bunqueue 2.8.6 → 2.8.7

package/dist/application/operations/ack.d.ts

@@ -57,7 +57,7 @@ export declare function ackJob(jobId: JobId, result: unknown, ctx: AckContext):
 /**
  * Mark job as failed
  */
-export declare function failJob(jobId: JobId, error: string | undefined, ctx: AckContext): Promise<void>;
+export declare function failJob(jobId: JobId, error: string | undefined, ctx: AckContext, unrecoverable?: boolean): Promise<void>;
 /**
  * Acknowledge multiple jobs - optimized batch processing
  * Groups jobs by shard to minimize lock acquisitions: O(shards) instead of O(n)

package/dist/application/operations/ack.js

@@ -112,7 +112,7 @@ function moveFailedJobToDlq(job, jobId, error, shard, ctx) {
 /**
  * Mark job as failed
  */
-export async function failJob(jobId, error, ctx) {
+export async function failJob(jobId, error, ctx, unrecoverable = false) {
     const procIdx = processingShardIndex(jobId);
     const job = await withWriteLock(ctx.processingLocks[procIdx], () => {
         const job = ctx.processingShards[procIdx].get(jobId);
@@ -134,7 +134,7 @@ export async function failJob(jobId, error, ctx) {
     await withWriteLock(ctx.shardLocks[idx], () => {
         const shard = ctx.shards[idx];
         shard.releaseJobResources(job.queue, job.uniqueKey, job.groupId);
-        if (canRetry(job)) {
+        if (!unrecoverable && canRetry(job)) {
             const now = Date.now();
             job.runAt = now + calculateBackoff(job);
             shard.getQueue(job.queue).push(job);

package/dist/application/queueManager.d.ts

@@ -79,7 +79,7 @@ export declare class QueueManager {
         result: unknown;
         token?: string;
     }>): Promise<void>;
-    fail(jobId: JobId, error?: string, token?: string): Promise<void>;
+    fail(jobId: JobId, error?: string, token?: string, unrecoverable?: boolean): Promise<void>;
     /**
      * Check if a failed lock verification is a genuine ownership conflict.
      * If the job is still in processing with a different lock, throw.

package/dist/application/queueManager.js

@@ -358,7 +358,7 @@ export class QueueManager {
             lockMgr.releaseLock(item.id, lockCtx, item.token);
         }
     }
-    async fail(jobId, error, token) {
+    async fail(jobId, error, token, unrecoverable = false) {
         const lockCtx = this.contextFactory.getLockContext();
         if (token && !lockMgr.verifyLock(jobId, token, lockCtx)) {
             this.throwIfOwnershipConflict(jobId, lockCtx);
@@ -367,7 +367,7 @@ export class QueueManager {
                 return;
         }
         try {
-            await failJob(jobId, error, this.contextFactory.getAckContext());
+            await failJob(jobId, error, this.contextFactory.getAckContext(), unrecoverable);
         }
         catch (err) {
             // Job removed from processing by stall detection. The stall retry

