feat(supervisor): wide events + warm-start trace propagation#9
Open
deepshekhardas wants to merge 4 commits into
Open
feat(supervisor): wide events + warm-start trace propagation#9deepshekhardas wants to merge 4 commits into
deepshekhardas wants to merge 4 commits into
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| id: release | ||
| uses: softprops/action-gh-release@v1 | ||
| if: github.event_name == 'push' | ||
| uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
4 issues found across 1525 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name=".github/workflows/e2e-webapp.yml">
<violation number="1" location=".github/workflows/e2e-webapp.yml:67">
P2: Guard DockerHub login on both username and token so optional secrets don't cause a hard failure when only one is provided.</violation>
</file>
<file name=".github/workflows/publish-worker-v4.yml">
<violation number="1" location=".github/workflows/publish-worker-v4.yml:69">
P2: Semver releases no longer publish the additional `v4-beta` image tag, which regresses the previous tagging behavior.</violation>
</file>
<file name=".github/workflows/claude.yml">
<violation number="1" location=".github/workflows/claude.yml:22">
P1: This workflow now grants repository write permissions on `@claude` comment triggers without restricting who can invoke it, which creates an untrusted-to-write privilege escalation path.</violation>
</file>
<file name=".changeset/agent-skills.md">
<violation number="1" location=".changeset/agent-skills.md:1">
P2: Changeset describes 'Agent Skills for chat.agent' but the PR implements supervisor wide events and warm-start trace propagation. This changeset would create an inaccurate changelog entry and trigger patch bumps for packages that may not have corresponding code changes in this PR.</violation>
</file>
Note: This PR contains a large number of files. cubic only reviews up to 100 files per PR, so some files may not have been reviewed. cubic prioritizes the most important files to review.
On a pro plan you can use ultrareview for larger PRs.
Re-trigger cubic
| contents: read | ||
| pull-requests: read | ||
| issues: read | ||
| contents: write |
There was a problem hiding this comment.
P1: This workflow now grants repository write permissions on @claude comment triggers without restricting who can invoke it, which creates an untrusted-to-write privilege escalation path.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/claude.yml, line 22:
<comment>This workflow now grants repository write permissions on `@claude` comment triggers without restricting who can invoke it, which creates an untrusted-to-write privilege escalation path.</comment>
<file context>
@@ -19,24 +19,25 @@ jobs:
- contents: read
- pull-requests: read
- issues: read
+ contents: write
+ pull-requests: write
+ issues: write
</file context>
|
|
||
| # ..to avoid rate limits when pulling images | ||
| - name: 🐳 Login to DockerHub | ||
| if: ${{ env.DOCKERHUB_USERNAME }} |
There was a problem hiding this comment.
P2: Guard DockerHub login on both username and token so optional secrets don't cause a hard failure when only one is provided.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/e2e-webapp.yml, line 67:
<comment>Guard DockerHub login on both username and token so optional secrets don't cause a hard failure when only one is provided.</comment>
<file context>
@@ -0,0 +1,97 @@
+
+ # ..to avoid rate limits when pulling images
+ - name: 🐳 Login to DockerHub
+ if: ${{ env.DOCKERHUB_USERNAME }}
+ uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+ with:
</file context>
Suggested change
| if: ${{ env.DOCKERHUB_USERNAME }} | |
| if: ${{ secrets.DOCKERHUB_USERNAME && secrets.DOCKERHUB_TOKEN }} |
| image_tags=$image_tags,$ref_without_tag:v4-beta | ||
| fi | ||
| ref_without_tag=ghcr.io/triggerdotdev/${STEPS_GET_REPOSITORY_OUTPUTS_REPO} | ||
| image_tags=$ref_without_tag:${STEPS_GET_TAG_OUTPUTS_TAG} |
There was a problem hiding this comment.
P2: Semver releases no longer publish the additional v4-beta image tag, which regresses the previous tagging behavior.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/publish-worker-v4.yml, line 69:
<comment>Semver releases no longer publish the additional `v4-beta` image tag, which regresses the previous tagging behavior.</comment>
<file context>
@@ -62,26 +65,24 @@ jobs:
- image_tags=$image_tags,$ref_without_tag:v4-beta
- fi
+ ref_without_tag=ghcr.io/triggerdotdev/${STEPS_GET_REPOSITORY_OUTPUTS_REPO}
+ image_tags=$ref_without_tag:${STEPS_GET_TAG_OUTPUTS_TAG}
echo "image_tags=${image_tags}" >> "$GITHUB_OUTPUT"
</file context>
Suggested change
| image_tags=$ref_without_tag:${STEPS_GET_TAG_OUTPUTS_TAG} | |
| image_tags=$ref_without_tag:${STEPS_GET_TAG_OUTPUTS_TAG} | |
| # if tag is a semver, also tag it as v4 | |
| if [[ "$STEPS_GET_TAG_OUTPUTS_IS_SEMVER" == true ]]; then | |
| image_tags=$image_tags,$ref_without_tag:v4-beta | |
| fi |
| @@ -0,0 +1,16 @@ | |||
| --- | |||
There was a problem hiding this comment.
P2: Changeset describes 'Agent Skills for chat.agent' but the PR implements supervisor wide events and warm-start trace propagation. This changeset would create an inaccurate changelog entry and trigger patch bumps for packages that may not have corresponding code changes in this PR.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .changeset/agent-skills.md:
<comment>Changeset describes 'Agent Skills for chat.agent' but the PR implements supervisor wide events and warm-start trace propagation. This changeset would create an inaccurate changelog entry and trigger patch bumps for packages that may not have corresponding code changes in this PR.</comment>
<file context>
@@ -0,0 +1,16 @@
+---
+"@trigger.dev/sdk": patch
+"@trigger.dev/core": patch
+"@trigger.dev/build": patch
+"trigger.dev": patch
+---
+
+Add Agent Skills for `chat.agent`. Drop a folder with a `SKILL.md` and any helper scripts/references next to your task code, register it with `skills.define({ id, path })`, and the CLI bundles it into the deploy image automatically — no `trigger.config.ts` changes. The agent gets a one-line summary in its system prompt and discovers full instructions on demand via `loadSkill`, with `bash` and `readFile` tools scoped per-skill (path-traversal guards, output caps, abort-signal propagation).
+
</file context>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds wide events system to supervisor for better event propagation across worker restarts.
Changes
Files changed (17)
Test
Closes triggerdotdev#3669
Summary by cubic
Adds wide-event instrumentation to
supervisorand propagatestraceparenton warm-start runs so traces stay connected across worker restarts. Improves visibility of workload routes and run socket lifecycle; feature is disabled by default.TRIGGER_WIDE_EVENTS_ENABLED(off by default).Written for commit 671b137. Summary will update on new commits. Review in cubic