Skip to content

Add isWebhook flag to prevent hooks from being resumed via public webhook endpoint#1270

Merged
pranaygp merged 3 commits into
mainfrom
worktree-vuln-7040-ispublic
Mar 5, 2026
Merged

Add isWebhook flag to prevent hooks from being resumed via public webhook endpoint#1270
pranaygp merged 3 commits into
mainfrom
worktree-vuln-7040-ispublic

Conversation

@pranaygp
Copy link
Copy Markdown
Contributor

@pranaygp pranaygp commented Mar 5, 2026

Summary

  • Hooks created with createHook() now default to isWebhook: false, preventing them from being resumed via the public /.well-known/workflow/v1/webhook/{token} endpoint
  • Only createWebhook() sets isWebhook: true, allowing public URL resumption
  • Adds HookNotFoundError thrown by all world backends when a webhook token doesn't match any hook
  • WebhookOptions now omits both token and isWebhook from HookOptions (token is always random for webhooks, isWebhook is always true)

Test plan

  • Unit tests for isWebhook flag behavior
  • E2e test: createHook() hooks are not resumable via public webhook endpoint
  • HookNotFoundError thrown in world-local, world-vercel

🤖 Generated with Claude Code

@pranaygp @claude
Add isWebhook flag to prevent hooks from being resumed via public web…
78e0436 
…hook endpoint

Hooks created with createHook() are now non-resumable via the public webhook
endpoint by default (isWebhook=false). Only hooks created with createWebhook()
set isWebhook=true, allowing them to be resumed via the public URL.

Also adds HookNotFoundError thrown by all world backends when a webhook
token doesn't match any hook, and an e2e test for the new behavior.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown
Contributor

vercel Bot commented Mar 5, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
example-nextjs-workflow-turbopack Ready Ready Preview, Comment, Open in v0 Mar 5, 2026 6:56pm
example-nextjs-workflow-webpack Ready Ready Preview, Comment, Open in v0 Mar 5, 2026 6:56pm
example-workflow Ready Ready Preview, Comment, Open in v0 Mar 5, 2026 6:56pm
workbench-astro-workflow Ready Ready Preview, Comment, Open in v0 Mar 5, 2026 6:56pm
workbench-express-workflow Ready Ready Preview, Comment, Open in v0 Mar 5, 2026 6:56pm
workbench-fastify-workflow Ready Ready Preview, Comment, Open in v0 Mar 5, 2026 6:56pm
workbench-hono-workflow Ready Ready Preview, Comment, Open in v0 Mar 5, 2026 6:56pm
workbench-nitro-workflow Ready Ready Preview, Comment, Open in v0 Mar 5, 2026 6:56pm
workbench-nuxt-workflow Ready Ready Preview, Comment, Open in v0 Mar 5, 2026 6:56pm
workbench-sveltekit-workflow Ready Ready Preview, Comment, Open in v0 Mar 5, 2026 6:56pm
workbench-vite-workflow Ready Ready Preview, Comment, Open in v0 Mar 5, 2026 6:56pm
workflow-docs Ready Ready Preview, Comment, Open in v0 Mar 5, 2026 6:56pm
workflow-nest Ready Ready Preview, Comment, Open in v0 Mar 5, 2026 6:56pm
workflow-swc-playground Ready Ready Preview, Comment, Open in v0 Mar 5, 2026 6:56pm

@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Mar 5, 2026
edited
Loading

🦋 Changeset detected

Latest commit: e6f3979

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 19 packages
Name Type
@workflow/errors Patch
@workflow/core Patch
@workflow/world-local Patch
@workflow/world-postgres Patch
@workflow/world-vercel Patch
workflow Patch
@workflow/world Patch
@workflow/builders Patch
@workflow/cli Patch
@workflow/next Patch
@workflow/nitro Patch
@workflow/web-shared Patch
@workflow/world-testing Patch
@workflow/astro Patch
@workflow/nest Patch
@workflow/rollup Patch
@workflow/sveltekit Patch
@workflow/vite Patch
@workflow/nuxt Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 5, 2026
edited
Loading

📊 Benchmark Results

📈 Comparing against baseline from main branch. Green 🟢 = faster, Red 🔺 = slower.

