Skip to content

docs: adds relevant env vars to self hosting docs#3148

Merged
isshaddad merged 8 commits into
mainfrom
docs/self-host-env-vars
May 27, 2026
Merged

docs: adds relevant env vars to self hosting docs#3148
isshaddad merged 8 commits into
mainfrom
docs/self-host-env-vars

Conversation

@isshaddad
Copy link
Copy Markdown
Collaborator

@isshaddad isshaddad commented Feb 27, 2026

No description provided.

@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Feb 27, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: 4177907

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Feb 27, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d4d944f and 40e2085.

📒 Files selected for processing (1)
  • docs/self-hosting/env/webapp.mdx
📜 Recent review details
🧰 Additional context used
🧠 Learnings (10)
📓 Common learnings 
Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: .cursor/rules/webapp.mdc:0-0
Timestamp: 2025-11-27T16:26:58.661Z
Learning: Applies to apps/webapp/app/**/*.{ts,tsx} : Access all environment variables through the `env` export of `env.server.ts` instead of directly accessing `process.env` in the Trigger.dev webapp

Learnt from: julienvanbeveren
Repo: triggerdotdev/trigger.dev PR: 2417
File: apps/webapp/app/routes/api.v1.projects.$projectRef.envvars.$slug.import.ts:56-61
Timestamp: 2025-08-19T09:49:07.011Z
Learning: In the Trigger.dev codebase, environment variables should default to `isSecret: false` when not explicitly marked as secrets in the syncEnvVars functionality. This is the intended behavior for both regular variables and parent variables.

Learnt from: myftija
Repo: triggerdotdev/trigger.dev PR: 2663
File: apps/webapp/app/env.server.ts:1205-1206
Timestamp: 2025-11-10T09:09:07.399Z
Learning: In the trigger.dev webapp, S2_ACCESS_TOKEN and S2_DEPLOYMENT_LOGS_BASIN_NAME environment variables must remain optional until an OSS version of S2 is available, to avoid breaking environments that don't have S2 provisioned.
📚 Learning: 2025-06-06T23:55:01.933Z 
Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 2155
File: hosting/docker/.env.example:4-7
Timestamp: 2025-06-06T23:55:01.933Z
Learning: In the trigger.dev project, .env.example files should contain actual example secret values rather than placeholders, as these help users understand the expected format. The files include clear warnings about not using these defaults in production and instructions for generating proper secrets.

Applied to files:

  • docs/self-hosting/env/webapp.mdx
📚 Learning: 2025-06-25T14:14:11.965Z 
Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 2195
File: hosting/k8s/helm/values-production-example.yaml:95-102
Timestamp: 2025-06-25T14:14:11.965Z
Learning: In the Trigger.dev Helm chart production examples, the maintainer prefers to include initial/bootstrap credentials with clear warnings that they should be changed after first login, rather than requiring external secret references that could complicate initial setup. This follows their pattern of providing working examples with explicit security guidance.

Applied to files:

  • docs/self-hosting/env/webapp.mdx
📚 Learning: 2025-08-19T09:49:07.011Z 
Learnt from: julienvanbeveren
Repo: triggerdotdev/trigger.dev PR: 2417
File: apps/webapp/app/routes/api.v1.projects.$projectRef.envvars.$slug.import.ts:56-61
Timestamp: 2025-08-19T09:49:07.011Z
Learning: In the Trigger.dev codebase, environment variables should default to `isSecret: false` when not explicitly marked as secrets in the syncEnvVars functionality. This is the intended behavior for both regular variables and parent variables.

Applied to files:

  • docs/self-hosting/env/webapp.mdx
📚 Learning: 2025-06-25T13:20:17.174Z 
Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 2195
File: hosting/k8s/helm/values.yaml:22-51
Timestamp: 2025-06-25T13:20:17.174Z
Learning: In the Trigger.dev Helm chart values.yaml, the maintainer prefers to use explicit comprehensive warnings for security-sensitive default values rather than implementing secure-by-default behavior that would fail installation. The project uses deterministic default secrets with clear "TESTING ONLY" warnings and instructions for production deployment.

