Add callback support for standalone activities

[fretz12]

What changed?

Added completion callback support to standalone activities:

• Callback lifecycle: When a standalone activity reaches a terminal state (completed, failed, canceled, terminated, timed out), it now fires any registered Nexus completion callbacks — the same mechanism workflows already use.
• Frontend validation: Callback URL length, header size, and endpoint allowlist validation is now shared between workflows and standalone activities via callbacks.ValidateCallbacks, refactored out of the workflow handler.
• Describe response: DescribeActivityExecution now returns callback state (CallbackInfo) including trigger, status, attempt count, and failure details.
• Start response: StartActivityExecutionResponse now includes a Link_Activity_ identifying the started (or reused) activity.
• Config: Renamed MaxCHASMCallbacksPerWorkflow to MaxCallbacksPerExecution since it now applies to both workflows and standalone activities.

Why?

The v2 scheduler needs to start standalone activities on a schedule and be notified when they complete, so it can track action results, handle overlap policies, and support pause-on-failure. Workflows already have this via CompletionCallbacks + Nexus callback delivery. This PR gives standalone activities the same capability, reusing the existing callback library rather than reimplementing the
delivery/retry/backoff logic. This is a prerequisite for the scheduler's Invoker to call StartActivityExecution with a callback pointing back to the Scheduler component.

How did you test it?

• built
• run locally and tested manually
• covered by existing tests
• added new unit test(s)
• added new functional test(s)

[bergundy]

The logic you've added LGTM overall, here are the gaps:

• Missing validation in the frontend for the callbacks.
• Missing callback info in the describe response.
• Missing returning links in the StartActivityExecution response.

[Copilot]

Pull request overview

Adds Nexus completion-callback support to standalone activities, reusing the existing callbacks library/validation used by workflows, and renames the CHASM callback limit dynamic config to apply to both workflows (CHASM path) and standalone activities.

Changes:

• Attach/validate CompletionCallbacks on StartActivityExecution for standalone activities and trigger delivery on terminal activity close.
• Centralize callback validation in components/callbacks.ValidateCallbacks and reuse it for workflow start validation.
• Rename dynamic config from MaxCHASMCallbacksPerWorkflow to MaxCallbacksPerExecution, and extend functional tests for callbacks + response link fields.

Reviewed changes

Copilot reviewed 13 out of 14 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
tests/standalone_activity_test.go	Adds functional coverage for callback acceptance, describe visibility, and delivery on activity terminal states.
service/history/workflow/mutable_state_impl.go	Switches CHASM workflow callback cap to MaxCallbacksPerExecution.
service/history/configs/config.go	Wires new MaxCallbacksPerExecution config getter into history config.
service/frontend/workflow_handler.go	Replaces local workflow callback validation with shared callbacks.ValidateCallbacks.
components/callbacks/config.go	Introduces shared ValidateCallbacks and internalizes URL allowlist validation helpers.
components/callbacks/config_test.go	Adds unit tests for ValidateCallbacks; updates allowlist tests to new internal method name.
common/dynamicconfig/constants.go	Renames/defines MaxCallbacksPerExecution dynamic config setting and description.
chasm/lib/activity/frontend.go	Validates/normalizes callbacks on StartActivityExecution requests for standalone activities.
chasm/lib/activity/config.go	Adds callback-related dynamic config accessors to standalone activity config.
chasm/lib/activity/handler.go	Persists callbacks on activity start and returns an Activity link in StartActivityExecutionResponse.
chasm/lib/activity/activity.go	Stores callbacks on the activity, triggers them on close, and surfaces callback info in DescribeActivityExecution.
go.mod / go.sum	Bumps go.temporal.io/api dependency to a newer dev revision.
cmd/tools/getproto/files.go	Removes a stray leading line from generated file header.

[fretz12]

I'd prefer to force all errors in callbacks.ValidateCallbacks to return serviceerrors, but didn't want to break anything existing. Open to advice here

[bergundy]

I'd be fine if you switched to service errors. That's very common in the codebase. It's technically redundant because it adds a header with a serialized proto that most SDKs don't care about (only Go SDK does).