workflow with no steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
💻 Local 🥇 Nitro 0.032s (+23.1% 🔺) 1.005s (~) 0.973s 10 1.00x
💻 Local Express 0.033s (~) 1.006s (~) 0.973s 10 1.02x
💻 Local Next.js (Turbopack) 0.038s (-5.9% 🟢) 1.005s (~) 0.967s 10 1.19x
🌐 Redis Next.js (Turbopack) 0.045s (-1.7%) 1.005s (~) 0.960s 10 1.42x
🐘 Postgres Next.js (Turbopack) 0.049s 1.011s 0.963s 10 1.52x
🐘 Postgres Express 0.056s (+7.3% 🔺) 1.012s (~) 0.956s 10 1.75x
🐘 Postgres Nitro 0.073s (+26.6% 🔺) 1.015s (~) 0.942s 10 2.27x
🌐 MongoDB Next.js (Turbopack) 0.094s (-22.0% 🟢) 1.008s (~) 0.915s 10 2.93x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 1.081s (+39.4% 🔺) 5.544s (+41.0% 🔺) 4.462s 10 1.00x
▲ Vercel Express 1.296s (+59.0% 🔺) 5.063s (+17.1% 🔺) 3.767s 10 1.20x
▲ Vercel Next.js (Turbopack) 1.435s (+57.6% 🔺) 5.701s (+39.9% 🔺) 4.266s 10 1.33x

🔍 Observability: Nitro | Express | Next.js (Turbopack)

workflow with 1 step

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
💻 Local 🥇 Next.js (Turbopack) 1.098s (~) 2.005s (~) 0.907s 10 1.00x
💻 Local Nitro 1.101s (+3.0%) 2.006s (~) 0.905s 10 1.00x
🌐 Redis Next.js (Turbopack) 1.102s (~) 2.006s (~) 0.905s 10 1.00x
💻 Local Express 1.105s (~) 2.006s (~) 0.901s 10 1.01x
🐘 Postgres Next.js (Turbopack) 1.130s 2.013s 0.883s 10 1.03x
🐘 Postgres Nitro 1.136s (~) 2.014s (~) 0.877s 10 1.04x
🐘 Postgres Express 1.143s (+2.2%) 2.013s (~) 0.870s 10 1.04x
🌐 MongoDB Next.js (Turbopack) 1.309s (+1.0%) 2.009s (~) 0.700s 10 1.19x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Express 2.860s (+8.4% 🔺) 5.488s (-4.1%) 2.628s 10 1.00x
▲ Vercel Next.js (Turbopack) 2.909s (+19.6% 🔺) 6.869s (+33.5% 🔺) 3.960s 10 1.02x
▲ Vercel Nitro 2.947s (+10.1% 🔺) 7.165s (+12.2% 🔺) 4.218s 10 1.03x

🔍 Observability: Express | Next.js (Turbopack) | Nitro

workflow with 10 sequential steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🌐 Redis 🥇 Next.js (Turbopack) 10.679s (~) 11.022s (~) 0.343s 3 1.00x
💻 Local Next.js (Turbopack) 10.706s (~) 11.022s (~) 0.317s 3 1.00x
💻 Local Nitro 10.766s (+2.6%) 11.024s (~) 0.258s 3 1.01x
💻 Local Express 10.793s (~) 11.024s (~) 0.231s 3 1.01x
🐘 Postgres Next.js (Turbopack) 10.813s 11.040s 0.227s 3 1.01x
🐘 Postgres Express 10.912s (+1.0%) 11.043s (~) 0.131s 3 1.02x
🐘 Postgres Nitro 10.933s (+0.9%) 11.043s (~) 0.110s 3 1.02x
🌐 MongoDB Next.js (Turbopack) 12.296s (~) 13.021s (~) 0.725s 3 1.15x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 17.195s (+0.8%) 20.212s (+1.9%) 3.016s 2 1.00x
▲ Vercel Express 17.990s (+5.6% 🔺) 20.822s (+3.4%) 2.832s 2 1.05x
▲ Vercel Next.js (Turbopack) 18.463s (+6.6% 🔺) 21.580s (+1.3%) 3.117s 2 1.07x