Applied to files:

  • docs/self-hosting/env/webapp.mdx
📚 Learning: 2025-06-06T18:49:18.144Z 
Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 2155
File: hosting/docker/registry/auth.htpasswd:1-1
Timestamp: 2025-06-06T18:49:18.144Z
Learning: Example credentials in self-hosting documentation files are acceptable when they serve as templates or examples for users to understand the setup process, particularly in hosting/docker configuration files.

Applied to files:

  • docs/self-hosting/env/webapp.mdx
📚 Learning: 2025-11-14T16:03:06.917Z 
Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 2681
File: apps/webapp/app/services/platform.v3.server.ts:258-302
Timestamp: 2025-11-14T16:03:06.917Z
Learning: In `apps/webapp/app/services/platform.v3.server.ts`, the `getDefaultEnvironmentConcurrencyLimit` function intentionally throws an error (rather than falling back to org.maximumConcurrencyLimit) when the billing client returns undefined plan limits. This fail-fast behavior prevents users from receiving more concurrency than their plan entitles them to. The org.maximumConcurrencyLimit fallback is only for self-hosted deployments where no billing client exists.

Applied to files:

  • docs/self-hosting/env/webapp.mdx
📚 Learning: 2025-11-10T09:09:07.399Z 
Learnt from: myftija
Repo: triggerdotdev/trigger.dev PR: 2663
File: apps/webapp/app/env.server.ts:1205-1206
Timestamp: 2025-11-10T09:09:07.399Z
Learning: In the trigger.dev webapp, S2_ACCESS_TOKEN and S2_DEPLOYMENT_LOGS_BASIN_NAME environment variables must remain optional until an OSS version of S2 is available, to avoid breaking environments that don't have S2 provisioned.

Applied to files:

  • docs/self-hosting/env/webapp.mdx
📚 Learning: 2026-02-10T16:18:48.654Z 
Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 2980
File: apps/webapp/app/routes/_app.orgs.$organizationSlug.projects.$projectParam.env.$envParam.queues/route.tsx:512-515
Timestamp: 2026-02-10T16:18:48.654Z
Learning: In apps/webapp/app/routes/_app.orgs.$organizationSlug.projects.$projectParam.env.$envParam.queues/route.tsx, environment.queueSizeLimit is a per-queue maximum that is configured at the environment level, not a shared limit across all queues. Each queue can have up to environment.queueSizeLimit items queued independently.

Applied to files:

  • docs/self-hosting/env/webapp.mdx
📚 Learning: 2026-01-08T15:57:09.323Z 
Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: .cursor/rules/otel-metrics.mdc:0-0
Timestamp: 2026-01-08T15:57:09.323Z
Learning: Applies to **/*.ts : Do not use high-cardinality attributes in OTEL metrics such as UUIDs/IDs (envId, userId, runId, projectId, organizationId), unbounded integers (itemCount, batchSize, retryCount), timestamps (createdAt, startTime), or free-form strings (errorMessage, taskName, queueName)

Applied to files:

  • docs/self-hosting/env/webapp.mdx
🔇 Additional comments (7)
docs/self-hosting/env/webapp.mdx (7)

39-39: Good addition for login hardening toggle.

LOGIN_RATE_LIMITS_ENABLED is clearly documented with a practical default and a precise auth-specific description.

63-64: Concurrency defaults are documented clearly.

Both new knobs are well named and the descriptions make their scope (env burst vs dev attempts) easy to understand.

84-84: Deploy queue timeout doc entry looks solid.

DEPLOY_QUEUE_TIMEOUT_MS is placed correctly and includes unit/context consistency with nearby deploy timeout settings.

91-95: Artifacts object-store split config is well captured.

These optional override vars are documented clearly, including fallback behavior for bucket usage.

112-115: Batch limit env vars are well documented.

The new defaults and refill semantics are clear and consistent with existing rate-limit terminology in the table.

131-131: Realtime protocol version documentation is clear.

Including allowed values (v1, v2) improves operator safety and reduces misconfiguration risk.

155-156: Strong security messaging on default secrets.

Keeping explicit warnings next to insecure bootstrap defaults is the right call for self-hosting docs.