package/dist/application/statsManager.js

@@ -3,6 +3,16 @@
  * Provides system metrics and memory compaction utilities
  */
 import { SHARD_COUNT, shardIndex } from '../shared/hash';
+/** Count jobs belonging to `queueName` across one or more job iterables. */
+function countByQueue(sources, queueName) {
+    let count = 0;
+    for (const src of sources) {
+        for (const job of src)
+            if (job.queue === queueName)
+                count++;
+    }
+    return count;
+}
 /**
  * Get queue statistics - uses running counters + priority scan
  */
@@ -14,7 +24,10 @@ export function getStats(ctx, cronScheduler) {
         delayed += shardStats.delayedJobs;
         dlq += shardStats.dlqJobs;
         active += ctx.processingShards[i].size;
-        waitingChildren += ctx.shards[i].waitingChildren.size;
+        // getJobState reports BOTH waitingChildren (flow parents) and waitingDeps
+        // (jobs blocked on dependsOn) as state 'waiting-children', and getJobs lists
+        // both — so the count must include both or it undercounts vs state/list (#95 class).
+        waitingChildren += ctx.shards[i].waitingChildren.size + ctx.shards[i].waitingDeps.size;
         // Scan queues to split waiting vs prioritized (BullMQ v5 compat)
         for (const queue of ctx.shards[i].queues.values()) {
             for (const job of queue.values()) {
@@ -174,13 +187,10 @@ export function getQueueJobCounts(queueName, ctx) {
     }
     // Count failed (DLQ) jobs for this queue
     const failed = shard.getDlq(queueName).length;
-    // Count waiting-children jobs (parents waiting for child completion)
-    let waitingChildrenCount = 0;
-    for (const job of shard.waitingChildren.values()) {
-        if (job.queue === queueName) {
-            waitingChildrenCount++;
-        }
-    }
+    // Count waiting-children jobs. getJobState/getJobs treat BOTH waitingChildren
+    // (flow parents) and waitingDeps (jobs blocked on dependsOn) as 'waiting-children',
+    // so count both to stay consistent with state/list (#95 class).
+    const waitingChildrenCount = countByQueue([shard.waitingChildren.values(), shard.waitingDeps.values()], queueName);
     // Per-queue cumulative counters
     const perQueue = ctx.perQueueMetrics?.get(queueName);
     const totalCompleted = Number(perQueue?.totalCompleted ?? 0n);

package/dist/client/queue/dlq.js

@@ -64,7 +64,7 @@ export function retryDlq(ctx, id) {
     if (ctx.embedded)
         return dlqOps.retryDlqEmbedded(ctx.name, id);
     if (ctx.tcp)
-        void ctx.tcp.send({ cmd: 'RetryDlq', queue: ctx.name, id });
+        void ctx.tcp.send({ cmd: 'RetryDlq', queue: ctx.name, jobId: id });
     return 0;
 }
 /** Retry DLQ entries by filter */

package/dist/client/queue/operations/management.js

@@ -77,7 +77,8 @@ export async function cleanAsync(ctx, grace, limit, type) {
         queue: ctx.name,
         grace,
         limit,
-        type,
+        // Handler reads `state`; sending `type` made the state filter a no-op.
+        state: type,
     });
     if (!response.ok)
         return [];
@@ -107,7 +108,8 @@ export async function promoteJobs(ctx, opts) {
     });
     if (!response.ok)
         return 0;
-    return (response.promoted ?? 0);
+    // Handler returns `count`; reading `promoted` always yielded 0.
+    return (response.count ?? 0);
 }
 /** Promote a single job */
 export async function promoteJob(ctx, id) {

package/dist/client/queue/scheduler.js

@@ -65,6 +65,9 @@ export async function upsertJobScheduler(ctx, schedulerId, repeatOpts, jobTempla
     const dedupFields = buildCronDedup(jobTemplate);
     const jobOptions = buildCronJobOptions(ctx.defaultJobOptions, jobTemplate);
     const cronName = toCronName(ctx, schedulerId);
+    // Priority of spawned jobs: carried on the top-level Cron field (the handler
+    // reads cmd.priority), which buildCronJobOptions does not cover.
+    const priority = jobTemplate?.opts?.priority ?? ctx.defaultJobOptions?.priority;
     if (ctx.embedded) {
         const manager = getSharedManager();
         manager.addCron({
@@ -73,6 +76,7 @@ export async function upsertJobScheduler(ctx, schedulerId, repeatOpts, jobTempla
             data,
             schedule: cronPattern,
             repeatEvery,
+            priority,
             timezone: repeatOpts.timezone ?? 'UTC',
             skipMissedOnRestart: repeatOpts.skipMissedOnRestart,
             immediately: repeatOpts.immediately,
@@ -94,6 +98,7 @@ export async function upsertJobScheduler(ctx, schedulerId, repeatOpts, jobTempla
         data,
         schedule: cronPattern,
         repeatEvery,
+        priority,
         timezone: repeatOpts.timezone,
         skipMissedOnRestart: repeatOpts.skipMissedOnRestart,
         immediately: repeatOpts.immediately,

