feat(sdk): chat.agent — runtime + browser transport (2/4)

[ericallam]

Summary

Adds chat.agent({...}), a durable conversational task runtime, plus the browser-side TriggerChatTransport + AgentChat that drive it from a React or Next.js app. Conversations survive page refreshes, network blips, idle suspend, and process restarts, with built-in tools, HITL approvals, multi-turn state, and stop-mid-stream cancellation. Builds on #3542.

Design

Each /in/append request carries at most one new message. The agent reconstructs prior history at run boot from an object-store snapshot plus a session.out replay tail, so conversation context lives server-side instead of bloating the wire. Awaited snapshot writes after every onTurnComplete keep the chain durable across idle suspend. Registering hydrateMessages short-circuits both paths for customers who own their own conversation store.

Lifecycle hooks — onChatStart, onTurnStart, onTurnComplete, onAction, onValidateMessages, hydrateMessages — cover validation, persistence, and post-turn work. chat.history exposes read primitives (getPendingToolCalls, getResolvedToolCalls, extractNewToolResults, findMessage, all) for HITL flows. chat.local gives per-run typed state with Proxy access and dirty tracking. chat.headStart bridges first-turn TTFC via a customer HTTP handler. oomMachine opts a chat into one-shot OOM-retry on a larger machine.

TriggerChatTransport is a Transport implementation for Vercel's ai-sdk useChat: delta-only wire sends, SSE reconnection with lastEventId resume, stop/abort cleanup, dynamic accessToken refresh, X-Peek-Settled fast-close. AgentChat is the direct programmatic equivalent. A cross-tab coordinator does leader election so multiple open tabs share a single SSE.

import { chat } from "@trigger.dev/sdk/ai";
import { streamText } from "ai";

export const myChat = chat.agent({
  id: "my-chat",
  run: async ({ messages, signal }) =>
    streamText({ model: openai("gpt-4o"), messages, abortSignal: signal }),
});

Test plan

• Run the chat.agent task end-to-end via useChat against a local webapp
• Kill the page mid-stream, refresh, verify the stream resumes and history persists
• Stop a turn mid-stream via stop(), verify clean abort
• Trigger a tool that requires approval, approve it, verify resume
• Run a long conversation (50+ turns), verify snapshot writes keep wire payloads small

Stack

Part of a 4-PR stack. Merge bottom-up.

1. feat: Sessions dashboard, task_kind, and chat-ready hardening (1/4) #3542 → main — Sessions dashboard + chat-ready hardening
2. This PR (feat(sdk): chat.agent — runtime + browser transport (2/4) #3543) → feat: Sessions dashboard, task_kind, and chat-ready hardening (1/4) #3542
3. feat(webapp): agent-view dashboard for chat.agent runs (3/4) #3545 → feat(sdk): chat.agent — runtime + browser transport (2/4) #3543 — agent-view dashboard
4. feat: ai-chat reference project + MCP agent-chat tooling (4/4) #3546 → feat(webapp): agent-view dashboard for chat.agent runs (3/4) #3545 — ai-chat reference + MCP tooling

Originally split across #3543 and #3544. Folded into a single PR because the SDK package.json subpath exports for ./chat and ./chat/react made the runtime and the browser transport install-coupled.

---

This is part 4 of 5 in a stack made with GitButler:

•  5  feat(webapp,core,cli): filter runs by region in dashboard, API, and MCP #3612
•  4  feat: ai-chat reference project + MCP agent-chat tooling (4/4) #3546
•  3  feat(webapp): agent-view dashboard for chat.agent runs (3/4) #3545
•  2  feat(sdk): chat.agent — runtime + browser transport (2/4) #3543 👈
•  1  feat: Sessions dashboard, task_kind, and chat-ready hardening (1/4) #3542

[changeset-bot]

