Block workflow starts on drained task queues without an active cohort

durable-workflow-ops · durable-workflow-ops · commit d76170705493 · 2026-04-28T13:20:04.000Z
Block workflow starts on drained task queues
diff --git a/README.md b/README.md
@@ -537,6 +537,13 @@ cannot delete yet.
 - `POST /api/workflows/{id}/cancel` — Request cancellation
 - `POST /api/workflows/{id}/terminate` — Terminate immediately
 
+Workflow starts fail closed with `409` / `reason: "task_queue_draining"`
+when the requested task queue has been explicitly drained and no active worker
+cohort remains to claim new work. The response includes
+`routing_status`, worker counts, and `draining_build_ids` so operators can
+distinguish "wait for the active cohort to return" from "resume or replace the
+drained build cohort first."
+
 Workflow debug responses are capped support snapshots, not full run exports:
 the server fetches at most 25 pending workflow tasks, 25 pending activities
 with only each activity's current/latest attempt, and 10 recent failures. The
diff --git a/app/Http/Controllers/Api/WorkflowController.php b/app/Http/Controllers/Api/WorkflowController.php
@@ -7,6 +7,7 @@
 use App\Support\ControlPlaneResultMapper;
 use App\Support\NamespaceExternalPayloadStorage;
 use App\Support\NamespaceWorkflowScope;
+use App\Support\TaskQueueRoutingGate;
 use App\Support\WorkflowCommandContextFactory;
 use App\Support\WorkflowQueryTaskBroker;
 use App\Support\WorkflowRunDiagnostics;
@@ -27,6 +28,7 @@ class WorkflowController
     public function __construct(
         private readonly WorkflowStartService $workflowStartService,
         private readonly WorkflowControlPlane $workflowControlPlane,
+        private readonly TaskQueueRoutingGate $taskQueueRoutingGate,
         private readonly WorkflowCommandContextFactory $commandContexts,
         private readonly ControlPlaneResultMapper $resultMapper,
         private readonly WorkflowQueryTaskBroker $queryTasks,
@@ -170,6 +172,33 @@ public function start(Request $request): JsonResponse
             ], 409);
         }
 
