fix(workflow): prevent node module imports in workflow graph

Move chat/serde runtime imports into step execution so workflow modules\ndo not statically pull package graphs that can include Node-only modules.\n\nAdd a workflow boundary check and run it in test/build so violations\nfail before deploy.

Co-Authored-By: Codex (GPT-5) <codex@openai.com>

Author: dcramer

packages/junior/package.json

@@ -21,14 +21,15 @@
   ],
   "scripts": {
     "dev": "next dev",
-    "build": "next build --webpack",
+    "build": "pnpm run test:workflow-boundary && next build --webpack",
     "build:pkg": "tsup",
     "start": "next start",
-    "test": "pnpm run test:slack-boundary && vitest run",
+    "test": "pnpm run test:slack-boundary && pnpm run test:workflow-boundary && vitest run",
     "test:watch": "vitest",
     "preevals": "pnpm run test:slack-boundary",
     "evals": "pnpm exec vitest run -c vitest.evals.config.ts",
     "test:slack-boundary": "node scripts/check-slack-test-boundary.mjs",
+    "test:workflow-boundary": "node scripts/check-workflow-node-modules.mjs",
     "typecheck": "tsc --noEmit",
     "skills:check": "node scripts/check-skills.mjs"
   },

packages/junior/scripts/check-workflow-node-modules.mjs

@@ -0,0 +1,145 @@
+#!/usr/bin/env node
+import fs from "node:fs/promises";
+import path from "node:path";
+
+const projectRoot = process.cwd();
+const srcRoot = path.join(projectRoot, "src");
+const allowedExternal = new Set(["workflow", "workflow/api"]);
+
+const sourceExts = [".ts", ".tsx", ".mts", ".cts", ".js", ".mjs", ".cjs"];
+
+async function walk(dir) {
+  const entries = await fs.readdir(dir, { withFileTypes: true });
+  const files = [];
+  for (const entry of entries) {
+    const fullPath = path.join(dir, entry.name);
+    if (entry.isDirectory()) {
+      files.push(...(await walk(fullPath)));
+      continue;
+    }
+    if (sourceExts.some((ext) => entry.name.endsWith(ext))) {
+      files.push(fullPath);
+    }
+  }
+  return files;
+}
+
+function hasWorkflowDirective(source) {
+  return /(^|\n)\s*["']use workflow["']\s*;?/.test(source);
+}
+
+function extractStaticImports(source) {
+  const imports = [];
+  const importFromRegex = /(^|\n)\s*import\s+(?!type\b)[^;\n]*?from\s+["']([^"']+)["']/g;
+  const sideEffectRegex = /(^|\n)\s*import\s+["']([^"']+)["']/g;
+  const exportFromRegex = /(^|\n)\s*export\s+[^;\n]*?from\s+["']([^"']+)["']/g;
+
+  for (const regex of [importFromRegex, sideEffectRegex, exportFromRegex]) {
+    let match;
+    while ((match = regex.exec(source)) !== null) {
+      imports.push(match[2]);
+    }
+  }
+  return imports;
+}
+
+async function fileExists(filepath) {
+  try {
+    await fs.access(filepath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+async function resolveLocalImport(fromFile, specifier) {
+  const candidates = [];
+  if (specifier.startsWith("@/")) {
+    const rel = specifier.slice(2);
+    candidates.push(path.join(srcRoot, rel));
+  } else if (specifier.startsWith("./") || specifier.startsWith("../")) {
+    candidates.push(path.resolve(path.dirname(fromFile), specifier));
+  } else {
+    return undefined;
+  }
+
+  const resolvedCandidates = [];
+  for (const base of candidates) {
+    resolvedCandidates.push(base);
+    for (const ext of sourceExts) {
+      resolvedCandidates.push(`${base}${ext}`);
+      resolvedCandidates.push(path.join(base, `index${ext}`));
+    }
+  }
+
+  for (const candidate of resolvedCandidates) {
+    if (await fileExists(candidate)) {
+      const stat = await fs.stat(candidate);
+      if (stat.isFile()) {
+        return candidate;
+      }
+    }
+  }
+
+  return undefined;
+}
+
+function isExternalImport(specifier) {
+  return !specifier.startsWith("@/") && !specifier.startsWith("./") && !specifier.startsWith("../");
+}
+
+const allSourceFiles = await walk(srcRoot);
+const workflowEntryFiles = [];
+for (const file of allSourceFiles) {
+  const source = await fs.readFile(file, "utf8");
+  if (hasWorkflowDirective(source)) {
+    workflowEntryFiles.push(file);
+  }
+}
+
+const queue = [...workflowEntryFiles];
+const visited = new Set();
+const violations = [];
+
+while (queue.length > 0) {
+  const file = queue.shift();
+  if (!file || visited.has(file)) {
+    continue;
+  }
+  visited.add(file);
+
+  const source = await fs.readFile(file, "utf8");
+  const imports = extractStaticImports(source);
+
+  for (const specifier of imports) {
+    if (isExternalImport(specifier)) {
+      if (!allowedExternal.has(specifier)) {
+        violations.push({ file, specifier });
+      }
+      continue;
+    }
+
+    const resolvedLocal = await resolveLocalImport(file, specifier);
+    if (!resolvedLocal) {
+      violations.push({ file, specifier, missing: true });
+      continue;
+    }
+    queue.push(resolvedLocal);
+  }
+}
+
+if (violations.length > 0) {
+  console.error("Workflow boundary check failed. Disallowed imports reachable from 'use workflow' files:\n");
+  for (const violation of violations) {
+    const relFile = path.relative(projectRoot, violation.file);
+    if (violation.missing) {
+      console.error(`- ${relFile}: cannot resolve import '${violation.specifier}'`);
+    } else {
+      console.error(`- ${relFile}: disallowed external import '${violation.specifier}'`);
+    }
+  }
+  console.error("\nAllowed external imports in workflow graph: workflow, workflow/api");
+  process.exit(1);
+}
+
+console.log(`Workflow boundary check passed for ${workflowEntryFiles.length} workflow entr${workflowEntryFiles.length === 1 ? "y" : "ies"}.`);