🦋 Changeset detected

Latest commit: 353fbf1

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 31 packages

Name	Type
@trigger.dev/sdk	Minor
@trigger.dev/core	Minor
@trigger.dev/build	Minor
trigger.dev	Minor
@trigger.dev/python	Minor
@internal/sdk-compat-tests	Patch
d3-chat	Patch
references-d3-openai-agents	Patch
references-nextjs-realtime	Patch
references-realtime-hooks-test	Patch
references-realtime-streams	Patch
references-telemetry	Patch
@trigger.dev/plugins	Minor
@trigger.dev/redis-worker	Minor
@trigger.dev/schema-to-json	Minor
@internal/cache	Patch
@internal/clickhouse	Patch
@internal/llm-model-catalog	Patch
@trigger.dev/rbac	Minor
@internal/redis	Patch
@internal/replication	Patch
@internal/run-engine	Patch
@internal/schedule-engine	Patch
@internal/testcontainers	Patch
@internal/tracing	Patch
@internal/tsql	Patch
@internal/zod-worker	Patch
@trigger.dev/react-hooks	Minor
@trigger.dev/rsc	Minor
@trigger.dev/database	Minor
@trigger.dev/otlp-importer	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: c562936e-c7c6-422d-8c5b-9105687fda2f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/chat-agent-runtime

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[devin-ai-integration]

Devin Review found 4 potential issues.

View 5 additional findings in Devin Review.

[devin-ai-integration]

🔴 Public HeadStartSession.handover type omits required isFinal parameter, causing agent to always enter non-final path

The public HeadStartSession type declares handover(args: { partialAssistantMessage: ModelMessage[] }) at packages/trigger-sdk/src/v3/chat-server.ts:133, but the internal function it maps to (chat-server.ts:382-394) requires isFinal: boolean. When a customer calls handle.handover({ partialAssistantMessage: msgs }) through the chat.openSession() escape-hatch API, args.isFinal is undefined. In JSON.stringify at line 393, isFinal: undefined is omitted from the wire payload. The agent receiving this kind: "handover" chunk interprets the missing isFinal as falsy, so it always enters the non-final branch (runs streamText to execute tool-calls) — even when the customer intended a final handover (pure-text, no LLM call). There is no way for a customer using the manual handover() method to signal a final response.

Suggested change

	handover(args: { partialAssistantMessage: ModelMessage[] }): Promise<void>;
	handover(args: { partialAssistantMessage: ModelMessage[]; isFinal?: boolean; messageId?: string }): Promise<void>;

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

🟡 Idle timer leak when handoverWhenDone is called outside handoverResponse

In openHandoverSession, an idleTimer is created at chat-server.ts:321 that aborts the session's AbortController after the timeout. The clearTimeout(idleTimer) call only exists inside handoverResponse at line 603 (chained on handoverWhenDone's .finally()). When a customer uses the lower-level chat.openSession() API and calls handle.tee() + handle.handoverWhenDone() directly — without going through handle.handoverResponse() — the timer is never cleared. After idleTimeoutInSeconds (default 60s), the timer fires and calls abortController.abort(), which may cancel in-progress operations or SSE subscriptions that the customer still needs.

Prompt for agents

The idleTimer created at line 321 is only cleared inside handoverResponse (line 603). The HeadStartSession handle exposes handoverWhenDone as a standalone public method (line 640), but if a customer calls it directly via the chat.openSession() escape hatch, the timer never gets cleared. Move the clearTimeout(idleTimer) into the handoverWhenDone function itself (e.g. in its finally block), so the timer is always cleared regardless of which code path invokes handoverWhenDone.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

🚩 streams.define().append() changed from raw append to writer-based serialization

The define<TPart>().append() method at streams.ts:664-676 was changed from delegating to the raw append() function (which sends BodyInit) to using writer() with a single write() call. The comment explains this ensures objects are serialized the same way as stream.writer() — the raw append API sends BodyInit which doesn't serialize objects correctly for SSE consumers. This is a behavioral change to the RealtimeDefinedStream.append() method. Any existing code that relied on the old raw-append behavior (e.g., passing pre-stringified data) will now get double-serialized through the writer path. The change is intentional and an improvement, but callers should be aware of the semantic shift.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

🚩 peerDependency range for 'ai' package narrowed — drops v4 support

In packages/trigger-sdk/package.json, the ai peer dependency range changed from ^4.2.0 || ^5.0.0 || ^6.0.0 to ^5.0.0 || ^6.0.0, dropping v4 support. The changeset mentions this is intentional (new features require AI SDK v5+). This is a breaking change for any existing users on ai@4.x — they'll see peer dependency warnings on install. The devDependency was also bumped from ^6.0.0 to ^6.0.116.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

Devin Review found 1 new potential issue.

