feat(webapp): gate microvm regions behind compute access feature flag

[nicktrn]

Adds region-level gating so MICROVM regions are only visible and usable by orgs with the hasComputeAccess feature flag. Admins and explicit allowlist behavior unchanged.

• New shared helper (regionAccess.server.ts) with resolveComputeAccess, defaultVisibilityFilter, and isComputeRegionAccessible
• RegionsPresenter filters out MICROVM regions for non-compute orgs
• SetDefaultRegionService blocks setting a MICROVM region as default without compute access
• WorkerGroupService blocks triggering runs in MICROVM regions without compute access
• computeTemplateCreation refactored to use shared resolveComputeAccess
• Updated snapshot callback schema

[changeset-bot]

⚠️ No Changeset found

Latest commit: 564267d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

This pull request refactors compute access and region visibility controls across multiple services. A new regionAccess.server.ts module is introduced to centralize region accessibility logic based on feature flags. The snapshot callback payload schema is refactored to use a discriminated union on the status field, with snapshot_id required only for "completed" status and error only for "failed" status. Multiple services are updated to replace direct feature flag checks with calls to resolveComputeAccess() and isComputeRegionAccessible(), applying compute access restrictions when determining region visibility and eligibility. The supervisor's compute snapshot service is simplified to conditionally log snapshot IDs and errors based on callback status.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is incomplete; it lacks required template sections including a linked issue, testing steps, and a formal changelog.	Add missing template sections: link the issue with 'Closes #', describe testing steps under ## Testing, provide a changelog entry, and include the completion checklist.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title accurately summarizes the main change: gating MICROVM regions behind a compute access feature flag.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/compute-region-access

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[devin-ai-integration]

Devin Review found 1 potential issue.

View 3 additional findings in Devin Review.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/webapp/app/v3/services/worker/workerGroupService.server.ts`:
- Around line 248-257: The default worker-group selection path currently
bypasses the MICROVM compute-access checks when regionOverride is absent; ensure
you call resolveComputeAccess(this._prisma, project.organization.featureFlags)
and run isComputeRegionAccessible(workerGroup, hasComputeAccess) for any
workerGroup chosen as project.defaultWorkerGroup (or the global default) just
like in the regionOverride branch, and if the check fails throw the same
Error(`The region you specified isn't available to you ("${regionOverride}").`)
or a similar rejection so MICROVM groups are gated regardless of whether
regionOverride was provided.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 0a6dd0fb-0821-4351-9383-e360ad18343d

📥 Commits

Reviewing files that changed from the base of the PR and between bd41bb2 and 564267d.

📒 Files selected for processing (7)

• apps/supervisor/src/services/computeSnapshotService.ts
• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/regionAccess.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• internal-packages/compute/src/types.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (28)

• GitHub Check: units / internal / 🧪 Unit Tests: Internal (5, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (8, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (1, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (4, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (7, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (6, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (6, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (1, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (7, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (4, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (2, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (8, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (5, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (3, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (2, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (3, 8)
• GitHub Check: units / packages / 🧪 Unit Tests: Packages (1, 1)
• GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - npm)
• GitHub Check: sdk-compat / Node.js 20.20 (ubuntu-latest)
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - npm)
• GitHub Check: typecheck / typecheck
• GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - pnpm)
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - pnpm)
• GitHub Check: sdk-compat / Node.js 22.12 (ubuntu-latest)
• GitHub Check: sdk-compat / Bun Runtime
• GitHub Check: sdk-compat / Cloudflare Workers
• GitHub Check: sdk-compat / Deno Runtime
• GitHub Check: Analyze (javascript-typescript)

🧰 Additional context used

📓 Path-based instructions (12)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{ts,tsx}: Use types over interfaces for TypeScript
Avoid using enums; prefer string unions or const objects instead

Files:

• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/supervisor/src/services/computeSnapshotService.ts
• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/regionAccess.server.ts
• internal-packages/compute/src/types.ts

{packages/core,apps/webapp}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use zod for validation in packages/core and apps/webapp

Files:

• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/regionAccess.server.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use function declarations instead of default exports

Files:

• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/supervisor/src/services/computeSnapshotService.ts
• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/regionAccess.server.ts
• internal-packages/compute/src/types.ts

apps/webapp/app/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/webapp.mdc)

Access all environment variables through the env export of env.server.ts instead of directly accessing process.env in the Trigger.dev webapp

Files:

• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/regionAccess.server.ts

apps/webapp/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/webapp.mdc)

apps/webapp/**/*.{ts,tsx}: When importing from @trigger.dev/core in the webapp, use subpath exports from the package.json instead of importing from the root path
Follow the Remix 2.1.0 and Express server conventions when updating the main trigger.dev webapp

Files:

• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/regionAccess.server.ts

apps/webapp/app/v3/services/**/*.server.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/webapp.mdc)

Organize services in the webapp following the pattern app/v3/services/*/*.server.ts

Files:

• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts

**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/otel-metrics.mdc)

**/*.ts: When creating or editing OTEL metrics (counters, histograms, gauges), ensure metric attributes have low cardinality by using only enums, booleans, bounded error codes, or bounded shard IDs
Do not use high-cardinality attributes in OTEL metrics such as UUIDs/IDs (envId, userId, runId, projectId, organizationId), unbounded integers (itemCount, batchSize, retryCount), timestamps (createdAt, startTime), or free-form strings (errorMessage, taskName, queueName)
When exporting OTEL metrics via OTLP to Prometheus, be aware that the exporter automatically adds unit suffixes to metric names (e.g., 'my_duration_ms' becomes 'my_duration_ms_milliseconds', 'my_counter' becomes 'my_counter_total'). Account for these transformations when writing Grafana dashboards or Prometheus queries

**/*.ts: Use typecheck to verify changes in apps and internal packages (apps/*, internal-packages/*), not build - building proves almost nothing about correctness
When writing Trigger.dev tasks, always import from @trigger.dev/sdk. Never use @trigger.dev/sdk/v3 or deprecated client.defineJob
Add crumbs as you write code - mark lines with // @Crumbs or wrap blocks in `// `#region` `@crumbs for agentcrumbs debug tracing, then strip before merge

Files:

• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/supervisor/src/services/computeSnapshotService.ts
• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/regionAccess.server.ts
• internal-packages/compute/src/types.ts

**/*.{js,ts,jsx,tsx,json,md,yaml,yml}

📄 CodeRabbit inference engine (AGENTS.md)

Format code using Prettier before committing

Files:

• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/supervisor/src/services/computeSnapshotService.ts
• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/regionAccess.server.ts
• internal-packages/compute/src/types.ts

apps/**/*

📄 CodeRabbit inference engine (CLAUDE.md)

When modifying only server components (apps/webapp/, apps/supervisor/, etc.) with no package changes, add a .server-changes/ file instead of a changeset

Files:

• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/supervisor/src/services/computeSnapshotService.ts
• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/regionAccess.server.ts

apps/webapp/**/*.server.{ts,tsx}

📄 CodeRabbit inference engine (apps/webapp/CLAUDE.md)

apps/webapp/**/*.server.{ts,tsx}: Environment variables must be accessed via the env export from app/env.server.ts and never use process.env directly
Always use findFirst instead of findUnique in Prisma queries due to implicit DataLoader batching issues and performance concerns

Files:

• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/regionAccess.server.ts

apps/webapp/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (apps/webapp/CLAUDE.md)

Use named constants for sentinel/placeholder values instead of raw string literals scattered across comparisons

Files:

• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/regionAccess.server.ts

apps/supervisor/src/services/**/*.{js,ts}

📄 CodeRabbit inference engine (apps/supervisor/CLAUDE.md)

Core service logic should be organized in the src/services/ directory

Files:

• apps/supervisor/src/services/computeSnapshotService.ts

🧠 Learnings (18)

📚 Learning: 2026-03-10T17:56:20.938Z

Learnt from: samejr
Repo: triggerdotdev/trigger.dev PR: 3201
File: apps/webapp/app/v3/services/setSeatsAddOn.server.ts:25-29
Timestamp: 2026-03-10T17:56:20.938Z
Learning: Do not implement local userId-to-organizationId authorization checks inside org-scoped service classes (e.g., SetSeatsAddOnService, SetBranchesAddOnService) in the web app. Rely on route-layer authentication (requireUserId(request)) and org membership enforcement via the _app.orgs.$organizationSlug layout route. Any userId/organizationId that reaches these services from org-scoped routes has already been validated. Apply this pattern across all org-scoped services to avoid redundant auth checks and maintain consistency.