Based on learnings: In Trigger.dev self-hosting examples, maintainers prefer explicit comprehensive warnings for security-sensitive default values.

Walkthrough

This patch updates the webapp self-hosting environment variable documentation. It adds new variables across Auth (LOGIN_RATE_LIMITS_ENABLED), Concurrency limits (DEFAULT_ENV_EXECUTION_CONCURRENCY_BURST_FACTOR, DEFAULT_DEV_ENV_EXECUTION_ATTEMPTS), Deploy & Registry (DEPLOY_QUEUE_TIMEOUT_MS), Object store (S3) (ARTIFACTS_OBJECT_STORE_BUCKET, ARTIFACTS_OBJECT_STORE_BASE_URL, ARTIFACTS_OBJECT_STORE_ACCESS_KEY_ID, ARTIFACTS_OBJECT_STORE_SECRET_ACCESS_KEY, ARTIFACTS_OBJECT_STORE_REGION), Limits (BATCH_CONCURRENCY_LIMIT_DEFAULT, BATCH_RATE_LIMIT_REFILL_RATE, BATCH_RATE_LIMIT_MAX, BATCH_RATE_LIMIT_REFILL_INTERVAL), Realtime (REALTIME_STREAM_VERSION), and Misc (PROVIDER_SECRET, COORDINATOR_SECRET). It also removes MAXIMUM_DEV_QUEUE_SIZE and MAXIMUM_DEPLOYED_QUEUE_SIZE. No code or public API signatures were modified.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The pull request description is missing entirely; no content was provided by the author. Add a complete pull request description following the template, including sections for Testing, Changelog, and issue reference.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: adding relevant environment variables to self-hosting documentation.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch docs/self-host-env-vars

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Feb 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
docs/self-hosting/env/webapp.mdx (1)

157-158: Consider adding stronger security warnings for default secrets.

The default values provider-secret and coordinator-secret are insecure defaults intended for testing only. While the descriptions mention "Change in self-hosted setups," consider strengthening the warning to be consistent with the project's pattern of explicit security advisories for deterministic secrets.

For example, similar to how production deployments handle this:

📝 Suggested description clarification 
-| `PROVIDER_SECRET`                                | No       | provider-secret       | Secret for provider auth. Change in self-hosted setups.                                                   |
-| `COORDINATOR_SECRET`                             | No       | coordinator-secret    | Secret for coordinator auth. Change in self-hosted setups.                                               |
+| `PROVIDER_SECRET`                                | No       | provider-secret       | Secret for provider auth. **Must be changed for production**. Should match supervisor config.             |
+| `COORDINATOR_SECRET`                             | No       | coordinator-secret    | Secret for coordinator auth. **Must be changed for production**. Should match supervisor config.          |

Based on learnings: In the Trigger.dev Helm chart, the maintainer prefers explicit comprehensive warnings for security-sensitive default values.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@docs/self-hosting/env/webapp.mdx` around lines 157 - 158, Update the docs
table entries for PROVIDER_SECRET and COORDINATOR_SECRET to replace the mild
"Change in self-hosted setups" text with a clear, explicit security advisory:
state these are insecure, deterministic test defaults that MUST be rotated
before any production use, show example guidance (set a strong random secret via
env/Helm and do not commit defaults), and recommend immediate rotation and
secret management (e.g., vault/secret-store) for self-hosted deployments; update
the descriptions for the PROVIDER_SECRET and COORDINATOR_SECRET rows to include
this stronger warning language so readers cannot miss it.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@docs/self-hosting/env/webapp.mdx`:
- Around line 157-158: Update the docs table entries for PROVIDER_SECRET and
COORDINATOR_SECRET to replace the mild "Change in self-hosted setups" text with
a clear, explicit security advisory: state these are insecure, deterministic
test defaults that MUST be rotated before any production use, show example
guidance (set a strong random secret via env/Helm and do not commit defaults),
and recommend immediate rotation and secret management (e.g.,
vault/secret-store) for self-hosted deployments; update the descriptions for the
PROVIDER_SECRET and COORDINATOR_SECRET rows to include this stronger warning
language so readers cannot miss it.
ℹ️ Review info

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 24b92d3 and 20fe09c.