🔍 Observability: Nitro | Express | Next.js (Turbopack)

workflow with 25 sequential steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🌐 Redis 🥇 Next.js (Turbopack) 26.552s (~) 27.050s (~) 0.498s 3 1.00x
💻 Local Next.js (Turbopack) 26.880s (~) 27.053s (~) 0.173s 3 1.01x
🐘 Postgres Next.js (Turbopack) 26.911s 27.066s 0.155s 3 1.01x
🐘 Postgres Nitro 26.956s (~) 27.072s (~) 0.117s 3 1.02x
🐘 Postgres Express 26.982s (~) 27.066s (~) 0.084s 3 1.02x
💻 Local Nitro 27.189s (+2.8%) 28.053s (+3.7%) 0.864s 3 1.02x
💻 Local Express 27.250s (~) 28.055s (~) 0.804s 3 1.03x
🌐 MongoDB Next.js (Turbopack) 30.498s (~) 31.047s (~) 0.548s 2 1.15x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 45.215s (+1.8%) 47.412s (-5.8% 🟢) 2.197s 2 1.00x
▲ Vercel Next.js (Turbopack) 46.160s (+0.9%) 49.497s (-1.3%) 3.336s 2 1.02x
▲ Vercel Express 47.761s (+5.9% 🔺) 49.756s (-1.5%) 1.995s 2 1.06x

🔍 Observability: Nitro | Next.js (Turbopack) | Express

workflow with 50 sequential steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🌐 Redis 🥇 Next.js (Turbopack) 53.002s (~) 53.096s (~) 0.094s 2 1.00x
🐘 Postgres Next.js (Turbopack) 53.710s 54.107s 0.397s 2 1.01x
🐘 Postgres Nitro 53.855s (~) 54.110s (~) 0.255s 2 1.02x
🐘 Postgres Express 53.913s (~) 54.102s (~) 0.189s 2 1.02x
💻 Local Next.js (Turbopack) 55.389s (~) 56.099s (~) 0.710s 2 1.05x
💻 Local Nitro 56.023s (+3.1%) 56.102s (+1.8%) 0.079s 2 1.06x
💻 Local Express 56.107s (~) 57.104s (~) 0.997s 2 1.06x
🌐 MongoDB Next.js (Turbopack) 60.824s (~) 61.071s (~) 0.247s 2 1.15x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Next.js (Turbopack) 94.595s (-4.2%) 99.318s (-3.3%) 4.723s 1 1.00x
▲ Vercel Nitro 95.306s (-2.1%) 97.825s (-1.3%) 2.519s 1 1.01x
▲ Vercel Express 95.655s (-1.2%) 97.421s (-2.5%) 1.766s 1 1.01x

🔍 Observability: Next.js (Turbopack) | Nitro | Express

Promise.all with 10 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🌐 Redis 🥇 Next.js (Turbopack) 1.290s (+3.9%) 2.007s (~) 0.716s 15 1.00x
🐘 Postgres Express 1.343s (-1.2%) 2.011s (~) 0.668s 15 1.04x
🐘 Postgres Nitro 1.376s (+1.6%) 2.011s (~) 0.635s 15 1.07x
🐘 Postgres Next.js (Turbopack) 1.378s 2.011s 0.633s 15 1.07x
💻 Local Next.js (Turbopack) 1.387s (-1.9%) 2.005s (~) 0.617s 15 1.08x
💻 Local Express 1.416s (-1.2%) 2.006s (~) 0.590s 15 1.10x
💻 Local Nitro 1.416s (+5.8% 🔺) 2.006s (~) 0.590s 15 1.10x
🌐 MongoDB Next.js (Turbopack) 2.150s (-0.6%) 3.008s (~) 0.858s 10 1.67x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 2.659s (-25.8% 🟢) 4.755s (-16.3% 🟢) 2.096s 7 1.00x
▲ Vercel Express 2.839s (-6.3% 🟢) 6.025s (+2.2%) 3.186s 5 1.07x
▲ Vercel Next.js (Turbopack) 2.885s (-22.4% 🟢) 5.599s (-9.3% 🟢) 2.715s 6 1.08x

🔍 Observability: Nitro | Express | Next.js (Turbopack)