+        $taskQueue = isset($validated['task_queue']) && is_string($validated['task_queue'])
+            ? trim($validated['task_queue'])
+            : null;
+
+        if ($taskQueue !== null && $taskQueue !== '') {
+            $routingBlock = $this->taskQueueRoutingGate->workflowStartBlock((string) $namespace, $taskQueue);
+
+            if ($routingBlock !== null) {
+                return ControlPlaneProtocol::jsonForRequest($request, array_filter([
+                    'workflow_id' => $workflowId,
+                    'workflow_type' => $validated['workflow_type'],
+                    'task_queue' => $taskQueue,
+                    'message' => sprintf(
+                        'Task queue [%s] is draining and cannot accept new workflow starts until an active worker cohort is available.',
+                        $taskQueue,
+                    ),
+                    'reason' => 'task_queue_draining',
+                    'routing_status' => $routingBlock['routing_status'],
+                    'active_worker_count' => $routingBlock['active_worker_count'],
+                    'draining_worker_count' => $routingBlock['draining_worker_count'],
+                    'stale_worker_count' => $routingBlock['stale_worker_count'],
+                    'draining_build_ids' => $routingBlock['draining_build_ids'],
+                    'drain_intent' => 'draining',
+                ], static fn (mixed $value): bool => $value !== null), 409);
+            }
+        }
+
         try {
             $start = $this->workflowStartService->start(
                 $validated,
diff --git a/app/Support/TaskQueueRoutingGate.php b/app/Support/TaskQueueRoutingGate.php
@@ -0,0 +1,84 @@
+<?php
+
+namespace App\Support;
+
+use App\Models\WorkerBuildIdRollout;
+use App\Models\WorkerRegistration;
+use Workflow\V2\Support\StandaloneWorkerVisibility;
+
+final class TaskQueueRoutingGate
+{
+    /**
+     * @return array{
+     *     routing_status: string,
+     *     active_worker_count: int,
+     *     draining_worker_count: int,
+     *     stale_worker_count: int,
+     *     draining_build_ids: list<string|null>
+     * }|null
+     */
+    public function workflowStartBlock(string $namespace, string $taskQueue): ?array
+    {
+        $cutoff = now()->subSeconds($this->workerStaleAfterSeconds());
+        $activeWorkerCount = 0;
+        $drainingWorkerCount = 0;
+        $staleWorkerCount = 0;
+
+        $workers = WorkerRegistration::query()
+            ->where('namespace', $namespace)
+            ->where('task_queue', $taskQueue)
+            ->get(['status', 'last_heartbeat_at']);
+
+        foreach ($workers as $worker) {
+            $status = is_string($worker->status) ? $worker->status : 'active';
+            $heartbeat = $worker->last_heartbeat_at;
+
+            if ($heartbeat !== null && $heartbeat->lt($cutoff)) {
+                $staleWorkerCount++;
+
+                continue;
+            }
+
+            if ($status === WorkerBuildIdRollout::DRAIN_INTENT_DRAINING) {
+                $drainingWorkerCount++;
+
+                continue;
+            }
+
+            $activeWorkerCount++;
+        }
+
+        $drainingBuildIds = WorkerBuildIdRollout::query()
+            ->where('namespace', $namespace)
+            ->where('task_queue', $taskQueue)
+            ->where('drain_intent', WorkerBuildIdRollout::DRAIN_INTENT_DRAINING)
+            ->orderBy('build_id')
+            ->get()
+            ->map(static fn (WorkerBuildIdRollout $rollout): ?string => $rollout->publicBuildId())
+            ->values()
+            ->all();
+
+        if ($activeWorkerCount > 0 || ($drainingWorkerCount === 0 && $drainingBuildIds === [])) {
+            return null;
+        }
+
+        return [
+            'routing_status' => 'draining',
+            'active_worker_count' => $activeWorkerCount,
+            'draining_worker_count' => $drainingWorkerCount,
+            'stale_worker_count' => $staleWorkerCount,
+            'draining_build_ids' => $drainingBuildIds,
+        ];
+    }
+
+    private function workerStaleAfterSeconds(): int
+    {
+        $configured = config('server.workers.stale_after_seconds');
+        $pollingTimeout = config('server.polling.timeout');
+
+        return StandaloneWorkerVisibility::staleAfterSeconds(
+            is_numeric($configured) ? (int) $configured : null,
+            is_numeric($pollingTimeout) ? (int) $pollingTimeout : null,
+        );
+    }
+}
diff --git a/tests/Feature/ControlPlaneErrorContractTest.php b/tests/Feature/ControlPlaneErrorContractTest.php
@@ -2,12 +2,15 @@
 
 namespace Tests\Feature;
 
+use App\Models\WorkerBuildIdRollout;
+use App\Models\WorkerRegistration;
 use App\Support\ControlPlaneProtocol;
 use App\Support\WorkerProtocol;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Testing\TestResponse;
 use PHPUnit\Framework\Attributes\DataProvider;
 use Tests\Feature\Concerns\ServerTestHelpers;
+use Tests\Fixtures\AwaitApprovalWorkflow;
 use Tests\TestCase;
 
 class ControlPlaneErrorContractTest extends TestCase
@@ -246,6 +249,57 @@ public function test_namespace_duplicate_errors_are_machine_readable_and_version
             ->assertJsonPath('namespace', 'default');
     }
 
