feat(webapp,core): add a public HTTP API for errors#4005
Conversation
Adds an environment-scoped HTTP API over the Errors feature, mirroring the runs API: list error groups (filter by task, version, status, search and time range, with cursor pagination), retrieve a single group, and change its state with resolve, ignore, and unresolve. A new filter[error] option on the runs list returns the runs behind a group. Request and response schemas are exported from @trigger.dev/core/v3 for the SDK to reuse, and the endpoints are documented in the API reference. State changes record who made them. A plain environment API key has no user, so the attribution stays null. When the request uses an environment JWT obtained by exchanging a personal access token or a delegated user token, that exchange now stamps an act claim and the write endpoints read it to attribute the change to the acting user.
🦋 Changeset detectedLatest commit: 80db49b The changes in this PR will be included in the next version bump. This PR includes changesets to release 27 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
WalkthroughThis PR introduces a public HTTP Errors API for trigger.dev's v3 environment. Five new Remix API routes are added for listing error groups, retrieving a single group, and mutating state (resolve, ignore, unresolve). New Zod schemas for these operations are defined in 🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 4
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro
Run ID: 02f583b7-aed9-4645-96f2-17502d8b8e19
📒 Files selected for processing (25)
.changeset/errors-api-schemas.md.claude/skills/errors-api-e2e/SKILL.mdapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/routes/api.v1.errors.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/v3/services/errorGroupActions.server.tsdocs/docs.jsondocs/management/errors/ignore.mdxdocs/management/errors/list.mdxdocs/management/errors/resolve.mdxdocs/management/errors/retrieve.mdxdocs/management/errors/unresolve.mdxdocs/v3-openapi.yamlinternal-packages/rbac/src/fallback.tspackages/core/src/v3/schemas/errors.tspackages/core/src/v3/schemas/index.tspackages/plugins/src/rbac.ts
📜 Review details
⏰ Context from checks skipped due to timeout. (39)
- GitHub Check: webapp / 🧪 Unit Tests: Webapp (8, 10)
- GitHub Check: webapp / 🧪 Unit Tests: Webapp (7, 10)
- GitHub Check: webapp / 🧪 Unit Tests: Webapp (10, 10)
- GitHub Check: webapp / 🧪 Unit Tests: Webapp (5, 10)
- GitHub Check: webapp / 🧪 Unit Tests: Webapp (6, 10)
- GitHub Check: webapp / 🧪 Unit Tests: Webapp (4, 10)
- GitHub Check: webapp / 🧪 Unit Tests: Webapp (9, 10)
- GitHub Check: webapp / 🧪 Unit Tests: Webapp (3, 10)
- GitHub Check: webapp / 🧪 Unit Tests: Webapp (2, 10)
- GitHub Check: webapp / 🧪 Unit Tests: Webapp (1, 10)
- GitHub Check: internal / 🧪 Unit Tests: Internal (10, 12)
- GitHub Check: internal / 🧪 Unit Tests: Internal (5, 12)
- GitHub Check: internal / 🧪 Unit Tests: Internal (12, 12)
- GitHub Check: internal / 🧪 Unit Tests: Internal (9, 12)
- GitHub Check: internal / 🧪 Unit Tests: Internal (8, 12)
- GitHub Check: internal / 🧪 Unit Tests: Internal (11, 12)
- GitHub Check: internal / 🧪 Unit Tests: Internal (4, 12)
- GitHub Check: internal / 🧪 Unit Tests: Internal (1, 12)
- GitHub Check: internal / 🧪 Unit Tests: Internal (3, 12)
- GitHub Check: internal / 🧪 Unit Tests: Internal (6, 12)
- GitHub Check: internal / 🧪 Unit Tests: Internal (7, 12)
- GitHub Check: internal / 🧪 Unit Tests: Internal (2, 12)
- GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - npm)
- GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - pnpm)
- GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - pnpm)
- GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - npm)
- GitHub Check: sdk-compat / Node.js 22.12 (ubuntu-latest)
- GitHub Check: sdk-compat / Cloudflare Workers
- GitHub Check: sdk-compat / Node.js 20.20 (ubuntu-latest)
- GitHub Check: sdk-compat / Deno Runtime
- GitHub Check: sdk-compat / Bun Runtime
- GitHub Check: packages / 🧪 Unit Tests: Packages (2, 3)
- GitHub Check: packages / 🧪 Unit Tests: Packages (3, 3)
- GitHub Check: typecheck / typecheck
- GitHub Check: packages / 🧪 Unit Tests: Packages (1, 3)
- GitHub Check: e2e-webapp / 🧪 E2E Tests: Webapp
- GitHub Check: Analyze (javascript-typescript)
- GitHub Check: 🛡️ E2E Auth Tests (full)
- GitHub Check: Build and publish previews
🧰 Additional context used
📓 Path-based instructions (10)
docs/**/*.mdx
📄 CodeRabbit inference engine (docs/CLAUDE.md)
docs/**/*.mdx: MDX documentation pages must include frontmatter with title (required), description (required), and sidebarTitle (optional) in YAML format
Use Mintlify components for structured content: , , , , , , /, /
Always import from@trigger.dev/sdkin code examples (never from@trigger.dev/sdk/v3)
Code examples must be complete and runnable where possible
Use language tags in code fences:typescript,bash,json
Files:
docs/management/errors/retrieve.mdxdocs/management/errors/ignore.mdxdocs/management/errors/resolve.mdxdocs/management/errors/unresolve.mdxdocs/management/errors/list.mdx
**/*.{ts,tsx}
📄 CodeRabbit inference engine (.github/copilot-instructions.md)
**/*.{ts,tsx}: Use types over interfaces for TypeScript
Avoid using enums; prefer string unions or const objects insteadImport from
@trigger.dev/sdkwhen writing Trigger.dev tasks. Never use@trigger.dev/sdk/v3or deprecatedclient.defineJob
Files:
packages/core/src/v3/schemas/index.tsapps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.tsapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tspackages/plugins/src/rbac.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsinternal-packages/rbac/src/fallback.tsapps/webapp/app/v3/services/errorGroupActions.server.tspackages/core/src/v3/schemas/errors.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
{packages/core,apps/webapp}/**/*.{ts,tsx}
📄 CodeRabbit inference engine (.github/copilot-instructions.md)
