fix: archive task messages for skipped steps and handle late callbacks (#609)

# Archive Task Messages for Skipped Steps

This PR adds message archiving functionality to prevent "zombie" tasks from being processed after a step has been skipped or completed. Key improvements:

1. Added guards in `complete_task` and `fail_task` to handle late callbacks:
   - Detects when callbacks arrive after a step is no longer in 'started' state
   - Archives the task message to prevent stuck work
   - Returns current task state without mutating step or run state

2. Enhanced `_cascade_force_skip_steps` to archive queued/started task messages for skipped steps:
   - Ensures all task messages are archived when a step is force-skipped
   - Prevents workers from processing tasks for steps that are already skipped

3. Modified `fail_task` to archive sibling task messages when a step is skipped:
   - When a task failure causes a step to be skipped, all sibling task messages are archived
   - Prevents double-decrement of remaining_steps when multiple tasks fail on the same step

4. Improved `start_tasks` to reject tasks for skipped steps:
   - Added guard conditions to only start tasks for steps in 'started' state
   - Prevents race conditions where a task might be started after its step was skipped

Added comprehensive tests to verify all these behaviors work correctly.

Author: jumski

pkgs/core/schemas/0100_function__cascade_force_skip_steps.sql

@@ -90,6 +90,16 @@ BEGIN
         false
       ) as _broadcast_result
   ),
+  -- ---------- Archive queued/started task messages for skipped steps ----------
+  archived_messages AS (
+    SELECT pgmq.archive(v_flow_slug, ARRAY_AGG(st.message_id)) as result
+    FROM pgflow.step_tasks st
+    WHERE st.run_id = _cascade_force_skip_steps.run_id
+      AND st.step_slug IN (SELECT sk.step_slug FROM skipped sk)
+      AND st.status IN ('queued', 'started')
+      AND st.message_id IS NOT NULL
+    HAVING COUNT(st.message_id) > 0
+  ),
   -- ---------- Update run counters ----------
   run_updates AS (
     UPDATE pgflow.runs r
@@ -100,6 +110,18 @@ BEGIN
   )
   SELECT COUNT(*) INTO v_total_skipped FROM skipped;
 
+  -- Archive queued/started task messages for all steps that were just skipped
+  -- (query step_states since CTE state is no longer accessible)
+  PERFORM pgmq.archive(v_flow_slug, ARRAY_AGG(st.message_id))
+  FROM pgflow.step_tasks st
+  JOIN pgflow.step_states ss ON ss.run_id = st.run_id AND ss.step_slug = st.step_slug
+  WHERE st.run_id = _cascade_force_skip_steps.run_id
+    AND st.status IN ('queued', 'started')
+    AND st.message_id IS NOT NULL
+    AND ss.status = 'skipped'
+    AND ss.skipped_at >= now() - interval '1 second'  -- Only recently skipped
+  HAVING COUNT(st.message_id) > 0;
+
   RETURN v_total_skipped;
 END;
 $$;

pkgs/core/schemas/0100_function_complete_task.sql

@@ -40,6 +40,30 @@ WHERE pgflow.step_states.run_id = complete_task.run_id
   AND pgflow.step_states.step_slug = complete_task.step_slug
 FOR UPDATE;
 
+-- ==========================================
+-- GUARD: Late callback - step not started
+-- ==========================================
+-- If the step is not in 'started' state, this is a late callback.
+-- Do not mutate step_states or runs, archive message, return task row.
+IF v_step_record.status != 'started' THEN
+  -- Archive the task message if present (prevents stuck work)
+  PERFORM pgmq.archive(
+    v_run_record.flow_slug,
+    st.message_id
+  )
+  FROM pgflow.step_tasks st
+  WHERE st.run_id = complete_task.run_id
+    AND st.step_slug = complete_task.step_slug
+    AND st.task_index = complete_task.task_index
+    AND st.message_id IS NOT NULL;
+  -- Return the current task row without any mutations
+  RETURN QUERY SELECT * FROM pgflow.step_tasks
+    WHERE pgflow.step_tasks.run_id = complete_task.run_id
+      AND pgflow.step_tasks.step_slug = complete_task.step_slug
+      AND pgflow.step_tasks.task_index = complete_task.task_index;
+  RETURN;
+END IF;
+
 -- Check for type violations AFTER acquiring locks
 SELECT child_step.step_slug INTO v_dependent_map_slug
 FROM pgflow.deps dependency

pkgs/core/schemas/0100_function_fail_task.sql

@@ -14,8 +14,10 @@ DECLARE
   v_step_failed boolean;
   v_step_skipped boolean;
   v_when_exhausted text;
-  v_task_exhausted boolean;  -- True if task has exhausted retries
-  v_flow_slug_for_deps text;  -- Used for decrementing remaining_deps on plain skip
+  v_task_exhausted boolean;
+  v_flow_slug_for_deps text;
+  v_prev_step_status text;
+  v_flow_slug text;
 begin
 
