Skip to content

Address code review feedback on endpoint health status component #617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Copilot wants to merge 6 commits into
base: 12-15-invoke_the_endpoints_health_check_in_web_o11y_and_render_result_in_toolbar
Choose a base branch
from
+128 −22
Draft

Address code review feedback on endpoint health status component #617

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ca6fc12
Initial plan
Copilot Dec 15, 2025
847ba4a
Fix endpoints health status based on code review feedback
Copilot Dec 16, 2025
f6fc9d7
Address code review feedback on health status component
Copilot Dec 16, 2025
4fb4dd7
Extract health check message constant for consistency
Copilot Dec 16, 2025
c62acfb
Add explicit error handling for aborted health checks
Copilot Dec 16, 2025
c6502f9
Fix loading state cleanup and improve postgres URL hashing
Copilot Dec 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .changeset/fix-endpoints-health-status.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
'@workflow/core': patch
'@workflow/web': patch
---

Fix endpoints health status component based on code review feedback

- Fixed base URL determination to handle non-local backends (vercel, postgres)
- Improved config key generation to include all relevant backend-specific fields
- Fixed useEffect dependencies to prevent unnecessary re-checks
- Added cleanup handler for unmounted component to prevent React warnings
- Documented CORS security implications in code comments
6 changes: 6 additions & 0 deletions packages/core/src/runtime.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,12 @@ async function getAllWorkflowRunEvents(runId: string): Promise<Event[]> {
/**
* CORS headers for health check responses.
* Allows the observability UI to check endpoint health from a different origin.
*
* Security Note: Uses wildcard 'Access-Control-Allow-Origin: *' to allow any origin
* to access the health check endpoints. This is acceptable for health checks as they
* only return a simple status message and do not expose sensitive information or allow
* any state-changing operations. The health check responses contain no user data,
* authentication tokens, or system configuration details.
*/
const HEALTH_CHECK_CORS_HEADERS = {
'Access-Control-Allow-Origin': '*',
Expand Down
132 changes: 110 additions & 22 deletions packages/web/src/components/display-utils/endpoints-health-status.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ interface HealthCheckResult {
}

const HEALTH_CHECK_SESSION_KEY = 'workflow-endpoints-health-check';
const HEALTH_CHECK_NOT_SUPPORTED_MESSAGE =
'Health checks not supported for this backend';

function getSessionHealthCheck(configKey: string): HealthCheckResult | null {
try {
Expand Down Expand Up @@ -51,14 +53,61 @@ function setSessionHealthCheck(
}
}

/**
* Simple hash function for creating a unique identifier from a string.
* Uses a basic djb2 hash algorithm to avoid exposing sensitive data in cache keys.
*/
function simpleHash(str: string): string {
let hash = 5381;
for (let i = 0; i < str.length; i++) {
hash = (hash << 5) + hash + str.charCodeAt(i);
}
return (hash >>> 0).toString(36);
}

function getConfigKey(config: WorldConfig): string {
// Create a unique key based on relevant config values
return `${config.backend || 'local'}-${config.port || '3000'}`;
// Create a unique key based on all relevant config values that uniquely identify the backend
// Include backend, port, and backend-specific fields
const keyObj: Record<string, unknown> = {
backend: config.backend || 'local',
port: config.port || '3000',
};

// Add backend-specific fields
if (config.env) keyObj.env = config.env;
if (config.project) keyObj.project = config.project;
if (config.team) keyObj.team = config.team;
if (config.dataDir) keyObj.dataDir = config.dataDir;
// Hash the postgres URL to avoid exposing credentials in session storage
if (config.postgresUrl) {
keyObj.postgresUrlHash = simpleHash(config.postgresUrl);
}

return JSON.stringify(keyObj);
}

function getBaseUrl(config: WorldConfig): string | null {
const backend = config.backend || 'local';

if (backend === 'local') {
const port = config.port || '3000';
return `http://localhost:${port}`;
}

// For Vercel backend, we can't perform health checks from the browser
// as the endpoints are not accessible via HTTP
if (backend === 'vercel') {
return null;
}

// For other backends like postgres, also not directly accessible
return null;
}

async function checkEndpointHealth(
baseUrl: string,
endpoint: 'flow' | 'step'
endpoint: 'flow' | 'step',
signal?: AbortSignal
): Promise<{ success: boolean; message: string }> {
try {
const url = new URL(
Expand All @@ -67,8 +116,8 @@ async function checkEndpointHealth(
);
const response = await fetch(url.toString(), {
method: 'POST',
// Short timeout for health checks
signal: AbortSignal.timeout(5000),
// Use provided signal or default to 5 second timeout
signal: signal || AbortSignal.timeout(5000),
Comment on lines 117 to +120
Copy link
Contributor

@vercel vercel bot Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
const response = await fetch(url.toString(), {
method: 'POST',
// Short timeout for health checks
signal: AbortSignal.timeout(5000),
// Use provided signal or default to 5 second timeout
signal: signal || AbortSignal.timeout(5000),
// Compose the provided signal with a timeout so we get both behaviors:
// - The component can abort the request via its controller
// - The request also times out after 5 seconds if no response
const timeoutSignal = AbortSignal.timeout(5000);
const combinedSignal = signal
? AbortSignal.any([signal, timeoutSignal])
: timeoutSignal;
const response = await fetch(url.toString(), {
method: 'POST',
signal: combinedSignal,

The health check requests now lack a timeout when called from the component because the abort signal provided is used instead of composing it with the timeout.