[fretz12]

done

[lina-temporal]

What about adding a separate trigger variant for standalone activities? I can see us not wanting to move CallbackInfo from workflowpb because of backwards compatibility, but this feels like something we could introduce more easily now than later. If this has already been discussed and decided, that's fine too.

[fretz12]

Yes! That was caught in the API PR. It's now activity specific too

[dandavison]

Looks great, I did a pass and made some suggestions.

My main concern is it's not clear to me that we should release this using the workflow CallbackInfo. We'll want to straighten that out in the future, but that would be a backwards incompatible API change. So it seems to me that we need to straighten that out now.

[dandavison]

As I suggested above, would be good to add coverage of the timeout cases since they can cause attempt.CompleteTime not to be set.

[fretz12]

Yes, added tests for all terminal cases

[dandavison]

Can we add a comment explaining what desirable properties follow from this ID-naming scheme (and add the same comment to chasm/lb/workflow/workflow.go.

Can someone confirm that the ID naming scheme used by HSM callbacks, which was designed to address a replication concern that I haven't fully understood yet, is not required by CHASM workflow/SAA callbacks?

https://github.com/temporalio/temporal/blob/main/service/history/workflow/mutable_state_impl.go#L3174-L3176

[fretz12]

Added a comment, please double check accuracy folks

[bergundy]

No need to mention HSM here IMHO.

[fretz12]

Removed

[dandavison]

It should either be success or failure, so we don't expect to get here. WDYT about:

Suggested change

	opts.Error = opErr
	}
	return opts, nil
	opts.Error = opErr
	return opts, nil
	}
	return nexusrpc.CompleteOperationOptions{}, serviceerror.NewInternalf("activity in status %v has no outcome", a.Status)

[fretz12]

refactored

[dandavison]

We do this check-in-two-places-for-a-failure logic in another place. I worry that something will forget to do it in the future. Adding a documented helper would reduce that risk. WDYT about introducing this helper:

diff

diff --git a/chasm/lib/activity/activity.go b/chasm/lib/activity/activity.go
index 43f583674..8cf5a583a 100644
--- a/chasm/lib/activity/activity.go
+++ b/chasm/lib/activity/activity.go
@@ -362,16 +362,7 @@ func (a *Activity) GetNexusCompletion(ctx chasm.Context, _ string) (nexusrpc.Com
 		return opts, nil
 	}
 
-	var failure *failurepb.Failure
-	if f := outcome.GetFailed(); f != nil {
-		failure = f.GetFailure()
-	}
-	if failure == nil {
-		if details := attempt.GetLastFailureDetails(); details != nil {
-			failure = details.GetFailure()
-		}
-	}
-
+	failure := a.terminalFailure(ctx)
 	if failure != nil {
 		state := nexus.OperationStateFailed
 		message := "operation failed"
@@ -947,15 +938,23 @@ func (a *Activity) outcome(ctx chasm.Context) *apiactivitypb.ActivityExecutionOu
 			Value: &apiactivitypb.ActivityExecutionOutcome_Result{Result: successful.GetOutput()},
 		}
 	}
-	if failure := activityOutcome.GetFailed().GetFailure(); failure != nil {
+	if failure := a.terminalFailure(ctx); failure != nil {
 		return &apiactivitypb.ActivityExecutionOutcome{
 			Value: &apiactivitypb.ActivityExecutionOutcome_Failure{Failure: failure},
 		}
 	}
+	return nil
+}
+
+// terminalFailure returns the failure for a closed activity. The failure may be stored in
+// Outcome.Failed (terminated, canceled, timed out) or in LastAttempt.LastFailureDetails
+// (failed after exhausting retries). Returns nil if no failure is found.
+func (a *Activity) terminalFailure(ctx chasm.Context) *failurepb.Failure {
+	if f := a.Outcome.Get(ctx).GetFailed(); f != nil {
+		return f.GetFailure()
+	}
 	if details := a.LastAttempt.Get(ctx).GetLastFailureDetails(); details != nil {
-		return &apiactivitypb.ActivityExecutionOutcome{
-			Value: &apiactivitypb.ActivityExecutionOutcome_Failure{Failure: details.GetFailure()},
-		}
+		return details.GetFailure()
 	}
 	return nil
 }

[fretz12]

refactored

[dandavison]

This is an identical copy of the function used for workflow CHASM callbacks: https://github.com/temporalio/temporal/blob/main/chasm/lib/workflow/workflow.go#L56

That suggests that it should be moved into chasm/lib/callback.