 -- If run is already failed, no retries allowed
@@ -47,6 +49,34 @@ IF EXISTS (SELECT 1 FROM pgflow.runs WHERE pgflow.runs.run_id = fail_task.run_id
   RETURN;
 END IF;
 
+-- Late callback guard: if step is not 'started', don't mutate step/run state
+-- Capture previous status BEFORE any CTE updates (for transition-based decrement)
+SELECT ss.status INTO v_prev_step_status
+FROM pgflow.step_states ss
+WHERE ss.run_id = fail_task.run_id
+  AND ss.step_slug = fail_task.step_slug;
+
+IF v_prev_step_status IS NOT NULL AND v_prev_step_status != 'started' THEN
+  -- Archive the task message if present
+  SELECT r.flow_slug INTO v_flow_slug
+  FROM pgflow.runs r
+  WHERE r.run_id = fail_task.run_id;
+  
+  PERFORM pgmq.archive(v_flow_slug, ARRAY_AGG(st.message_id))
+  FROM pgflow.step_tasks st
+  WHERE st.run_id = fail_task.run_id
+    AND st.step_slug = fail_task.step_slug
+    AND st.task_index = fail_task.task_index
+    AND st.message_id IS NOT NULL
+  HAVING COUNT(st.message_id) > 0;
+  
+  RETURN QUERY SELECT * FROM pgflow.step_tasks
+  WHERE pgflow.step_tasks.run_id = fail_task.run_id
+    AND pgflow.step_tasks.step_slug = fail_task.step_slug
+    AND pgflow.step_tasks.task_index = fail_task.task_index;
+  RETURN;
+END IF;
+
 WITH run_lock AS (
   SELECT * FROM pgflow.runs
   WHERE pgflow.runs.run_id = fail_task.run_id
@@ -152,9 +182,13 @@ run_update AS (
                   WHEN (select status from maybe_fail_step) = 'failed' THEN now()
                   ELSE NULL
                   END,
-      -- Decrement remaining_steps when step was skipped (not failed, run continues)
+      -- Decrement remaining_steps only on FIRST transition to skipped
+      -- (not when step was already skipped and a second task fails)
+      -- Uses PL/pgSQL variable captured before CTE chain
       remaining_steps = CASE
-                        WHEN (select status from maybe_fail_step) = 'skipped' THEN pgflow.runs.remaining_steps - 1
+                        WHEN (select status from maybe_fail_step) = 'skipped'
+                             AND v_prev_step_status != 'skipped'
+                        THEN pgflow.runs.remaining_steps - 1
                         ELSE pgflow.runs.remaining_steps
                         END
   WHERE pgflow.runs.run_id = fail_task.run_id
@@ -193,6 +227,17 @@ END IF;
 
 -- Handle step skipping (when_exhausted = 'skip' or 'skip-cascade')
  IF v_task_exhausted AND v_step_skipped THEN
+  -- Archive all queued/started sibling task messages for this step
+  PERFORM pgmq.archive(r.flow_slug, ARRAY_AGG(st.message_id))
+  FROM pgflow.step_tasks st
+  JOIN pgflow.runs r ON st.run_id = r.run_id
+  WHERE st.run_id = fail_task.run_id
+    AND st.step_slug = fail_task.step_slug
+    AND st.status IN ('queued', 'started')
+    AND st.message_id IS NOT NULL
+  GROUP BY r.flow_slug
+  HAVING COUNT(st.message_id) > 0;
+
   -- Send broadcast event for step skipped
   PERFORM realtime.send(
     jsonb_build_object(

pkgs/core/schemas/0120_function_start_tasks.sql

@@ -20,8 +20,14 @@ as $$
     where task.flow_slug = start_tasks.flow_slug
       and task.message_id = any(msg_ids)
       and task.status = 'queued'
-      -- MVP: Don't start tasks on failed runs
-      and r.status != 'failed'
+      and r.status = 'started'
+      and exists (
+        select 1
+        from pgflow.step_states ss
+        where ss.run_id = task.run_id
+          and ss.step_slug = task.step_slug
+          and ss.status = 'started'
+      )
   ),
   start_tasks_update as (
     update pgflow.step_tasks

…0260206115746_pgflow_step_conditions.sql …0260214181656_pgflow_step_conditions.sqlpkgs/core/supabase/migrations/20260206115746_pgflow_step_conditions.sql renamed to pkgs/core/supabase/migrations/20260214181656_pgflow_step_conditions.sql pkgs/core/supabase/migrations/20260206115746_pgflow_step_conditions.sql renamed to pkgs/core/supabase/migrations/20260214181656_pgflow_step_conditions.sql