📒 Files selected for processing (1)
  • docs/self-hosting/env/webapp.mdx
📜 Review details
🧰 Additional context used
🧠 Learnings (4)
📓 Common learnings 
Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: .cursor/rules/webapp.mdc:0-0
Timestamp: 2025-11-27T16:26:58.661Z
Learning: Applies to apps/webapp/app/**/*.{ts,tsx} : Access all environment variables through the `env` export of `env.server.ts` instead of directly accessing `process.env` in the Trigger.dev webapp

Learnt from: julienvanbeveren
Repo: triggerdotdev/trigger.dev PR: 2417
File: apps/webapp/app/routes/api.v1.projects.$projectRef.envvars.$slug.import.ts:56-61
Timestamp: 2025-08-19T09:49:07.011Z
Learning: In the Trigger.dev codebase, environment variables should default to `isSecret: false` when not explicitly marked as secrets in the syncEnvVars functionality. This is the intended behavior for both regular variables and parent variables.
📚 Learning: 2025-11-14T16:03:06.917Z 
Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 2681
File: apps/webapp/app/services/platform.v3.server.ts:258-302
Timestamp: 2025-11-14T16:03:06.917Z
Learning: In `apps/webapp/app/services/platform.v3.server.ts`, the `getDefaultEnvironmentConcurrencyLimit` function intentionally throws an error (rather than falling back to org.maximumConcurrencyLimit) when the billing client returns undefined plan limits. This fail-fast behavior prevents users from receiving more concurrency than their plan entitles them to. The org.maximumConcurrencyLimit fallback is only for self-hosted deployments where no billing client exists.

Applied to files:

  • docs/self-hosting/env/webapp.mdx
📚 Learning: 2025-11-10T09:09:07.399Z 
Learnt from: myftija
Repo: triggerdotdev/trigger.dev PR: 2663
File: apps/webapp/app/env.server.ts:1205-1206
Timestamp: 2025-11-10T09:09:07.399Z
Learning: In the trigger.dev webapp, S2_ACCESS_TOKEN and S2_DEPLOYMENT_LOGS_BASIN_NAME environment variables must remain optional until an OSS version of S2 is available, to avoid breaking environments that don't have S2 provisioned.

Applied to files:

  • docs/self-hosting/env/webapp.mdx
📚 Learning: 2025-06-25T13:20:17.174Z 
Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 2195
File: hosting/k8s/helm/values.yaml:22-51
Timestamp: 2025-06-25T13:20:17.174Z
Learning: In the Trigger.dev Helm chart values.yaml, the maintainer prefers to use explicit comprehensive warnings for security-sensitive default values rather than implementing secure-by-default behavior that would fail installation. The project uses deterministic default secrets with clear "TESTING ONLY" warnings and instructions for production deployment.

Applied to files:

  • docs/self-hosting/env/webapp.mdx
🔇 Additional comments (6)
docs/self-hosting/env/webapp.mdx (6)

39-39: LGTM!

Clear and well-documented addition for login rate limiting configuration.

63-64: LGTM!

Both concurrency configuration entries are well-documented with clear defaults and descriptions.

84-84: LGTM!

Deploy queue timeout is well-documented with consistent formatting (ms value with human-readable time in parentheses).

91-95: LGTM!

The artifacts object store configuration options are well-documented. Good that line 91 clarifies the fallback behavior when these optional variables aren't set.

112-115: LGTM!

Batch rate limiting configuration follows the same pattern as the existing API rate limiting variables, maintaining consistency throughout the documentation.

133-133: LGTM!

Clear documentation of the realtime stream version with explicit allowed values.

@isshaddad isshaddad marked this pull request as ready for review February 27, 2026 17:56
devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

coderabbitai[bot]
coderabbitai Bot reviewed Feb 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
docs/self-hosting/env/webapp.mdx (1)

155-156: Consider adding stronger security warnings for default secrets.

