebar to show locked state with disabled inputs - Update connection status to show PostgreSQL backend info - Mask sensitive values (postgres URL) in hardcoded mode UI * fix: address PR review feedback - Remove unused ConfigMode type export - Fix postgres substring to undefined (tooltip has details) - Extract buildEnvMapFromProcessEnv helper to reduce duplication - Remove unused EnvMap import from layout-client - Import HardcodedConfig from web-shared/server instead of re-defining * Fix: PostgreSQL URL parameter missing from configParsers, causing loss of postgres URL configuration on page reload in dynamic mode * fix(cli): clear WORKFLOW_TARGET_WORLD when spawning web server The CLI sets WORKFLOW_TARGET_WORLD as an env var, which the spawned Next.js server inherits. This caused the web UI to enter self-hosted mode even when launched via CLI. Now we explicitly clear WORKFLOW_TARGET_WORLD from the server's environment so it starts in dynamic mode where config comes from query params as intended. * refactor(web): use server-side env vars for world config BREAKING CHANGE: The web UI no longer supports configuring the world backend via URL query parameters. Configuration is now read exclusively from server-side environment variables. Changes: - Remove query param parsing from @workflow/web config.ts - Add ServerConfig interface with non-sensitive display info - Update all components to use useServerConfig() hook - Settings sidebar is now read-only - CLI passes env vars to spawned web server instead of query params - Server actions use process.env directly (envMap param reserved for future use) This simplifies the architecture and improves security by never sending sensitive data (connection strings, auth tokens) to the client. * fix(web): fix settings sidebar overflow and shorten data dir path - Add truncate/overflow handling to settings sidebar config values - Add shortenPath() helper to abbreviate long file paths: - Replaces home directory with ~ - Shows .../last-two-segments if still too long - Add title attributes for full path on hover * Update changeest --------- Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Pranay Prakash <pranay.gp@gmail.com>
| // The stream name includes the correlationId for identification. | ||
| // The server skips run validation for health check streams. | ||
| const fakeRunId = generateHealthCheckRunId(); | ||
| await world.writeToStream(streamName, fakeRunId, response); |
Contributor
There was a problem hiding this comment.
Missing documentation about streaming infrastructure testing in health check function
| // NOTE: Health check messages are intentionally unauthenticated for monitoring purposes. | ||
| // They only write a simple status response to a stream and do not expose sensitive data. | ||
| // The stream name includes a unique correlationId that must be known by the caller. | ||
| const healthCheck = parseHealthCheckPayload(message_); |
Contributor
There was a problem hiding this comment.
Add rate limiting to health check messages to prevent DoS attacks via queue flooding
--------- Signed-off-by: Peter Wielander <mittgfu@gmail.com>
VaguelySerious
approved these changes
Jan 12, 2026
Member
VaguelySerious
left a comment
VaguelySerious
left a comment
There was a problem hiding this comment.
LGTM assuming the workflow-server side gets merged and the tests against vercel prod on this PR then run correctly
| // | ||
| // For production use on Vercel with Deployment Protection enabled, use the | ||
| // queue-based `world.healthCheck()` method instead, which bypasses protection | ||
| // by sending messages through the Queue infrastructure. |
Member
There was a problem hiding this comment.
If we're not deprecating the http health check, it would be nice to have a comment somewhere as to why, and in which scenario we would want to use which health check
Member
Author
There was a problem hiding this comment.
I'm not addressing the HTTP health check in this PR. I agree it should probably be removed, but IIRC @adriandlam started using it in dev (for some frameworks at least) for the port detection, so we need to double check on that first.
- Add HealthCheckPayloadSchema and HEALTH_CHECK_STREAM_PREFIX to @workflow/world - Add healthCheck() method to Queue interface - Update workflow and step handlers to detect and respond to health check messages - Implement healthCheck() in world-local, world-vercel, and world-postgres The queue-based health check sends a message through the queue pipeline, which bypasses Vercel's Deployment Protection. The handler writes a response to a stream that the caller reads to confirm health. This complements the existing HTTP-based ?__health approach which still works for local development and when bypass headers are available.
Instead of adding healthCheck to the World interface (which duplicated
the same implementation across all worlds), this is now a utility function
in @workflow/core that takes the World as a parameter.
Usage:
import { healthCheck } from '@workflow/core';
const result = await healthCheck(world, 'workflow');
This is cleaner because:
- Single implementation instead of 3 identical ones
- World implementations remain simple
- No changes needed to the World interface
Health check types (HealthCheckPayloadSchema, HealthCheckResult, etc.) are now defined in @workflow/core since that's where they're used. The HealthCheckPayloadSchema is still part of QueuePayloadSchema in world (so the queue accepts health check messages), but it's not exported from the public API.
) * Initial plan * Address PR review comments: export types, fix race condition, improve error handling Co-authored-by: TooTallNate <71256+TooTallNate@users.noreply.github.com> * Add queue-based health check test and document security considerations Co-authored-by: TooTallNate <71256+TooTallNate@users.noreply.github.com> * Replace 'any' type with proper type guards for health check response Co-authored-by: TooTallNate <71256+TooTallNate@users.noreply.github.com> * Extract health check queue names as constants and improve type guards Co-authored-by: TooTallNate <71256+TooTallNate@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: TooTallNate <71256+TooTallNate@users.noreply.github.com>
Co-authored-by: Pranay Prakash <pranay.gp@gmail.com>
…into health-check-thru-queue
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Added a queue-based health check feature that works with Vercel Deployment Protection.
What changed?
healthCheck()function (exported atworkflow/runtime) that sends messages through the queue infrastructure to verify workflow and step endpoints are operationalHealthCheckPayloadSchemato validate health check messagesHow to test?
healthCheck()function to check endpoint health:Why make this change?
?__healthquery parameter doesn't work with Vercel Deployment Protection enabled.Worldinterface does not provide an applications reachable URL anyways