@@ -412,6 +412,16 @@ BEGIN
         false
       ) as _broadcast_result
   ),
+  -- ---------- Archive queued/started task messages for skipped steps ----------
+  archived_messages AS (
+    SELECT pgmq.archive(v_flow_slug, ARRAY_AGG(st.message_id)) as result
+    FROM pgflow.step_tasks st
+    WHERE st.run_id = _cascade_force_skip_steps.run_id
+      AND st.step_slug IN (SELECT sk.step_slug FROM skipped sk)
+      AND st.status IN ('queued', 'started')
+      AND st.message_id IS NOT NULL
+    HAVING COUNT(st.message_id) > 0
+  ),
   -- ---------- Update run counters ----------
   run_updates AS (
     UPDATE pgflow.runs r
@@ -422,6 +432,18 @@ BEGIN
   )
   SELECT COUNT(*) INTO v_total_skipped FROM skipped;
 
+  -- Archive queued/started task messages for all steps that were just skipped
+  -- (query step_states since CTE state is no longer accessible)
+  PERFORM pgmq.archive(v_flow_slug, ARRAY_AGG(st.message_id))
+  FROM pgflow.step_tasks st
+  JOIN pgflow.step_states ss ON ss.run_id = st.run_id AND ss.step_slug = st.step_slug
+  WHERE st.run_id = _cascade_force_skip_steps.run_id
+    AND st.status IN ('queued', 'started')
+    AND st.message_id IS NOT NULL
+    AND ss.status = 'skipped'
+    AND ss.skipped_at >= now() - interval '1 second'  -- Only recently skipped
+  HAVING COUNT(st.message_id) > 0;
+
   RETURN v_total_skipped;
 END;
 $$;
@@ -890,6 +912,30 @@ WHERE pgflow.step_states.run_id = complete_task.run_id
   AND pgflow.step_states.step_slug = complete_task.step_slug
 FOR UPDATE;
 
+-- ==========================================
+-- GUARD: Late callback - step not started
+-- ==========================================
+-- If the step is not in 'started' state, this is a late callback.
+-- Do not mutate step_states or runs, archive message, return task row.
+IF v_step_record.status != 'started' THEN
+  -- Archive the task message if present (prevents stuck work)
+  PERFORM pgmq.archive(
+    v_run_record.flow_slug,
+    st.message_id
+  )
+  FROM pgflow.step_tasks st
+  WHERE st.run_id = complete_task.run_id
+    AND st.step_slug = complete_task.step_slug
+    AND st.task_index = complete_task.task_index
+    AND st.message_id IS NOT NULL;
+  -- Return the current task row without any mutations
+  RETURN QUERY SELECT * FROM pgflow.step_tasks
+    WHERE pgflow.step_tasks.run_id = complete_task.run_id
+      AND pgflow.step_tasks.step_slug = complete_task.step_slug
+      AND pgflow.step_tasks.task_index = complete_task.task_index;
+  RETURN;
+END IF;
+
 -- Check for type violations AFTER acquiring locks
 SELECT child_step.step_slug INTO v_dependent_map_slug
 FROM pgflow.deps dependency
@@ -1246,8 +1292,10 @@ DECLARE
   v_step_failed boolean;
   v_step_skipped boolean;
   v_when_exhausted text;
-  v_task_exhausted boolean;  -- True if task has exhausted retries
-  v_flow_slug_for_deps text;  -- Used for decrementing remaining_deps on plain skip
+  v_task_exhausted boolean;
+  v_flow_slug_for_deps text;
+  v_prev_step_status text;
+  v_flow_slug text;
 begin
 
 -- If run is already failed, no retries allowed
@@ -1279,6 +1327,34 @@ IF EXISTS (SELECT 1 FROM pgflow.runs WHERE pgflow.runs.run_id = fail_task.run_id
   RETURN;
 END IF;
 