Use zod for validation in packages/core and apps/webapp
Files:
packages/core/src/v3/schemas/index.tsapps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.tsapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsapps/webapp/app/v3/services/errorGroupActions.server.tspackages/core/src/v3/schemas/errors.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (.github/copilot-instructions.md)
Use function declarations instead of default exports
**/*.{ts,tsx,js,jsx}: Prefer static imports over dynamic imports. Only use dynamicimport()when circular dependencies cannot be resolved, code splitting is needed for performance, or the module must be loaded conditionally at runtime
Import subpaths only frompackages/core(@trigger.dev/core), never import from the root
Files:
packages/core/src/v3/schemas/index.tsapps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.tsapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tspackages/plugins/src/rbac.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsinternal-packages/rbac/src/fallback.tsapps/webapp/app/v3/services/errorGroupActions.server.tspackages/core/src/v3/schemas/errors.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/otel-metrics.mdc)
**/*.ts: When creating or editing OTEL metrics (counters, histograms, gauges), ensure metric attributes have low cardinality by using only enums, booleans, bounded error codes, or bounded shard IDs
Do not use high-cardinality attributes in OTEL metrics such as UUIDs/IDs (envId, userId, runId, projectId, organizationId), unbounded integers (itemCount, batchSize, retryCount), timestamps (createdAt, startTime), or free-form strings (errorMessage, taskName, queueName)
When exporting OTEL metrics via OTLP to Prometheus, be aware that the exporter automatically adds unit suffixes to metric names (e.g., 'my_duration_ms' becomes 'my_duration_ms_milliseconds', 'my_counter' becomes 'my_counter_total'). Account for these transformations when writing Grafana dashboards or Prometheus queries
Files:
packages/core/src/v3/schemas/index.tsapps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.tsapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tspackages/plugins/src/rbac.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsinternal-packages/rbac/src/fallback.tsapps/webapp/app/v3/services/errorGroupActions.server.tspackages/core/src/v3/schemas/errors.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
packages/core/**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (packages/core/CLAUDE.md)
Never import the root package (
@trigger.dev/core). Always use subpath imports such as@trigger.dev/core/v3,@trigger.dev/core/v3/utils,@trigger.dev/core/logger, or@trigger.dev/core/schemas
Files:
packages/core/src/v3/schemas/index.tspackages/core/src/v3/schemas/errors.ts
**/*.{js,ts,tsx,jsx,css,json,md}
📄 CodeRabbit inference engine (AGENTS.md)
Use Prettier for code formatting and run
pnpm run formatbefore committing
Files:
packages/core/src/v3/schemas/index.tsapps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.tsdocs/docs.jsonapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tspackages/plugins/src/rbac.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsinternal-packages/rbac/src/fallback.tsapps/webapp/app/v3/services/errorGroupActions.server.tspackages/core/src/v3/schemas/errors.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
apps/webapp/**/*.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/webapp.mdc)
apps/webapp/**/*.{ts,tsx}: Access environment variables through theenvexport ofenv.server.tsinstead of directly accessingprocess.env
Use subpath exports from@trigger.dev/corepackage instead of importing from the root@trigger.dev/corepathUse named constants for sentinel/placeholder values (e.g.
const UNSET_VALUE = '__unset__') instead of raw string literals scattered across comparisons
Files:
apps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.tsapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsapps/webapp/app/v3/services/errorGroupActions.server.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
docs/**/docs.json
📄 CodeRabbit inference engine (docs/CLAUDE.md)
docs/**/docs.json: Main documentation config must be defined indocs.jsonwhich includes navigation structure, theme, and metadata
Navigation structure indocs.jsonshould be organized usingnavigation.dropdownswith groups and pages
Files:
docs/docs.json
apps/webapp/**/*.server.ts
📄 CodeRabbit inference engine (apps/webapp/CLAUDE.md)
apps/webapp/**/*.server.ts: Never userequest.signalfor detecting client disconnects. UsegetRequestAbortSignal()fromapp/services/httpAsyncStorage.server.tsinstead, which is wired directly to Expressres.on('close')and fires reliably
Access environment variables viaenvexport fromapp/env.server.ts. Never useprocess.envdirectly
Always usefindFirstinstead offindUniquein Prisma queries.findUniquehas an implicit DataLoader that batches concurrent calls and has active bugs even in Prisma 6.x (uppercase UUIDs returning null, composite key SQL correctness issues, 5-10x worse performance).findFirstis never batched and avoids this entire class of issues
Files:
apps/webapp/app/presenters/v3/ApiRunListPresenter.server.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/v3/services/errorGroupActions.server.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
🧠 Learnings (21)
📚 Learning: 2026-03-10T12:44:14.176Z
Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 3200
File: docs/config/config-file.mdx:353-368
Timestamp: 2026-03-10T12:44:14.176Z
Learning: In the trigger.dev repo, docs PRs are often companions to implementation PRs. When reviewing docs PRs (MDX files under docs/), check the PR description for any companion/related PR references and verify that the documented features exist in those companion PRs before flagging missing implementations. This ensures docs stay in sync with code changes across related PRs.