Applied to files:

• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts

📚 Learning: 2026-03-22T13:26:12.060Z

Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3244
File: apps/webapp/app/components/code/TextEditor.tsx:81-86
Timestamp: 2026-03-22T13:26:12.060Z
Learning: In the triggerdotdev/trigger.dev codebase, do not flag `navigator.clipboard.writeText(...)` calls for `missing-await`/`unhandled-promise` issues. These clipboard writes are intentionally invoked without `await` and without `catch` handlers across the project; keep that behavior consistent when reviewing TypeScript/TSX files (e.g., usages like in `apps/webapp/app/components/code/TextEditor.tsx`).

Applied to files:

• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/supervisor/src/services/computeSnapshotService.ts
• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/regionAccess.server.ts
• internal-packages/compute/src/types.ts

📚 Learning: 2026-03-22T19:24:14.403Z

Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 3187
File: apps/webapp/app/v3/services/alerts/deliverErrorGroupAlert.server.ts:200-204
Timestamp: 2026-03-22T19:24:14.403Z
Learning: In the triggerdotdev/trigger.dev codebase, webhook URLs are not expected to contain embedded credentials/secrets (e.g., fields like `ProjectAlertWebhookProperties` should only hold credential-free webhook endpoints). During code review, if you see logging or inclusion of raw webhook URLs in error messages, do not automatically treat it as a credential-leak/secrets-in-logs issue by default—first verify the URL does not contain embedded credentials (for example, no username/password in the URL, no obvious secret/token query params or fragments). If the URL is credential-free per this project’s conventions, allow the logging.

Applied to files:

• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/supervisor/src/services/computeSnapshotService.ts
• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/regionAccess.server.ts
• internal-packages/compute/src/types.ts

📚 Learning: 2026-03-29T19:16:28.864Z

Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 3291
File: apps/webapp/app/v3/featureFlags.ts:53-65
Timestamp: 2026-03-29T19:16:28.864Z
Learning: When reviewing TypeScript code that uses Zod v3, treat `z.coerce.*()` schemas as their direct Zod type (e.g., `z.coerce.boolean()` returns a `ZodBoolean` with `_def.typeName === "ZodBoolean"`) rather than a `ZodEffects`. Only `.preprocess()`, `.refine()`/`.superRefine()`, and `.transform()` are expected to wrap schemas in `ZodEffects`. Therefore, in reviewers’ logic like `getFlagControlType`, do not flag/unblock failures that require unwrapping `ZodEffects` when the input schema is a `z.coerce.*` schema.

Applied to files:

• apps/webapp/app/v3/services/worker/workerGroupService.server.ts
• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/regionAccess.server.ts

📚 Learning: 2026-03-27T12:25:06.732Z

Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 3114
File: apps/webapp/app/v3/services/computeTemplateCreation.server.ts:109-115
Timestamp: 2026-03-27T12:25:06.732Z
Learning: In `apps/webapp/app/v3/services/computeTemplateCreation.server.ts`, the `resolveMode` method intentionally returns `"skip"` immediately when `this.client` (the `ComputeClient`) is not configured, regardless of whether the project is in required MICROVM mode. When the compute gateway is not configured, template creation is impossible, and the deployment will fail downstream if compute is actually required. Do not flag this early-return as a "fail-open" bug; the enforcement for the required mode is downstream of this service.

Applied to files:

• apps/webapp/app/v3/services/computeTemplateCreation.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/regionAccess.server.ts

📚 Learning: 2026-03-30T22:25:33.107Z

Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: apps/webapp/CLAUDE.md:0-0
Timestamp: 2026-03-30T22:25:33.107Z
Learning: Applies to apps/webapp/**/*.server.{ts,tsx} : Environment variables must be accessed via the `env` export from `app/env.server.ts` and never use `process.env` directly

Applied to files:

• apps/webapp/app/v3/services/computeTemplateCreation.server.ts

📚 Learning: 2025-11-27T16:26:58.661Z

Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: .cursor/rules/webapp.mdc:0-0
Timestamp: 2025-11-27T16:26:58.661Z
Learning: Applies to apps/webapp/app/**/*.{ts,tsx} : Access all environment variables through the `env` export of `env.server.ts` instead of directly accessing `process.env` in the Trigger.dev webapp

Applied to files:

• apps/webapp/app/v3/services/computeTemplateCreation.server.ts

📚 Learning: 2026-03-30T22:25:33.107Z

Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: apps/webapp/CLAUDE.md:0-0
Timestamp: 2026-03-30T22:25:33.107Z
Learning: Applies to apps/webapp/**/*.{test,spec}.{ts,tsx} : For testable code, never import `env.server.ts` in test files; instead pass configuration as options to constructors

Applied to files:

• apps/webapp/app/v3/services/computeTemplateCreation.server.ts

📚 Learning: 2025-11-27T16:26:58.661Z

Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: .cursor/rules/webapp.mdc:0-0
Timestamp: 2025-11-27T16:26:58.661Z
Learning: Applies to apps/webapp/app/services/**/*.server.{ts,tsx} : Separate testable services from configuration files; follow the pattern of `realtimeClient.server.ts` (testable service) and `realtimeClientGlobal.server.ts` (configuration) in the webapp

Applied to files:

• apps/webapp/app/v3/services/computeTemplateCreation.server.ts

📚 Learning: 2026-03-26T23:24:34.980Z

Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 3114
File: apps/supervisor/src/workloadServer/index.ts:494-539
Timestamp: 2026-03-26T23:24:34.980Z
Learning: In `apps/supervisor/src/workloadServer/index.ts`, the `/api/v1/compute/snapshot-complete` POST endpoint always replies `200` even when `workerClient.submitSuspendCompletion` returns `result.success === false`. This is intentional: the compute gateway's callback is fire-and-forget, it has no retry logic, and the snapshot state is already determined at the time of the callback. Returning a non-2xx would only cause the gateway to log a spurious error it cannot remediate. Failures are already logged by the supervisor, and the platform will eventually time out the suspend if it never receives a completion. Do not flag this as a bug.

Applied to files:

• apps/supervisor/src/services/computeSnapshotService.ts

📚 Learning: 2026-03-26T23:24:54.682Z

Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 3114
File: apps/supervisor/src/workloadServer/index.ts:817-825
Timestamp: 2026-03-26T23:24:54.682Z
Learning: In `apps/supervisor/src/workloadServer/index.ts` (`WorkloadServer.stop()`), pending items returned by `this.snapshotDelayWheel?.stop()` are intentionally logged and dropped rather than dispatched. The entire supervisor is shutting down, so the snapshot callback URL would point at a dead server; dispatching snapshots during teardown would create orphaned gateway callbacks. Runners detect the supervisor is gone and reconnect to a new supervisor instance, which re-triggers the snapshot workflow. Do not flag the drop-on-shutdown behavior as a bug.

Applied to files:

• apps/supervisor/src/services/computeSnapshotService.ts

📚 Learning: 2025-08-06T14:25:20.438Z

Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 2354
File: apps/webapp/app/presenters/v3/RegionsPresenter.server.ts:117-131
Timestamp: 2025-08-06T14:25:20.438Z
Learning: In RegionsPresenter.server.ts, the final sort by name that removes the "default first" ordering is intentional behavior as a way to prefer the default, as clarified by matt-aitken.

Applied to files:

• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts

📚 Learning: 2026-03-26T17:27:09.938Z

Learnt from: 0ski
Repo: triggerdotdev/trigger.dev PR: 3264
File: apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.private-connections._index/route.tsx:176-176
Timestamp: 2026-03-26T17:27:09.938Z
Learning: In `apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.private-connections._index/route.tsx`, the variable `hasPrivateNetworking` is intentionally hardcoded to `true` as a placeholder. Plan-level gating will be wired to actual billing data (e.g., `plan?.v3Subscription?.plan?.limits?.hasPrivateNetworking`) once the billing integration is complete. The route is already guarded at the feature-flag level via `hasPrivateConnections` in the loader. Do not flag this hardcoded value as dead code or a bug until the billing integration is in place.

Applied to files:

• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts
• apps/webapp/app/v3/regionAccess.server.ts

📚 Learning: 2026-04-03T11:54:21.609Z

Learnt from: samejr
Repo: triggerdotdev/trigger.dev PR: 3319
File: apps/webapp/app/routes/_app.orgs.$organizationSlug.projects.$projectParam.env.$envParam.regions/route.tsx:265-267
Timestamp: 2026-04-03T11:54:21.609Z
Learning: In `apps/webapp/app/routes/_app.orgs.$organizationSlug.projects.$projectParam.env.$envParam.regions/route.tsx`, the `TableCellMenu` for the "Set as default" region action intentionally uses `hiddenButtons` (hover-only visibility) rather than `visibleButtons`. This is a deliberate UX design choice by the team. Do not flag the hover-only visibility as an accessibility concern for this specific instance.