+-- Late callback guard: if step is not 'started', don't mutate step/run state
+-- Capture previous status BEFORE any CTE updates (for transition-based decrement)
+SELECT ss.status INTO v_prev_step_status
+FROM pgflow.step_states ss
+WHERE ss.run_id = fail_task.run_id
+  AND ss.step_slug = fail_task.step_slug;
+
+IF v_prev_step_status IS NOT NULL AND v_prev_step_status != 'started' THEN
+  -- Archive the task message if present
+  SELECT r.flow_slug INTO v_flow_slug
+  FROM pgflow.runs r
+  WHERE r.run_id = fail_task.run_id;
+  
+  PERFORM pgmq.archive(v_flow_slug, ARRAY_AGG(st.message_id))
+  FROM pgflow.step_tasks st
+  WHERE st.run_id = fail_task.run_id
+    AND st.step_slug = fail_task.step_slug
+    AND st.task_index = fail_task.task_index
+    AND st.message_id IS NOT NULL
+  HAVING COUNT(st.message_id) > 0;
+  
+  RETURN QUERY SELECT * FROM pgflow.step_tasks
+  WHERE pgflow.step_tasks.run_id = fail_task.run_id
+    AND pgflow.step_tasks.step_slug = fail_task.step_slug
+    AND pgflow.step_tasks.task_index = fail_task.task_index;
+  RETURN;
+END IF;
+
 WITH run_lock AS (
   SELECT * FROM pgflow.runs
   WHERE pgflow.runs.run_id = fail_task.run_id
@@ -1384,9 +1460,13 @@ run_update AS (
                   WHEN (select status from maybe_fail_step) = 'failed' THEN now()
                   ELSE NULL
                   END,
-      -- Decrement remaining_steps when step was skipped (not failed, run continues)
+      -- Decrement remaining_steps only on FIRST transition to skipped
+      -- (not when step was already skipped and a second task fails)
+      -- Uses PL/pgSQL variable captured before CTE chain
       remaining_steps = CASE
-                        WHEN (select status from maybe_fail_step) = 'skipped' THEN pgflow.runs.remaining_steps - 1
+                        WHEN (select status from maybe_fail_step) = 'skipped'
+                             AND v_prev_step_status != 'skipped'
+                        THEN pgflow.runs.remaining_steps - 1
                         ELSE pgflow.runs.remaining_steps
                         END
   WHERE pgflow.runs.run_id = fail_task.run_id
@@ -1425,6 +1505,17 @@ END IF;
 
 -- Handle step skipping (when_exhausted = 'skip' or 'skip-cascade')
  IF v_task_exhausted AND v_step_skipped THEN
+  -- Archive all queued/started sibling task messages for this step
+  PERFORM pgmq.archive(r.flow_slug, ARRAY_AGG(st.message_id))
+  FROM pgflow.step_tasks st
+  JOIN pgflow.runs r ON st.run_id = r.run_id
+  WHERE st.run_id = fail_task.run_id
+    AND st.step_slug = fail_task.step_slug
+    AND st.status IN ('queued', 'started')
+    AND st.message_id IS NOT NULL
+  GROUP BY r.flow_slug
+  HAVING COUNT(st.message_id) > 0;
+
   -- Send broadcast event for step skipped
   PERFORM realtime.send(
     jsonb_build_object(
@@ -1717,8 +1808,14 @@ with tasks as (
     where task.flow_slug = start_tasks.flow_slug
       and task.message_id = any(msg_ids)
       and task.status = 'queued'
-      -- MVP: Don't start tasks on failed runs
-      and r.status != 'failed'
+      and r.status = 'started'
+      and exists (
+        select 1
+        from pgflow.step_states ss
+        where ss.run_id = task.run_id
+          and ss.step_slug = task.step_slug
+          and ss.status = 'started'
+      )
   ),
   start_tasks_update as (
     update pgflow.step_tasks

pkgs/core/supabase/migrations/atlas.sum

@@ -1,4 +1,4 @@
-h1:NOsAYua/Juse0euNM4usm7M9DDPL7Btt5YvbexpfllA=
+h1:Hk7WDNVqZP9iYz/vW2Dqe/G3qKdw6i2FVIYl05jn6Kk=
 20250429164909_pgflow_initial.sql h1:I3n/tQIg5Q5nLg7RDoU3BzqHvFVjmumQxVNbXTPG15s=
 20250517072017_pgflow_fix_poll_for_tasks_to_use_separate_statement_for_polling.sql h1:wTuXuwMxVniCr3ONCpodpVWJcHktoQZIbqMZ3sUHKMY=
 20250609105135_pgflow_add_start_tasks_and_started_status.sql h1:ggGanW4Wyt8Kv6TWjnZ00/qVb3sm+/eFVDjGfT8qyPg=
@@ -18,4 +18,4 @@ h1:NOsAYua/Juse0euNM4usm7M9DDPL7Btt5YvbexpfllA=
 20260103145141_pgflow_step_output_storage.sql h1:mgVHSFDLdtYy//SZ6C03j9Str1iS9xCM8Rz/wyFwn3o=
 20260120205547_pgflow_requeue_stalled_tasks.sql h1:4wCBBvjtETCgJf1eXmlH5wCTKDUhiLi0uzsFG1V528E=
 20260124113408_pgflow_auth_secret_support.sql h1:i/s1JkBqRElN6FOYFQviJt685W08SuSo30aP25lNlLc=
-20260206115746_pgflow_step_conditions.sql h1:rGmG0hwC40AyEoofwX9Pj1b6DNiPG+pX9aLjEMgIoSQ=
+20260214181656_pgflow_step_conditions.sql h1:uLPoOD/hPrerMACS6CThb7t7T5LKLpMMrdFXXi4ZQ5s=