fix(cli): match bundleSkills indexer env with main worker indexer

[ericallam]

Summary

The bundleSkills step (new in 4.5.0-rc.0) runs an extra indexer pass to discover registered Agent Skills so it can copy their folders into .trigger/skills/{id}/ before the worker starts. It runs in a child process that imports every task file.

The child was getting env: process.env, while the main worker indexer at backgroundWorker.ts:62 gets the merged env from devSupervisor.#getEnvVars — which injects TRIGGER_API_URL and TRIGGER_SECRET_KEY from the active CLI profile.

So any task file that reads process.env.TRIGGER_API_URL (or related CLI-injected vars) at module top level imported fine in the real worker but threw on import in the bundleSkills indexer, surfacing as a spurious warning on every dev rebuild for any project that doesn't duplicate TRIGGER_API_URL into its .env:

[bundleSkills] skill discovery failed, skipping skill bundling: Failed to import some task files

The user's code is fine — the dev worker comes up green and tasks execute normally — but skill discovery is silently skipped, which is a real (if quiet) functional gap for any project that uses both chat.agent + skills AND relies on the CLI to inject TRIGGER_API_URL from the profile.

Fix

Thread TRIGGER_API_URL + TRIGGER_SECRET_KEY from the client into the bundleSkills env in devSession.ts, so the two indexer passes see the same environment. The deploy path (buildWorker.ts) is unaffected — those vars aren't meaningful at build time.

Follow-up

The cleanest architectural fix is to eliminate the duplicate indexer pass entirely — the main worker indexer already returns workerManifest.skills, so bundleSkills could read from there instead of running its own indexer. Tracked separately; this PR is the surgical fix for the symptom.

Test plan

• Reproduce: trigger dev in a project that (a) reads process.env.TRIGGER_API_URL at module top level in a task file and (b) doesn't have TRIGGER_API_URL in its .env. Confirm the [bundleSkills] skill discovery failed warning appears.
• With this PR applied, the same project should start clean — no warning.
• Sanity: existing projects (ai-chat reference, hello-world) still start clean.

[changeset-bot]

🦋 Changeset detected

Latest commit: a373c51

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 32 packages

Name	Type
trigger.dev	Patch
references-ai-chat	Patch
d3-chat	Patch
references-d3-openai-agents	Patch
references-nextjs-realtime	Patch
references-realtime-hooks-test	Patch
references-realtime-streams	Patch
references-telemetry	Patch
@trigger.dev/build	Patch
@trigger.dev/core	Patch
@trigger.dev/plugins	Patch
@trigger.dev/python	Patch
@trigger.dev/react-hooks	Patch
@trigger.dev/redis-worker	Patch
@trigger.dev/rsc	Patch
@trigger.dev/schema-to-json	Patch
@trigger.dev/sdk	Patch
@trigger.dev/database	Patch
@trigger.dev/otlp-importer	Patch
@trigger.dev/rbac	Patch
@internal/cache	Patch
@internal/clickhouse	Patch
@internal/llm-model-catalog	Patch
@internal/redis	Patch
@internal/replication	Patch
@internal/run-engine	Patch
@internal/schedule-engine	Patch
@internal/testcontainers	Patch
@internal/tracing	Patch
@internal/tsql	Patch
@internal/zod-worker	Patch
@internal/sdk-compat-tests	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 71faebb0-1ed9-4295-a433-3c58b21684fb

📥 Commits

Reviewing files that changed from the base of the PR and between acfba02 and a373c51.

📒 Files selected for processing (2)

• .changeset/bundle-skills-env.md
• packages/cli-v3/src/dev/devSession.ts

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (24)

• GitHub Check: internal / 🧪 Unit Tests: Internal (4, 8)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (7, 8)
• GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - npm)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (1, 8)
• GitHub Check: typecheck / typecheck
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (4, 8)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (8, 8)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (5, 8)
• GitHub Check: internal / 🧪 Unit Tests: Internal (7, 8)
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - npm)
• GitHub Check: internal / 🧪 Unit Tests: Internal (8, 8)
• GitHub Check: internal / 🧪 Unit Tests: Internal (6, 8)
• GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - pnpm)
• GitHub Check: e2e-webapp / 🧪 E2E Tests: Webapp
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - pnpm)
• GitHub Check: internal / 🧪 Unit Tests: Internal (3, 8)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (3, 8)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (6, 8)
• GitHub Check: internal / 🧪 Unit Tests: Internal (1, 8)
• GitHub Check: packages / 🧪 Unit Tests: Packages (1, 1)
• GitHub Check: internal / 🧪 Unit Tests: Internal (2, 8)
• GitHub Check: internal / 🧪 Unit Tests: Internal (5, 8)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (2, 8)
• GitHub Check: Analyze (javascript-typescript)

🧰 Additional context used

📓 Path-based instructions (5)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{ts,tsx}: Use types over interfaces for TypeScript
Avoid using enums; prefer string unions or const objects instead

Always import tasks from @trigger.dev/sdk. Never use @trigger.dev/sdk/v3 or deprecated client.defineJob.

Files:

• packages/cli-v3/src/dev/devSession.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use function declarations instead of default exports

**/*.{ts,tsx,js,jsx}: In packages/core (@trigger.dev/core), import subpaths only, never import from root.
Add crumbs as you write code using // @Crumbs comments or `// `#region` `@crumbs blocks for debug tracing. They should be stripped by agentcrumbs strip before merge.