package/dist/client/worker/worker.js

@@ -398,9 +398,12 @@ export class Worker extends EventEmitter {
             cmd: 'ExtendLocks',
             ids: jobIds,
             tokens,
-            duration,
+            // Protocol expects a per-id `durations` array, and the handler returns
+            // `count` (not `extended`). Sending `duration`/reading `extended` made
+            // batch lock renewal silently keep the old TTL.
+            durations: jobIds.map(() => duration),
         });
-        const extended = response.extended;
+        const extended = response.count;
         return extended ?? 0;
     }
     // ============ Lifecycle ============
@@ -735,6 +738,7 @@ export class Worker extends EventEmitter {
             workerId: this.workerId,
             useLocks: this.opts.useLocks,
             pollTimeout: this.opts.pollTimeout,
+            lockDuration: this.opts.lockDuration,
         };
     }
     /** Apply worker-level removeOnComplete/removeOnFail defaults to a job */

package/dist/client/worker/workerPull.d.ts

@@ -9,6 +9,8 @@ export interface PullConfig {
     readonly workerId: string;
     readonly useLocks: boolean;
     readonly pollTimeout: number;
+    /** Lock TTL in ms to request from the server on a lock-based pull. */
+    readonly lockDuration?: number;
 }
 export declare function pullEmbedded(config: PullConfig, count: number): Promise<Array<{
     job: InternalJob;

package/dist/client/worker/workerPull.js

@@ -6,13 +6,14 @@ import { getSharedManager } from '../manager';
 import { parseJobFromResponse } from './jobParser';
 export async function pullEmbedded(config, count) {
     const manager = getSharedManager();
-    // Use lock-based pull only when useLocks is enabled
+    // Use lock-based pull only when useLocks is enabled. Pass lockDuration so the
+    // configured lock TTL is honored in embedded mode too (undefined → server default).
     if (config.useLocks) {
         if (count === 1) {
-            const { job, token } = await manager.pullWithLock(config.name, config.workerId, 0);
+            const { job, token } = await manager.pullWithLock(config.name, config.workerId, 0, config.lockDuration);
             return job ? [{ job, token }] : [];
         }
-        const { jobs, tokens } = await manager.pullBatchWithLock(config.name, count, config.workerId, 0);
+        const { jobs, tokens } = await manager.pullBatchWithLock(config.name, count, config.workerId, 0, config.lockDuration);
         return jobs.map((job, i) => ({ job, token: tokens[i] || null }));
     }
     // No locks - use regular pull
@@ -26,16 +27,22 @@ export async function pullEmbedded(config, count) {
 export async function pullTcp(config, tcp, count, closing) {
     if (closing)
         return [];
-    // Build pull command - only request locks if useLocks is enabled
+    // Build pull command - only request locks if useLocks is enabled.
+    // `count` belongs to the batch PULLB; a single PULL doesn't need it.
     const cmd = {
         cmd: count === 1 ? 'PULL' : 'PULLB',
         queue: config.name,
         timeout: config.pollTimeout,
-        count,
     };
+    if (count > 1)
+        cmd.count = count;
     // Only request lock ownership when useLocks is enabled
     if (config.useLocks) {
         cmd.owner = config.workerId;
+        // Propagate the configured lock TTL so the server doesn't always fall back
+        // to its 30s default (WorkerOptions.lockDuration was previously ignored).
+        if (config.lockDuration !== undefined)
+            cmd.lockTtl = config.lockDuration;
     }
     const response = await tcp.send(cmd);
     if (!response.ok)