The default values provider-secret and coordinator-secret are predictable. While the description mentions "Change in self-hosted setups", it could be more emphatic about the security implications to prevent production deployments with default secrets.

Based on learnings, the project prefers explicit comprehensive warnings for security-sensitive default values.

📝 Suggested stronger warning 
-| `PROVIDER_SECRET`                                | No       | provider-secret       | Secret for provider auth. Change in self-hosted setups.                                                   |
-| `COORDINATOR_SECRET`                             | No       | coordinator-secret    | Secret for coordinator auth. Change in self-hosted setups.                                               |
+| `PROVIDER_SECRET`                                | No       | provider-secret       | Secret for provider auth. **⚠️ MUST be changed in production.** Run: `openssl rand -hex 16`              |
+| `COORDINATOR_SECRET`                             | No       | coordinator-secret    | Secret for coordinator auth. **⚠️ MUST be changed in production.** Run: `openssl rand -hex 16`           |
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@docs/self-hosting/env/webapp.mdx` around lines 155 - 156, Update the docs
entry for PROVIDER_SECRET and COORDINATOR_SECRET to include an explicit,
high-priority security warning that the default values "provider-secret" and
"coordinator-secret" are predictable and must be changed before any
non-development deployment; mention the risk (unauthorized access), recommend
using strong random secrets (e.g., 32+ bytes or a secrets manager), and add a
one-line callout/alert-style sentence adjacent to the two variable descriptions
so readers cannot miss it when scanning the `PROVIDER_SECRET` and
`COORDINATOR_SECRET` lines.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@docs/self-hosting/env/webapp.mdx`:
- Around line 155-156: Update the docs entry for PROVIDER_SECRET and
COORDINATOR_SECRET to include an explicit, high-priority security warning that
the default values "provider-secret" and "coordinator-secret" are predictable
and must be changed before any non-development deployment; mention the risk
(unauthorized access), recommend using strong random secrets (e.g., 32+ bytes or
a secrets manager), and add a one-line callout/alert-style sentence adjacent to
the two variable descriptions so readers cannot miss it when scanning the
`PROVIDER_SECRET` and `COORDINATOR_SECRET` lines.
ℹ️ Review info

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 20fe09c and d4d944f.

📒 Files selected for processing (1)
  • docs/self-hosting/env/webapp.mdx
📜 Review details
🧰 Additional context used
🧠 Learnings (6)
📓 Common learnings 
Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: .cursor/rules/webapp.mdc:0-0
Timestamp: 2025-11-27T16:26:58.661Z
Learning: Applies to apps/webapp/app/**/*.{ts,tsx} : Access all environment variables through the `env` export of `env.server.ts` instead of directly accessing `process.env` in the Trigger.dev webapp

Learnt from: julienvanbeveren
Repo: triggerdotdev/trigger.dev PR: 2417
File: apps/webapp/app/routes/api.v1.projects.$projectRef.envvars.$slug.import.ts:56-61
Timestamp: 2025-08-19T09:49:07.011Z
Learning: In the Trigger.dev codebase, environment variables should default to `isSecret: false` when not explicitly marked as secrets in the syncEnvVars functionality. This is the intended behavior for both regular variables and parent variables.

Learnt from: myftija
Repo: triggerdotdev/trigger.dev PR: 2663
File: apps/webapp/app/env.server.ts:1205-1206
Timestamp: 2025-11-10T09:09:07.399Z
Learning: In the trigger.dev webapp, S2_ACCESS_TOKEN and S2_DEPLOYMENT_LOGS_BASIN_NAME environment variables must remain optional until an OSS version of S2 is available, to avoid breaking environments that don't have S2 provisioned.
📚 Learning: 2025-11-14T16:03:06.917Z 
Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 2681
File: apps/webapp/app/services/platform.v3.server.ts:258-302
Timestamp: 2025-11-14T16:03:06.917Z
Learning: In `apps/webapp/app/services/platform.v3.server.ts`, the `getDefaultEnvironmentConcurrencyLimit` function intentionally throws an error (rather than falling back to org.maximumConcurrencyLimit) when the billing client returns undefined plan limits. This fail-fast behavior prevents users from receiving more concurrency than their plan entitles them to. The org.maximumConcurrencyLimit fallback is only for self-hosted deployments where no billing client exists.

