2 new features, 8 improvements, 10 bug fixes and 7 security patches.
Highlights
API and SDK support for bulk actions
Bulk actions allow runs to be re-run based on a filter or run IDs. Now it's also available via API and in the official SDK. Create, list, retrieve, poll and abort bulk actions. Runs can be targeted to a different compute region, just like in the web UI. (#4105)
const action = await runs.bulk.replay({ filter: { status: "FAILED", taskIdentifier: "sync-customer", period: "24h", }, name: "Replay failed customer syncs", targetRegion: "eu-central-1",});
Lifecycle event callbacks for TriggerChatTransport
TriggerChatTransport and useTriggerChatTransport now accept an onEvent callback that fires on typed lifecycle events: message sent, stream connected, first chunk received, and turn complete. Use it to track send latency, time-to-first-token, and detect stalled turns with just a few lines of client code. (#4187)
const transport = new TriggerChatTransport({ // ... onEvent: (event) => { if (event.type === "message-sent") metrics.timing("chat.send_ms", event.durationMs); if (event.type === "first-chunk") metrics.timing("chat.ttft_ms", event.sinceSendMs ?? 0); },});
Improvements
- Large batch payloads now offload to object storage instead of riding inline in the trigger request. batchTrigger and batchTriggerAndWait (and the by-id and by-task variants) offload any per-item payload over 128KB before sending, the same way single trigger and triggerAndWait already do, so a big batch no longer blows past the API body limit. (#4165)
- Removed internal helpers that were only used by the end-of-life v3 self-hosted compute providers. (#4194)
- The environment and branch selector dropdown will automatically revalidate when opened so that new branches show up. (#4171)
- A cleaner sign-in flow: request a magic link right from the login page, or continue with SSO. (#4182)
- Serve PostHog analytics from a same-origin /ph path that reverse-proxies to PostHog Cloud EU, following PostHog's first-party reverse-proxy guidance. (#4183)
- Refreshed the SSO & Directory Sync settings page layout and copy. (#4196)
- Migrated the webapp to Tailwind CSS v4 with a CSS-first @theme. Semantic color tokens are now CSS variables overridable per theme. Tailwind runs through @tailwindcss/postcss; plugins replaced or upgraded to v4-compatible versions. (#4139)
- Replaced raw charcoal-* Tailwind classes with semantic theme tokens across the dashboard. Adds surface, border and text tokens to the themable layer so future themes only override CSS variables. (#4139)
Bug fixes
- Fix chat turns that throw, for example from an
onTurnStarthook, leaking their message listener, which lost or duplicated messages sent during later turns. (#4176) - Fix
chat.agentandchat.createSessionpermanently dropping user messages when several arrived during a single turn: every buffered message is now dispatched as its own turn instead of only the first. (#4176) - Fix chat continuation runs replaying already-answered messages: turns delivered while the run was suspended now advance the session.in resume cursor, so a new run picks up exactly where the previous one left off. (#4176)
- Fix
chat.createSessionswallowing a message sent shortly after stopping a turn: the turn's message listener now detaches when the stream settles, so those messages run as the next turn. (#4176) - Anchor batch item run-ops residency on the batch's own friendlyId so a mid-batch flag change can no longer mint an item into a different physical store than its
BatchTaskRunrow. (#4178) - AI generation cost now uses the exact provider-reported cost from OpenRouter/Vercel AI Gateway when present, instead of catalog pricing, so cache-discounted and fallback-routed requests match the amount the provider actually billed. (#4186)
- Deleting a project no longer triggers a slow database cleanup that could hang on projects with many runs. (#4191)
- Fixed the agent playground chat failing to send messages, with "Failed to fetch" errors in some environments. Messages now reach the agent reliably. (#4193)
- Deploying with an outdated CLI could produce an image that fails to start on every run. These deploys are now stopped before going live, with a message asking you to upgrade the CLI and re-deploy. (#4184)
- Runs resuming after a wait no longer fail with
TASK_EXECUTION_ABORTEDwhen the database is briefly unreachable; the resume endpoint returns a retryable response for transient infrastructure errors instead of a permanent one. (#4161)
Security
- Harden account and access-control handling across auth, RBAC, org membership, and impersonation. (#4199)
- Harden URL handling for alert webhooks and platform notifications. (#4199)
- Harden the query and prompt-override APIs and rate-limit the query ai-title endpoint. (#4199)
- Improve redaction of secrets from debug logs. (#4199)
- Tighten environment scoping when replaying a run. (#4199)
- Scope run, batch, and trigger lookups to the caller's tenant. (#4199)
- Honor the MCP server's
--dev-onlyflag. (#4199)
How to upgrade
Update the trigger.dev/* packages to v4.5.2 using your package manager:
npx trigger.dev@latest update # npmpnpm dlx trigger.dev@latest update # pnpmyarn dlx trigger.dev@latest update # yarnbunx trigger.dev@latest update # bun
Self-hosted users: update your Docker image to ghcr.io/triggerdotdev/trigger.dev:v4.5.2.