package/dist/domain/types/command.d.ts

@@ -98,6 +98,8 @@ export interface FailCommand extends BaseCommand {
     readonly id: string;
     readonly error?: string;
     readonly token?: string;
+    /** Skip all remaining retries and fail terminally (UnrecoverableError over TCP). */
+    readonly unrecoverable?: boolean;
 }
 export interface GetJobCommand extends BaseCommand {
     readonly cmd: 'GetJob';
@@ -309,6 +311,8 @@ export interface AddLogCommand extends BaseCommand {
 export interface GetLogsCommand extends BaseCommand {
     readonly cmd: 'GetLogs';
     readonly id: string;
+    readonly start?: number;
+    readonly end?: number;
 }
 export interface HeartbeatCommand extends BaseCommand {
     readonly cmd: 'Heartbeat';

package/dist/infrastructure/server/handlers/advanced.js

@@ -4,6 +4,45 @@
  */
 import * as resp from '../../../domain/types/response';
 import { jobId } from '../../../domain/types/job';
+/**
+ * Coerce a value to a finite number, or return undefined if it can't be.
+ * Guards config endpoints against non-numeric input (e.g. `"abc"`) that would
+ * otherwise reach numeric comparisons as NaN and silently break behaviour
+ * (a string `stallInterval` disabled stall detection entirely).
+ */
+function toFiniteNumber(value) {
+    if (value === undefined || value === null)
+        return undefined;
+    const n = typeof value === 'number' ? value : Number(value);
+    return Number.isFinite(n) ? n : undefined;
+}
+/**
+ * Sanitize the numeric fields of a config object: coerce numeric strings, drop
+ * non-numeric garbage (so the manager's merge keeps the existing/default value
+ * instead of storing NaN). Booleans and unknown keys pass through untouched.
+ */
+function sanitizeConfigNumbers(config, numericKeys) {
+    if (!config || typeof config !== 'object')
+        return config;
+    const numeric = new Set(numericKeys);
+    const out = {};
+    for (const [key, value] of Object.entries(config)) {
+        if (!numeric.has(key)) {
+            out[key] = value; // booleans / unknown keys pass through untouched
+            continue;
+        }
+        if (value === null) {
+            out[key] = null; // valid for nullable fields (e.g. dlq maxAge)
+            continue;
+        }
+        const n = toFiniteNumber(value);
+        // coerce numeric strings; omit non-numeric garbage so the manager's merge
+        // keeps the existing/default value instead of storing NaN
+        if (n !== undefined)
+            out[key] = n;
+    }
+    return out;
+}
 // ============ Job Management ============
 /** Handle Update command - update job data */
 export async function handleUpdate(cmd, ctx, reqId) {
@@ -122,8 +161,11 @@ export function handleCount(cmd, ctx, reqId) {
 // ============ Rate Limiting ============
 /** Handle RateLimit command */
 export function handleRateLimit(cmd, ctx, reqId) {
-    ctx.queueManager.setRateLimit(cmd.queue, cmd.limit);
-    ctx.queueManager.emitDashboardEvent('ratelimit:set', { queue: cmd.queue, max: cmd.limit });
+    const limit = toFiniteNumber(cmd.limit);
+    if (limit === undefined)
+        return resp.error('limit must be a finite number', reqId);
+    ctx.queueManager.setRateLimit(cmd.queue, limit);
+    ctx.queueManager.emitDashboardEvent('ratelimit:set', { queue: cmd.queue, max: limit });
     return resp.ok(undefined, reqId);
 }
 /** Handle RateLimitClear command */
@@ -134,10 +176,13 @@ export function handleRateLimitClear(cmd, ctx, reqId) {
 }
 /** Handle SetConcurrency command */
 export function handleSetConcurrency(cmd, ctx, reqId) {
-    ctx.queueManager.setConcurrency(cmd.queue, cmd.limit);
+    const limit = toFiniteNumber(cmd.limit);
+    if (limit === undefined)
+        return resp.error('limit must be a finite number', reqId);
+    ctx.queueManager.setConcurrency(cmd.queue, limit);
     ctx.queueManager.emitDashboardEvent('concurrency:set', {
         queue: cmd.queue,
-        concurrency: cmd.limit,
+        concurrency: limit,
     });
     return resp.ok(undefined, reqId);
 }
@@ -150,10 +195,11 @@ export function handleClearConcurrency(cmd, ctx, reqId) {
 // ============ Config Commands ============
 /** Handle SetStallConfig command */
 export function handleSetStallConfig(cmd, ctx, reqId) {
-    ctx.queueManager.setStallConfig(cmd.queue, cmd.config);
+    const config = sanitizeConfigNumbers(cmd.config, ['stallInterval', 'maxStalls', 'gracePeriod']);
+    ctx.queueManager.setStallConfig(cmd.queue, config);
     ctx.queueManager.emitDashboardEvent('config:stall-changed', {
         queue: cmd.queue,
-        config: cmd.config,
+        config,
     });
     return resp.ok(undefined, reqId);
 }
@@ -164,10 +210,16 @@ export function handleGetStallConfig(cmd, ctx, reqId) {
 }
 /** Handle SetDlqConfig command */
 export function handleSetDlqConfig(cmd, ctx, reqId) {
-    ctx.queueManager.setDlqConfig(cmd.queue, cmd.config);
+    const config = sanitizeConfigNumbers(cmd.config, [
+        'autoRetryInterval',
+        'maxAutoRetries',
+        'maxAge',
+        'maxEntries',
+    ]);
+    ctx.queueManager.setDlqConfig(cmd.queue, config);
     ctx.queueManager.emitDashboardEvent('config:dlq-changed', {
         queue: cmd.queue,
-        config: cmd.config,
+        config,
     });
     return resp.ok(undefined, reqId);
 }