Applied to files:
docs/management/errors/retrieve.mdxdocs/management/errors/ignore.mdxdocs/management/errors/resolve.mdxdocs/management/errors/unresolve.mdxdocs/management/errors/list.mdx
📚 Learning: 2026-04-30T20:30:29.458Z
Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3226
File: docs/ai-chat/quick-start.mdx:13-13
Timestamp: 2026-04-30T20:30:29.458Z
Learning: In this repo’s documentation MDX files (`docs/**/*.mdx`), use `ts` and `tsx` (not `typescript`) as the code-fence language tags for TypeScript/TSX snippets. Do not flag `ts`/`tsx` code-fence language tags as incorrect in any docs MDX file, since this is the site-wide Mintlify-compatible convention.
Applied to files:
docs/management/errors/retrieve.mdxdocs/management/errors/ignore.mdxdocs/management/errors/resolve.mdxdocs/management/errors/unresolve.mdxdocs/management/errors/list.mdx
📚 Learning: 2026-06-14T17:36:56.078Z
Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3942
File: docs/management/sessions/create.mdx:1-4
Timestamp: 2026-06-14T17:36:56.078Z
Learning: In trigger.dev docs, MDX pages under `docs/management/` that include an `openapi:` key in their frontmatter are intentional OpenAPI-driven reference stubs (typically `title` + `openapi` only). The page description is rendered from the referenced OpenAPI operation, so do not flag missing `description` frontmatter on these pages.
Applied to files:
docs/management/errors/retrieve.mdxdocs/management/errors/ignore.mdxdocs/management/errors/resolve.mdxdocs/management/errors/unresolve.mdxdocs/management/errors/list.mdx
📚 Learning: 2026-03-22T13:26:12.060Z
Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3244
File: apps/webapp/app/components/code/TextEditor.tsx:81-86
Timestamp: 2026-03-22T13:26:12.060Z
Learning: In the triggerdotdev/trigger.dev codebase, do not flag `navigator.clipboard.writeText(...)` calls for `missing-await`/`unhandled-promise` issues. These clipboard writes are intentionally invoked without `await` and without `catch` handlers across the project; keep that behavior consistent when reviewing TypeScript/TSX files (e.g., usages like in `apps/webapp/app/components/code/TextEditor.tsx`).
Applied to files:
packages/core/src/v3/schemas/index.tsapps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.tsapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tspackages/plugins/src/rbac.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsinternal-packages/rbac/src/fallback.tsapps/webapp/app/v3/services/errorGroupActions.server.tspackages/core/src/v3/schemas/errors.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
📚 Learning: 2026-03-22T19:24:14.403Z
Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 3187
File: apps/webapp/app/v3/services/alerts/deliverErrorGroupAlert.server.ts:200-204
Timestamp: 2026-03-22T19:24:14.403Z
Learning: In the triggerdotdev/trigger.dev codebase, webhook URLs are not expected to contain embedded credentials/secrets (e.g., fields like `ProjectAlertWebhookProperties` should only hold credential-free webhook endpoints). During code review, if you see logging or inclusion of raw webhook URLs in error messages, do not automatically treat it as a credential-leak/secrets-in-logs issue by default—first verify the URL does not contain embedded credentials (for example, no username/password in the URL, no obvious secret/token query params or fragments). If the URL is credential-free per this project’s conventions, allow the logging.
Applied to files:
packages/core/src/v3/schemas/index.tsapps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.tsapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tspackages/plugins/src/rbac.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsinternal-packages/rbac/src/fallback.tsapps/webapp/app/v3/services/errorGroupActions.server.tspackages/core/src/v3/schemas/errors.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
📚 Learning: 2026-05-18T08:21:27.694Z
Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3632
File: apps/webapp/sentry.server.ts:4-21
Timestamp: 2026-05-18T08:21:27.694Z
Learning: When handling Prisma error P1001 ("Can't reach database server") in TypeScript, don’t assume a single error shape. Prisma can surface P1001 via two different error classes/fields: `PrismaClientKnownRequestError` exposes it as `err.code === "P1001"` (common during mid-query connection drops), while `PrismaClientInitializationError` exposes it as `err.errorCode === "P1001"` (common on client startup failure). Therefore, predicates should use `err.code === "P1001" || err.errorCode === "P1001"`. Do not flag `err.code === "P1001"` as “unreachable/never matches,” as it is expected in production.
Applied to files:
packages/core/src/v3/schemas/index.tsapps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.tsapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tspackages/plugins/src/rbac.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsinternal-packages/rbac/src/fallback.tsapps/webapp/app/v3/services/errorGroupActions.server.tspackages/core/src/v3/schemas/errors.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
📚 Learning: 2026-05-18T08:21:27.694Z
Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3632
File: apps/webapp/sentry.server.ts:4-21
Timestamp: 2026-05-18T08:21:27.694Z
Learning: When handling Prisma errors for P1001 ("Can't reach database server"), do not assume it only appears under a single property name. Prisma may surface P1001 via either `PrismaClientKnownRequestError` (`err.code === "P1001"`, e.g., mid-query connection drops) or `PrismaClientInitializationError` (`err.errorCode === "P1001"`, e.g., client startup connection failure). To reliably detect the condition, check `err.code === "P1001" || err.errorCode === "P1001"`, and avoid review rules that would incorrectly flag `err.code === "P1001"` as unreachable/never-matching.
Applied to files:
packages/core/src/v3/schemas/index.tsapps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.tsapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tspackages/plugins/src/rbac.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsinternal-packages/rbac/src/fallback.tsapps/webapp/app/v3/services/errorGroupActions.server.tspackages/core/src/v3/schemas/errors.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
📚 Learning: 2026-06-13T19:53:13.759Z
Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3937
File: packages/trigger-sdk/skills/realtime-and-frontend/SKILL.md:258-260
Timestamp: 2026-06-13T19:53:13.759Z
Learning: When reviewing code that uses `trigger.dev/react-hooks`’s `useRealtimeRun`, preserve the call signature where the first argument is the full realtime handle object (not `handle.id`). This is intentional to maintain type-safety and is consistent with the official docs; do not suggest changing the first argument from the handle object to `handle.id`.