Applied to files:

• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/regionAccess.server.ts

📚 Learning: 2026-02-11T16:50:14.167Z

Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 3019
File: apps/webapp/app/routes/resources.orgs.$organizationSlug.projects.$projectParam.env.$envParam.dashboards.$dashboardId.widgets.tsx:126-131
Timestamp: 2026-02-11T16:50:14.167Z
Learning: In apps/webapp/app/routes/resources.orgs.$organizationSlug.projects.$projectParam.env.$envParam.dashboards.$dashboardId.widgets.tsx, MetricsDashboard entities are intentionally scoped to the organization level, not the project level. The dashboard lookup should filter by organizationId only (not projectId), allowing dashboards to be accessed across projects within the same organization. The optional projectId field on MetricsDashboard serves other purposes and should not be used as an authorization constraint.

Applied to files:

• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts
• apps/webapp/app/v3/services/setDefaultRegion.server.ts

📚 Learning: 2026-02-06T19:53:38.843Z

Learnt from: 0ski
Repo: triggerdotdev/trigger.dev PR: 2994
File: apps/webapp/app/presenters/v3/DeploymentListPresenter.server.ts:233-237
Timestamp: 2026-02-06T19:53:38.843Z
Learning: When constructing Vercel dashboard URLs from deployment IDs, always strip the dpl_ prefix from the ID. Implement this by transforming the ID with .replace(/^dpl_/, "") before concatenating into the URL: https://vercel.com/${teamSlug}/${projectName}/${cleanedDeploymentId}. Consider centralizing this logic in a small helper (e.g., getVercelDeploymentId(id) or a URL builder) and add tests to verify both prefixed and non-prefixed inputs.

Applied to files:

• apps/webapp/app/presenters/v3/RegionsPresenter.server.ts

📚 Learning: 2026-03-30T22:25:33.107Z

Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: apps/webapp/CLAUDE.md:0-0
Timestamp: 2026-03-30T22:25:33.107Z
Learning: Applies to apps/webapp/app/v3/queues.server.ts : When adding new task-level defaults, add to the existing `select` clause in `backgroundWorkerTask.findFirst()` query in `queues.server.ts` instead of adding a second query

Applied to files:

• apps/webapp/app/v3/services/setDefaultRegion.server.ts

📚 Learning: 2025-11-27T16:26:58.661Z

Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: .cursor/rules/webapp.mdc:0-0
Timestamp: 2025-11-27T16:26:58.661Z
Learning: Applies to apps/webapp/app/v3/services/**/*.server.{ts,tsx} : Organize services in the webapp following the pattern `app/v3/services/*/*.server.ts`

Applied to files:

• apps/webapp/app/v3/regionAccess.server.ts

🔇 Additional comments (6)

internal-packages/compute/src/types.ts (1)

65-80: Well-structured discriminated union schema.

The refactor from a flat object to a z.discriminatedUnion on status is a clean improvement. This correctly models the domain semantics:

• snapshot_id is required only for successful completions
• error is available only for failures
• TypeScript will properly narrow types when consumers check body.status

The consumer in computeSnapshotService.ts already leverages this narrowing correctly.

apps/supervisor/src/services/computeSnapshotService.ts (1)

82-102: Correct handling of discriminated union narrowing.

The implementation properly handles the two-variant discriminated union:

• Lines 83-89: Conditional extraction of snapshotId and error for logging before the branching logic
• Line 102: Passes the conditionally-derived snapshotId to the span emitter
• Lines 104+ and 130+: Binary if/else correctly exhausts both "completed" and "failed" variants, allowing TypeScript to narrow types within each branch

This aligns well with the schema changes in types.ts.

apps/webapp/app/v3/regionAccess.server.ts (1)

9-19: Looks good—centralized compute gating logic is clean and consistent.

This helper set correctly unifies flag resolution, visibility filtering, and runtime accessibility checks for MICROVM regions.

Also applies to: 26-34, 40-50

apps/webapp/app/v3/services/computeTemplateCreation.server.ts (1)

132-141: Nice refactor in resolveMode.

The explicit missing-project guard plus shared resolveComputeAccess(...) call keeps behavior clear and aligns this service with the new region access model.

apps/webapp/app/presenters/v3/RegionsPresenter.server.ts (1)

36-38: LGTM for presenter-side visibility gating.

Loading org feature flags and delegating to defaultVisibilityFilter(hasComputeAccess) is a good, consistent integration of the new access model.

Also applies to: 65-68, 87-87

apps/webapp/app/v3/services/setDefaultRegion.server.ts (1)

28-30: Good integration of compute-access checks when setting default regions.

This correctly enforces MICROVM eligibility in the non-allowlist path and keeps validation behavior aligned with the shared region access helper.

Also applies to: 43-57

[nicktrn]

ready