package/dist/infrastructure/server/handlers/core.js

@@ -189,7 +189,7 @@ export async function handleAckBatch(cmd, ctx, reqId) {
 export async function handleFail(cmd, ctx, reqId) {
     try {
         const jid = jobId(cmd.id);
-        await ctx.queueManager.fail(jid, cmd.error, cmd.token);
+        await ctx.queueManager.fail(jid, cmd.error, cmd.token, cmd.unrecoverable);
         // Unregister job from client tracking
         ctx.queueManager.unregisterClientJob(ctx.clientId, jid);
         return resp.ok(undefined, reqId);

package/dist/infrastructure/server/handlers/cron.js

@@ -40,6 +40,7 @@ export function handleCron(cmd, ctx, reqId) {
                 repeatEvery: cron.repeatEvery,
                 nextRun: cron.nextRun,
                 timezone: cron.timezone,
+                priority: cron.priority,
             },
             reqId,
         };

package/dist/infrastructure/server/handlers/monitoring.js

@@ -18,8 +18,13 @@ export function handleAddLog(cmd, ctx, reqId) {
 }
 export function handleGetLogs(cmd, ctx, reqId) {
     const jid = jobId(cmd.id);
-    const logs = ctx.queueManager.getLogs(jid);
-    return resp.data({ logs }, reqId);
+    const all = ctx.queueManager.getLogs(jid);
+    // Honor optional pagination (start/end inclusive) the client already sends.
+    const total = all.length;
+    const logs = cmd.start === undefined && cmd.end === undefined
+        ? all
+        : all.slice(cmd.start ?? 0, (cmd.end ?? total - 1) + 1);
+    return resp.data({ logs, count: total }, reqId);
 }
 // ============ Worker Heartbeat ============
 export function handleHeartbeat(cmd, ctx, reqId) {

package/dist/infrastructure/server/http.js

@@ -59,6 +59,17 @@ export function createHttpServer(queueManager, config) {
     });
     // Helper to get CORS origin string
     const getCorsOrigin = () => (corsOrigins.has('*') ? '*' : Array.from(corsOrigins).join(', '));
+    // Attach CORS to responses built outside the routeRequest pipeline (health,
+    // ready, prometheus, debug) so browser dashboards can read them cross-origin
+    // (audit #16-20). Response headers are mutable for normally-constructed
+    // Responses; this never overwrites an existing value set by the endpoint.
+    const withCors = async (r) => {
+        const res = await r;
+        if (!res.headers.has('Access-Control-Allow-Origin')) {
+            res.headers.set('Access-Control-Allow-Origin', getCorsOrigin());
+        }
+        return res;
+    };
     // Fetch handler
     const fetch = async (req, server) => {
         const url = new URL(req.url);
@@ -69,26 +80,26 @@ export function createHttpServer(queueManager, config) {
         }
         // Health endpoints (no auth, no rate limit)
         if (path === '/health') {
-            return healthEndpoint(queueManager, wsHandler.size, sseHandler.size);
+            return withCors(healthEndpoint(queueManager, wsHandler.size, sseHandler.size));
         }
         if (path === '/healthz' || path === '/live') {
-            return new Response('OK', { status: 200 });
+            return withCors(new Response('OK', { status: 200 }));
         }
         if (path === '/ready') {
-            return jsonResponse({ ok: true, ready: true });
+            return jsonResponse({ ok: true, ready: true }, 200, corsOrigins);
         }
         // Debug endpoints (require auth)
         if (path === '/gc' && req.method === 'POST') {
             const denied = checkAuth(req, authTokens);
             if (denied)
                 return denied;
-            return gcEndpoint(queueManager);
+            return withCors(gcEndpoint(queueManager));
         }
         if (path === '/heapstats' && req.method === 'GET') {
             const denied = checkAuth(req, authTokens);
             if (denied)
                 return denied;
-            return heapStatsEndpoint(queueManager);
+            return withCors(heapStatsEndpoint(queueManager));
         }
         // Rate limiting
         const clientIp = req.headers.get('x-forwarded-for')?.split(',')[0]?.trim() ??
@@ -131,7 +142,10 @@ export function createHttpServer(queueManager, config) {
                     return denied;
             }
             return new Response(queueManager.getPrometheusMetrics(), {
-                headers: { 'Content-Type': 'text/plain; version=0.0.4; charset=utf-8' },
+                headers: {
+                    'Content-Type': 'text/plain; version=0.0.4; charset=utf-8',
+                    'Access-Control-Allow-Origin': getCorsOrigin(),
+                },
             });
         }
         // Check authentication for other endpoints

package/dist/infrastructure/server/httpRouteJobs.js

@@ -79,6 +79,7 @@ async function routeJobManagement(req, path, method, ctx, cors) {
             cmd: 'ChangePriority',
             id: priorityMatch[1],
             priority: body['priority'],
+            lifo: body['lifo'],
         }, ctx);
         return jsonResponse(r, r.ok ? 200 : 400, cors);
     }
@@ -250,7 +251,12 @@ export async function routeJobRoutes(req, path, method, ctx, cors) {
         const body = await parseJsonBody(req, cors);
         if (body instanceof Response)
             return body;
-        const r = await handleCommand({ cmd: 'ACK', id: ackMatch[1], result: body['result'] }, ctx);
+        const r = await handleCommand({
+            cmd: 'ACK',
+            id: ackMatch[1],
+            result: body['result'],
+            token: body['token'],
+        }, ctx);
         return jsonResponse(r, r.ok ? 200 : 400, cors);
     }
     // POST /jobs/:id/fail
@@ -259,7 +265,13 @@ export async function routeJobRoutes(req, path, method, ctx, cors) {
         const body = await parseJsonBody(req, cors);
         if (body instanceof Response)
             return body;
-        const r = await handleCommand({ cmd: 'FAIL', id: failMatch[1], error: body['error'] }, ctx);
+        const r = await handleCommand({
+            cmd: 'FAIL',
+            id: failMatch[1],
+            error: body['error'],
+            token: body['token'],
+            unrecoverable: body['unrecoverable'],
+        }, ctx);
         return jsonResponse(r, r.ok ? 200 : 400, cors);
     }
     // Delegate to sub-routers

