Skip to content

feat(webapp): pin the dashboard agent to a deployed version#4128

Draft
ericallam wants to merge 2 commits into
mainfrom
feature/tri-11573-dashboard-agent-version-pin
Draft

feat(webapp): pin the dashboard agent to a deployed version#4128
ericallam wants to merge 2 commits into
mainfrom
feature/tri-11573-dashboard-agent-version-pin

Conversation

@ericallam

@ericallam ericallam commented Jul 2, 2026

Copy link
Copy Markdown
Member

Summary

The dashboard agent runs as a chat.agent in its own Trigger.dev project, deployed separately from the app that starts its sessions. This adds independent, non-disruptive deploys for it: a new workflow deploys the agent with --skip-promotion (so a deploy never becomes the current version on its own), and the app pins its sessions to a chosen version.

How it works

DASHBOARD_AGENT_VERSION (unset by default) pins agent sessions to a specific deployed version; when unset, sessions run on the project environment's current version. The pin is passed on session start and head start and is forwarded to every continuation run, so a pinned session stays on its version for its whole life. Cutting over to a new build becomes a config change (set the version) rather than a redeploy, and rollback is flipping it back.

The workflow (dashboard-agent-deploy.yml) runs a leg per environment (staging and prod), each gated by its own environment, and triggers on pushes to main that touch the agent or its store (also available via manual dispatch). Deploy versions are per-environment, so each environment pins to its own leg's version.

The dashboard agent (a chat.agent in its own Trigger.dev project) can now be
deployed independently of the app that talks to it. A new workflow deploys the
agent with --skip-promotion, so a deploy never becomes current on its own, and
the app pins its sessions to a specific version via DASHBOARD_AGENT_VERSION
(unset falls back to the project env's current version). The pin flows through to
session start, head start, and every continuation run, so cutting over is a
config flip rather than a redeploy.
@changeset-bot

changeset-bot Bot commented Jul 2, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 3cbff2a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Comment thread .github/workflows/dashboard-agent-deploy.yml Fixed
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

This change adds a GitHub Actions workflow to deploy the internal dashboard-agent package to staging or production via the Trigger.dev CLI, triggered by pushes to matching paths or by manual dispatch. It also adds an optional DASHBOARD_AGENT_VERSION environment variable, a helper that converts it into a Trigger lockToVersion config, and wires that config into both dashboard-agent session start paths.

Changes

Area Change
CI/CD New dashboard-agent deploy workflow with staging/prod selection, environment gating, concurrency, build steps, and CLI deploy execution
Environment schema Added optional DASHBOARD_AGENT_VERSION to EnvironmentSchema
Session config Added dashboardAgentTriggerConfig() and passed triggerConfig into session start flows

Sequence Diagram(s)

sequenceDiagram
  participant Env as env.server
  participant DashboardAgent as dashboardAgent.server
  participant HeadStart as dashboardAgentHeadStart.server
  participant Chat as chat/chatServer

  Env->>DashboardAgent: DASHBOARD_AGENT_VERSION
  DashboardAgent->>DashboardAgent: dashboardAgentTriggerConfig()
  DashboardAgent->>Chat: createStartSessionAction(triggerConfig)
  HeadStart->>DashboardAgent: dashboardAgentTriggerConfig()
  HeadStart->>Chat: startHeadStart(triggerConfig)
Loading

Estimated code review effort: 3/5 (Medium)

Related issues: None specified.

Related PRs: None specified.

Suggested labels: ci, webapp, enhancement

Suggested reviewers: None specified.


🐰 Version pinned, workflow spun,
Deploy and session paths now run.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description covers the main behavior, but omits required template sections like Closes #issue, testing, changelog, and screenshots. Add the missing template sections: Closes #issue, checklist, testing steps, changelog, and screenshots or a brief note explaining why they aren't included.
✅ Passed checks (4 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title clearly summarizes the main change: pinning the dashboard agent to a deployed version.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feature/tri-11573-dashboard-agent-version-pin

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (1)
.github/workflows/dashboard-agent-deploy.yml (1)

65-71: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Shell-interpolated workflow input — code injection via template expansion.

Line 71 substitutes ${{ github.event.inputs.environment || 'staging' }} directly into the run: shell command rather than passing it through the environment, which is the pattern flagged by zizmor and previously called out by GitHub Advanced Security's code-scanning check on this same line. Even though the input is a choice type in the UI, workflow_dispatch can be invoked via the REST/GraphQL API with an arbitrary string that bypasses the dropdown's options constraint, so the value should not be spliced into the shell script directly.

