fix missing skip archival

Author: jumski

pkgs/core/schemas/0100_function__cascade_force_skip_steps.sql

@@ -90,6 +90,16 @@ BEGIN
         false
       ) as _broadcast_result
   ),
+  -- ---------- Archive queued/started task messages for skipped steps ----------
+  archived_messages AS (
+    SELECT pgmq.archive(v_flow_slug, ARRAY_AGG(st.message_id)) as result
+    FROM pgflow.step_tasks st
+    WHERE st.run_id = _cascade_force_skip_steps.run_id
+      AND st.step_slug IN (SELECT sk.step_slug FROM skipped sk)
+      AND st.status IN ('queued', 'started')
+      AND st.message_id IS NOT NULL
+    HAVING COUNT(st.message_id) > 0
+  ),
   -- ---------- Update run counters ----------
   run_updates AS (
     UPDATE pgflow.runs r
@@ -100,6 +110,18 @@ BEGIN
   )
   SELECT COUNT(*) INTO v_total_skipped FROM skipped;
 
+  -- Archive queued/started task messages for all steps that were just skipped
+  -- (query step_states since CTE state is no longer accessible)
+  PERFORM pgmq.archive(v_flow_slug, ARRAY_AGG(st.message_id))
+  FROM pgflow.step_tasks st
+  JOIN pgflow.step_states ss ON ss.run_id = st.run_id AND ss.step_slug = st.step_slug
+  WHERE st.run_id = _cascade_force_skip_steps.run_id
+    AND st.status IN ('queued', 'started')
+    AND st.message_id IS NOT NULL
+    AND ss.status = 'skipped'
+    AND ss.skipped_at >= now() - interval '1 second'  -- Only recently skipped
+  HAVING COUNT(st.message_id) > 0;
+
   RETURN v_total_skipped;
 END;
 $$;

pkgs/core/schemas/0100_function_complete_task.sql

@@ -40,6 +40,30 @@ WHERE pgflow.step_states.run_id = complete_task.run_id
   AND pgflow.step_states.step_slug = complete_task.step_slug
 FOR UPDATE;
 
+-- ==========================================
+-- GUARD: Late callback - step not started
+-- ==========================================
+-- If the step is not in 'started' state, this is a late callback.
+-- Do not mutate step_states or runs, archive message, return task row.
+IF v_step_record.status != 'started' THEN
+  -- Archive the task message if present (prevents stuck work)
+  PERFORM pgmq.archive(
+    v_run_record.flow_slug,
+    st.message_id
+  )
+  FROM pgflow.step_tasks st
+  WHERE st.run_id = complete_task.run_id
+    AND st.step_slug = complete_task.step_slug
+    AND st.task_index = complete_task.task_index
+    AND st.message_id IS NOT NULL;
+  -- Return the current task row without any mutations
+  RETURN QUERY SELECT * FROM pgflow.step_tasks
+    WHERE pgflow.step_tasks.run_id = complete_task.run_id
+      AND pgflow.step_tasks.step_slug = complete_task.step_slug
+      AND pgflow.step_tasks.task_index = complete_task.task_index;
+  RETURN;
+END IF;
+
 -- Check for type violations AFTER acquiring locks
 SELECT child_step.step_slug INTO v_dependent_map_slug
 FROM pgflow.deps dependency

pkgs/core/schemas/0100_function_fail_task.sql

@@ -16,6 +16,7 @@ DECLARE
   v_when_exhausted text;
   v_task_exhausted boolean;  -- True if task has exhausted retries
   v_flow_slug_for_deps text;  -- Used for decrementing remaining_deps on plain skip
+  v_prev_step_status text;    -- Previous step status for transition-based decrement
 begin
 
 -- If run is already failed, no retries allowed
@@ -47,6 +48,45 @@ IF EXISTS (SELECT 1 FROM pgflow.runs WHERE pgflow.runs.run_id = fail_task.run_id
   RETURN;
 END IF;
 