[fretz12]

refactored

[dandavison]

There's a little bug here. This isn't set on schedule-to-start and schedule-to-close timeouts, nor when terminated in SCHEDULED state. I believe the fix is

Suggested change

	CloseTime: attempt.GetCompleteTime().AsTime(),
	CloseTime: ctx.ExecutionInfo().CloseTime,

Failing test case

	t.Run("ScheduleToStartTimeoutWithCallbacks", func(t *testing.T) {
		activityID := testcore.RandomizeStr(t.Name())
		taskQueue := testcore.RandomizeStr(t.Name())

		ch := &completionHandler{
			requestCh:         make(chan *nexusrpc.CompletionRequest, 1),
			requestCompleteCh: make(chan error, 1),
		}
		defer func() {
			close(ch.requestCh)
			close(ch.requestCompleteCh)
		}()
		callbackAddress := s.runNexusCompletionHTTPServer(t, ch)

		_, err := s.FrontendClient().StartActivityExecution(ctx, &workflowservice.StartActivityExecutionRequest{
			Namespace:    s.Namespace().String(),
			ActivityId:   activityID,
			ActivityType: s.tv.ActivityType(),
			Identity:     s.tv.WorkerIdentity(),
			Input:        defaultInput,
			TaskQueue: &taskqueuepb.TaskQueue{
				Name: taskQueue,
			},
			StartToCloseTimeout:    durationpb.New(1 * time.Minute),
			ScheduleToStartTimeout: durationpb.New(1 * time.Second),
			RequestId:              s.tv.Any().String(),
			CompletionCallbacks: []*commonpb.Callback{{
				Variant: &commonpb.Callback_Nexus_{Nexus: &commonpb.Callback_Nexus{Url: callbackAddress}},
			}},
		})
		require.NoError(t, err)

		// No worker polls -- activity will time out waiting to be started.

		// Verify the callback is delivered with failure state and non-zero CloseTime.
		select {
		case completion := <-ch.requestCh:
			require.Equal(t, nexus.OperationStateFailed, completion.State)
			var failureErr *nexus.FailureError
			require.ErrorAs(t, completion.Error.Cause, &failureErr)
			require.Contains(t, failureErr.Failure.Message, "ScheduleToStart")
			// StartTime may be zero (activity was never started), but CloseTime must not be.
			require.False(t, completion.CloseTime.IsZero(), "CloseTime must not be zero for a timed-out activity")
			ch.requestCompleteCh <- nil
		case <-ctx.Done():
			require.Fail(t, "timed out waiting for completion callback")
		}

		descResp, err := s.FrontendClient().DescribeActivityExecution(ctx, &workflowservice.DescribeActivityExecutionRequest{
			Namespace:  s.Namespace().String(),
			ActivityId: activityID,
		})
		require.NoError(t, err)
		require.Equal(t, enumspb.ACTIVITY_EXECUTION_STATUS_TIMED_OUT, descResp.GetInfo().GetStatus())
	})

[fretz12]

Good catch. Changed. Also added extra tests for all terminal states

[bergundy]

You're missing the ability to attach callbacks to a running activity when use existing is specified. You'll want to express that with on_conflict_options on the StartActivityExecutionRequest.

[bergundy]

This is a bug if it happens.

Suggested change

	return nexusrpc.CompleteOperationOptions{}, serviceerror.NewFailedPrecondition("activity has not completed yet")
	return nexusrpc.CompleteOperationOptions{}, serviceerror.NewInternal("activity has not completed yet")

[fretz12]

done

[bergundy]

No need to mention HSM here IMHO.