+    public function test_workflow_start_draining_queue_errors_are_machine_readable_and_versioned(): void
+    {
+        $this->configureWorkflowTypes([
+            'tests.await-approval-workflow' => AwaitApprovalWorkflow::class,
+        ]);
+
+        WorkerRegistration::query()->create([
+            'worker_id' => 'draining-worker',
+            'namespace' => 'default',
+            'task_queue' => 'drain-queue',
+            'runtime' => 'php',
+            'sdk_version' => '1.0.0',
+            'build_id' => 'build-draining',
+            'supported_workflow_types' => ['tests.await-approval-workflow'],
+            'workflow_definition_fingerprints' => [],
+            'supported_activity_types' => [],
+            'max_concurrent_workflow_tasks' => 100,
+            'max_concurrent_activity_tasks' => 100,
+            'last_heartbeat_at' => now(),
+            'status' => 'draining',
+        ]);
+
+        WorkerBuildIdRollout::query()->create([
+            'namespace' => 'default',
+            'task_queue' => 'drain-queue',
+            'build_id' => 'build-draining',
+            'drain_intent' => 'draining',
+            'drained_at' => now(),
+        ]);
+
+        $response = $this->postJson('/api/workflows', [
+            'workflow_id' => 'wf-drain-error',
+            'workflow_type' => 'tests.await-approval-workflow',
+            'task_queue' => 'drain-queue',
+        ], $this->controlPlaneHeadersWithWorkerProtocol());
+
+        $response->assertStatus(409)
+            ->assertHeader(ControlPlaneProtocol::HEADER, ControlPlaneProtocol::VERSION)
+            ->assertHeaderMissing(WorkerProtocol::HEADER)
+            ->assertJsonMissingPath('protocol_version')
+            ->assertJsonMissingPath('server_capabilities')
+            ->assertJsonPath('reason', 'task_queue_draining')
+            ->assertJsonPath('task_queue', 'drain-queue')
+            ->assertJsonPath('routing_status', 'draining')
+            ->assertJsonPath('draining_build_ids.0', 'build-draining')
+            ->assertJsonPath(
+                'message',
+                'Task queue [drain-queue] is draining and cannot accept new workflow starts until an active worker cohort is available.',
+            );
+    }
+
     /**
      * @param  array<string, mixed>  $body
      * @param  array<string, string>  $headers
diff --git a/tests/Feature/WorkflowControlPlaneTest.php b/tests/Feature/WorkflowControlPlaneTest.php
@@ -2,20 +2,22 @@
 
 namespace Tests\Feature;
 
+use App\Models\WorkerBuildIdRollout;
+use App\Models\WorkerRegistration;
 use App\Models\WorkflowNamespace;
 use Illuminate\Foundation\Testing\RefreshDatabase;
-use Illuminate\Support\Str;
 use Illuminate\Support\Facades\Queue;
+use Illuminate\Support\Str;
 use Tests\Fixtures\AwaitApprovalWorkflow;
-use Tests\Fixtures\InternalParentWorkflow;
-use Tests\Fixtures\InternalChildWorkflow;
 use Tests\Fixtures\InteractiveCommandWorkflow;
+use Tests\Fixtures\InternalChildWorkflow;
+use Tests\Fixtures\InternalParentWorkflow;
 use Tests\TestCase;
 use Workflow\V2\Contracts\WorkflowControlPlane;
 use Workflow\V2\Jobs\RunWorkflowTask;
 use Workflow\V2\Models\WorkflowCommand;
-use Workflow\V2\Models\WorkflowInstance;
 use Workflow\V2\Models\WorkflowHistoryEvent;
+use Workflow\V2\Models\WorkflowInstance;
 use Workflow\V2\Models\WorkflowLink;
 use Workflow\V2\Models\WorkflowRunLineageEntry;
 use Workflow\V2\Models\WorkflowTask;
@@ -278,6 +280,119 @@ public function test_start_rejects_cross_namespace_workflow_id_without_leaking_t
         $this->assertStringContainsString('another namespace', $message);
     }
 
+    public function test_start_blocks_drained_task_queue_without_an_active_worker_cohort(): void
+    {
+        Queue::fake();
+
+        $this->configureWorkflowTypes();
+        $this->createNamespace('default', 'Default namespace');
+
+        WorkerRegistration::query()->create([
+            'worker_id' => 'draining-worker',
+            'namespace' => 'default',
+            'task_queue' => 'drain-queue',
+            'runtime' => 'php',
+            'sdk_version' => '1.0.0',
+            'build_id' => 'build-draining',
+            'supported_workflow_types' => ['tests.await-approval-workflow'],
+            'workflow_definition_fingerprints' => [],
+            'supported_activity_types' => [],
+            'max_concurrent_workflow_tasks' => 100,
+            'max_concurrent_activity_tasks' => 100,
+            'last_heartbeat_at' => now(),
+            'status' => 'draining',
+        ]);
+
+        WorkerBuildIdRollout::query()->create([
+            'namespace' => 'default',
+            'task_queue' => 'drain-queue',
+            'build_id' => 'build-draining',
+            'drain_intent' => 'draining',
+            'drained_at' => now(),
+        ]);
+
+        $response = $this->withHeaders($this->apiHeaders())
+            ->postJson('/api/workflows', [
+                'workflow_id' => 'wf-drained-start',
+                'workflow_type' => 'tests.await-approval-workflow',
+                'task_queue' => 'drain-queue',
+            ]);
+
+        $response->assertStatus(409)
+            ->assertJsonPath('workflow_id', 'wf-drained-start')
+            ->assertJsonPath('workflow_type', 'tests.await-approval-workflow')
+            ->assertJsonPath('task_queue', 'drain-queue')
+            ->assertJsonPath('reason', 'task_queue_draining')
+            ->assertJsonPath('routing_status', 'draining')
+            ->assertJsonPath('active_worker_count', 0)
+            ->assertJsonPath('draining_worker_count', 1)
+            ->assertJsonPath('stale_worker_count', 0)
+            ->assertJsonPath('draining_build_ids.0', 'build-draining')
+            ->assertJsonPath('drain_intent', 'draining');
+
+        $this->assertFalse(WorkflowInstance::query()->whereKey('wf-drained-start')->exists());
+    }
+
+    public function test_start_allows_queue_with_active_and_draining_worker_cohorts(): void
+    {
+        Queue::fake();
+
+        $this->configureWorkflowTypes();
+        $this->createNamespace('default', 'Default namespace');
+
+        WorkerRegistration::query()->create([
+            'worker_id' => 'active-worker',
+            'namespace' => 'default',
+            'task_queue' => 'mixed-queue',
+            'runtime' => 'php',
+            'sdk_version' => '1.0.0',
+            'build_id' => 'build-active',
+            'supported_workflow_types' => ['tests.await-approval-workflow'],
+            'workflow_definition_fingerprints' => [],
+            'supported_activity_types' => [],
+            'max_concurrent_workflow_tasks' => 100,
+            'max_concurrent_activity_tasks' => 100,
+            'last_heartbeat_at' => now(),
+            'status' => 'active',
+        ]);
+
+        WorkerRegistration::query()->create([
+            'worker_id' => 'draining-worker',
+            'namespace' => 'default',
+            'task_queue' => 'mixed-queue',
+            'runtime' => 'php',
+            'sdk_version' => '1.0.0',
+            'build_id' => 'build-draining',
+            'supported_workflow_types' => ['tests.await-approval-workflow'],
+            'workflow_definition_fingerprints' => [],
+            'supported_activity_types' => [],
+            'max_concurrent_workflow_tasks' => 100,
+            'max_concurrent_activity_tasks' => 100,
+            'last_heartbeat_at' => now(),
+            'status' => 'draining',
+        ]);
+
+        WorkerBuildIdRollout::query()->create([
+            'namespace' => 'default',
+            'task_queue' => 'mixed-queue',
+            'build_id' => 'build-draining',
+            'drain_intent' => 'draining',
+            'drained_at' => now(),
+        ]);
+
+        $response = $this->withHeaders($this->apiHeaders())
+            ->postJson('/api/workflows', [
+                'workflow_id' => 'wf-mixed-drain-start',
+                'workflow_type' => 'tests.await-approval-workflow',
+                'task_queue' => 'mixed-queue',
+            ]);
+
+        $response->assertCreated()
+            ->assertJsonPath('workflow_id', 'wf-mixed-drain-start')
+            ->assertJsonPath('workflow_type', 'tests.await-approval-workflow')
+            ->assertJsonPath('outcome', 'started_new');
+    }
+
     public function test_signal_is_scoped_by_namespace(): void
     {
         Queue::fake();