Promise.all with 25 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Express 1.996s (+4.6%) 2.513s (+4.8%) 0.518s 12 1.00x
🐘 Postgres Next.js (Turbopack) 2.027s 2.515s 0.487s 12 1.02x
🐘 Postgres Nitro 2.198s (+5.1% 🔺) 2.683s (+3.3%) 0.485s 12 1.10x
🌐 Redis Next.js (Turbopack) 2.499s (~) 3.008s (~) 0.509s 10 1.25x
💻 Local Next.js (Turbopack) 2.508s (-1.0%) 3.007s (~) 0.499s 10 1.26x
💻 Local Nitro 2.591s (+12.6% 🔺) 3.008s (~) 0.417s 10 1.30x
💻 Local Express 2.694s (+2.4%) 3.008s (~) 0.314s 10 1.35x
🌐 MongoDB Next.js (Turbopack) 4.706s (-2.6%) 5.177s (~) 0.472s 6 2.36x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Next.js (Turbopack) 2.971s (-15.6% 🟢) 5.582s (-26.8% 🟢) 2.610s 6 1.00x
▲ Vercel Nitro 3.034s (-13.1% 🟢) 5.639s (-18.1% 🟢) 2.605s 6 1.02x
▲ Vercel Express 3.114s (-29.4% 🟢) 5.375s (-40.7% 🟢) 2.261s 6 1.05x

🔍 Observability: Next.js (Turbopack) | Nitro | Express

Promise.all with 50 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Nitro 3.391s (-0.6%) 4.020s (-2.9%) 0.628s 8 1.00x
🐘 Postgres Next.js (Turbopack) 3.756s 4.308s 0.551s 7 1.11x
🐘 Postgres Express 3.978s (+12.0% 🔺) 4.459s (~) 0.481s 7 1.17x
🌐 Redis Next.js (Turbopack) 4.299s (+2.3%) 5.011s (~) 0.712s 6 1.27x
💻 Local Next.js (Turbopack) 6.831s (~) 7.515s (~) 0.684s 4 2.01x
💻 Local Nitro 7.459s (+20.6% 🔺) 8.021s (+14.3% 🔺) 0.562s 4 2.20x
💻 Local Express 8.093s (+6.8% 🔺) 8.769s (+9.4% 🔺) 0.677s 4 2.39x
🌐 MongoDB Next.js (Turbopack) 10.013s (-1.6%) 10.686s (~) 0.673s 3 2.95x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Express 3.177s (-13.2% 🟢) 4.866s (-31.2% 🟢) 1.690s 7 1.00x
▲ Vercel Next.js (Turbopack) 3.356s (-13.4% 🟢) 5.359s (-19.2% 🟢) 2.003s 6 1.06x
▲ Vercel Nitro 4.305s (+16.7% 🔺) 6.069s (-1.1%) 1.764s 6 1.36x

🔍 Observability: Express | Next.js (Turbopack) | Nitro

Promise.race with 10 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🌐 Redis 🥇 Next.js (Turbopack) 1.255s (+1.5%) 2.006s (~) 0.751s 15 1.00x
🐘 Postgres Express 1.358s (+1.0%) 2.011s (~) 0.653s 15 1.08x
🐘 Postgres Nitro 1.394s (+2.7%) 2.011s (~) 0.616s 15 1.11x
🐘 Postgres Next.js (Turbopack) 1.396s 2.011s 0.616s 15 1.11x
💻 Local Next.js (Turbopack) 1.412s (~) 2.005s (~) 0.593s 15 1.12x
💻 Local Nitro 1.415s (+4.8%) 2.005s (~) 0.590s 15 1.13x
💻 Local Express 1.447s (~) 2.005s (~) 0.558s 15 1.15x
🌐 MongoDB Next.js (Turbopack) 2.158s (-0.6%) 3.008s (~) 0.850s 10 1.72x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 2.482s (-12.9% 🟢) 4.472s (-16.6% 🟢) 1.990s 7 1.00x
▲ Vercel Next.js (Turbopack) 2.498s (-19.6% 🟢) 4.752s (-32.2% 🟢) 2.254s 7 1.01x
▲ Vercel Express 2.638s (-21.0% 🟢) 4.627s (-29.5% 🟢) 1.989s 7 1.06x