Applied to files:
packages/core/src/v3/schemas/index.tsapps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.tsapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tspackages/plugins/src/rbac.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsinternal-packages/rbac/src/fallback.tsapps/webapp/app/v3/services/errorGroupActions.server.tspackages/core/src/v3/schemas/errors.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
📚 Learning: 2026-06-17T17:13:49.929Z
Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 3948
File: apps/webapp/app/routes/_app.orgs.$organizationSlug.projects.$projectParam.env.$envParam.bulk-actions.$bulkActionParam/route.tsx:48-62
Timestamp: 2026-06-17T17:13:49.929Z
Learning: In triggerdotdev/trigger.dev, within `dashboardLoader`/`dashboardAction` (or similar context resolver code) whenever you resolve an organization ID from an organization slug for RBAC/enterprise authorization scope, always read from the primary Prisma client (`prisma`), not `$replica`. Using `$replica` can hit replica-lag and cause the RBAC lookup/authorization to run without the correct org scope (bypassing intended role enforcement). Implement the slug→org lookup with `prisma.organization.findFirst(...)` (or equivalent primary-client query) and add an inline comment documenting why the primary client is required (replica lag could lead to unscoped RBAC checks).
Applied to files:
packages/core/src/v3/schemas/index.tsapps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.tsapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tspackages/plugins/src/rbac.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsinternal-packages/rbac/src/fallback.tsapps/webapp/app/v3/services/errorGroupActions.server.tspackages/core/src/v3/schemas/errors.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
📚 Learning: 2026-06-04T18:16:35.386Z
Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 3836
File: apps/supervisor/src/backpressure/backpressureMonitor.ts:3-5
Timestamp: 2026-06-04T18:16:35.386Z
Learning: When reviewing TypeScript in this repo, apply the rule “prefer type aliases over interfaces” only to data/object shapes and union/intersection type modeling. If an interface is being used as a behavioral contract for collaborators to implement (e.g., method-shape interfaces that define required behavior, such as `BackpressureLogger` / `BackpressureSignalSource` in `apps/supervisor/src/backpressure/backpressureMonitor.ts`), keep it as an `interface` and do not flag it as a type-alias-vs-interface violation.
Applied to files:
packages/core/src/v3/schemas/index.tsapps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.tsapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tspackages/plugins/src/rbac.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsinternal-packages/rbac/src/fallback.tsapps/webapp/app/v3/services/errorGroupActions.server.tspackages/core/src/v3/schemas/errors.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
📚 Learning: 2026-06-09T17:58:04.699Z
Learnt from: 0ski
Repo: triggerdotdev/trigger.dev PR: 3879
File: apps/webapp/app/models/vercelIntegration.server.ts:619-630
Timestamp: 2026-06-09T17:58:04.699Z
Learning: In this codebase, outbound raw `fetch` calls should typically rely on Node/undici’s default request timeout (about ~300s) rather than adding a per-call `AbortController` + `setTimeout` wrapper inside individual functions (e.g. in files like `apps/webapp/app/models/vercelIntegration.server.ts`). During code review, do not flag the absence of a per-call timeout on a single `fetch` as an issue; if per-call timeouts are needed, they should be implemented via a codebase-wide convention (e.g., a shared fetch wrapper or documented pattern) rather than ad-hoc per-function changes.
Applied to files:
packages/core/src/v3/schemas/index.tsapps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.tsapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tspackages/plugins/src/rbac.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsinternal-packages/rbac/src/fallback.tsapps/webapp/app/v3/services/errorGroupActions.server.tspackages/core/src/v3/schemas/errors.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
📚 Learning: 2026-05-12T21:04:05.815Z
Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3542
File: apps/webapp/app/components/sessions/v1/SessionStatus.tsx:1-3
Timestamp: 2026-05-12T21:04:05.815Z
Learning: In this Remix + TypeScript codebase, do not flag a server/client boundary violation when a file imports only types from a module matching `*.server`.
Specifically, it’s safe to import types using `import type { Foo } from "*.server"` or `import { type Foo } from "*.server"` because TypeScript erases type-only imports at compile time and they emit no JavaScript, so they won’t cross the Remix server/client bundle boundary.
Only raise the boundary concern for value imports (e.g., `import { Foo }` without `type`, or `import Foo`), since those produce JavaScript output.
Applied to files:
apps/webapp/app/routes/api.v1.errors.$errorId.tsapps/webapp/app/routes/api.v1.errors.tsapps/webapp/app/presenters/v3/ApiRunListPresenter.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.resolve.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/routes/api.v1.errors.$errorId.unresolve.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.tsapps/webapp/app/routes/api.v1.errors.$errorId.ignore.tsapps/webapp/app/v3/services/errorGroupActions.server.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
📚 Learning: 2026-02-06T19:53:38.843Z
Learnt from: 0ski
Repo: triggerdotdev/trigger.dev PR: 2994
File: apps/webapp/app/presenters/v3/DeploymentListPresenter.server.ts:233-237
Timestamp: 2026-02-06T19:53:38.843Z
Learning: When constructing Vercel dashboard URLs from deployment IDs, always strip the dpl_ prefix from the ID. Implement this by transforming the ID with .replace(/^dpl_/, "") before concatenating into the URL: https://vercel.com/${teamSlug}/${projectName}/${cleanedDeploymentId}. Consider centralizing this logic in a small helper (e.g., getVercelDeploymentId(id) or a URL builder) and add tests to verify both prefixed and non-prefixed inputs.
