From 2aacbd0f4dd3ceaab29428352df0bcaa569b1c91 Mon Sep 17 00:00:00 2001 From: Matt Aitken Date: Fri, 1 May 2026 12:29:37 +0100 Subject: [PATCH] Don't log waitpoint output when resolving --- .changeset/redact-resolve-waitpoint-log.md | 5 +++++ packages/core/src/v3/runtime/sharedRuntimeManager.ts | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 .changeset/redact-resolve-waitpoint-log.md diff --git a/.changeset/redact-resolve-waitpoint-log.md b/.changeset/redact-resolve-waitpoint-log.md new file mode 100644 index 00000000000..b9c5e4771b2 --- /dev/null +++ b/.changeset/redact-resolve-waitpoint-log.md @@ -0,0 +1,5 @@ +--- +"@trigger.dev/core": patch +--- + +Redact the `resolveWaitpoint` runtime log so it only emits `id` and `type` instead of the full completed waitpoint. Previously the log printed the entire waitpoint (including `output`) to stdout in production runs, which could leak sensitive payloads. The value returned by `wait.forToken()` is unchanged. diff --git a/packages/core/src/v3/runtime/sharedRuntimeManager.ts b/packages/core/src/v3/runtime/sharedRuntimeManager.ts index 09c718c1f6c..d70ffe616f5 100644 --- a/packages/core/src/v3/runtime/sharedRuntimeManager.ts +++ b/packages/core/src/v3/runtime/sharedRuntimeManager.ts @@ -219,7 +219,7 @@ export class SharedRuntimeManager implements RuntimeManager { private resolveWaitpoint(waitpoint: CompletedWaitpoint, resolverId?: ResolverId | null): void { // This is spammy, don't make this a debug log - this.log("resolveWaitpoint", waitpoint); + this.log("resolveWaitpoint", { id: waitpoint.id, type: waitpoint.type }); if (waitpoint.type === "BATCH") { // We currently ignore these, they're not required to resume after a batch completes