🔍 Observability: Nitro | Next.js (Turbopack) | Express

Promise.race with 25 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Next.js (Turbopack) 2.017s 2.514s 0.496s 12 1.00x
🐘 Postgres Express 2.059s (+1.1%) 2.596s (+4.8%) 0.537s 12 1.02x
🐘 Postgres Nitro 2.147s (+7.1% 🔺) 2.685s (+3.3%) 0.538s 12 1.06x
🌐 Redis Next.js (Turbopack) 2.534s (+1.2%) 3.008s (~) 0.474s 10 1.26x
💻 Local Next.js (Turbopack) 2.665s (~) 3.108s (+3.3%) 0.443s 10 1.32x
💻 Local Express 2.737s (~) 3.008s (~) 0.271s 10 1.36x
💻 Local Nitro 2.769s (+17.4% 🔺) 3.008s (~) 0.239s 10 1.37x
🌐 MongoDB Next.js (Turbopack) 4.704s (~) 5.178s (~) 0.474s 6 2.33x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Next.js (Turbopack) 2.713s (-34.9% 🟢) 4.619s (-54.2% 🟢) 1.905s 7 1.00x
▲ Vercel Nitro 3.116s (-11.9% 🟢) 5.317s (-46.2% 🟢) 2.202s 6 1.15x
▲ Vercel Express 3.437s (+8.1% 🔺) 5.300s (-48.9% 🟢) 1.863s 6 1.27x

🔍 Observability: Next.js (Turbopack) | Nitro | Express

Promise.race with 50 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Express 3.963s (+6.4% 🔺) 4.739s (+7.6% 🔺) 0.776s 7 1.00x
🐘 Postgres Nitro 4.193s (+19.2% 🔺) 5.033s (+17.9% 🔺) 0.840s 6 1.06x
🐘 Postgres Next.js (Turbopack) 4.198s 4.881s 0.683s 7 1.06x
🌐 Redis Next.js (Turbopack) 4.364s (+2.3%) 5.011s (~) 0.646s 6 1.10x
💻 Local Next.js (Turbopack) 7.785s (+3.1%) 8.272s (+3.2%) 0.487s 4 1.96x
💻 Local Nitro 7.856s (+16.4% 🔺) 8.524s (+21.5% 🔺) 0.668s 4 1.98x
💻 Local Express 8.461s (+4.1%) 9.024s (+2.9%) 0.563s 4 2.14x
🌐 MongoDB Next.js (Turbopack) 10.050s (+1.9%) 10.683s (+3.2%) 0.633s 3 2.54x

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 3.473s (-6.7% 🟢) 4.874s (-38.9% 🟢) 1.401s 7 1.00x
▲ Vercel Next.js (Turbopack) 3.476s (-8.8% 🟢) 5.106s (-39.0% 🟢) 1.629s 6 1.00x
▲ Vercel Express 4.128s (-41.2% 🟢) 6.347s (-47.8% 🟢) 2.220s 5 1.19x

🔍 Observability: Nitro | Next.js (Turbopack) | Express

Stream Benchmarks (includes TTFB metrics)
workflow with stream

💻 Local Development

World Framework Workflow Time TTFB Slurp Wall Time Overhead Samples vs Fastest
🌐 Redis 🥇 Next.js (Turbopack) 0.143s (~) 1.000s (~) 0.002s (+30.8% 🔺) 1.008s (~) 0.865s 10 1.00x
💻 Local Next.js (Turbopack) 0.143s (-1.4%) 1.002s (~) 0.011s (-3.5%) 1.017s (~) 0.874s 10 1.00x
💻 Local Nitro 0.171s (+62.2% 🔺) 1.003s (~) 0.011s (+13.3% 🔺) 1.017s (~) 0.846s 10 1.19x
💻 Local Express 0.174s (+2.2%) 1.003s (~) 0.011s (~) 1.018s (~) 0.844s 10 1.22x
🐘 Postgres Next.js (Turbopack) 0.176s 1.001s 0.002s 1.012s 0.836s 10 1.23x
🐘 Postgres Nitro 0.191s (+3.9%) 0.999s (+0.7%) 0.001s (-7.1% 🟢) 1.013s (~) 0.822s 10 1.33x
🐘 Postgres Express 0.195s (+5.1% 🔺) 0.996s (~) 0.002s (-10.5% 🟢) 1.012s (~) 0.818s 10 1.36x
🌐 MongoDB Next.js (Turbopack) 0.520s (+4.9%) 0.924s (-2.8%) 0.002s (+13.3% 🔺) 1.009s (~) 0.489s 10 3.63x

▲ Production (Vercel)

World Framework Workflow Time TTFB Slurp Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Next.js (Turbopack) 1.763s (-21.4% 🟢) 3.170s (-14.6% 🟢) 0.143s (+171.6% 🔺) 4.166s (-9.2% 🟢) 2.403s 10 1.00x
▲ Vercel Express 1.777s (-12.1% 🟢) 2.895s (-15.2% 🟢) 0.084s (-16.0% 🟢) 3.814s (-16.9% 🟢) 2.037s 10 1.01x
▲ Vercel Nitro 2.124s (+9.0% 🔺) 2.987s (-18.7% 🟢) 0.133s (+112.8% 🔺) 4.225s (-15.5% 🟢) 2.101s 10 1.20x

