triggerdotdev
diff --git a/‎.changeset/mollifier-buffer-claim-primitives.md‎
Lines changed: 5 additions & 0 deletions b/‎.changeset/mollifier-buffer-claim-primitives.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.server-changes/mollifier-idempotency-claim.md‎
Lines changed: 12 additions & 0 deletions b/‎.server-changes/mollifier-idempotency-claim.md‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎apps/webapp/app/runEngine/concerns/idempotencyKeys.server.ts‎
Lines changed: 99 additions & 1 deletion b/‎apps/webapp/app/runEngine/concerns/idempotencyKeys.server.ts‎
Lines changed: 99 additions & 1 deletion
diff --git a/‎apps/webapp/app/runEngine/services/triggerTask.server.ts‎
Lines changed: 48 additions & 4 deletions b/‎apps/webapp/app/runEngine/services/triggerTask.server.ts‎
Lines changed: 48 additions & 4 deletions
@@ -0,0 +1,5 @@
+---
+"@trigger.dev/redis-worker": patch
+---
+
+Add pre-gate idempotency-claim primitives to `MollifierBuffer`: `claimIdempotency` (atomic SETNX-with-TTL claim returning `claimed` / `pending` / `resolved`), `publishClaim` (publish winning runId so waiters resolve), `releaseClaim` (DEL claim on pipeline error), `readClaim` (used by the webapp's wait/poll loop). Uses a separate key namespace `mollifier:claim:{env}:{task}:{key}` to keep isolated from the B6a buffer-side `mollifier:idempotency:...` lookup.
@@ -0,0 +1,12 @@
+---
+area: webapp
+type: fix
+---
+
+Close the PG+buffer idempotency-key race during the mollifier gate-transition window. Without this, two simultaneous same-key triggers arriving as the gate trips could each become race-winners (one PG, one buffer) — the customer would receive two distinct runIds for the same idempotency key, and operations on the buffered "loser" would silently vanish on drain. Design: `_plans/2026-05-21-mollifier-idempotency-claim.md`.
+
+`IdempotencyKeyConcern.handleTriggerRequest` now does a pre-gate Redis `SETNX` claim after the existing PG + buffer cache checks miss. All same-key triggers serialise through this claim before the gate decides PG-passthrough vs mollify; losers poll until the winner publishes its runId, then return that runId with `isCached:true`. Skipped for `resumeParentOnCompletion` (triggerAndWait bypasses the gate via F4 and is PG-canonical).
+
+`RunEngineTriggerTaskService.callV2` wraps the trigger pipeline in a try/catch around the claim: on success, the winning runId is published to the claim key so waiters resolve; on any pipeline error, the claim is released so the next claimant can retry. Failure to publish/release is logged but non-fatal — the claim TTL (default 30s) is the safety net.
+
+Verified by `scripts/mollifier-challenge/04-idempotency-collision.sh`: 30 cold-gate same-key triggers (no pre-warm) now converge on one runId, one `isCached:false` response, 29 `isCached:true`. Before this fix the same test produced 2 unique runIds and 2 `isCached:false` responses.
@@ -2,15 +2,38 @@ import { RunId } from "@trigger.dev/core/v3/isomorphic";
 import type { PrismaClientOrTransaction, TaskRun } from "@trigger.dev/database";
 import { logger } from "~/services/logger.server";
 import { resolveIdempotencyKeyTTL } from "~/utils/idempotencyKeys.server";
+import { ServiceValidationError } from "~/v3/services/common.server";
 import type { RunEngine } from "~/v3/runEngine.server";
 import { shouldIdempotencyKeyBeCleared } from "~/v3/taskStatus";
 import { getMollifierBuffer } from "~/v3/mollifier/mollifierBuffer.server";
 import { findRunByIdWithMollifierFallback } from "~/v3/mollifier/readFallback.server";
+import { claimOrAwait } from "~/v3/mollifier/idempotencyClaim.server";
 import type { TraceEventConcern, TriggerTaskRequest } from "../types";
 
