Skip to content

feat(sdk): add bulk replay to api and sdk#4105

Draft
carderne wants to merge 12 commits into
mainfrom
feature/tri-6326-bulk-actions-via-the-sdkapi
Draft

feat(sdk): add bulk replay to api and sdk#4105
carderne wants to merge 12 commits into
mainfrom
feature/tri-6326-bulk-actions-via-the-sdkapi

Conversation

@carderne

@carderne carderne commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds SDK and API support for run bulk actions. You can now create bulk cancel or replay actions from @trigger.dev/sdk using run IDs or the same filters as runs.list(), then retrieve, list, poll, or abort the action by its bulk_ handle.

Tests, docs, changesets added.

Design

The dashboard bulk action service now accepts structured filters instead of reading directly from a dashboard request, so the dashboard and API share the same creation path. Replay actions created through the API are attributed with the existing api trigger source, while dashboard-created actions keep dashboard.

The SDK exposes the new surface under runs.bulk.*, including targetRegion for replay region overrides and cursor pagination for listing bulk actions.

Filters and runIds

Nuance on filters. If filter is provided, it MUST have at least one key. This is to remove the footgun of passing no filter and selecting all runs.

   { action: "cancel", runIds: ["run_1"] } // valid
   { action: "cancel", runIds: [] } // invalid, min(1)
   { action: "cancel", filter: { status: "FAILED" } } // valid
   { action: "cancel", filter: {} } // invalid
   { action: "cancel", filter: {}, runIds: ["run_1"] } // invalid

@changeset-bot

changeset-bot Bot commented Jul 2, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: c7f451b

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 28 packages
Name Type
@trigger.dev/core Patch
@trigger.dev/sdk Patch
@trigger.dev/build Patch
trigger.dev Patch
@trigger.dev/plugins Patch
@trigger.dev/python Patch
@trigger.dev/redis-worker Patch
@trigger.dev/schema-to-json Patch
@internal/cache Patch
@internal/clickhouse Patch
@internal/llm-model-catalog Patch
@trigger.dev/rbac Patch
@internal/redis Patch
@internal/replication Patch
@internal/run-engine Patch
@internal/run-store Patch
@internal/schedule-engine Patch
@trigger.dev/sso Patch
@internal/testcontainers Patch
@internal/tracing Patch
@internal/tsql Patch
@internal/zod-worker Patch
@internal/dashboard-agent Patch
@internal/sdk-compat-tests Patch
@trigger.dev/react-hooks Patch
@trigger.dev/rsc Patch
@trigger.dev/database Patch
@trigger.dev/otlp-importer Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Walkthrough

Adds bulk action request and response schemas, client-side TypeScript types, list presentation, API routes, documentation for bulk action operations, and an end-to-end test suite covering listing, retrieval, aborting, and create validation/error cases.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning It covers summary and design, but omits the required template sections like Closes #issue, checklist, testing, changelog, and screenshots. Add the missing template sections: Closes #issue, checklist items, Testing steps, Changelog, and Screenshots, or mark sections N/A if needed.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and clearly related, though it only highlights replay and omits the broader bulk-action API/SDK work.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feature/tri-6326-bulk-actions-via-the-sdkapi

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@carderne carderne force-pushed the feature/tri-6326-bulk-actions-via-the-sdkapi branch from 7a685b9 to c9c208c Compare July 2, 2026 10:57
github-advanced-security[bot]

This comment was marked as resolved.

@pkg-pr-new

pkg-pr-new Bot commented Jul 2, 2026

Copy link
Copy Markdown

Open in StackBlitz

@trigger.dev/build

npm i https://pkg.pr.new/@trigger.dev/build@d789912

trigger.dev

npm i https://pkg.pr.new/trigger.dev@d789912

@trigger.dev/core

npm i https://pkg.pr.new/@trigger.dev/core@d789912

@trigger.dev/python

npm i https://pkg.pr.new/@trigger.dev/python@d789912

@trigger.dev/react-hooks

npm i https://pkg.pr.new/@trigger.dev/react-hooks@d789912

@trigger.dev/redis-worker

npm i https://pkg.pr.new/@trigger.dev/redis-worker@d789912

@trigger.dev/rsc

npm i https://pkg.pr.new/@trigger.dev/rsc@d789912

@trigger.dev/schema-to-json

npm i https://pkg.pr.new/@trigger.dev/schema-to-json@d789912

@trigger.dev/sdk

npm i https://pkg.pr.new/@trigger.dev/sdk@d789912

commit: d789912

@carderne carderne marked this pull request as ready for review July 2, 2026 11:58
devin-ai-integration[bot]

This comment was marked as resolved.

devin-ai-integration[bot]

This comment was marked as resolved.

name: "runs.bulk.cancel()",
icon: "runs",
attributes: {
...flattenAttributes(options as Record<string, unknown>, "bulkAction"),

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With AI/scripting, API users could plausibly dump thousands of runIds in here that we pump to otel, maybe we want to truncate/omit these?

