fix(core): preserve storage-node side effect + env fallback for inheritContext scopes

ericallam · ericallam · commit 2bf9ae4bf588 · 2026-05-21T12:27:12.000+01:00
Two follow-ups from review of the TriggerClient PR:

1. The bare side-effect import `import "@trigger.dev/core/v3/sdk-scope-storage"`
   from SDK code (triggerClient.ts, auth.ts) was at risk of being
   tree-shaken away by bundlers that respect `"sideEffects": false`
   on `@trigger.dev/core`. Whitelist the storage-node module in core's
   `sideEffects` array so bundlers keep the install side effect.
   Without this, the scope silently degrades to no-op in production
   bundles even though Node-runtime tests pass.

2. `auth.withAuth({ baseURL: "..." }, fn)` regressed for callers
   relying on `TRIGGER_SECRET_KEY` from the env: the scoped
   accessToken getter returned undefined instead of falling back to
   the env var, so a partial override (just baseURL) broke auth.
   Restore env fallback inside the scope, but gate it on
   `inheritContext: true` so it only applies to withAuth-style scopes,
   not to TriggerClient instances (whose isolation guarantee requires
   identity fields to come only from the constructor config).

Adds an `auth.withAuth` test that covers the partial-override-with-env
case so the regression can't return.
diff --git a/packages/core/package.json b/packages/core/package.json
@@ -171,7 +171,11 @@
       ]
     }
   },
-  "sideEffects": false,
+  "sideEffects": [
+    "./dist/esm/v3/sdkScope/storage-node.js",
+    "./dist/commonjs/v3/sdkScope/storage-node.js",
+    "./src/v3/sdkScope/storage-node.ts"
+  ],
   "scripts": {
     "clean": "rimraf dist .tshy .tshy-build .turbo src/v3/vendor",
     "update-version": "tsx ../../scripts/updateVersion.ts",
diff --git a/packages/core/src/v3/apiClientManager/index.ts b/packages/core/src/v3/apiClientManager/index.ts
@@ -50,7 +50,18 @@ export class APIClientManagerAPI {
   get accessToken(): string | undefined {
     const scoped = sdkScope.getStore();
     if (scoped) {
-      return scoped.apiClientConfig.accessToken ?? scoped.apiClientConfig.secretKey;
+      const value = scoped.apiClientConfig.accessToken ?? scoped.apiClientConfig.secretKey;
+      if (value !== undefined) return value;
+      // `inheritContext: true` scopes (e.g. `auth.withAuth` partial
+      // overrides) still fall back to the process env so callers who
+      // rely on TRIGGER_SECRET_KEY don't lose auth when they only
+      // wanted to override baseURL. Isolated scopes (TriggerClient)
+      // intentionally do not fall back — the constructor enforces
+      // accessToken is provided.
+      if (scoped.inheritContext) {
+        return getEnvVar("TRIGGER_SECRET_KEY") ?? getEnvVar("TRIGGER_ACCESS_TOKEN");
+      }
+      return undefined;
     }
     const config = this.#getConfig();
     return (
@@ -64,8 +75,17 @@ export class APIClientManagerAPI {
   get branchName(): string | undefined {
     const scoped = sdkScope.getStore();
     if (scoped) {
-      const value = scoped.apiClientConfig.previewBranch ?? undefined;
-      return value ? value : undefined;
+      const value = scoped.apiClientConfig.previewBranch;
+      if (value) return value;
+      // Same inheritContext gating as accessToken: withAuth-style
+      // scopes inherit env-derived branch; TriggerClient instances
+      // stay isolated from process env for identity.
+      if (scoped.inheritContext) {
+        const envValue =
+          getEnvVar("TRIGGER_PREVIEW_BRANCH") ?? getEnvVar("VERCEL_GIT_COMMIT_REF");
+        return envValue ? envValue : undefined;
+      }
+      return undefined;
     }
     const config = this.#getConfig();
     const value =
diff --git a/packages/trigger-sdk/src/v3/triggerClient.test.ts b/packages/trigger-sdk/src/v3/triggerClient.test.ts
@@ -201,6 +201,26 @@ describe("auth.withAuth", () => {
     apiClientManager.disable();
   });
 
+  it("inherits TRIGGER_SECRET_KEY from env when called with a partial config", async () => {
+    vi.stubEnv("TRIGGER_SECRET_KEY", "tr_dev_env_token");
+
+    let observed: string | undefined;
+    await auth.withAuth({ baseURL: "https://override.example.com" }, async () => {
+      observed = apiClientManager.accessToken;
+    });
+
+    // The scoped `inheritContext: true` path falls back to TRIGGER_SECRET_KEY
+    // so callers can override only baseURL without re-passing the token.
+    expect(observed).toBe("tr_dev_env_token");
+    // baseURL override still applies.
+    expect(
+      await auth.withAuth(
+        { baseURL: "https://override.example.com" },
+        async () => apiClientManager.baseURL
+      )
+    ).toBe("https://override.example.com");
+  });
+
   it("does not stomp on a parallel withAuth call with a different config", async () => {
     configure({ accessToken: "tr_global" });
 

Original file line number	Diff line number	Diff line change
`@@ -171,7 +171,11 @@`
`171`	`171`	`]`
`172`	`172`	`}`
`173`	`173`	`},`
`174`		`- "sideEffects": false,`
	`174`	`+ "sideEffects": [`
	`175`	`+ "./dist/esm/v3/sdkScope/storage-node.js",`
	`176`	`+ "./dist/commonjs/v3/sdkScope/storage-node.js",`
	`177`	`+ "./src/v3/sdkScope/storage-node.ts"`
	`178`	`+ ],`
`175`	`179`	`"scripts": {`
`176`	`180`	`"clean": "rimraf dist .tshy .tshy-build .turbo src/v3/vendor",`
`177`	`181`	`"update-version": "tsx ../../scripts/updateVersion.ts",`