apiVersion: jenkins.io/v1 kind: PipelineActivity metadata: annotations: lighthouse.jenkins-x.io/cloneURI: https://github.com/greencapitaltrade/destiny.git lighthouse.jenkins-x.io/job: release pipeline.jenkins-x.io/traceID: 00a1444c7ab04057913ee2c4bc7bda3d creationTimestamp: "2026-06-17T20:07:51Z" generation: 8 labels: branch: main build: "68" context: release created-by-lighthouse: "true" event-GUID: 350c18d4-6a88-11f1-883e-d0f435133ca1 lighthouse.jenkins-x.io/baseSHA: b5f65ee03536b2c10dc33f179705c4fe2b083c53 lighthouse.jenkins-x.io/branch: main lighthouse.jenkins-x.io/buildNum: "1781726871417" lighthouse.jenkins-x.io/context: release lighthouse.jenkins-x.io/id: apitaltrade-destiny-main-release-9vwc4 lighthouse.jenkins-x.io/job: release lighthouse.jenkins-x.io/lastCommitSHA: b5f65ee03536b2c10dc33f179705c4fe2b083c53 lighthouse.jenkins-x.io/refs.org: greencapitaltrade lighthouse.jenkins-x.io/refs.repo: destiny lighthouse.jenkins-x.io/type: postsubmit owner: greencapitaltrade podName: apitaltrade-destiny-main-release-97mrh-from-build-pack-pod provider: github repository: destiny tekton.dev/pipeline: apitaltrade-destiny-main-release-97mrh managedFields: - apiVersion: jenkins.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:labels: f:branch: {} f:context: {} f:owner: {} f:provider: {} f:repository: {} f:spec: f:lastCommitMessage: {} f:lastCommitSHA: {} f:releaseNotesURL: {} f:version: {} manager: jx-changelog-0.10.18 operation: Update time: "2026-06-17T20:10:01Z" - apiVersion: jenkins.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:lighthouse.jenkins-x.io/cloneURI: {} f:lighthouse.jenkins-x.io/job: {} f:pipeline.jenkins-x.io/traceID: {} f:labels: .: {} f:build: {} f:created-by-lighthouse: {} f:event-GUID: {} f:lighthouse.jenkins-x.io/baseSHA: {} f:lighthouse.jenkins-x.io/branch: {} f:lighthouse.jenkins-x.io/buildNum: {} f:lighthouse.jenkins-x.io/context: {} f:lighthouse.jenkins-x.io/id: {} f:lighthouse.jenkins-x.io/job: {} f:lighthouse.jenkins-x.io/lastCommitSHA: {} f:lighthouse.jenkins-x.io/refs.org: {} f:lighthouse.jenkins-x.io/refs.repo: {} f:lighthouse.jenkins-x.io/type: {} f:podName: {} f:tekton.dev/pipeline: {} f:spec: .: {} f:baseSHA: {} f:batchPipelineActivity: {} f:build: {} f:buildLogsUrl: {} f:completedTimestamp: {} f:context: {} f:gitBranch: {} f:gitOwner: {} f:gitRepository: {} f:gitUrl: {} f:message: {} f:pipeline: {} f:startedTimestamp: {} f:status: {} f:steps: {} manager: jx-build-controller operation: Update time: "2026-06-17T20:11:34Z" name: greencapitaltrade-destiny-main-68 namespace: jx resourceVersion: "113524308" uid: aa890fad-d989-4ed1-8693-7812d0345125 spec: baseSHA: b5f65ee03536b2c10dc33f179705c4fe2b083c53 batchPipelineActivity: {} build: "68" buildLogsUrl: s3://logs-gct-prod-20260425045301534100000007/jenkins-x/logs/greencapitaltrade/destiny/main/68.log completedTimestamp: "2026-06-17T20:11:28Z" context: release gitBranch: main gitOwner: greencapitaltrade gitRepository: destiny gitUrl: https://github.com/greencapitaltrade/destiny.git lastCommitMessage: | feat: harden flow engine — org isolation, concurrency locking, step-derived projection This commit implements critical production-readiness improvements to the flow engine core: 1. **Organization isolation (PRD §5/§11.4):** initializeFlow now filters flows by application.organization_id, closing the cross-org data leak that allowed one org's flow to be selected for another org's application. Test coverage proves the isolation. 2. **Two-level concurrency locking (PRD §3):** advanceFlow acquires LOCK.UPDATE on the parent applications row before checking terminal conditions and writing status. This prevents concurrent completeStep calls from racing to set approved/rejected simultaneously. Lock is acquired AFTER reading all steps (to avoid holding lock during step traversal) but BEFORE the allDone check. The reject path in failStep uses the same pattern. 