From c7678311b3f6f69b80e6ff1d3dd5a8354ae16f6e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Shi=20Nguy=E1=BB=85n?= <prettycode2022@gmail.com>
Date: Fri, 22 Aug 2025 18:05:04 +0700
Subject: [PATCH] fix(core): Integer overflow in insights runtime calculation
 (#18122)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Shi Nguyễn <prettycode2022@Shis-MacBook-Pro.local>
---
 .../modules/insights/insights-collection.service.ts   | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/packages/cli/src/modules/insights/insights-collection.service.ts b/packages/cli/src/modules/insights/insights-collection.service.ts
index 291b8aeeff..5ee16e99d4 100644
--- a/packages/cli/src/modules/insights/insights-collection.service.ts
+++ b/packages/cli/src/modules/insights/insights-collection.service.ts
@@ -42,6 +42,11 @@ const shouldSkipMode: Record<WorkflowExecuteMode, boolean> = {
 	manual: true,
 };
 
+const MIN_RUNTIME = 0;
+
+// PostgreSQL INTEGER max (signed 32-bit)
+const MAX_RUNTIME = 2 ** 31 - 1;
+
 type BufferedInsight = Pick<InsightsRaw, 'type' | 'value' | 'timestamp'> & {
 	workflowId: string;
 	workflowName: string;
@@ -135,7 +140,11 @@ export class InsightsCollectionService {
 
 		// run time event
 		if (ctx.runData.stoppedAt) {
-			const value = ctx.runData.stoppedAt.getTime() - ctx.runData.startedAt.getTime();
+			const runtimeMs = ctx.runData.stoppedAt.getTime() - ctx.runData.startedAt.getTime();
+			if (runtimeMs < MIN_RUNTIME || runtimeMs > MAX_RUNTIME) {
+				this.logger.warn(`Invalid runtime detected: ${runtimeMs}ms, clamping to safe range`);
+			}
+			const value = Math.min(Math.max(runtimeMs, MIN_RUNTIME), MAX_RUNTIME);
 			this.bufferedInsights.add({
 				...commonWorkflowData,
 				type: 'runtime_ms',