Applied to files:
apps/webapp/app/presenters/v3/ApiRunListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
📚 Learning: 2026-05-05T09:38:02.512Z
Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3523
File: apps/webapp/app/routes/api.v3.batches.ts:178-181
Timestamp: 2026-05-05T09:38:02.512Z
Learning: When reviewing code that catches `ServiceValidationError` in `*.server.ts` files, do not blindly forward `error.status` to HTTP responses, because SVEs may be thrown with non-default statuses (e.g., 400/500) and forwarding them can cause client-visible behavioral regressions (e.g., surfacing 500s to clients). Prefer a safe default response status of `error.status ?? 422`, but only after confirming via the reachable call graph that the caught `ServiceValidationError` instances are expected to carry those non-default statuses; otherwise, normalize to `422` to avoid unexpected client-visible 5xx behavior.
Applied to files:
apps/webapp/app/presenters/v3/ApiRunListPresenter.server.tsapps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/services/apiAuth.server.tsapps/webapp/app/v3/services/errorGroupActions.server.tsapps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsapps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts
📚 Learning: 2026-03-26T09:02:07.973Z
Learnt from: myftija
Repo: triggerdotdev/trigger.dev PR: 3274
File: apps/webapp/app/services/runsReplicationService.server.ts:922-924
Timestamp: 2026-03-26T09:02:07.973Z
Learning: When parsing Trigger.dev task run annotations in server-side services, keep `TaskRun.annotations` strictly conforming to the `RunAnnotations` schema from `trigger.dev/core/v3`. If the code already uses `RunAnnotations.safeParse` (e.g., in a `#parseAnnotations` helper), treat that as intentional/necessary for atomic, schema-accurate annotation handling. Do not recommend relaxing the annotation payload schema or using a permissive “passthrough” parse path, since the annotations are expected to be written atomically in one operation and should not contain partial/legacy payloads that would require a looser parser.
Applied to files:
apps/webapp/app/services/routeBuilders/apiBuilder.server.tsapps/webapp/app/services/apiAuth.server.ts
📚 Learning: 2026-05-01T15:45:05.096Z
Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 3499
File: internal-packages/rbac/src/fallback.ts:34-107
Timestamp: 2026-05-01T15:45:05.096Z
Learning: When reviewing triggerdotdev/trigger.dev RBAC auth code, do not treat missing Personal Access Token (PAT) handling inside `authenticateBearer` as a bug. `authenticateBearer` is intentionally scoped to runtime environment API keys and Public JWTs only; PAT auth is handled via the separate PAT route builder (e.g., `createLoaderPATApiRoute`) which calls `authenticateApiRequestWithPersonalAccessToken` directly. Ensure that reviewers compare auth behavior against these distinct architectural paths (OSS fallback and cloud plugin) before flagging an issue.
Applied to files:
internal-packages/rbac/src/fallback.ts
📚 Learning: 2026-05-09T08:07:24.612Z
Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 3499
File: internal-packages/rbac/src/fallback.ts:271-277
Timestamp: 2026-05-09T08:07:24.612Z
Learning: When reviewing RBAC/auth code that looks up or validates `PersonalAccessToken` (PAT), do not flag missing `expiresAt`/expiration checks: the PAT model has no `expiresAt` column and is treated as perpetual until manually revoked via `revokedAt`. Only require/enforce expiration logic when the code is dealing with `OrganizationAccessToken`, which does have an `expiresAt` field (and should be checked accordingly).
Applied to files:
internal-packages/rbac/src/fallback.ts
📚 Learning: 2026-03-10T17:56:20.938Z
Learnt from: samejr
Repo: triggerdotdev/trigger.dev PR: 3201
File: apps/webapp/app/v3/services/setSeatsAddOn.server.ts:25-29
Timestamp: 2026-03-10T17:56:20.938Z
Learning: Do not implement local userId-to-organizationId authorization checks inside org-scoped service classes (e.g., SetSeatsAddOnService, SetBranchesAddOnService) in the web app. Rely on route-layer authentication (requireUserId(request)) and org membership enforcement via the _app.orgs.$organizationSlug layout route. Any userId/organizationId that reaches these services from org-scoped routes has already been validated. Apply this pattern across all org-scoped services to avoid redundant auth checks and maintain consistency.
Applied to files:
apps/webapp/app/v3/services/errorGroupActions.server.ts
📚 Learning: 2026-03-29T19:16:28.864Z
Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 3291
File: apps/webapp/app/v3/featureFlags.ts:53-65
Timestamp: 2026-03-29T19:16:28.864Z
Learning: When reviewing TypeScript code that uses Zod v3, treat `z.coerce.*()` schemas as their direct Zod type (e.g., `z.coerce.boolean()` returns a `ZodBoolean` with `_def.typeName === "ZodBoolean"`) rather than a `ZodEffects`. Only `.preprocess()`, `.refine()`/`.superRefine()`, and `.transform()` are expected to wrap schemas in `ZodEffects`. Therefore, in reviewers’ logic like `getFlagControlType`, do not flag/unblock failures that require unwrapping `ZodEffects` when the input schema is a `z.coerce.*` schema.
Applied to files:
apps/webapp/app/v3/services/errorGroupActions.server.ts
📚 Learning: 2026-06-09T16:27:26.195Z
Learnt from: myftija
Repo: triggerdotdev/trigger.dev PR: 3878
File: apps/webapp/app/v3/services/computeTemplateCreation.server.ts:0-0
Timestamp: 2026-06-09T16:27:26.195Z
Learning: When working in triggerdotdev/trigger.dev code related to worker-group/region default resolution (e.g., defaultWorkerInstanceGroupId handling used by getGlobalDefaultWorkerGroup, getDefaultWorkerGroupForProject, and RegionsPresenter), do NOT add org-level featureFlags overrides in only one resolution site. That can cause template creation routing/decisions to diverge from actual run routing. If org-level override of the default region/worker group is required, it must be centralized in getGlobalDefaultWorkerGroup so every resolution path remains aligned.
Applied to files:
apps/webapp/app/v3/services/errorGroupActions.server.ts
📚 Learning: 2026-05-14T08:21:07.614Z
Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3614
File: apps/webapp/app/v3/mollifier/mollifierGate.server.ts:48-52
Timestamp: 2026-05-14T08:21:07.614Z
Learning: When using Trigger.dev v3 feature flags in the webapp, prefer the existing per-org gating mechanism supported by `flag()` via the `overrides` argument. Pass `Organization.featureFlags` (from `environment.organization.featureFlags`) as the `overrides` value; overrides must take precedence over the global `featureFlag` row. Do not require schema changes or add an `orgId` field to `FlagsOptions` for per-org gating—use the overrides pattern consistently (e.g., in gate flows like `resolveOrgFlag` and any server code that threads `environment.organization.featureFlags` into the gate call).
Applied to files:
apps/webapp/app/v3/services/errorGroupActions.server.ts
🪛 SkillSpector (2.1.1)
.claude/skills/errors-api-e2e/SKILL.md
[warning] 83: [E1] External Transmission: Data is being sent to an external URL. This could be legitimate telemetry or data exfiltration. Manual review is recommended.
Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.
(Data Exfiltration (E1))
[warning] 123: [E1] External Transmission: Data is being sent to an external URL. This could be legitimate telemetry or data exfiltration. Manual review is recommended.
Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.
(Data Exfiltration (E1))
[warning] 126: [E1] External Transmission: Data is being sent to an external URL. This could be legitimate telemetry or data exfiltration. Manual review is recommended.
Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.
(Data Exfiltration (E1))
[warning] 148: [E1] External Transmission: Data is being sent to an external URL. This could be legitimate telemetry or data exfiltration. Manual review is recommended.
Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.
(Data Exfiltration (E1))
[warning] 158: [E1] External Transmission: Data is being sent to an external URL. This could be legitimate telemetry or data exfiltration. Manual review is recommended.
Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.
(Data Exfiltration (E1))
[warning] 164: [E1] External Transmission: Data is being sent to an external URL. This could be legitimate telemetry or data exfiltration. Manual review is recommended.
Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.
(Data Exfiltration (E1))
[warning] 173: [E1] External Transmission: Data is being sent to an external URL. This could be legitimate telemetry or data exfiltration. Manual review is recommended.
Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.
(Data Exfiltration (E1))
[warning] 180: [E1] External Transmission: Data is being sent to an external URL. This could be legitimate telemetry or data exfiltration. Manual review is recommended.
Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.
(Data Exfiltration (E1))
[error] 83: [SC2] External Script Fetching: Remote code is downloaded and executed. This bypasses code review and could introduce malicious code.
Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.
(Supply Chain (SC2))
[error] 104: [SC2] External Script Fetching: Remote code is downloaded and executed. This bypasses code review and could introduce malicious code.
Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.
(Supply Chain (SC2))
[error] 105: [SC2] External Script Fetching: Remote code is downloaded and executed. This bypasses code review and could introduce malicious code.
Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.
(Supply Chain (SC2))
[error] 106: [SC2] External Script Fetching: Remote code is downloaded and executed. This bypasses code review and could introduce malicious code.
Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.
(Supply Chain (SC2))
[error] 113: [SC2] External Script Fetching: Remote code is downloaded and executed. This bypasses code review and could introduce malicious code.
Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.
(Supply Chain (SC2))
[error] 134: [SC2] External Script Fetching: Remote code is downloaded and executed. This bypasses code review and could introduce malicious code.
Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.
(Supply Chain (SC2))
[error] 148: [SC2] External Script Fetching: Remote code is downloaded and executed. This bypasses code review and could introduce malicious code.
Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.
(Supply Chain (SC2))
[error] 158: [SC2] External Script Fetching: Remote code is downloaded and executed. This bypasses code review and could introduce malicious code.
Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.
(Supply Chain (SC2))
[error] 164: [SC2] External Script Fetching: Remote code is downloaded and executed. This bypasses code review and could introduce malicious code.
Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.
(Supply Chain (SC2))
[error] 173: [SC2] External Script Fetching: Remote code is downloaded and executed. This bypasses code review and could introduce malicious code.
Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.
(Supply Chain (SC2))
🔇 Additional comments (26)
apps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts (1)
14-172: LGTM!Also applies to: 214-227
apps/webapp/app/presenters/v3/ApiRunListPresenter.server.ts (1)
86-87: No changes needed. Thefilter[error]parameter correctly expects and handles the friendlyerror_<fingerprint>format. The value is documented as friendly format (line 86) and assigned directly tooptions.errorId(line 243), which is the intended behavior. Downstream code converts the friendly ID to raw fingerprint only when necessary usingErrorId.toId().docs/v3-openapi.yaml (1)
3518-3701: LGTM!Also applies to: 3788-3832, 4307-4499
docs/docs.json (1)
382-391: LGTM!docs/management/errors/list.mdx (1)
1-4: LGTM!docs/management/errors/retrieve.mdx (1)
1-4: LGTM!docs/management/errors/resolve.mdx (1)
1-4: LGTM!docs/management/errors/ignore.mdx (1)
1-4: LGTM!docs/management/errors/unresolve.mdx (1)
1-4: LGTM!packages/core/src/v3/schemas/errors.ts (1)
1-88: LGTM!packages/core/src/v3/schemas/index.ts (1)
19-19: LGTM!.changeset/errors-api-schemas.md (1)
1-6: LGTM!apps/webapp/app/routes/api.v1.projects.$projectRef.$env.jwt.ts (1)
120-135: LGTM!packages/plugins/src/rbac.ts (1)
228-231: LGTM!internal-packages/rbac/src/fallback.ts (1)
130-133: LGTM!Also applies to: 145-145
apps/webapp/app/services/apiAuth.server.ts (1)
59-65: LGTM!apps/webapp/app/services/routeBuilders/apiBuilder.server.ts (1)
81-83: LGTM!apps/webapp/app/v3/services/errorGroupActions.server.ts (1)
17-20: LGTM!Also applies to: 40-40, 58-60, 63-66, 93-93
apps/webapp/app/routes/api.v1.errors.$errorId.resolve.ts (2)
47-48: Same post-write re-fetch consistency concern as already noted onapps/webapp/app/routes/api.v1.errors.$errorId.ignore.ts(Line 55-56).