Comment thread apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts (1)

45-49: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Throw a validation error for mutually exclusive cursors.
page[after] and page[before] are client input; the loader turns a plain Error into a 500, so use ServiceValidationError or an explicit 400 response here to return a client error instead.


ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 680ee98f-a405-4810-8f5a-65bf0104ee1a

📥 Commits

Reviewing files that changed from the base of the PR and between d789912 and c7f451b.

📒 Files selected for processing (3)
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
📜 Review details
⏰ Context from checks skipped due to timeout. (4)
  • GitHub Check: code-quality / code-quality
  • GitHub Check: audit
  • GitHub Check: audit
  • GitHub Check: 🛡️ E2E Auth Tests (full)
🧰 Additional context used
📓 Path-based instructions (8)
**/*.{ts,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{ts,tsx}: Use types over interfaces for TypeScript
Avoid using enums; prefer string unions or const objects instead

Files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
{packages/core,apps/webapp}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use zod for validation in packages/core and apps/webapp

Files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use function declarations instead of default exports

Files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/otel-metrics.mdc)

**/*.ts: When creating or editing OTEL metrics (counters, histograms, gauges), ensure metric attributes have low cardinality by using only enums, booleans, bounded error codes, or bounded shard IDs
Do not use high-cardinality attributes in OTEL metrics such as UUIDs/IDs (envId, userId, runId, projectId, organizationId), unbounded integers (itemCount, batchSize, retryCount), timestamps (createdAt, startTime), or free-form strings (errorMessage, taskName, queueName)
When exporting OTEL metrics via OTLP to Prometheus, be aware that the exporter automatically adds unit suffixes to metric names (e.g., 'my_duration_ms' becomes 'my_duration_ms_milliseconds', 'my_counter' becomes 'my_counter_total'). Account for these transformations when writing Grafana dashboards or Prometheus queries

Files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
apps/webapp/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/webapp.mdc)

apps/webapp/**/*.{ts,tsx}: Access environment variables through the env export of env.server.ts instead of directly accessing process.env
Use subpath exports from @trigger.dev/core package instead of importing from the root @trigger.dev/core path

Use named constants for sentinel/placeholder values (e.g. const UNSET_VALUE = '__unset__') instead of raw string literals scattered across comparisons

Files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
**/*.{ts,tsx,js,jsx,mts,cts,mjs,cjs}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx,js,jsx,mts,cts,mjs,cjs}: Use pnpm run typecheck for changes in apps (apps/*) and internal packages (internal-packages/*), and never use build to verify those changes.
Use Vitest for tests, and never mock anything; use testcontainers instead.
Prefer static imports over dynamic import(), and only use dynamic imports for unresolved circular dependencies, genuine code-splitting needs, or conditional runtime loading.

Files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
**/*.{ts,tsx,js,jsx,mts,cts,mjs,cjs,md,mdx}

📄 CodeRabbit inference engine (CLAUDE.md)

Always import from @trigger.dev/sdk when writing Trigger.dev tasks; never use @trigger.dev/sdk/v3 or deprecated client.defineJob.

Files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
apps/webapp/**/*.server.ts

📄 CodeRabbit inference engine (apps/webapp/CLAUDE.md)

apps/webapp/**/*.server.ts: Never use request.signal for detecting client disconnects. Use getRequestAbortSignal() from app/services/httpAsyncStorage.server.ts instead, which is wired directly to Express res.on('close') and fires reliably
Access environment variables via env export from app/env.server.ts. Never use process.env directly
Always use findFirst instead of findUnique in Prisma queries. findUnique has an implicit DataLoader that batches concurrent calls and has active bugs even in Prisma 6.x (uppercase UUIDs returning null, composite key SQL correctness issues, 5-10x worse performance). findFirst is never batched and avoids this entire class of issues