🔒 Proposed fix: route the input through an env var
       - name: Deploy (--skip-promotion)
         working-directory: internal-packages/dashboard-agent
         env:
           TRIGGER_ACCESS_TOKEN: ${{ secrets.TRIGGER_DASHBOARD_AGENT_DEPLOY_TOKEN }}
+          DEPLOY_ENV: ${{ github.event.inputs.environment || 'staging' }}
         # Invoke the built CLI directly (what the workspace .bin/trigger wrapper does),
         # so a not-yet-linked bin after a fresh install can't break the deploy.
-        run: node ../../packages/cli-v3/dist/esm/index.js deploy --skip-promotion --env ${{ github.event.inputs.environment || 'staging' }}
+        run: node ../../packages/cli-v3/dist/esm/index.js deploy --skip-promotion --env "$DEPLOY_ENV"

Source: Linters/SAST tools


ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: d1602a57-8808-4ec0-89f7-2825da12ee84

📥 Commits

Reviewing files that changed from the base of the PR and between 0f349dd and 85ce7fe.

📒 Files selected for processing (4)
  • .github/workflows/dashboard-agent-deploy.yml
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
📜 Review details
⏰ Context from checks skipped due to timeout. (12)
  • GitHub Check: webapp / 🧪 Unit Tests: Webapp (9, 10)
  • GitHub Check: webapp / 🧪 Unit Tests: Webapp (7, 10)
  • GitHub Check: webapp / 🧪 Unit Tests: Webapp (10, 10)
  • GitHub Check: webapp / 🧪 Unit Tests: Webapp (1, 10)
  • GitHub Check: webapp / 🧪 Unit Tests: Webapp (6, 10)
  • GitHub Check: webapp / 🧪 Unit Tests: Webapp (8, 10)
  • GitHub Check: webapp / 🧪 Unit Tests: Webapp (2, 10)
  • GitHub Check: webapp / 🧪 Unit Tests: Webapp (5, 10)
  • GitHub Check: webapp / 🧪 Unit Tests: Webapp (4, 10)
  • GitHub Check: webapp / 🧪 Unit Tests: Webapp (3, 10)
  • GitHub Check: typecheck / typecheck
  • GitHub Check: e2e-webapp / 🧪 E2E Tests: Webapp
⚠️ CI failures not shown inline (1)

GitHub Check: zizmor: 1 new alert including 1 error

Conclusion: failure

View job details

### New alerts in code changed by this pull request
 * 1 error
See annotations below for details.
[View all branch alerts](/triggerdotdev/trigger.dev/security/code-scanning?query=pr%3A4128+tool%3Azizmor+is%3Aopen).
🧰 Additional context used
📓 Path-based instructions (8)
**/*.{ts,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{ts,tsx}: Use types over interfaces for TypeScript
Avoid using enums; prefer string unions or const objects instead

Files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
{packages/core,apps/webapp}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use zod for validation in packages/core and apps/webapp

Files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use function declarations instead of default exports

Files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/otel-metrics.mdc)

**/*.ts: When creating or editing OTEL metrics (counters, histograms, gauges), ensure metric attributes have low cardinality by using only enums, booleans, bounded error codes, or bounded shard IDs
Do not use high-cardinality attributes in OTEL metrics such as UUIDs/IDs (envId, userId, runId, projectId, organizationId), unbounded integers (itemCount, batchSize, retryCount), timestamps (createdAt, startTime), or free-form strings (errorMessage, taskName, queueName)
When exporting OTEL metrics via OTLP to Prometheus, be aware that the exporter automatically adds unit suffixes to metric names (e.g., 'my_duration_ms' becomes 'my_duration_ms_milliseconds', 'my_counter' becomes 'my_counter_total'). Account for these transformations when writing Grafana dashboards or Prometheus queries

Files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
apps/webapp/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/webapp.mdc)

apps/webapp/**/*.{ts,tsx}: Access environment variables through the env export of env.server.ts instead of directly accessing process.env
Use subpath exports from @trigger.dev/core package instead of importing from the root @trigger.dev/core path

Use named constants for sentinel/placeholder values (e.g. const UNSET_VALUE = '__unset__') instead of raw string literals scattered across comparisons

Files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
apps/webapp/**/*.server.ts

📄 CodeRabbit inference engine (apps/webapp/CLAUDE.md)

apps/webapp/**/*.server.ts: Never use request.signal for detecting client disconnects. Use getRequestAbortSignal() from app/services/httpAsyncStorage.server.ts instead, which is wired directly to Express res.on('close') and fires reliably
Access environment variables via env export from app/env.server.ts. Never use process.env directly
Always use findFirst instead of findUnique in Prisma queries. findUnique has an implicit DataLoader that batches concurrent calls and has active bugs even in Prisma 6.x (uppercase UUIDs returning null, composite key SQL correctness issues, 5-10x worse performance). findFirst is never batched and avoids this entire class of issues