Files:

• packages/cli-v3/src/dev/devSession.ts

**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/otel-metrics.mdc)

**/*.ts: When creating or editing OTEL metrics (counters, histograms, gauges), ensure metric attributes have low cardinality by using only enums, booleans, bounded error codes, or bounded shard IDs
Do not use high-cardinality attributes in OTEL metrics such as UUIDs/IDs (envId, userId, runId, projectId, organizationId), unbounded integers (itemCount, batchSize, retryCount), timestamps (createdAt, startTime), or free-form strings (errorMessage, taskName, queueName)
When exporting OTEL metrics via OTLP to Prometheus, be aware that the exporter automatically adds unit suffixes to metric names (e.g., 'my_duration_ms' becomes 'my_duration_ms_milliseconds', 'my_counter' becomes 'my_counter_total'). Account for these transformations when writing Grafana dashboards or Prometheus queries

Files:

• packages/cli-v3/src/dev/devSession.ts

packages/cli-v3/src/dev/**/*

📄 CodeRabbit inference engine (packages/cli-v3/CLAUDE.md)

Dev mode code should be located in src/dev/ and runs tasks locally in the user's Node.js process without containers

Files:

• packages/cli-v3/src/dev/devSession.ts

**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (AGENTS.md)

Code formatting must be enforced using Prettier before committing

Files:

• packages/cli-v3/src/dev/devSession.ts

🧠 Learnings (4)

📚 Learning: 2026-03-22T13:26:12.060Z

Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3244
File: apps/webapp/app/components/code/TextEditor.tsx:81-86
Timestamp: 2026-03-22T13:26:12.060Z
Learning: In the triggerdotdev/trigger.dev codebase, do not flag `navigator.clipboard.writeText(...)` calls for `missing-await`/`unhandled-promise` issues. These clipboard writes are intentionally invoked without `await` and without `catch` handlers across the project; keep that behavior consistent when reviewing TypeScript/TSX files (e.g., usages like in `apps/webapp/app/components/code/TextEditor.tsx`).

Applied to files:

• packages/cli-v3/src/dev/devSession.ts

📚 Learning: 2026-03-22T19:24:14.403Z

Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 3187
File: apps/webapp/app/v3/services/alerts/deliverErrorGroupAlert.server.ts:200-204
Timestamp: 2026-03-22T19:24:14.403Z
Learning: In the triggerdotdev/trigger.dev codebase, webhook URLs are not expected to contain embedded credentials/secrets (e.g., fields like `ProjectAlertWebhookProperties` should only hold credential-free webhook endpoints). During code review, if you see logging or inclusion of raw webhook URLs in error messages, do not automatically treat it as a credential-leak/secrets-in-logs issue by default—first verify the URL does not contain embedded credentials (for example, no username/password in the URL, no obvious secret/token query params or fragments). If the URL is credential-free per this project’s conventions, allow the logging.

Applied to files:

• packages/cli-v3/src/dev/devSession.ts

📚 Learning: 2026-05-18T08:21:27.694Z

Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3632
File: apps/webapp/sentry.server.ts:4-21
Timestamp: 2026-05-18T08:21:27.694Z
Learning: When handling Prisma error P1001 ("Can't reach database server") in TypeScript, don’t assume a single error shape. Prisma can surface P1001 via two different error classes/fields: `PrismaClientKnownRequestError` exposes it as `err.code === "P1001"` (common during mid-query connection drops), while `PrismaClientInitializationError` exposes it as `err.errorCode === "P1001"` (common on client startup failure). Therefore, predicates should use `err.code === "P1001" || err.errorCode === "P1001"`. Do not flag `err.code === "P1001"` as “unreachable/never matches,” as it is expected in production.

Applied to files:

• packages/cli-v3/src/dev/devSession.ts

📚 Learning: 2026-05-18T08:21:27.694Z

Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3632
File: apps/webapp/sentry.server.ts:4-21
Timestamp: 2026-05-18T08:21:27.694Z
Learning: When handling Prisma errors for P1001 ("Can't reach database server"), do not assume it only appears under a single property name. Prisma may surface P1001 via either `PrismaClientKnownRequestError` (`err.code === "P1001"`, e.g., mid-query connection drops) or `PrismaClientInitializationError` (`err.errorCode === "P1001"`, e.g., client startup connection failure). To reliably detect the condition, check `err.code === "P1001" || err.errorCode === "P1001"`, and avoid review rules that would incorrectly flag `err.code === "P1001"` as unreachable/never-matching.

Applied to files:

• packages/cli-v3/src/dev/devSession.ts

🔇 Additional comments (2)

.changeset/bundle-skills-env.md (1)

1-6: LGTM!

packages/cli-v3/src/dev/devSession.ts (1)

138-142: ⚡ Quick win

Request the missing input to rewrite the review comment: No <review_comment> content was provided to rewrite—paste the original comment (and any diff/context it references).

---

Walkthrough

This PR fixes a dev-session issue where the bundleSkills indexer pass was missing required environment variables. The change adds TRIGGER_API_URL and TRIGGER_SECRET_KEY to the environment passed into bundleSkills, derived from the CLI client configuration. Inline comments clarify that the indexer-pass environment must match the main worker indexer to prevent task files that expect these variables at module load time from failing during skill discovery. A changeset entry documents the patch-level fix.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: ensuring the bundleSkills indexer environment matches the main worker indexer environment.
Description check	✅ Passed	The description provides comprehensive context, clearly explains the problem, solution, and includes a detailed test plan, but the checklist items are incomplete.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/bundle-skills-env

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}