Files:

  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
🧠 Learnings (14)
📚 Learning: 2026-03-22T13:26:12.060Z
Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3244
File: apps/webapp/app/components/code/TextEditor.tsx:81-86
Timestamp: 2026-03-22T13:26:12.060Z
Learning: In the triggerdotdev/trigger.dev codebase, do not flag `navigator.clipboard.writeText(...)` calls for `missing-await`/`unhandled-promise` issues. These clipboard writes are intentionally invoked without `await` and without `catch` handlers across the project; keep that behavior consistent when reviewing TypeScript/TSX files (e.g., usages like in `apps/webapp/app/components/code/TextEditor.tsx`).

Applied to files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
📚 Learning: 2026-03-22T19:24:14.403Z
Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 3187
File: apps/webapp/app/v3/services/alerts/deliverErrorGroupAlert.server.ts:200-204
Timestamp: 2026-03-22T19:24:14.403Z
Learning: In the triggerdotdev/trigger.dev codebase, webhook URLs are not expected to contain embedded credentials/secrets (e.g., fields like `ProjectAlertWebhookProperties` should only hold credential-free webhook endpoints). During code review, if you see logging or inclusion of raw webhook URLs in error messages, do not automatically treat it as a credential-leak/secrets-in-logs issue by default—first verify the URL does not contain embedded credentials (for example, no username/password in the URL, no obvious secret/token query params or fragments). If the URL is credential-free per this project’s conventions, allow the logging.

Applied to files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
📚 Learning: 2026-05-18T08:21:27.694Z
Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3632
File: apps/webapp/sentry.server.ts:4-21
Timestamp: 2026-05-18T08:21:27.694Z
Learning: When handling Prisma error P1001 ("Can't reach database server") in TypeScript, don’t assume a single error shape. Prisma can surface P1001 via two different error classes/fields: `PrismaClientKnownRequestError` exposes it as `err.code === "P1001"` (common during mid-query connection drops), while `PrismaClientInitializationError` exposes it as `err.errorCode === "P1001"` (common on client startup failure). Therefore, predicates should use `err.code === "P1001" || err.errorCode === "P1001"`. Do not flag `err.code === "P1001"` as “unreachable/never matches,” as it is expected in production.

Applied to files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
📚 Learning: 2026-05-18T08:21:27.694Z
Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3632
File: apps/webapp/sentry.server.ts:4-21
Timestamp: 2026-05-18T08:21:27.694Z
Learning: When handling Prisma errors for P1001 ("Can't reach database server"), do not assume it only appears under a single property name. Prisma may surface P1001 via either `PrismaClientKnownRequestError` (`err.code === "P1001"`, e.g., mid-query connection drops) or `PrismaClientInitializationError` (`err.errorCode === "P1001"`, e.g., client startup connection failure). To reliably detect the condition, check `err.code === "P1001" || err.errorCode === "P1001"`, and avoid review rules that would incorrectly flag `err.code === "P1001"` as unreachable/never-matching.

Applied to files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
📚 Learning: 2026-06-13T19:53:13.759Z
Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3937
File: packages/trigger-sdk/skills/realtime-and-frontend/SKILL.md:258-260
Timestamp: 2026-06-13T19:53:13.759Z
Learning: When reviewing code that uses `trigger.dev/react-hooks`’s `useRealtimeRun`, preserve the call signature where the first argument is the full realtime handle object (not `handle.id`). This is intentional to maintain type-safety and is consistent with the official docs; do not suggest changing the first argument from the handle object to `handle.id`.

Applied to files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
📚 Learning: 2026-06-17T17:13:49.929Z
Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 3948
File: apps/webapp/app/routes/_app.orgs.$organizationSlug.projects.$projectParam.env.$envParam.bulk-actions.$bulkActionParam/route.tsx:48-62
Timestamp: 2026-06-17T17:13:49.929Z
Learning: In triggerdotdev/trigger.dev, within `dashboardLoader`/`dashboardAction` (or similar context resolver code) whenever you resolve an organization ID from an organization slug for RBAC/enterprise authorization scope, always read from the primary Prisma client (`prisma`), not `$replica`. Using `$replica` can hit replica-lag and cause the RBAC lookup/authorization to run without the correct org scope (bypassing intended role enforcement). Implement the slug→org lookup with `prisma.organization.findFirst(...)` (or equivalent primary-client query) and add an inline comment documenting why the primary client is required (replica lag could lead to unscoped RBAC checks).