View Details

Analysis

Fetch timeout lost when AbortSignal provided to checkEndpointHealth()

What fails: The checkEndpointHealth() function in packages/web/src/components/display-utils/endpoints-health-status.tsx uses the pattern signal: signal || AbortSignal.timeout(5000) which removes the timeout guarantee when a signal is provided. When called from the component's useEffect with abortController.signal, the timeout is discarded, causing fetch requests to hang indefinitely if the server doesn't respond.

How to reproduce:

  1. Open a page that uses EndpointsHealthStatus component
  2. Start a local server that accepts health check requests but never responds (e.g., nc -l localhost:3000)
  3. Observe that the health check request hangs indefinitely instead of timing out after 5 seconds
  4. Component can only be freed by unmounting (triggering abortController.abort())

Result: The fetch hangs until component unmounts. With the buggy code using signal || AbortSignal.timeout(5000):

  • signal parameter is the abortController.signal (truthy)
  • Expression evaluates to signal, not AbortSignal.timeout(5000)
  • No timeout is set on the fetch request

Expected: The fetch should timeout after 5 seconds OR when the component unmounts, whichever comes first.

Fix applied: Changed line 120-122 to compose the signals using AbortSignal.any():

const timeoutSignal = AbortSignal.timeout(5000);
const combinedSignal = signal
  ? AbortSignal.any([signal, timeoutSignal])
  : timeoutSignal;

This ensures:

  • When no signal is provided: uses AbortSignal.timeout(5000) only
  • When signal is provided: composes it with timeout so both behaviors are enforced
  • Request aborts if either: (a) the timeout triggers (5 seconds), or (b) the controller aborts (component unmounts)

Verified with Node.js v22.14.0. AbortSignal.any() is available in Node.js 18.17.0+, matching project's minimum requirement of Node.js ^18.0.0.

});

if (response.ok) {
Expand Down Expand Up @@ -103,33 +152,72 @@ export function EndpointsHealthStatus({ config }: EndpointsHealthStatusProps) {
return;
}

// Determine base URL based on config
const baseUrl = getBaseUrl(config);

// If backend doesn't support health checks (e.g., Vercel, Postgres),
// don't perform the check
if (!baseUrl) {
const result: HealthCheckResult = {
flow: 'error',
step: 'error',
flowMessage: HEALTH_CHECK_NOT_SUPPORTED_MESSAGE,
stepMessage: HEALTH_CHECK_NOT_SUPPORTED_MESSAGE,
checkedAt: new Date().toISOString(),
};
setHealthCheck(result);
setSessionHealthCheck(configKey, result);
return;
}

// Otherwise, perform the health check
const abortController = new AbortController();

const performHealthCheck = async () => {
setIsChecking(true);

// Determine base URL based on config
const port = config.port || '3000';
const baseUrl = `http://localhost:${port}`;
try {
const [flowResult, stepResult] = await Promise.all([
checkEndpointHealth(baseUrl, 'flow', abortController.signal),
checkEndpointHealth(baseUrl, 'step', abortController.signal),
]);

const [flowResult, stepResult] = await Promise.all([
checkEndpointHealth(baseUrl, 'flow'),
checkEndpointHealth(baseUrl, 'step'),
]);
// Check if request was aborted (component unmounted)
if (abortController.signal.aborted) {
return;
}

const result: HealthCheckResult = {
flow: flowResult.success ? 'success' : 'error',
step: stepResult.success ? 'success' : 'error',
flowMessage: flowResult.message,
stepMessage: stepResult.message,
checkedAt: new Date().toISOString(),
};
const result: HealthCheckResult = {
flow: flowResult.success ? 'success' : 'error',
step: stepResult.success ? 'success' : 'error',
flowMessage: flowResult.message,
stepMessage: stepResult.message,
checkedAt: new Date().toISOString(),
};

setHealthCheck(result);
setSessionHealthCheck(configKey, result);
setIsChecking(false);
setHealthCheck(result);
setSessionHealthCheck(configKey, result);
} catch (error) {
// If aborted, don't update state (component unmounted)
if (abortController.signal.aborted) {
return;
}
// Otherwise, log unexpected error
console.error('Unexpected error during health check:', error);
} finally {
// Always reset loading state unless aborted
if (!abortController.signal.aborted) {
setIsChecking(false);
}
}
};

performHealthCheck();

// Cleanup function to cancel in-flight requests
return () => {
abortController.abort();
};
}, [config]);

const allSuccess =
Expand Down