fix: null-safe getTime() calls in replication services (#3519)

[deepshekhardas]

Adds null-safe access to getTime() calls on createdAt/updatedAt in runs/sessions replication services. Fixes crash when CDC sends rows before timestamps are populated.

[changeset-bot]

⚠️ No Changeset found

Latest commit: f27aa53

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

Hi @deepshekhardas, thanks for your interest in contributing!

This project requires that pull request authors are vouched, and you are not in the list of vouched users.

This PR will be closed automatically. See https://github.com/triggerdotdev/trigger.dev/blob/main/CONTRIBUTING.md for more details.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: dd88fd0e-fccc-4a12-af4b-ddf9c3890cd6

📥 Commits

Reviewing files that changed from the base of the PR and between c80b85e and f27aa53.

📒 Files selected for processing (2)

• apps/webapp/app/services/runsReplicationService.server.ts
• apps/webapp/app/services/sessionsReplicationService.server.ts

---

Walkthrough

This pull request adds defensive timestamp handling to two replication service files. In runsReplicationService.server.ts, both prepareTaskRunInsert and preparePayloadInsert now use optional chaining with Date.now() fallbacks when converting createdAt and updatedAt fields to milliseconds. Similarly, sessionsReplicationService.server.ts applies the same pattern in toSessionInsertArray for timestamp serialization. These changes allow the services to tolerate missing timestamps in the source data by substituting the current time.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[devin-ai-integration]

Devin Review found 3 potential issues.

View 2 additional findings in Devin Review.

[devin-ai-integration]

🚩 REPLICA IDENTITY FULL not set in production migrations — delete events may crash before reaching these fallbacks

Tests explicitly run ALTER TABLE public."TaskRun" REPLICA IDENTITY FULL and ALTER TABLE public."Session" REPLICA IDENTITY FULL before each test case, but there is no corresponding production migration in internal-packages/database/prisma/migrations/ that sets this. With the default replica identity, PostgreSQL only sends key columns for delete events. In the service code at runsReplicationService.server.ts:415, message.old would be null for key-based deletes, and the as TaskRun cast doesn't protect at runtime. The code would then crash at line 828 (run.environmentType) before ever reaching the timestamp lines changed in this PR. This means the ?. fallbacks for timestamps don't actually help with the delete-event null scenario — the crash happens earlier. If REPLICA IDENTITY FULL is indeed set out-of-band (e.g., via a manual migration or deploy script), this is fine, but it's worth verifying that the production database has it configured.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

🔴 Date.now() fallback for created_at corrupts ClickHouse partition/sort key, breaking ReplacingMergeTree deduplication

When createdAt is null and falls back to Date.now(), the record is inserted into a ClickHouse partition determined by the current month (toYYYYMM(created_at)), not the record's actual creation month. Both task_runs_v2 (internal-packages/clickhouse/schema/004_create_task_runs_v2.sql:75-76) and sessions_v1 (internal-packages/clickhouse/schema/030_create_sessions_v1.sql:37-38) use PARTITION BY toYYYYMM(created_at) and include created_at in the ORDER BY key with ReplacingMergeTree(_version, _is_deleted). Since ReplacingMergeTree only deduplicates within the same partition and sort key, if a record's created_at changes between inserts (e.g., a previous insert/update used the real timestamp, but a later event uses Date.now()), the records land in different partitions and will never be deduplicated — creating permanent ghost rows. Additionally, no warning is logged when the fallback is triggered, making this silent data corruption.

Affected locations using Date.now() as created_at fallback

• runsReplicationService.server.ts:879 — task run insert created_at
• runsReplicationService.server.ts:939 — payload insert created_at
• sessionsReplicationService.server.ts:753 — session insert created_at

Prompt for agents

The created_at field is used as the ClickHouse PARTITION BY key (toYYYYMM(created_at)) and is part of the ORDER BY sort key in both task_runs_v2 and sessions_v1. Using Date.now() as a fallback when createdAt is null means the record could land in a different partition than its other versions, permanently breaking ReplacingMergeTree deduplication.

The fix should either:
1. Skip the insert entirely (return early) when created_at is null, since a record without a valid creation timestamp cannot be correctly placed in ClickHouse. This matches the pattern already used at line 828-830 for missing environmentType/organizationId.
2. Or at minimum, log a prominent warning when the fallback is triggered so operators can detect the issue.

Affected locations:
- runsReplicationService.server.ts line 879: run.createdAt?.getTime() ?? Date.now() in #prepareTaskRunInsert
- runsReplicationService.server.ts line 939: run.createdAt?.getTime() ?? Date.now() in #preparePayloadInsert  
- sessionsReplicationService.server.ts line 753: session.createdAt?.getTime() ?? Date.now() in toSessionInsertArray

Note: updated_at is NOT part of the partition/sort key, so Date.now() fallback for updated_at (lines 878 and 754) is less critical but still produces incorrect timestamps.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

🚩 The ?. null guards are likely unnecessary for insert/update events given non-nullable Prisma schema

Both createdAt and updatedAt are declared as non-nullable DateTime in the Prisma schema (internal-packages/database/prisma/schema.prisma:924-925 for TaskRun, lines 824-825 for Session). PostgreSQL enforces NOT NULL on these columns, and the pgoutput replication stream always includes all columns in the new tuple for insert and update messages (as seen in the readTuple method at internal-packages/replication/src/pgoutput.ts:433-466). The only scenario where these could be null is if there's a bug in the parser or the data is somehow corrupted in transit. The defensive ?. might be motivated by a production incident — if so, the root cause (why a non-nullable column appeared null) deserves investigation rather than just adding fallbacks.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[deepshekhardas]

Hi team, this fixes #3519 — replication service crash when CDC sends rows before timestamps are populated. Would appreciate a review and merge. Thanks!