Applied to files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
📚 Learning: 2026-06-23T13:04:21.413Z
Learnt from: carderne
Repo: triggerdotdev/trigger.dev PR: 4023
File: apps/webapp/app/services/upsertBranch.server.ts:14-18
Timestamp: 2026-06-23T13:04:21.413Z
Learning: In TypeScript, it’s valid to `import { type X }` and then use `typeof X` in a type-only position, e.g. `type Alias = z.infer<typeof X>`. The `type` modifier suppresses the runtime import, but the type checker still has the full exported type so `z.infer<typeof X>` can resolve correctly. In code reviews, don’t flag this as a TypeScript compile error as long as `typeof X` is used in a type context (e.g., with `z.infer`, `type` aliases, generics), not as a runtime value.

Applied to files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
📚 Learning: 2026-05-12T21:04:05.815Z
Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3542
File: apps/webapp/app/components/sessions/v1/SessionStatus.tsx:1-3
Timestamp: 2026-05-12T21:04:05.815Z
Learning: In this Remix + TypeScript codebase, do not flag a server/client boundary violation when a file imports only types from a module matching `*.server`.

Specifically, it’s safe to import types using `import type { Foo } from "*.server"` or `import { type Foo } from "*.server"` because TypeScript erases type-only imports at compile time and they emit no JavaScript, so they won’t cross the Remix server/client bundle boundary.

Only raise the boundary concern for value imports (e.g., `import { Foo }` without `type`, or `import Foo`), since those produce JavaScript output.

Applied to files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
📚 Learning: 2026-06-25T18:21:51.905Z
Learnt from: carderne
Repo: triggerdotdev/trigger.dev PR: 4039
File: apps/webapp/app/routes/invite-revoke.tsx:0-0
Timestamp: 2026-06-25T18:21:51.905Z
Learning: During the Zod v4 migration in the triggerdotdev/trigger.dev webapp, ensure any imports from `conform-to/zod` use the Zod-4 subpath: `conform-to/zod/v4` (e.g., `import { parseWithZod } from "conform-to/zod/v4"`). Do not import from the package root `conform-to/zod`, because it is the Zod 3 implementation and may load Zod-3-only symbols (e.g., `ZodBranded`, `ZodEffects`), which can throw at module load (notably with `zod4.4.3`). This should be enforced across `apps/webapp/**/*` where helpers like `parseWithZod` and `conformZodMessage` are used.

Applied to files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
📚 Learning: 2026-06-04T18:16:35.386Z
Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 3836
File: apps/supervisor/src/backpressure/backpressureMonitor.ts:3-5
Timestamp: 2026-06-04T18:16:35.386Z
Learning: When reviewing TypeScript in this repo, apply the rule “prefer type aliases over interfaces” only to data/object shapes and union/intersection type modeling. If an interface is being used as a behavioral contract for collaborators to implement (e.g., method-shape interfaces that define required behavior, such as `BackpressureLogger` / `BackpressureSignalSource` in `apps/supervisor/src/backpressure/backpressureMonitor.ts`), keep it as an `interface` and do not flag it as a type-alias-vs-interface violation.

Applied to files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
📚 Learning: 2026-06-09T17:58:04.699Z
Learnt from: 0ski
Repo: triggerdotdev/trigger.dev PR: 3879
File: apps/webapp/app/models/vercelIntegration.server.ts:619-630
Timestamp: 2026-06-09T17:58:04.699Z
Learning: In this codebase, outbound raw `fetch` calls should typically rely on Node/undici’s default request timeout (about ~300s) rather than adding a per-call `AbortController` + `setTimeout` wrapper inside individual functions (e.g. in files like `apps/webapp/app/models/vercelIntegration.server.ts`). During code review, do not flag the absence of a per-call timeout on a single `fetch` as an issue; if per-call timeouts are needed, they should be implemented via a codebase-wide convention (e.g., a shared fetch wrapper or documented pattern) rather than ad-hoc per-function changes.