🔍 Observability: Next.js (Turbopack) | Express | Nitro

Summary

Fastest Framework by World

Winner determined by most benchmark wins

World 🥇 Fastest Framework Wins
💻 Local Next.js (Turbopack) 11/12
🐘 Postgres Next.js (Turbopack) 7/12
▲ Vercel Nitro 6/12
Fastest World by Framework

Winner determined by most benchmark wins

Framework 🥇 Fastest World Wins
Express 🐘 Postgres 7/12
Next.js (Turbopack) 🌐 Redis 6/12
Nitro 🐘 Postgres 7/12
Column Definitions
  • Workflow Time: Runtime reported by workflow (completedAt - createdAt) - primary metric
  • TTFB: Time to First Byte - time from workflow start until first stream byte received (stream benchmarks only)
  • Slurp: Time from first byte to complete stream consumption (stream benchmarks only)
  • Wall Time: Total testbench time (trigger workflow + poll for result)
  • Overhead: Testbench overhead (Wall Time - Workflow Time)
  • Samples: Number of benchmark iterations run
  • vs Fastest: How much slower compared to the fastest configuration for this benchmark

Worlds:

  • 💻 Local: In-memory filesystem world (local development)
  • 🐘 Postgres: PostgreSQL database world (local development)
  • ▲ Vercel: Vercel production/preview deployment
  • 🌐 Turso: Community world (local development)
  • 🌐 MongoDB: Community world (local development)
  • 🌐 Redis: Community world (local development)
  • 🌐 Jazz: Community world (local development)

📋 View full workflow run

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 5, 2026
edited
Loading

🧪 E2E Test Results

Some tests failed

Summary

Passed Failed Skipped Total
✅ ▲ Vercel Production 549 0 67 616
❌ 💻 Local Development 576 12 84 672
❌ 📦 Local Production 576 12 84 672
❌ 🐘 Local Postgres 576 12 84 672
❌ 🪟 Windows 52 1 3 56
❌ 🌍 Community Worlds 116 52 15 183
❌ 📋 Other 138 3 27 168
Total 2583 92 364 3039

❌ Failed Tests

💻 Local Development (12 failed)

astro-stable (1 failed):

  • webhookWorkflow

express-stable (1 failed):

  • webhookWorkflow

fastify-stable (1 failed):

  • webhookWorkflow

hono-stable (1 failed):

  • webhookWorkflow

nextjs-turbopack-canary (1 failed):

  • webhookWorkflow

nextjs-turbopack-stable (1 failed):

  • webhookWorkflow

nextjs-webpack-canary (1 failed):

  • webhookWorkflow

nextjs-webpack-stable (1 failed):

  • webhookWorkflow

nitro-stable (1 failed):

  • webhookWorkflow

nuxt-stable (1 failed):

  • webhookWorkflow

sveltekit-stable (1 failed):

  • webhookWorkflow

vite-stable (1 failed):

  • webhookWorkflow
📦 Local Production (12 failed)

astro-stable (1 failed):

  • webhookWorkflow

express-stable (1 failed):

  • webhookWorkflow

fastify-stable (1 failed):

  • webhookWorkflow

hono-stable (1 failed):

  • webhookWorkflow

nextjs-turbopack-canary (1 failed):

  • webhookWorkflow

nextjs-turbopack-stable (1 failed):

  • webhookWorkflow

nextjs-webpack-canary (1 failed):

  • webhookWorkflow

nextjs-webpack-stable (1 failed):

  • webhookWorkflow

nitro-stable (1 failed):

  • webhookWorkflow

nuxt-stable (1 failed):

  • webhookWorkflow

sveltekit-stable (1 failed):

  • webhookWorkflow

vite-stable (1 failed):

  • webhookWorkflow
🐘 Local Postgres (12 failed)

astro-stable (1 failed):

  • webhookWorkflow

express-stable (1 failed):

  • webhookWorkflow

fastify-stable (1 failed):

  • webhookWorkflow

hono-stable (1 failed):

  • webhookWorkflow

nextjs-turbopack-canary (1 failed):

  • webhookWorkflow

nextjs-turbopack-stable (1 failed):

  • webhookWorkflow

nextjs-webpack-canary (1 failed):

  • webhookWorkflow

nextjs-webpack-stable (1 failed):

  • webhookWorkflow

nitro-stable (1 failed):

  • webhookWorkflow

nuxt-stable (1 failed):

  • webhookWorkflow

sveltekit-stable (1 failed):

  • webhookWorkflow

vite-stable (1 failed):

  • webhookWorkflow
🪟 Windows (1 failed)

nextjs-turbopack (1 failed):

  • webhookWorkflow
🌍 Community Worlds (52 failed)

mongodb (2 failed):

  • hookWorkflow is not resumable via public webhook endpoint
  • webhookWorkflow

redis (1 failed):

  • hookWorkflow is not resumable via public webhook endpoint

turso (49 failed):

  • addTenWorkflow
  • addTenWorkflow
  • wellKnownAgentWorkflow (.well-known/agent)
  • should work with react rendering in step
  • promiseAllWorkflow
  • promiseRaceWorkflow
  • promiseAnyWorkflow
  • importedStepOnlyWorkflow
  • hookWorkflow
  • hookWorkflow is not resumable via public webhook endpoint
  • webhookWorkflow
  • sleepingWorkflow
  • parallelSleepWorkflow
  • nullByteWorkflow
  • workflowAndStepMetadataWorkflow
  • fetchWorkflow
  • promiseRaceStressTestWorkflow
  • error handling error propagation workflow errors nested function calls preserve message and stack trace
  • error handling error propagation workflow errors cross-file imports preserve message and stack trace
  • error handling error propagation step errors basic step error preserves message and stack trace
  • error handling error propagation step errors cross-file step error preserves message and function names in stack
  • error handling retry behavior regular Error retries until success
  • error handling retry behavior FatalError fails immediately without retries
  • error handling retry behavior RetryableError respects custom retryAfter delay
  • error handling retry behavior maxRetries=0 disables retries
  • error handling retry behavior workflow completes despite transient 5xx on step_completed
  • error handling catchability FatalError can be caught and detected with FatalError.is()
  • hookCleanupTestWorkflow - hook token reuse after workflow completion
  • concurrent hook token conflict - two workflows cannot use the same hook token simultaneously
  • hookDisposeTestWorkflow - hook token reuse after explicit disposal while workflow still running
  • stepFunctionPassingWorkflow - step function references can be passed as arguments (without closure vars)
  • stepFunctionWithClosureWorkflow - step function with closure variables passed as argument
  • closureVariableWorkflow - nested step functions with closure variables
  • spawnWorkflowFromStepWorkflow - spawning a child workflow using start() inside a step
  • health check (queue-based) - workflow and step endpoints respond to health check messages
  • pathsAliasWorkflow - TypeScript path aliases resolve correctly
  • Calculator.calculate - static workflow method using static step methods from another class
  • AllInOneService.processNumber - static workflow method using sibling static step methods
  • ChainableService.processWithThis - static step methods using this to reference the class
  • thisSerializationWorkflow - step function invoked with .call() and .apply()
  • customSerializationWorkflow - custom class serialization with WORKFLOW_SERIALIZE/WORKFLOW_DESERIALIZE
  • instanceMethodStepWorkflow - instance methods with "use step" directive
  • crossContextSerdeWorkflow - classes defined in step code are deserializable in workflow context
  • stepFunctionAsStartArgWorkflow - step function reference passed as start() argument
  • cancelRun - cancelling a running workflow
  • cancelRun via CLI - cancelling a running workflow
  • pages router addTenWorkflow via pages router
  • pages router promiseAllWorkflow via pages router
  • pages router sleepingWorkflow via pages router
📋 Other (3 failed)

e2e-local-dev-nest-stable (1 failed):

  • webhookWorkflow

e2e-local-postgres-nest-stable (1 failed):

  • webhookWorkflow

e2e-local-prod-nest-stable (1 failed):