+// Claim ownership context returned to the caller when the
+// IdempotencyKeyConcern won a pre-gate claim. Caller MUST publish the
+// winning runId on pipeline success (`publishClaim`) or release the
+// claim on failure (`releaseClaim`).
+export type ClaimedIdempotency = {
+  envId: string;
+  taskIdentifier: string;
+  idempotencyKey: string;
+};
+
 export type IdempotencyKeyConcernResult =
   | { isCached: true; run: TaskRun }
-  | { isCached: false; idempotencyKey?: string; idempotencyKeyExpiresAt?: Date };
+  | {
+      isCached: false;
+      idempotencyKey?: string;
+      idempotencyKeyExpiresAt?: Date;
+      // Set when this trigger holds a pre-gate claim. The caller's
+      // trigger pipeline MUST resolve the claim by either publishing
+      // the runId on success or releasing on failure. Undefined when
+      // the request has no idempotency key, when the buffer is
+      // unavailable, or when the request is a triggerAndWait (claim
+      // path skipped per plan doc).
+      claim?: ClaimedIdempotency;
+    };
 
 export class IdempotencyKeyConcern {
   constructor(
@@ -195,6 +218,81 @@ export class IdempotencyKeyConcern {
       return { isCached: true, run: existingRun };
     }
 
+    // Pre-gate claim — closes the PG+buffer race during gate transition
+    // (see _plans/2026-05-21-mollifier-idempotency-claim.md). All
+    // same-key triggers serialise here before evaluateGate decides
+    // PG-pass-through vs mollify. Skipped for triggerAndWait
+    // (resumeParentOnCompletion) — that path bypasses the gate via F4
+    // and its existing PG-side dedup is sufficient.
+    if (!request.body.options?.resumeParentOnCompletion) {
+      const ttlSeconds = Math.max(
+        1,
+        Math.min(
+          30,
+          Math.ceil((idempotencyKeyExpiresAt.getTime() - Date.now()) / 1000),
+        ),
+      );
+      const outcome = await claimOrAwait({
+        envId: request.environment.id,
+        taskIdentifier: request.taskId,
+        idempotencyKey,
+        ttlSeconds,
+      });
+      if (outcome.kind === "resolved") {
+        // Another concurrent trigger committed first. Re-resolve via the
+        // existing checks: writer-side PG findFirst first (defeats
+        // replica lag), then buffer fallback for the buffered case.
+        const writerRun = await this.prisma.taskRun.findFirst({
+          where: {
+            runtimeEnvironmentId: request.environment.id,
+            idempotencyKey,
+            taskIdentifier: request.taskId,
+          },
+          include: { associatedWaitpoint: true },
+        });
+        if (writerRun) {
+          return { isCached: true, run: writerRun };
+        }
+        const buffered = await this.findBufferedRunWithIdempotency(
+          request.environment.id,
+          request.environment.organizationId,
+          request.taskId,
+          idempotencyKey,
+        );
+        if (buffered) {
+          return { isCached: true, run: buffered };
+        }
+        // Claim resolved to a runId nothing can find — likely the
+        // claimant errored after publish, or the row TTL'd out. Log
+        // and fall through to a fresh trigger.
+        logger.warn("idempotency claim resolved but runId not findable", {
+          envId: request.environment.id,
+          taskIdentifier: request.taskId,
+          claimedRunId: outcome.runId,
+        });
+      }
+      if (outcome.kind === "timed_out") {
+        throw new ServiceValidationError(
+          "Idempotency claim resolution timed out",
+          503,
+        );
+      }
+      if (outcome.kind === "claimed") {
+        // Caller MUST publish/release. Signalled via the result's
+        // `claim` field.
+        return {
+          isCached: false,
+          idempotencyKey,
+          idempotencyKeyExpiresAt,
+          claim: {
+            envId: request.environment.id,
+            taskIdentifier: request.taskId,
+            idempotencyKey,
+          },
+        };
+      }
+    }
+
     return { isCached: false, idempotencyKey, idempotencyKeyExpiresAt };
   }
 }
@@ -30,7 +30,14 @@ import type {
   TriggerTaskServiceResult,
 } from "../../v3/services/triggerTask.server";
 import { clampMaxDuration } from "../../v3/utils/maxDuration";
-import { IdempotencyKeyConcern } from "../concerns/idempotencyKeys.server";
+import {
+  IdempotencyKeyConcern,
+  type ClaimedIdempotency,
+} from "../concerns/idempotencyKeys.server";
+import {
+  publishClaim as publishMollifierClaim,
+  releaseClaim as releaseMollifierClaim,
+} from "~/v3/mollifier/idempotencyClaim.server";
 import type {
   PayloadProcessor,
   QueueManager,
@@ -124,7 +131,15 @@ export class RunEngineTriggerTaskService {
     options?: TriggerTaskServiceOptions;
     attempt?: number;
   }): Promise<TriggerTaskServiceResult | undefined> {
-    return await startSpan(this.tracer, "RunEngineTriggerTaskService.call()", async (span) => {
+    // Pre-gate idempotency-claim ownership. Set inside the span when
+    // `IdempotencyKeyConcern.handleTriggerRequest` returns `claim:
+    // {...}`. The try/catch below resolves it once the span finishes.
+    let idempotencyClaim: ClaimedIdempotency | undefined;
+    try {
+      const result = await startSpan(
+        this.tracer,
+        "RunEngineTriggerTaskService.call()",
+        async (span) => {
       span.setAttribute("taskId", taskId);
       span.setAttribute("attempt", attempt);
 