packages/junior/src/chat/workflow/thread-steps.ts

@@ -1,6 +1,4 @@
-import { Message, ThreadImpl } from "chat";
-import type { SerializedMessage, SerializedThread, Thread } from "chat";
-import { WORKFLOW_DESERIALIZE } from "@workflow/serde";
+import type { Message, SerializedMessage, SerializedThread, Thread } from "chat";
 import type { ThreadMessagePayload } from "@/chat/workflow/types";
 
 let stateAdapterConnected = false;
@@ -24,20 +22,6 @@ function isSerializedMessage(message: ThreadMessagePayload["message"]): message
   return typeof message === "object" && message !== null && (message as { _type?: unknown })._type === "chat:Message";
 }
 
-function toRuntimeThread(thread: ThreadMessagePayload["thread"]): Thread {
-  if (isSerializedThread(thread)) {
-    return ThreadImpl[WORKFLOW_DESERIALIZE](thread);
-  }
-  return thread;
-}
-
-function toRuntimeMessage(message: ThreadMessagePayload["message"]): Message {
-  if (isSerializedMessage(message)) {
-    return Message[WORKFLOW_DESERIALIZE](message);
-  }
-  return message;
-}
-
 function getPayloadChannelId(payload: { thread: ThreadMessagePayload["thread"] }): string | undefined {
   return payload.thread.channelId;
 }
@@ -71,6 +55,13 @@ export async function logThreadMessageFailureStep(
 
 export async function processThreadMessageStep(payload: ThreadMessagePayload, workflowRunId?: string): Promise<void> {
   "use step";
+  const [{ Message, ThreadImpl }, { WORKFLOW_DESERIALIZE }] = await Promise.all([import("chat"), import("@workflow/serde")]);
+  const threadDeserializer = (ThreadImpl as unknown as Record<PropertyKey, (value: SerializedThread) => Thread>)[
+    WORKFLOW_DESERIALIZE
+  ];
+  const messageDeserializer = (Message as unknown as Record<PropertyKey, (value: SerializedMessage) => Message>)[
+    WORKFLOW_DESERIALIZE
+  ];
   const [
     { appSlackRuntime, bot },
     { downloadPrivateSlackFile },
@@ -120,8 +111,12 @@ export async function processThreadMessageStep(payload: ThreadMessagePayload, wo
     await getStateAdapter().connect();
     stateAdapterConnected = true;
   }
-  const runtimeThread = toRuntimeThread(payload.thread);
-  const runtimeMessage = toRuntimeMessage(payload.message);
+  const runtimeThread = isSerializedThread(payload.thread)
+    ? threadDeserializer(payload.thread)
+    : payload.thread;
+  const runtimeMessage = isSerializedMessage(payload.message)
+    ? messageDeserializer(payload.message)
+    : payload.message;
   const runtimePayload = {
     ...payload,
     thread: runtimeThread,