Files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
**/*.{ts,tsx,js,jsx,mts,cts,mjs,cjs}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx,js,jsx,mts,cts,mjs,cjs}: Use pnpm run typecheck for changes in apps (apps/*) and internal packages (internal-packages/*), and never use build to verify those changes.
Use Vitest for tests, and never mock anything; use testcontainers instead.
Prefer static imports over dynamic import(), and only use dynamic imports for unresolved circular dependencies, genuine code-splitting needs, or conditional runtime loading.

Files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
**/*.{ts,tsx,js,jsx,mts,cts,mjs,cjs,md,mdx}

📄 CodeRabbit inference engine (CLAUDE.md)

Always import from @trigger.dev/sdk when writing Trigger.dev tasks; never use @trigger.dev/sdk/v3 or deprecated client.defineJob.

Files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
🧠 Learnings (15)
📚 Learning: 2026-03-22T13:26:12.060Z
Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3244
File: apps/webapp/app/components/code/TextEditor.tsx:81-86
Timestamp: 2026-03-22T13:26:12.060Z
Learning: In the triggerdotdev/trigger.dev codebase, do not flag `navigator.clipboard.writeText(...)` calls for `missing-await`/`unhandled-promise` issues. These clipboard writes are intentionally invoked without `await` and without `catch` handlers across the project; keep that behavior consistent when reviewing TypeScript/TSX files (e.g., usages like in `apps/webapp/app/components/code/TextEditor.tsx`).

Applied to files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
📚 Learning: 2026-03-22T19:24:14.403Z
Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 3187
File: apps/webapp/app/v3/services/alerts/deliverErrorGroupAlert.server.ts:200-204
Timestamp: 2026-03-22T19:24:14.403Z
Learning: In the triggerdotdev/trigger.dev codebase, webhook URLs are not expected to contain embedded credentials/secrets (e.g., fields like `ProjectAlertWebhookProperties` should only hold credential-free webhook endpoints). During code review, if you see logging or inclusion of raw webhook URLs in error messages, do not automatically treat it as a credential-leak/secrets-in-logs issue by default—first verify the URL does not contain embedded credentials (for example, no username/password in the URL, no obvious secret/token query params or fragments). If the URL is credential-free per this project’s conventions, allow the logging.

Applied to files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
📚 Learning: 2026-05-18T08:21:27.694Z
Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3632
File: apps/webapp/sentry.server.ts:4-21
Timestamp: 2026-05-18T08:21:27.694Z
Learning: When handling Prisma error P1001 ("Can't reach database server") in TypeScript, don’t assume a single error shape. Prisma can surface P1001 via two different error classes/fields: `PrismaClientKnownRequestError` exposes it as `err.code === "P1001"` (common during mid-query connection drops), while `PrismaClientInitializationError` exposes it as `err.errorCode === "P1001"` (common on client startup failure). Therefore, predicates should use `err.code === "P1001" || err.errorCode === "P1001"`. Do not flag `err.code === "P1001"` as “unreachable/never matches,” as it is expected in production.

Applied to files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
📚 Learning: 2026-05-18T08:21:27.694Z
Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3632
File: apps/webapp/sentry.server.ts:4-21
Timestamp: 2026-05-18T08:21:27.694Z
Learning: When handling Prisma errors for P1001 ("Can't reach database server"), do not assume it only appears under a single property name. Prisma may surface P1001 via either `PrismaClientKnownRequestError` (`err.code === "P1001"`, e.g., mid-query connection drops) or `PrismaClientInitializationError` (`err.errorCode === "P1001"`, e.g., client startup connection failure). To reliably detect the condition, check `err.code === "P1001" || err.errorCode === "P1001"`, and avoid review rules that would incorrectly flag `err.code === "P1001"` as unreachable/never-matching.

Applied to files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
📚 Learning: 2026-06-13T19:53:13.759Z
Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3937
File: packages/trigger-sdk/skills/realtime-and-frontend/SKILL.md:258-260
Timestamp: 2026-06-13T19:53:13.759Z
Learning: When reviewing code that uses `trigger.dev/react-hooks`’s `useRealtimeRun`, preserve the call signature where the first argument is the full realtime handle object (not `handle.id`). This is intentional to maintain type-safety and is consistent with the official docs; do not suggest changing the first argument from the handle object to `handle.id`.