1-46: LGTM!Also applies to: 49-50
apps/webapp/app/routes/api.v1.errors.$errorId.unresolve.ts (2)
39-40: Same post-write re-fetch consistency concern as already noted onapps/webapp/app/routes/api.v1.errors.$errorId.ignore.ts(Line 55-56).
1-38: LGTM!Also applies to: 41-42
apps/webapp/app/routes/api.v1.errors.ts (1)
1-29: LGTM!apps/webapp/app/routes/api.v1.errors.$errorId.ts (1)
1-25: LGTM!apps/webapp/app/routes/api.v1.errors.$errorId.ignore.ts (1)
1-53: LGTM!Also applies to: 57-58
.claude/skills/errors-api-e2e/SKILL.md (1)
1-199: LGTM!
| const row = await this._replica.errorGroupState.findFirst({ | ||
| where: { | ||
| environmentId, | ||
| taskIdentifier, | ||
| errorFingerprint: fingerprint, | ||
| }, | ||
| select: { | ||
| status: true, | ||
| resolvedAt: true, | ||
| resolvedInVersion: true, | ||
| resolvedBy: true, | ||
| ignoredAt: true, | ||
| ignoredUntil: true, | ||
| ignoredReason: true, | ||
| ignoredByUserId: true, | ||
| ignoredUntilOccurrenceRate: true, | ||
| ignoredUntilTotalOccurrences: true, | ||
| }, | ||
| }); |
There was a problem hiding this comment.
Use primary DB reads for mutation follow-up responses.
Line 190 reads error-group state from _replica. Since this presenter is reused by resolve/ignore/unresolve flows that re-fetch immediately, replica lag can return stale status/metadata in the mutation response. Use a strongly consistent read path (primary Prisma client) for this lookup when serving post-write responses.
| "page[after]": z.string().optional(), | ||
| "page[before]": z.string().optional(), |
There was a problem hiding this comment.
Reject conflicting cursor directions in the same request.
When both page[after] and page[before] are provided, Lines 94-97 silently override the forward cursor from Lines 89-92. Add schema-level mutual exclusivity so clients get a clear validation error instead of ambiguous pagination behavior.
Also applies to: 89-97
| const statuses = value.split(","); | ||
| const invalid = statuses.filter((status) => !(status in API_STATUS_TO_DB)); | ||
|
|
||
| if (invalid.length > 0) { | ||
| ctx.addIssue({ | ||
| code: z.ZodIssueCode.custom, | ||
| message: `Invalid status values: ${invalid.join( | ||
| ", " | ||
| )}. Allowed: unresolved, resolved, ignored.`, | ||
| }); | ||
| return z.NEVER; | ||
| } | ||
|
|
||
| return Array.from(new Set(statuses.map((status) => API_STATUS_TO_DB[status]))); |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n apps/webapp/app/presenters/v3/ApiErrorListPresenter.server.ts | head -100Repository: triggerdotdev/trigger.dev
Length of output: 4082
🏁 Script executed:
rg "API_STATUS_TO_DB" apps/webapp/app/presenters/v3/ -A 5 -B 2Repository: triggerdotdev/trigger.dev
Length of output: 2309
🏁 Script executed:
fd "ApiErrorListPresenter" apps/webapp --type fRepository: triggerdotdev/trigger.dev
Length of output: 131
🏁 Script executed:
rg "type ErrorGroupStatus" apps/webapp --type ts -A 3 -B 1Repository: triggerdotdev/trigger.dev
Length of output: 4420
🏁 Script executed:
rg "ErrorGroupStatus" packages/database --type ts | head -20Repository: triggerdotdev/trigger.dev
Length of output: 127
🏁 Script executed:
fd -t d "database" packages/ --max-depth 2Repository: triggerdotdev/trigger.dev
Length of output: 51
🏁 Script executed:
rg "ErrorGroupStatus" --type ts -l | head -10Repository: triggerdotdev/trigger.dev
Length of output: 574
🏁 Script executed:
rg "enum ErrorGroupStatus|type ErrorGroupStatus|ErrorGroupStatus.*=" --type ts -A 3 | head -30Repository: triggerdotdev/trigger.dev
Length of output: 2974
🏁 Script executed:
rg "filter\[status\]|statuses" apps/webapp/app/presenters/v3/ErrorsListPresenter.server.ts -A 2 -B 2 | head -40Repository: triggerdotdev/trigger.dev
Length of output: 1242
🏁 Script executed:
cat -n apps/webapp/app/presenters/v3/ErrorsListPresenter.server.ts | sed -n '1,50p'Repository: triggerdotdev/trigger.dev
Length of output: 2241
🏁 Script executed:
rg "Object.prototype.hasOwnProperty|\.hasOwnProperty" apps/webapp --type ts | head -10Repository: triggerdotdev/trigger.dev
Length of output: 420
🏁 Script executed:
rg "in API_STATUS|in Record" apps/webapp/app/presenters/v3/ --type tsRepository: triggerdotdev/trigger.dev
Length of output: 213
🏁 Script executed:
cat apps/webapp/tsconfig.json | head -50Repository: triggerdotdev/trigger.dev
Length of output: 869
🏁 Script executed:
rg "toString|valueOf|constructor" apps/webapp/app/presenters/v3/ApiErrorListPresenter.server.tsRepository: triggerdotdev/trigger.dev
Length of output: 51
🏁 Script executed:
rg "ApiErrorListSearchParams" apps/webapp/app --type ts -A 3 -B 3 | head -50Repository: triggerdotdev/trigger.dev
Length of output: 2935
🏁 Script executed:
rg "filter\[status\]" apps/webapp --type tsx --type ts | head -20Repository: triggerdotdev/trigger.dev
Length of output: 97
🏁 Script executed:
rg "page\[after\]|page\[before\]" apps/webapp/app/presenters/v3/ApiErrorListPresenter.server.ts -A 5 -B 5Repository: triggerdotdev/trigger.dev
Length of output: 969
🏁 Script executed:
cat -n apps/webapp/app/presenters/v3/ApiErrorListPresenter.server.ts | sed -n '85,105p'Repository: triggerdotdev/trigger.dev
Length of output: 847
Fix filter[status] validation to prevent prototype-chain property bypass.