3. **Step-derived previous_step (PRD §1/§11.1):** getFlowStatus now returns previous_step: string|null, server-derived from the completed steps and the flow's edges. It identifies the immediate predecessor(s) of the current active set, tie-broken by completed_at DESC when multiple predecessors exist. Returns null at flow start. Clients must never re-derive this. 4. **Lifecycle event emission (feeds webhooks, #1141):** completeStep, failStep, and terminal transitions in advanceFlow now publish Kafka events via transaction.afterCommit: destiny.application.step.completed, destiny.application.step.failed, destiny.application.approved, destiny.application.rejected. Payloads include application_id, organization_id, step_type, status, result, server-resolved timestamp (ISO 8601). No PII fields. Events only fire on durable state (post-commit). 5. **Generic runtime prerequisite gate config.additional_requires (PRD §6):** In advanceFlow, when deciding whether a pending step becomes active, honour optional step.config.additional_requires: [step_type]. The step only activates once all listed step_types are completed/skipped. This is the runtime per-org gate (distinct from design-time STEP_REQUIRES in engine/validation.js). Absence of the field preserves current behaviour. Test coverage: org-scoped flow selection, no_flow_configured when cross-org, multi-valued active[], previous_step derivation (linear + parallel flows), terminal-transition single-fire under concurrent completes, lifecycle-event publication (mocked kafka.publish), and additional_requires gating. All existing flow-engine tests continue to pass. Co-Authored-By: Claude Sonnet 4.5 lastCommitSHA: b6deb96d88605be8f496ae9e77a30693c5c484eb message: 'Tasks Completed: 1 (Failed: 0, Cancelled 0), Skipped: 0' pipeline: greencapitaltrade/destiny/main releaseNotesURL: https://github.com/greencapitaltrade/destiny/releases/tag/v1.63.3 startedTimestamp: "2026-06-17T20:07:51Z" status: Succeeded steps: - kind: Stage stage: completedTimestamp: "2026-06-17T20:11:28Z" name: from build pack startedTimestamp: "2026-06-17T20:07:54Z" status: Succeeded steps: - completedTimestamp: "2026-06-17T20:08:06Z" name: Git Clone startedTimestamp: "2026-06-17T20:07:54Z" status: Succeeded - completedTimestamp: "2026-06-17T20:08:09Z" name: Next Version startedTimestamp: "2026-06-17T20:08:06Z" status: Succeeded - completedTimestamp: "2026-06-17T20:08:12Z" name: Jx Variables startedTimestamp: "2026-06-17T20:08:09Z" status: Succeeded - completedTimestamp: "2026-06-17T20:08:49Z" name: Build Npm Install startedTimestamp: "2026-06-17T20:08:12Z" status: Succeeded - completedTimestamp: "2026-06-17T20:09:44Z" name: Build Container Build startedTimestamp: "2026-06-17T20:08:49Z" status: Succeeded - completedTimestamp: "2026-06-17T20:10:01Z" name: Promote Changelog startedTimestamp: "2026-06-17T20:09:45Z" status: Succeeded - completedTimestamp: "2026-06-17T20:10:05Z" name: Promote Helm Release startedTimestamp: "2026-06-17T20:10:02Z" status: Succeeded - completedTimestamp: "2026-06-17T20:10:57Z" name: Promote Jx Promote startedTimestamp: "2026-06-17T20:10:05Z" status: Succeeded - completedTimestamp: "2026-06-17T20:11:28Z" name: Publish Org Kb startedTimestamp: "2026-06-17T20:10:57Z" status: Succeeded - kind: Promote promote: environment: staging pullRequest: pullRequestURL: https://github.com/greencapitaltrade/mcu/pull/4360 startedTimestamp: "2026-06-17T20:10:34Z" status: Succeeded startedTimestamp: "2026-06-17T20:10:34Z" status: Succeeded - kind: Promote promote: environment: production pullRequest: pullRequestURL: https://github.com/greencapitaltrade/mcu/pull/4361 startedTimestamp: "2026-06-17T20:10:54Z" status: Succeeded startedTimestamp: "2026-06-17T20:10:54Z" status: Succeeded version: 1.63.3 status: {}