Applied to files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
📚 Learning: 2026-06-17T17:13:49.929Z
Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 3948
File: apps/webapp/app/routes/_app.orgs.$organizationSlug.projects.$projectParam.env.$envParam.bulk-actions.$bulkActionParam/route.tsx:48-62
Timestamp: 2026-06-17T17:13:49.929Z
Learning: In triggerdotdev/trigger.dev, within `dashboardLoader`/`dashboardAction` (or similar context resolver code) whenever you resolve an organization ID from an organization slug for RBAC/enterprise authorization scope, always read from the primary Prisma client (`prisma`), not `$replica`. Using `$replica` can hit replica-lag and cause the RBAC lookup/authorization to run without the correct org scope (bypassing intended role enforcement). Implement the slug→org lookup with `prisma.organization.findFirst(...)` (or equivalent primary-client query) and add an inline comment documenting why the primary client is required (replica lag could lead to unscoped RBAC checks).

Applied to files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
📚 Learning: 2026-06-23T13:04:21.413Z
Learnt from: carderne
Repo: triggerdotdev/trigger.dev PR: 4023
File: apps/webapp/app/services/upsertBranch.server.ts:14-18
Timestamp: 2026-06-23T13:04:21.413Z
Learning: In TypeScript, it’s valid to `import { type X }` and then use `typeof X` in a type-only position, e.g. `type Alias = z.infer<typeof X>`. The `type` modifier suppresses the runtime import, but the type checker still has the full exported type so `z.infer<typeof X>` can resolve correctly. In code reviews, don’t flag this as a TypeScript compile error as long as `typeof X` is used in a type context (e.g., with `z.infer`, `type` aliases, generics), not as a runtime value.

Applied to files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
📚 Learning: 2026-03-26T09:02:07.973Z
Learnt from: myftija
Repo: triggerdotdev/trigger.dev PR: 3274
File: apps/webapp/app/services/runsReplicationService.server.ts:922-924
Timestamp: 2026-03-26T09:02:07.973Z
Learning: When parsing Trigger.dev task run annotations in server-side services, keep `TaskRun.annotations` strictly conforming to the `RunAnnotations` schema from `trigger.dev/core/v3`. If the code already uses `RunAnnotations.safeParse` (e.g., in a `#parseAnnotations` helper), treat that as intentional/necessary for atomic, schema-accurate annotation handling. Do not recommend relaxing the annotation payload schema or using a permissive “passthrough” parse path, since the annotations are expected to be written atomically in one operation and should not contain partial/legacy payloads that would require a looser parser.

Applied to files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
📚 Learning: 2026-05-05T09:38:02.512Z
Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3523
File: apps/webapp/app/routes/api.v3.batches.ts:178-181
Timestamp: 2026-05-05T09:38:02.512Z
Learning: When reviewing code that catches `ServiceValidationError` in `*.server.ts` files, do not blindly forward `error.status` to HTTP responses, because SVEs may be thrown with non-default statuses (e.g., 400/500) and forwarding them can cause client-visible behavioral regressions (e.g., surfacing 500s to clients). Prefer a safe default response status of `error.status ?? 422`, but only after confirming via the reachable call graph that the caught `ServiceValidationError` instances are expected to carry those non-default statuses; otherwise, normalize to `422` to avoid unexpected client-visible 5xx behavior.

Applied to files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
📚 Learning: 2026-05-12T21:04:05.815Z
Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3542
File: apps/webapp/app/components/sessions/v1/SessionStatus.tsx:1-3
Timestamp: 2026-05-12T21:04:05.815Z
Learning: In this Remix + TypeScript codebase, do not flag a server/client boundary violation when a file imports only types from a module matching `*.server`.

Specifically, it’s safe to import types using `import type { Foo } from "*.server"` or `import { type Foo } from "*.server"` because TypeScript erases type-only imports at compile time and they emit no JavaScript, so they won’t cross the Remix server/client bundle boundary.

Only raise the boundary concern for value imports (e.g., `import { Foo }` without `type`, or `import Foo`), since those produce JavaScript output.

Applied to files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
📚 Learning: 2026-06-25T18:21:51.905Z
Learnt from: carderne
Repo: triggerdotdev/trigger.dev PR: 4039
File: apps/webapp/app/routes/invite-revoke.tsx:0-0
Timestamp: 2026-06-25T18:21:51.905Z
Learning: During the Zod v4 migration in the triggerdotdev/trigger.dev webapp, ensure any imports from `conform-to/zod` use the Zod-4 subpath: `conform-to/zod/v4` (e.g., `import { parseWithZod } from "conform-to/zod/v4"`). Do not import from the package root `conform-to/zod`, because it is the Zod 3 implementation and may load Zod-3-only symbols (e.g., `ZodBranded`, `ZodEffects`), which can throw at module load (notably with `zod4.4.3`). This should be enforced across `apps/webapp/**/*` where helpers like `parseWithZod` and `conformZodMessage` are used.