@@ -247,7 +262,16 @@ export class RunEngineTriggerTaskService {
         return idempotencyKeyConcernResult;
       }
 
-      const { idempotencyKey, idempotencyKeyExpiresAt } = idempotencyKeyConcernResult;
+      const { idempotencyKey, idempotencyKeyExpiresAt, claim: claimResult } =
+        idempotencyKeyConcernResult;
+
+      // If we own an idempotency claim, the trigger pipeline below MUST
+      // resolve it — publish on success so waiters see our runId,
+      // release on error so the next claimant can retry. Stored in an
+      // outer scope so the try/catch at the bottom of `callV2` can act
+      // on whichever return path or throw the pipeline takes. Plan doc:
+      // _plans/2026-05-21-mollifier-idempotency-claim.md
+      idempotencyClaim = claimResult;
 
       if (idempotencyKey) {
         await this.triggerRacepointSystem.waitForRacepoint({
@@ -604,7 +628,27 @@ export class RunEngineTriggerTaskService {
 
         throw error;
       }
-    });
+        },
+      );
+      // Pipeline returned successfully — publish the claim if we held
+      // one. Waiters polling for our key resolve to this runId.
+      if (idempotencyClaim && result?.run?.friendlyId) {
+        await publishMollifierClaim({
+          envId: idempotencyClaim.envId,
+          taskIdentifier: idempotencyClaim.taskIdentifier,
+          idempotencyKey: idempotencyClaim.idempotencyKey,
+          runId: result.run.friendlyId,
+        });
+      }
+      return result;
+    } catch (err) {
+      // Pipeline threw — release the claim so the next claimant can
+      // retry. Re-throw so the caller sees the original error.
+      if (idempotencyClaim) {
+        await releaseMollifierClaim(idempotencyClaim);
+      }
+      throw err;
+    }
   }
 
   // Build the engine.trigger() input object from the values gathered during
-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@trigger.dev/redis-worker": patch
 +---
++
 +Add pre-gate idempotency-claim primitives to `MollifierBuffer`: `claimIdempotency` (atomic SETNX-with-TTL claim returning `claimed` / `pending` / `resolved`), `publishClaim` (publish winning runId so waiters resolve), `releaseClaim` (DEL claim on pipeline error), `readClaim` (used by the webapp's wait/poll loop). Uses a separate key namespace `mollifier:claim:{env}:{task}:{key}` to keep isolated from the B6a buffer-side `mollifier:idempotency:...` lookup.