+-- Late callback guard: if step is not 'started', don't mutate step/run state
+-- This handles callbacks arriving after step was skipped/completed/failed
+-- Also capture previous status for transition-based decrement
+DECLARE
+  v_step_status text;
+  v_flow_slug text;
+  v_prev_step_status text;
+BEGIN
+  -- Capture previous status BEFORE any CTE updates (for transition-based decrement)
+  SELECT ss.status INTO v_prev_step_status
+  FROM pgflow.step_states ss
+  WHERE ss.run_id = fail_task.run_id
+    AND ss.step_slug = fail_task.step_slug;
+  
+  v_step_status := v_prev_step_status;
+  
+  IF v_step_status IS NOT NULL AND v_step_status != 'started' THEN
+    -- Archive the task message if present
+    SELECT r.flow_slug INTO v_flow_slug
+    FROM pgflow.runs r
+    WHERE r.run_id = fail_task.run_id;
+    
+    PERFORM pgmq.archive(v_flow_slug, ARRAY_AGG(st.message_id))
+    FROM pgflow.step_tasks st
+    WHERE st.run_id = fail_task.run_id
+      AND st.step_slug = fail_task.step_slug
+      AND st.task_index = fail_task.task_index
+      AND st.message_id IS NOT NULL
+    HAVING COUNT(st.message_id) > 0;
+    
+    -- Return current task row without mutations
+    RETURN QUERY SELECT * FROM pgflow.step_tasks
+    WHERE pgflow.step_tasks.run_id = fail_task.run_id
+      AND pgflow.step_tasks.step_slug = fail_task.step_slug
+      AND pgflow.step_tasks.task_index = fail_task.task_index;
+    RETURN;
+  END IF;
+END;
+
 WITH run_lock AS (
   SELECT * FROM pgflow.runs
   WHERE pgflow.runs.run_id = fail_task.run_id
@@ -58,6 +98,10 @@ step_lock AS (
     AND pgflow.step_states.step_slug = fail_task.step_slug
   FOR UPDATE
 ),
+prev_step_status AS (
+  -- Capture previous status BEFORE any updates (must be separate CTE for correct visibility)
+  SELECT status FROM step_lock
+),
 flow_info AS (
   SELECT r.flow_slug
   FROM pgflow.runs r
@@ -152,9 +196,12 @@ run_update AS (
                   WHEN (select status from maybe_fail_step) = 'failed' THEN now()
                   ELSE NULL
                   END,
-      -- Decrement remaining_steps when step was skipped (not failed, run continues)
+      -- Decrement remaining_steps only on FIRST transition to skipped
+      -- (not when step was already skipped and a second task fails)
       remaining_steps = CASE
-                        WHEN (select status from maybe_fail_step) = 'skipped' THEN pgflow.runs.remaining_steps - 1
+                        WHEN (select status from maybe_fail_step) = 'skipped'
+                             AND (select status from prev_step_status) != 'skipped'
+                        THEN pgflow.runs.remaining_steps - 1
                         ELSE pgflow.runs.remaining_steps
                         END
   WHERE pgflow.runs.run_id = fail_task.run_id
@@ -193,6 +240,17 @@ END IF;
 
 -- Handle step skipping (when_exhausted = 'skip' or 'skip-cascade')
  IF v_task_exhausted AND v_step_skipped THEN
+  -- Archive all queued/started sibling task messages for this step
+  PERFORM pgmq.archive(r.flow_slug, ARRAY_AGG(st.message_id))
+  FROM pgflow.step_tasks st
+  JOIN pgflow.runs r ON st.run_id = r.run_id
+  WHERE st.run_id = fail_task.run_id
+    AND st.step_slug = fail_task.step_slug
+    AND st.status IN ('queued', 'started')
+    AND st.message_id IS NOT NULL
+  GROUP BY r.flow_slug
+  HAVING COUNT(st.message_id) > 0;
+
   -- Send broadcast event for step skipped
   PERFORM realtime.send(
     jsonb_build_object(

pkgs/core/schemas/0120_function_start_tasks.sql

@@ -20,8 +20,14 @@ as $$
     where task.flow_slug = start_tasks.flow_slug
       and task.message_id = any(msg_ids)
       and task.status = 'queued'
-      -- MVP: Don't start tasks on failed runs
-      and r.status != 'failed'
+      and r.status = 'started'
+      and exists (
+        select 1
+        from pgflow.step_states ss
+        where ss.run_id = task.run_id
+          and ss.step_slug = task.step_slug
+          and ss.status = 'started'
+      )
   ),
   start_tasks_update as (
     update pgflow.step_tasks

pkgs/core/supabase/tests/_cascade_force_skip_steps/archives_task_messages_for_skipped_steps.test.sql

@@ -0,0 +1,65 @@
+\set ON_ERROR_STOP on
+\set QUIET on
+
+begin;
+select plan(5);
+
+select pgflow_tests.reset_db();
+
+select pgflow.create_flow('cascade_skip_archive');
+select pgflow.add_step('cascade_skip_archive', 'map_a', '{}', max_attempts=>0, step_type=>'map', when_exhausted=>'skip');
+select pgflow.add_step('cascade_skip_archive', 'other', '{}');
+
+select pgflow.start_flow('cascade_skip_archive', '[1, 2, 3]'::jsonb);
+
+with tasks as (
+  select message_id, task_index
+  from pgflow.step_tasks
+  where flow_slug = 'cascade_skip_archive' and step_slug = 'map_a'
+  order by task_index
+)
+select pgflow.start_tasks('cascade_skip_archive', array[(select message_id from tasks where task_index = 0)::bigint], pgflow_tests.ensure_worker('cascade_skip_archive'));
+
+select ok(
+  (select count(*) = 3 from pgflow.step_tasks 
+   where flow_slug = 'cascade_skip_archive' and step_slug = 'map_a'),
+  'Setup: map_a should have 3 tasks'
+);
+
+select ok(
+  (select count(*) >= 1 from pgmq.q_cascade_skip_archive),
+  'Setup: queue should have messages'
+);
+
+select pgflow._cascade_force_skip_steps(
+  (select run_id from pgflow.runs where flow_slug = 'cascade_skip_archive'),
+  'map_a',
+  'condition_unmet'
+);
+
+select is(
+  (select status from pgflow.step_states where flow_slug = 'cascade_skip_archive' and step_slug = 'map_a'),
+  'skipped'::text,
+  'Step state should be skipped'
+);
+
+select is_empty(
+  $$
+  select 1
+  from pgmq.q_cascade_skip_archive q
+  join pgflow.step_tasks st on st.message_id = q.msg_id
+  where st.flow_slug = 'cascade_skip_archive'
+    and st.step_slug = 'map_a'
+  $$,
+  'Queue should have 0 messages for skipped map_a step after _cascade_force_skip_steps'
+);
+
+select ok(
+  (select count(*) >= 3 from pgmq.a_cascade_skip_archive a
+   join pgflow.step_tasks st on st.message_id = a.msg_id
+   where st.flow_slug = 'cascade_skip_archive' and st.step_slug = 'map_a'),
+  'Archive should contain all 3 map_a task messages'
+);
+
+select * from finish();
+rollback;

pkgs/core/supabase/tests/complete_task/late_complete_after_skip_does_not_mutate_step_or_run.test.sql

@@ -0,0 +1,90 @@
+-- Test: Late complete after step is skipped should not mutate step or run state
+-- Verifies defense-in-depth: callbacks cannot change state after step is no longer started
+begin;
+select plan(4);
+select pgflow_tests.reset_db();
+
+-- Setup: Create flow with map_a (skip on exhaust) and independent 'other' step
+select pgflow.create_flow('late_complete_test');
+select pgflow.add_step(
+  flow_slug => 'late_complete_test',
+  step_slug => 'map_a',
+  step_type => 'map',
+  max_attempts => 0,
+  when_exhausted => 'skip'
+);
+select pgflow.add_step(
+  flow_slug => 'late_complete_test',
+  step_slug => 'other'
+);
+
+-- Start flow with 2 array elements for map_a (root map gets array directly)
+select run_id as test_run_id from pgflow.start_flow('late_complete_test', '[1, 2]'::jsonb) \gset
+
+-- Ensure worker exists
+select pgflow_tests.ensure_worker('late_complete_test') as test_worker_id \gset
+
+-- Start both map_a tasks
+select message_id as msg_0 from pgflow.step_tasks
+where run_id = :'test_run_id'::uuid and step_slug = 'map_a' and task_index = 0 \gset
+
+select pgflow.start_tasks('late_complete_test', array[:'msg_0'::bigint], :'test_worker_id'::uuid);
+
+select message_id as msg_1 from pgflow.step_tasks
+where run_id = :'test_run_id'::uuid and step_slug = 'map_a' and task_index = 1 \gset
+
+select pgflow.start_tasks('late_complete_test', array[:'msg_1'::bigint], :'test_worker_id'::uuid);
+
+-- Fail map_a[0] to trigger skip (max_attempts=0, when_exhausted='skip')
+-- This makes the step transition to 'skipped'
+select pgflow.fail_task(
+  :'test_run_id'::uuid,
+  'map_a',
+  0,
+  'Task 0 failed!'
+);
+
+-- Verify step became skipped
+select is(
+  (select status from pgflow.step_states
+   where run_id = :'test_run_id'::uuid and step_slug = 'map_a'),
+  'skipped',
+  'Step should be skipped after fail with when_exhausted=skip'
+);
+
+-- Capture remaining_steps after skip
+select remaining_steps as remaining_steps_after_skip
+from pgflow.runs
+where run_id = :'test_run_id'::uuid \gset
+
+-- LATE COMPLETE: Try to complete map_a[1] after step is already skipped
+-- This should NOT mutate step or run state
+select lives_ok(
+  format($$
+    select pgflow.complete_task(
+      '%s'::uuid,
+      'map_a',
+      1,
+      '{"ok":true}'::jsonb
+    )
+  $$, :'test_run_id'),
+  'Late complete should not error'
+);
+
+-- Verify step state unchanged (remains skipped)
+select is(
+  (select status from pgflow.step_states
+   where run_id = :'test_run_id'::uuid and step_slug = 'map_a'),
+  'skipped',
+  'Step should remain skipped after late complete'
+);
+
+-- Verify remaining_steps unchanged by late complete
+select is(
+  (select remaining_steps from pgflow.runs where run_id = :'test_run_id'::uuid),
+  :remaining_steps_after_skip,
+  'remaining_steps should not be decremented by late complete'
+);
+
+select * from finish();
+rollback;