Applied to files:

  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts
  • apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts
  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
📚 Learning: 2026-02-06T19:53:38.843Z
Learnt from: 0ski
Repo: triggerdotdev/trigger.dev PR: 2994
File: apps/webapp/app/presenters/v3/DeploymentListPresenter.server.ts:233-237
Timestamp: 2026-02-06T19:53:38.843Z
Learning: When constructing Vercel dashboard URLs from deployment IDs, always strip the dpl_ prefix from the ID. Implement this by transforming the ID with .replace(/^dpl_/, "") before concatenating into the URL: https://vercel.com/${teamSlug}/${projectName}/${cleanedDeploymentId}. Consider centralizing this logic in a small helper (e.g., getVercelDeploymentId(id) or a URL builder) and add tests to verify both prefixed and non-prefixed inputs.

Applied to files:

  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
📚 Learning: 2026-05-05T09:38:02.512Z
Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3523
File: apps/webapp/app/routes/api.v3.batches.ts:178-181
Timestamp: 2026-05-05T09:38:02.512Z
Learning: When reviewing code that catches `ServiceValidationError` in `*.server.ts` files, do not blindly forward `error.status` to HTTP responses, because SVEs may be thrown with non-default statuses (e.g., 400/500) and forwarding them can cause client-visible behavioral regressions (e.g., surfacing 500s to clients). Prefer a safe default response status of `error.status ?? 422`, but only after confirming via the reachable call graph that the caught `ServiceValidationError` instances are expected to carry those non-default statuses; otherwise, normalize to `422` to avoid unexpected client-visible 5xx behavior.

Applied to files:

  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
📚 Learning: 2026-06-21T05:35:23.468Z
Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 4005
File: apps/webapp/app/presenters/v3/ApiErrorListPresenter.server.ts:29-30
Timestamp: 2026-06-21T05:35:23.468Z
Learning: For triggerdotdev/trigger.dev list endpoints (and their presenters/handlers that implement list pagination), it is an established shared convention to allow both cursor query params `page[after]` and `page[before]` to be provided at the same time. When both are present, `page[before]` must take precedence (i.e., it should be used/wins). During code review, do NOT flag missing per-endpoint mutual-exclusion validation between `page[after]` and `page[before]` as a problem; if stricter enforcement is ever desired, it should be implemented as a codebase-wide shared convention (not individually per endpoint).

Applied to files:

  • apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts
🔇 Additional comments (6)
apps/webapp/app/presenters/v3/ApiBulkActionPresenter.server.ts (3)

39-99: Pagination logic (cursor slicing, hasMore, next/previous computation) looks correct.

Forward/backward cursor filters, take(pageSize + 1) overfetch, and next/previous derivation are internally consistent with the direction semantics.


137-155: 🎯 Functional Correctness | ⚡ Quick win

decodeCursor accepts NaN/non-finite createdAt.

typeof parsed.createdAt !== "number" passes for NaN/Infinity, so a malformed cursor like {"createdAt": NaN, "id": "x"} produces new Date(NaN) (an Invalid Date) that then flows into the Prisma where clause, likely surfacing as an opaque downstream error rather than the intended "Invalid cursor" message. Also note this function throws a plain Error, same propagation concern as above.

🛡️ Proposed fix
-    if (typeof parsed.createdAt !== "number" || typeof parsed.id !== "string") {
+    if (typeof parsed.createdAt !== "number" || !Number.isFinite(parsed.createdAt) || typeof parsed.id !== "string") {
       throw new Error("Invalid cursor");
     }

102-136: LGTM!

apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.ts (1)

22-35: LGTM! Reading from primary to avoid replica-lag 404s on the create→retrieve/poll path is consistent with the established pattern in this codebase.

apps/webapp/app/routes/api.v1.bulk-actions.$bulkActionId.abort.ts (2)

39-42: 🎯 Functional Correctness | ⚡ Quick win

Fallback status for ServiceValidationError should default to 422, not 400.

Based on learnings, the established convention when catching ServiceValidationError in *.server.ts files is to default to error.status ?? 422 rather than another default, to avoid unexpected client-visible behavioral regressions. This route uses error.status ?? 400, which is inconsistent with that established pattern.

🩹 Proposed fix
       if (error instanceof ServiceValidationError) {
-        return json({ error: error.message }, { status: error.status ?? 400 });
+        return json({ error: error.message }, { status: error.status ?? 422 });
       }

Source: Learnings


21-32: LGTM! Primary-read existence/auth gate mirrors the replica-lag rationale used elsewhere in this PR.

@carderne carderne marked this pull request as draft July 2, 2026 16:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants