fix(workflows): require literal boolean for runtime continue_on_error

Engine was checking `continue_on_error` via truthiness
(`if step_config.get("continue_on_error"):`), which let truthy
non-bool values like the string `"true"` activate the flag at
runtime if validation was skipped. `execute()` does not auto-validate
(documented on the `load_definition` docstring), so a caller bypassing
`validate_workflow()` could see the contract silently violated.

Tighten the runtime check to identity comparison (`is True`) so only
a literal boolean enables the behaviour. Validation continues to
catch the authoring mistake at parse time; this is defense in depth
for the bypass-validation path. Add
`test_engine_ignores_truthy_non_bool_continue_on_error` locking the
contract — feeds `continue_on_error: "true"` (string) through
`execute()` directly and asserts the run halts with
`RunStatus.FAILED`.

Addresses Copilot review feedback on github#2663.

Author: doquanghuy

src/specify_cli/workflows/engine.py

@@ -658,7 +658,17 @@ def _execute_steps(
                 # steps can branch on it. Log a single, unambiguous
                 # event per failure resolution — either the run
                 # continued past it, or it halted.
-                if step_config.get("continue_on_error"):
+                #
+                # Use identity comparison (`is True`) rather than
+                # truthiness so that only a literal boolean enables
+                # the behaviour, even if validation was skipped.
+                # Validation rejects non-bool values at parse time,
+                # but `execute()` does not auto-validate (see the
+                # `load_definition` docstring), so a caller passing
+                # an unvalidated definition could otherwise see
+                # truthy non-bool values like the string `"true"`
+                # silently change run semantics.
+                if step_config.get("continue_on_error") is True:
                     state.append_log(
                         {
                             "event": "step_continue_on_error",

tests/test_workflows.py

@@ -2410,6 +2410,44 @@ def test_validation_accepts_bool_continue_on_error(self):
             errors = validate_workflow(definition)
             assert errors == [], errors
 
+    def test_engine_ignores_truthy_non_bool_continue_on_error(self, project_dir):
+        """Defense-in-depth: even if a caller bypasses
+        `validate_workflow()` and feeds the engine a definition with
+        `continue_on_error: "true"` (a string), the engine must NOT
+        honour the flag — only a literal boolean enables the
+        behaviour. `execute()` does not auto-validate (the
+        `load_definition` docstring documents this), so the engine
+        guards against truthy non-bool values itself via an identity
+        check rather than truthiness.
+        """
+        from specify_cli.workflows.engine import WorkflowDefinition, WorkflowEngine
+        from specify_cli.workflows.base import RunStatus
+
+        # Bypass `validate_workflow()` — execute() is what would
+        # be called by a caller that skipped validation.
+        definition = WorkflowDefinition.from_string("""
+schema_version: "1.0"
+workflow:
+  id: "string-coe"
+  name: "String COE"
+  version: "1.0.0"
+steps:
+  - id: fail-step
+    type: shell
+    run: "exit 1"
+    continue_on_error: "true"
+  - id: should-not-run
+    type: shell
+    run: "echo should-not-run"
+""")
+        engine = WorkflowEngine(project_dir)
+        state = engine.execute(definition)
+
+        # String "true" is truthy but not a literal boolean, so the
+        # engine must treat the step as a halting failure.
+        assert state.status == RunStatus.FAILED
+        assert "should-not-run" not in state.step_results
+
 
 # ===== State Persistence Tests =====