Applied to files:

  • docs/self-hosting/env/webapp.mdx
📚 Learning: 2025-11-10T09:09:07.399Z 
Learnt from: myftija
Repo: triggerdotdev/trigger.dev PR: 2663
File: apps/webapp/app/env.server.ts:1205-1206
Timestamp: 2025-11-10T09:09:07.399Z
Learning: In the trigger.dev webapp, S2_ACCESS_TOKEN and S2_DEPLOYMENT_LOGS_BASIN_NAME environment variables must remain optional until an OSS version of S2 is available, to avoid breaking environments that don't have S2 provisioned.

Applied to files:

  • docs/self-hosting/env/webapp.mdx
📚 Learning: 2025-06-25T13:20:17.174Z 
Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 2195
File: hosting/k8s/helm/values.yaml:22-51
Timestamp: 2025-06-25T13:20:17.174Z
Learning: In the Trigger.dev Helm chart values.yaml, the maintainer prefers to use explicit comprehensive warnings for security-sensitive default values rather than implementing secure-by-default behavior that would fail installation. The project uses deterministic default secrets with clear "TESTING ONLY" warnings and instructions for production deployment.

Applied to files:

  • docs/self-hosting/env/webapp.mdx
📚 Learning: 2026-02-10T16:18:48.654Z 
Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 2980
File: apps/webapp/app/routes/_app.orgs.$organizationSlug.projects.$projectParam.env.$envParam.queues/route.tsx:512-515
Timestamp: 2026-02-10T16:18:48.654Z
Learning: In apps/webapp/app/routes/_app.orgs.$organizationSlug.projects.$projectParam.env.$envParam.queues/route.tsx, environment.queueSizeLimit is a per-queue maximum that is configured at the environment level, not a shared limit across all queues. Each queue can have up to environment.queueSizeLimit items queued independently.

Applied to files:

  • docs/self-hosting/env/webapp.mdx
📚 Learning: 2026-01-08T15:57:09.323Z 
Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: .cursor/rules/otel-metrics.mdc:0-0
Timestamp: 2026-01-08T15:57:09.323Z
Learning: Applies to **/*.ts : Do not use high-cardinality attributes in OTEL metrics such as UUIDs/IDs (envId, userId, runId, projectId, organizationId), unbounded integers (itemCount, batchSize, retryCount), timestamps (createdAt, startTime), or free-form strings (errorMessage, taskName, queueName)

Applied to files:

  • docs/self-hosting/env/webapp.mdx
🔇 Additional comments (7)
docs/self-hosting/env/webapp.mdx (7)

39-39: LGTM!

Good addition for documenting the login rate limiting control. The default of true is a sensible security-first choice.

63-64: LGTM!

Clear documentation of the burst factor and dev execution attempts. The defaults are sensible (no burst, single attempt for dev).

84-84: LGTM!

Clear documentation of the deploy queue timeout with appropriate default.

112-115: LGTM!

Batch processing limits are well-documented and follow the established pattern for rate limit variables.

131-131: LGTM!

Clear documentation of the realtime stream version with valid options.

152-153: AI summary inconsistency: Variables claimed to be removed are still present.

The AI-generated summary states that MAXIMUM_DEV_QUEUE_SIZE and MAXIMUM_DEPLOYED_QUEUE_SIZE were removed, but these variables are still present in the documentation at lines 152-153.

If these were intended to be removed as part of this PR, please verify. If they should remain, the AI summary is simply inaccurate and this can be disregarded.

91-95: LGTM!

The documentation accurately reflects the implementation. All five ARTIFACTS_OBJECT_STORE_* variables are properly defined in env.server.ts as optional, matching the documentation. The fallback behavior to the main object store is clearly documented.

devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

@isshaddad isshaddad merged commit 5083d16 into main May 27, 2026
19 checks passed
@isshaddad isshaddad deleted the docs/self-host-env-vars branch May 27, 2026 16:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@nicktrn nicktrn nicktrn approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@isshaddad @nicktrn