View 13 additional findings in Devin Review.

[devin-ai-integration]

🟡 ChatStream calls onAssistantMessage callback twice when consumed via messages()

When ChatStream is constructed with an onAssistantMessage callback, the constructor tees the stream and starts a background collector IIFE that calls onAssistantMessage when the collector branch drains (chat-client.ts:142-144). If the consumer then iterates via messages(), that method reads the other tee branch and also calls this.onAssistantMessage at the end (chat-client.ts:183-184). Both branches process the same data and both invoke the callback, so onAssistantMessage fires twice with the same lastAssistantMessage. Currently no internal caller passes onAssistantMessage to the constructor (sendMessage and sendAction both call new ChatStream(rawStream) without it), so this only affects direct new ChatStream(stream, callback) + .messages() usage — but ChatStream is a public export.

Prompt for agents

The issue is in ChatStream (chat-client.ts). When onAssistantMessage is provided, the constructor tees the stream and starts a background IIFE on the collector branch that calls onAssistantMessage when done. The messages() method also calls onAssistantMessage after draining the consumer branch. Both fire the callback.

Fix options:
1. In messages(), skip the onAssistantMessage call when the tee collector is active (i.e., when _messageCollector is set). The collector IIFE handles the callback in that case.
2. Alternatively, don't tee at all when messages() is the intended consumption path — detect and short-circuit.

The simplest fix is option 1: in messages() at the end, guard the callback with something like:
  if (this.lastAssistantMessage && this.onAssistantMessage && !this._messageCollector) {
    this.onAssistantMessage(this.lastAssistantMessage);
  }

This way, when the constructor set up the collector IIFE (meaning _messageCollector is truthy), messages() defers to the collector for the callback.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

Devin Review found 2 new potential issues.

View 17 additional findings in Devin Review.

[devin-ai-integration]

🟡 Unbounded stdout/stderr accumulation in runBashInSkill before truncation can cause OOM

The runBashInSkill function accumulates stdout and stderr into strings with no size cap during the child process execution (stdout += chunk.toString()). The truncate() call only fires after the process exits in the close event handler. If an LLM tool call generates a command that produces very large output (e.g., cat /dev/zero | head -c 2000000000), the in-memory string grows unbounded until the process completes or the container OOMs. The DEFAULT_BASH_OUTPUT_BYTES limit of 64 KiB only trims the string after it has already been fully accumulated in memory.

Accumulation without cap vs. post-hoc truncation

Lines 110–114 accumulate without limit:

child.stdout?.on("data", (chunk) => {
  stdout += chunk.toString(); // grows unbounded
});

Lines 117–121 truncate only on close:

child.once("close", (code) => {
  resolvePromise({
    stdout: truncate(stdout, DEFAULT_BASH_OUTPUT_BYTES), // too late
  });
});

Prompt for agents

In runBashInSkill (agentSkillsRuntime.ts), the stdout and stderr strings accumulate data from the child process data events without any size cap. The truncate() call at close time only trims after the entire output is already in memory. To fix this, cap the accumulation in the on(data) handlers: once stdout.length exceeds DEFAULT_BASH_OUTPUT_BYTES, stop appending new chunks (or discard them). Same for stderr. This prevents an LLM-generated command from producing enough output to OOM the worker process. A simple approach: check the current length before appending and skip/trim chunks that would push past the limit. You could also track a boolean like stdoutCapped to avoid repeated length checks after the cap is hit.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

🚩 safeJoinInside path-traversal guard does not resolve symlinks

The safeJoinInside function uses nodePath.resolve() which normalizes .. segments but does NOT resolve filesystem symlinks. A symlink placed inside the skill directory (e.g., skills/demo/link -> /etc) would pass the prefix check since resolve(skillPath, 'link/passwd') produces {skillPath}/link/passwd which starts with the normalized root. The actual fs.readFile call would then follow the symlink to /etc/passwd. In practice this is low-risk because skill directories are developer-authored content bundled at build time — the developer controls what's there. However, if bash tool calls create symlinks at runtime (the bash tool runs with the skill dir as cwd), an LLM could exploit this. Using fs.realpath on the resolved path before the prefix check would close this gap.

---

Was this helpful? React with 👍 or 👎 to provide feedback.