Improve workflow throttling logic

[thomtrp]

• if >5000 workflows per hour, new ones should failed
• if >100 workflow per min, new ones should be set as not started. Except manual trigger
• when enqueued, we check if there a not started workflows that may be queued. If yes, we call the associated job

[greptile-apps]

Greptile Overview

Greptile Summary

This PR implements a two-tier throttling system for workflow execution with hard and soft limits:

Key Changes:

• Hard throttle (5000 workflows/hour): New workflows are marked as FAILED with error message when exceeded
• Soft throttle (100 workflows/min): New workflows are marked as NOT_STARTED and queued for later execution when exceeded
• Manual triggers bypass soft throttle but respect hard throttle
• New WorkflowNotStartedRunsWorkspaceService manages NOT_STARTED workflows with cache-based counting
• Enhanced ThrottlerService now returns remaining token count
• WorkflowEnqueueAwaitingRunsJob processes queued workflows when capacity becomes available
• Added metrics tracking for throttled workflows (WorkflowRunSoftThrottled, WorkflowRunHardThrottled)

Issues Found:

• Potential race condition where remainingRunsToEnqueueCount becomes stale between throttle check and awaiting runs enqueue decision
• Manual trigger bypass logic may prevent enqueueing awaiting runs even when capacity is available

Confidence Score: 3/5

• This PR has logical issues that could affect workflow execution reliability under high load
• The implementation introduces good architectural patterns (two-tier throttling, metrics, cache-based counting) but contains race conditions with stale token counts and logic issues with manual trigger bypass that could prevent proper workflow queue processing
• packages/twenty-server/src/modules/workflow/workflow-runner/workspace-services/workflow-runner.workspace-service.ts requires attention for race condition and manual trigger logic fixes

Important Files Changed

File Analysis

Filename	Score	Overview
packages/twenty-server/src/modules/workflow/workflow-runner/workspace-services/workflow-runner.workspace-service.ts	3/5	Refactored throttling logic with separate hard/soft limits, added metrics tracking, and new NOT_STARTED workflow run status. Contains potential race condition with stale remainingRunsToEnqueueCount and manual trigger bypass logic issue.
packages/twenty-server/src/modules/workflow/workflow-runner/workflow-run-queue/workspace-services/workflow-not-started-runs.workspace-service.ts	4/5	New service managing NOT_STARTED workflow runs with cache-based counting and throttling integration. Provides methods for tracking, recomputing, and throttling workflow execution with hard/soft limits.
packages/twenty-server/src/engine/core-modules/throttler/throttler.service.ts	4/5	Enhanced token bucket throttler to return remaining tokens and added getAvailableTokensCount method. Clean refactoring with minor timing precision concern.
packages/twenty-server/src/modules/workflow/workflow-runner/workflow-run-queue/workspace-services/workflow-enqueue-awaiting-runs.workspace-service.ts	4/5	New service for processing NOT_STARTED workflows and enqueueing them when capacity is available. Includes proper error handling and metrics tracking.

Sequence Diagram

sequenceDiagram
    participant Client
    participant WorkflowRunner as WorkflowRunnerService
    participant NotStartedSvc as NotStartedRunsService
    participant Throttler as ThrottlerService
    participant Cache as Redis Cache
    participant DB as Database
    participant Queue as Message Queue

    Client->>WorkflowRunner: run(workflowVersionId, payload)
    WorkflowRunner->>WorkflowRunner: Check if manual trigger
    
    WorkflowRunner->>NotStartedSvc: throttleOrThrowIfHardLimitReached()
    NotStartedSvc->>Throttler: tokenBucketThrottleOrThrow(hard-throttle key, 1, 5000, 3600000)
    Throttler->>Cache: get(hard-throttle tokens)
    Cache-->>Throttler: current token state
    alt Hard limit exceeded (>5000/hour)
        Throttler-->>NotStartedSvc: throw ThrottlerException
        NotStartedSvc-->>WorkflowRunner: throw
        WorkflowRunner->>WorkflowRunner: createFailedWorkflowRun()
        WorkflowRunner->>DB: create workflow run (status=FAILED, error="Throttle limit reached")
        WorkflowRunner-->>Client: return {workflowRunId}
    else Hard limit OK
        Throttler->>Cache: set(hard-throttle tokens - 1)
        Throttler-->>NotStartedSvc: return remaining tokens
    end

    WorkflowRunner->>NotStartedSvc: throttleAndReturnRemainingRunsToEnqueueCount()
    NotStartedSvc->>Throttler: tokenBucketThrottleOrThrow(soft-throttle key, 1, 100, 60000)
    Throttler->>Cache: get(soft-throttle tokens)
    Cache-->>Throttler: current token state
    alt Soft limit exceeded (>100/min) AND NOT manual trigger
        Throttler-->>NotStartedSvc: throw ThrottlerException
        NotStartedSvc-->>WorkflowRunner: throw
        WorkflowRunner->>WorkflowRunner: createNotStartedWorkflowRun()
        WorkflowRunner->>DB: create workflow run (status=NOT_STARTED)
        WorkflowRunner->>NotStartedSvc: increaseWorkflowRunNotStartedCount()
        NotStartedSvc->>Cache: increment NOT_STARTED count
        WorkflowRunner-->>Client: return {workflowRunId}
    else Soft limit OK OR manual trigger
        Throttler->>Cache: set(soft-throttle tokens - 1)
        Throttler-->>NotStartedSvc: return remaining tokens
        NotStartedSvc-->>WorkflowRunner: return remainingCount
    end

    WorkflowRunner->>WorkflowRunner: enqueueWorkflowRunAndPotentialAwaitingRuns()
    WorkflowRunner->>DB: create workflow run (status=ENQUEUED)
    WorkflowRunner->>Queue: add(RunWorkflowJob, {workflowRunId})
    
    WorkflowRunner->>NotStartedSvc: getNotStartedRunsCountFromCache()
    NotStartedSvc->>Cache: get(NOT_STARTED count)
    Cache-->>NotStartedSvc: current count
    NotStartedSvc-->>WorkflowRunner: return count
    
    alt remainingCount > 0 AND notStartedCount > 0
        WorkflowRunner->>Queue: add(WorkflowEnqueueAwaitingRunsJob, {workspaceId})
        Note over Queue: Background job will process<br/>NOT_STARTED workflows later
    end
    
    WorkflowRunner-->>Client: return {workflowRunId}

Loading

[greptile-apps]

_{25 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[github-actions]

🚀 Preview Environment Ready!

Your preview environment is available at: http://bore.pub:55106

This environment will automatically shut down when the PR is closed or after 5 hours.

[thomtrp]

@greptile-ai

[greptile-apps]

_{25 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[charlesBochet]

NotStarted

[charlesBochet]

why not using workspace cache service?

[charlesBochet]

we should maintain in cache

[charlesBochet]

not useful anymore?

[charlesBochet]

workflow enqueue not started Job
(i would also add an optional workflowRunId? )

[charlesBochet]

workflowEnqueueRunWorkspaceService

[charlesBochet]

rename

[charlesBochet]

workflow throttling

[charlesBochet]

remove this

[charlesBochet]

pass prioritiarty workflowRunId if needed here

[charlesBochet]

check only hard limit

[charlesBochet]

no need to handle soft here

[charlesBochet]

I feel this should also go through workflow-run-enqueue job

[thomtrp]

The enqueue notion means NOT_STARTED => ENQUEUE. The service only looks for not started workflows. In case of a running workflow, like here, we still need to run the job separately. So three cases: delays (here), forms and when a workflow has two many steps, we cut and re-send the job in the queue

[charlesBochet]

prioritaryWorkflowRunId

[twenty-eng-sync]

Hey @thomtrp! After you've done the QA of your Pull Request, you can mark it as done here. Thank you!