package/dist/infrastructure/server/httpRouteQueueConfig.js

@@ -26,8 +26,23 @@ export async function routeQueueConfigRoutes(req, path, method, ctx, cors) {
     const dlqMatch = path.match(RE_QUEUE_DLQ);
     if (dlqMatch && method === 'GET') {
         const queue = decodeURIComponent(dlqMatch[1]);
-        const entries = ctx.queueManager.getDlqEntries(queue);
-        return jsonResponse({ ok: true, entries }, 200, cors);
+        const all = ctx.queueManager.getDlqEntries(queue);
+        // Optional pagination so a dashboard can page large DLQs. Non-numeric params
+        // are ignored (treated as absent) rather than producing an empty/garbage slice.
+        const params = new URL(req.url).searchParams;
+        const toInt = (v) => {
+            if (v === null)
+                return undefined;
+            const n = Number(v);
+            return Number.isFinite(n) ? Math.trunc(n) : undefined;
+        };
+        const limit = toInt(params.get('limit'));
+        const offset = toInt(params.get('offset'));
+        const start = Math.max(0, offset ?? 0);
+        const entries = limit === undefined && offset === undefined
+            ? all
+            : all.slice(start, start + (limit !== undefined ? Math.max(0, limit) : all.length));
+        return jsonResponse({ ok: true, entries, total: all.length }, 200, cors);
     }
     // POST /queues/:queue/dlq/retry
     const dlqRetryMatch = path.match(RE_QUEUE_DLQ_RETRY);
@@ -79,7 +94,8 @@ export async function routeQueueConfigRoutes(req, path, method, ctx, cors) {
         const r = await handleCommand({
             cmd: 'SetConcurrency',
             queue,
-            limit: body['limit'],
+            // Accept the natural `concurrency` field for this endpoint as well as `limit`.
+            limit: (body['concurrency'] ?? body['limit']),
         }, ctx);
         return jsonResponse(r, 200, cors);
     }

package/dist/infrastructure/server/httpRouteQueues.js

@@ -105,7 +105,19 @@ async function routeJobOps(req, path, method, ctx, cors) {
     if (listMatch && method === 'GET') {
         const queue = decodeURIComponent(listMatch[1]);
         const url = new URL(req.url);
-        const stateValues = url.searchParams.getAll('state');
+        // Accept `state`, `status` (dashboard/REST convention), and `states` as
+        // aliases, each repeatable and comma-separated. Previously only `state` was
+        // read, so `?status=failed` silently fell through to an unfiltered list and
+        // returned the whole queue (#95). A state name never contains a comma, so
+        // splitting is safe.
+        const stateValues = [
+            ...url.searchParams.getAll('state'),
+            ...url.searchParams.getAll('status'),
+            ...url.searchParams.getAll('states'),
+        ]
+            .flatMap((v) => v.split(','))
+            .map((s) => s.trim())
+            .filter(Boolean);
         const state = stateValues.length === 0
             ? undefined
             : stateValues.length === 1

package/dist/infrastructure/server/httpRouteResources.js

@@ -40,6 +40,10 @@ export async function routeResourceRoutes(req, path, method, ctx, cors) {
             uniqueKey: body['uniqueKey'],
             dedup: body['dedup'],
             skipMissedOnRestart: body['skipMissedOnRestart'],
+            immediately: body['immediately'],
+            skipIfNoWorker: body['skipIfNoWorker'],
+            preventOverlap: body['preventOverlap'],
+            jobOptions: body['jobOptions'],
         }, ctx);
         return jsonResponse(r, r.ok ? 200 : 400, cors);
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bunqueue",
-  "version": "2.8.6",
+  "version": "2.8.7",
   "description": "High-performance job queue for Bun & AI agents. SQLite persistence, cron scheduling, priorities, retries, DLQ, webhooks, native MCP server. Zero external dependencies.",
   "type": "module",
   "main": "dist/main.js",