  • webhookWorkflow

Details by Category

✅ ▲ Vercel Production
App Passed Failed Skipped
✅ astro 49 0 7
✅ example 49 0 7
✅ express 49 0 7
✅ fastify 49 0 7
✅ hono 49 0 7
✅ nextjs-turbopack 54 0 2
✅ nextjs-webpack 54 0 2
✅ nitro 49 0 7
✅ nuxt 49 0 7
✅ sveltekit 49 0 7
✅ vite 49 0 7
❌ 💻 Local Development
App Passed Failed Skipped
❌ astro-stable 46 1 9
❌ express-stable 46 1 9
❌ fastify-stable 46 1 9
❌ hono-stable 46 1 9
❌ nextjs-turbopack-canary 52 1 3
❌ nextjs-turbopack-stable 52 1 3
❌ nextjs-webpack-canary 52 1 3
❌ nextjs-webpack-stable 52 1 3
❌ nitro-stable 46 1 9
❌ nuxt-stable 46 1 9
❌ sveltekit-stable 46 1 9
❌ vite-stable 46 1 9
❌ 📦 Local Production
App Passed Failed Skipped
❌ astro-stable 46 1 9
❌ express-stable 46 1 9
❌ fastify-stable 46 1 9
❌ hono-stable 46 1 9
❌ nextjs-turbopack-canary 52 1 3
❌ nextjs-turbopack-stable 52 1 3
❌ nextjs-webpack-canary 52 1 3
❌ nextjs-webpack-stable 52 1 3
❌ nitro-stable 46 1 9
❌ nuxt-stable 46 1 9
❌ sveltekit-stable 46 1 9
❌ vite-stable 46 1 9
❌ 🐘 Local Postgres
App Passed Failed Skipped
❌ astro-stable 46 1 9
❌ express-stable 46 1 9
❌ fastify-stable 46 1 9
❌ hono-stable 46 1 9
❌ nextjs-turbopack-canary 52 1 3
❌ nextjs-turbopack-stable 52 1 3
❌ nextjs-webpack-canary 52 1 3
❌ nextjs-webpack-stable 52 1 3
❌ nitro-stable 46 1 9
❌ nuxt-stable 46 1 9
❌ sveltekit-stable 46 1 9
❌ vite-stable 46 1 9
❌ 🪟 Windows
App Passed Failed Skipped
❌ nextjs-turbopack 52 1 3
❌ 🌍 Community Worlds
App Passed Failed Skipped
✅ mongodb-dev 3 0 2
❌ mongodb 51 2 3
✅ redis-dev 3 0 2
❌ redis 52 1 3
✅ turso-dev 3 0 2
❌ turso 4 49 3
❌ 📋 Other
App Passed Failed Skipped
❌ e2e-local-dev-nest-stable 46 1 9
❌ e2e-local-postgres-nest-stable 46 1 9
❌ e2e-local-prod-nest-stable 46 1 9

📋 View full workflow run

Some E2E test jobs failed:

  • Vercel Prod: success
  • Local Dev: failure
  • Local Prod: failure
  • Local Postgres: failure
  • Windows: failure

Check the workflow run for details.

@pranaygp pranaygp marked this pull request as ready for review March 5, 2026 18:39
@pranaygp pranaygp requested a review from a team as a code owner March 5, 2026 18:39
@pranaygp pranaygp requested review from TooTallNate and Copilot March 5, 2026 18:39
@pranaygp @claude
Fix world-local: default isWebhook to false and fix test assertions
eda030d 
- Default isWebhook to false at write time in events-storage
- Default isWebhook to false at read time in hooks-storage (for old data)
- Update test assertions to match HookNotFoundError message

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
vercel[bot]
vercel Bot reviewed Mar 5, 2026
View reviewed changes
Comment thread packages/world-local/src/storage/hooks-storage.ts Outdated
@pranaygp @claude
Fix: default isWebhook to true for backwards compat, add postgres mig…
e6f3979 
…ration

- Revert read-side default to `isWebhook ?? true` in world-local for
  backwards compatibility with existing hooks that predate the field
- Add postgres migration 0009 to add `is_webhook` column with default true
- Update drizzle schema to match

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copilot AI reviewed Mar 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@pranaygp
Copy link
Copy Markdown
Contributor Author

pranaygp commented Mar 5, 2026

Will fix the failing e2e tests with a separate clean PR (also happening on main)

@pranaygp pranaygp merged commit adfe8b6 into main Mar 5, 2026
59 of 99 checks passed
@pranaygp pranaygp deleted the worktree-vuln-7040-ispublic branch March 5, 2026 19:04
@vercel-release-bot vercel-release-bot mentioned this pull request Mar 5, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vercel vercel[bot] vercel[bot] left review comments

Copilot code review Copilot Copilot left review comments

@TooTallNate TooTallNate TooTallNate approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pranaygp @TooTallNate