[bergundy]

This shouldn't be attempt started time IMHO, it should be the schedule time for the activity.

[fretz12]

done

[bergundy]

Don't add more code to the HSM implementation. All new code should go in chasm/lib.

[fretz12]

it's been refactored

[bergundy]

I'd be fine if you switched to service errors. That's very common in the codebase. It's technically redundant because it adds a header with a serialized proto that most SDKs don't care about (only Go SDK does).

[bergundy]

Use NexusFailureToTemporalFailure and use the SDK's default failure converter to perform assertions on the errors.

[fretz12]

done

[bergundy]

Same as above please.

[fretz12]

ack

[bergundy]

Same here, this should be a canceled error from the Go SDK.

[fretz12]

ack

[bergundy]

Same here, use Temporal errors for the comparison.

[fretz12]

ack

[bergundy]

No need to check all of the different timeout types, it's all the same outcome.

[fretz12]

ok, kept schedule-to-start and added a comment

[fretz12]

This uses MaxCHASMCallbacksPerExecution (default 2000) while the frontend Validator uses MaxCallbacksPerWorkflow (default 32). Should standalone activities use their own CHASM-specific limit, or share the same limit as workflows?

[fretz12]

Alternatively, we could remove the count check from the Validator entirely since it's a per-component concern that depends on currentCount.
I can use some advice.

[bergundy]

It should be the same limit across all archtypes. We have to validate in the CHASM transaction because we don't know how many callbacks are already attached to the execution. The 32 limit is for the HSM implementation that is already deprecated.

[bergundy]

Still don't see on-conflict-policy and use_existing implemented.

[bergundy]

This DC still says "per workflow"

[fretz12]

It now uses callback.maxPerExecution in chasm/lib/callback/config.go

[fretz12]

It now uses callback.maxPerExecution in chasm/lib/callback/config.go

[bergundy]

Noted above, the name execution was correct. This is not just for workflows.

[bergundy]

You can move this into chasm/lib/callback/config.go AFAIC and rename to callback.maxPerExecution

[fretz12]

refactored into chasm/lib/callback/config.go and renamed to callback.maxPerExecution

[bergundy]

It should be the same limit across all archtypes. We have to validate in the CHASM transaction because we don't know how many callbacks are already attached to the execution. The 32 limit is for the HSM implementation that is already deprecated.

[fretz12]

Previous frontend cb validation basically used the hsm config MaxCallbacksPerWorkflow. want to be extra sure changing this from a default of 32 -> 2000 won't break anything
FYI @bergundy

[bergundy]

I think it's fine since the history handler should be validating the total number of attached callbacks anyways. This is just an initial sanity validation step.

[bergundy]

But please confirm in the workflow implementation please.

[fretz12]

Confirmed:
worfklows

[bergundy]

I don't think you need this request struct, you can pass in the arguments separately. The single struct is good for if you want to call UpdateComponent with a method directly.

[fretz12]

refactored

[bergundy]

You shouldn't start a second transaction here. Use chasm.UpdateWithStartExecution instead of StartExecution above.

[fretz12]

I tried switching to UpdateWithStartExecution but it breaks for the FAIL conflict policy case. The engine's UpdateWithStartExecution always calls updateFn when the execution already exists — it doesn't check BusinessIDConflictPolicy. So with FAIL policy, instead of getting ExecutionAlreadyStartedError, the updateFn runs successfully and returns Created=false with no error.
To make this work, the engine would need to either respect BusinessIDConflictPolicyFail in the updateFn. Added a TODO for now, we can follow up in separate PR for that

[bergundy]

I think it's fine since the history handler should be validating the total number of attached callbacks anyways. This is just an initial sanity validation step.

[bergundy]

But please confirm in the workflow implementation please.

[bergundy]

You should validate that all 3 attach options are set at once.

[bergundy]

It's what we've done for workflow AFAIR. It's a bit silly but we should keep consistent with workflows.

[fretz12]

done

[bergundy]

Missing coverage for attaching to a new activity, existing activity and that the second start with on conflict options is idempotent.

[fretz12]

added