Line 48 uses status in API_STATUS_TO_DB, which allows inherited properties (e.g., toString, constructor) to bypass validation. These invalid values then map to function objects instead of valid status strings. Use Object.prototype.hasOwnProperty.call() instead, which is already the established pattern in the codebase (see traceExport.server.ts, common.server.ts).
Suggested fix
const statuses = value.split(",");
- const invalid = statuses.filter((status) => !(status in API_STATUS_TO_DB));
+ const invalid = statuses.filter(
+ (status) => !Object.prototype.hasOwnProperty.call(API_STATUS_TO_DB, status)
+ );📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| const statuses = value.split(","); | |
| const invalid = statuses.filter((status) => !(status in API_STATUS_TO_DB)); | |
| if (invalid.length > 0) { | |
| ctx.addIssue({ | |
| code: z.ZodIssueCode.custom, | |
| message: `Invalid status values: ${invalid.join( | |
| ", " | |
| )}. Allowed: unresolved, resolved, ignored.`, | |
| }); | |
| return z.NEVER; | |
| } | |
| return Array.from(new Set(statuses.map((status) => API_STATUS_TO_DB[status]))); | |
| const statuses = value.split(","); | |
| const invalid = statuses.filter( | |
| (status) => !Object.prototype.hasOwnProperty.call(API_STATUS_TO_DB, status) | |
| ); | |
| if (invalid.length > 0) { | |
| ctx.addIssue({ | |
| code: z.ZodIssueCode.custom, | |
| message: `Invalid status values: ${invalid.join( | |
| ", " | |
| )}. Allowed: unresolved, resolved, ignored.`, | |
| }); | |
| return z.NEVER; | |
| } | |
| return Array.from(new Set(statuses.map((status) => API_STATUS_TO_DB[status]))); |
| const updated = await findErrorGroupResource(authentication, params.errorId); | ||
| return json(updated); |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
rg -n -C3 'const updated = await findErrorGroupResource\(' apps/webapp/app/routes/api.v1.errors.\$errorId.ignore.ts apps/webapp/app/routes/api.v1.errors.\$errorId.resolve.ts apps/webapp/app/routes/api.v1.errors.\$errorId.unresolve.ts
rg -n -C5 'class ApiErrorGroupPresenter|getState|\$replica|prisma' apps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.tsRepository: triggerdotdev/trigger.dev
Length of output: 2974
🏁 Script executed:
# Get full getState implementation
sed -n '174,230p' apps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.tsRepository: triggerdotdev/trigger.dev
Length of output: 1570
🏁 Script executed:
# Check if replica is used in state retrieval and how data is fetched
rg -n 'getState|replica|primary|\$prisma' apps/webapp/app/presenters/v3/ApiErrorGroupPresenter.server.ts | head -40Repository: triggerdotdev/trigger.dev
Length of output: 245
🏁 Script executed:
# Find and examine findErrorGroupResource implementation
rg -n -B5 -A15 'export.*findErrorGroupResource|function findErrorGroupResource' apps/webapp/app --type tsRepository: triggerdotdev/trigger.dev
Length of output: 2225
Use primary-consistent reads for post-mutation responses.
After ignoreError, resolveError, or unresolveError succeeds, the immediate findErrorGroupResource(...) call reads from the replica database via getState(), which may lag behind the primary. Clients may receive a 200 response with pre-mutation status.
This affects all three routes (ignore.ts, resolve.ts, unresolve.ts). Pass the primary database connection to ApiErrorGroupPresenter instead of the replica to ensure the re-fetch reflects the mutation.
Summary
Adds an environment-scoped HTTP API over the Errors feature, mirroring the runs API. Task-run failures are grouped by a fingerprint into "error groups," and this exposes everything you can do with them in the dashboard:
GET /api/v1/errorslists error groups, withfilter[taskIdentifier],filter[version],filter[status](unresolved/resolved/ignored),filter[search], a time range, and cursor pagination.GET /api/v1/errors/{errorId}retrieves a single group (summary, lifecycle state, affected versions).POST /api/v1/errors/{errorId}/{resolve,ignore,unresolve}changes its state.GET /api/v1/runs?filter[error]={errorId}lists the runs behind a group.Request and response schemas are exported from
@trigger.dev/core/v3so the SDK can reuse them, and all endpoints are documented in the API reference (OpenAPI).errorIdis theerror_<fingerprint>friendly id.Attribution
State changes record who made them. A plain environment API key has no user, so
resolvedBy/ignoredByUserIdstay null. When the caller uses an environment JWT obtained by exchanging a personal access token or a delegated user token atPOST /api/v1/projects/:ref/:env/jwt, that exchange now stamps anactdelegation claim, and the write endpoints readact.subto attribute the change to the acting user. This is the first endpoint to consume theactclaim, so two small pieces of plumbing ride along: the exchange stampsactfor personal-access-token subjects too (it was delegated-token-only), and the public-JWT bearer-auth path surfacesact.subto the handler.Built on the delegated-token work in #3997.