Applied to files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
📚 Learning: 2026-06-04T18:16:35.386Z
Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 3836
File: apps/supervisor/src/backpressure/backpressureMonitor.ts:3-5
Timestamp: 2026-06-04T18:16:35.386Z
Learning: When reviewing TypeScript in this repo, apply the rule “prefer type aliases over interfaces” only to data/object shapes and union/intersection type modeling. If an interface is being used as a behavioral contract for collaborators to implement (e.g., method-shape interfaces that define required behavior, such as `BackpressureLogger` / `BackpressureSignalSource` in `apps/supervisor/src/backpressure/backpressureMonitor.ts`), keep it as an `interface` and do not flag it as a type-alias-vs-interface violation.

Applied to files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
📚 Learning: 2026-06-09T17:58:04.699Z
Learnt from: 0ski
Repo: triggerdotdev/trigger.dev PR: 3879
File: apps/webapp/app/models/vercelIntegration.server.ts:619-630
Timestamp: 2026-06-09T17:58:04.699Z
Learning: In this codebase, outbound raw `fetch` calls should typically rely on Node/undici’s default request timeout (about ~300s) rather than adding a per-call `AbortController` + `setTimeout` wrapper inside individual functions (e.g. in files like `apps/webapp/app/models/vercelIntegration.server.ts`). During code review, do not flag the absence of a per-call timeout on a single `fetch` as an issue; if per-call timeouts are needed, they should be implemented via a codebase-wide convention (e.g., a shared fetch wrapper or documented pattern) rather than ad-hoc per-function changes.

Applied to files:

  • apps/webapp/app/services/dashboardAgentHeadStart.server.ts
  • apps/webapp/app/env.server.ts
  • apps/webapp/app/services/dashboardAgent.server.ts
📚 Learning: 2026-05-20T17:21:18.543Z
Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3678
File: apps/webapp/app/entry.server.tsx:0-0
Timestamp: 2026-05-20T17:21:18.543Z
Learning: In env.server.ts (Zod env schema), any environment variable you plan to access via the typed `env` export (e.g., `env.SENTRY_DSN`) must be explicitly declared in the schema. For `SENTRY_DSN`, include `SENTRY_DSN: z.string().optional()`; otherwise switching from `process.env.SENTRY_DSN` to `env.SENTRY_DSN` will fail TypeScript typechecking.

Applied to files:

  • apps/webapp/app/env.server.ts
📚 Learning: 2026-06-01T11:37:08.569Z
Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3754
File: apps/webapp/app/env.server.ts:1104-1129
Timestamp: 2026-06-01T11:37:08.569Z
Learning: In apps/*/app/env.server.ts, any new background/periodic worker feature flag should hard-default to "0" (explicit opt-in) rather than inheriting from a parent flag (e.g., avoid defaulting to process.env.TRIGGER_MOLLIFIER_ENABLED ?? "0"). Inheriting can cause the new worker to auto-start on upgrade for deployments that already enabled the parent flag, turning on unexpected background load without an explicit rollout. Each worker component must require its own dedicated env var and default it explicitly to "0" (e.g., TRIGGER_MOLLIFIER_STALE_SWEEP_ENABLED defaults to "0" unless explicitly set to enable that worker).

Applied to files:

  • apps/webapp/app/env.server.ts
🪛 GitHub Check: zizmor
.github/workflows/dashboard-agent-deploy.yml

[failure] 71-71:
code injection via template expansion: may expand into attacker-controllable code

🔇 Additional comments (4)
.github/workflows/dashboard-agent-deploy.yml (1)

1-64: LGTM!

Also applies to: 72-72

apps/webapp/app/env.server.ts (1)

109-111: LGTM!

apps/webapp/app/services/dashboardAgent.server.ts (1)

60-76: LGTM!

apps/webapp/app/services/dashboardAgentHeadStart.server.ts (1)

12-12: LGTM!

Also applies to: 41-59

Deploy a leg per environment (staging + prod) via a matrix, each gated by its
own environment, and trigger on pushes to main that touch the agent or its
store. Both deploys are --skip-promotion, so they stage dormant versions the
app pins to independently.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants