triggerdotdev
diff --git a/‎.changeset/chat-system-prompt-caching.md‎
Lines changed: 25 additions & 0 deletions b/‎.changeset/chat-system-prompt-caching.md‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎.github/workflows/check-review-md.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/check-review-md.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/claude-md-audit.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/claude-md-audit.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/claude.yml‎
Lines changed: 9 additions & 4 deletions b/‎.github/workflows/claude.yml‎
Lines changed: 9 additions & 4 deletions
diff --git a/‎.github/workflows/dependabot-critical-alerts.yml‎
Lines changed: 4 additions & 0 deletions b/‎.github/workflows/dependabot-critical-alerts.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/workflows/dependabot-weekly-summary.yml‎
Lines changed: 4 additions & 0 deletions b/‎.github/workflows/dependabot-weekly-summary.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/workflows/helm-prerelease.yml‎
Lines changed: 7 additions & 2 deletions b/‎.github/workflows/helm-prerelease.yml‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎.github/workflows/release-helm.yml‎
Lines changed: 5 additions & 0 deletions b/‎.github/workflows/release-helm.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.github/workflows/workflow-checks.yml‎
Lines changed: 5 additions & 0 deletions b/‎.github/workflows/workflow-checks.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.server-changes/harden-realtime-change-publishing.md‎
Lines changed: 6 additions & 0 deletions b/‎.server-changes/harden-realtime-change-publishing.md‎
Lines changed: 6 additions & 0 deletions
@@ -0,0 +1,25 @@
+---
+"@trigger.dev/sdk": patch
+---
+
+Cache your chat agent's system prompt with Anthropic prompt caching. `chat.toStreamTextOptions()` now emits the system prompt as a cacheable message when you opt in, so a large, stable system block is billed at cache-read rates on every turn instead of full price.
+
+```ts
+// at the streamText call site (Anthropic sugar)
+streamText({
+  ...chat.toStreamTextOptions({ cacheControl: { type: "ephemeral" } }),
+  messages,
+});
+
+// provider-agnostic equivalent
+chat.toStreamTextOptions({
+  systemProviderOptions: { anthropic: { cacheControl: { type: "ephemeral" } } },
+});
+
+// or where the prompt is defined
+chat.prompt.set(SYSTEM_PROMPT, {
+  providerOptions: { anthropic: { cacheControl: { type: "ephemeral" } } },
+});
+```
+
+Without an option, `system` stays a plain string. Pairs with a `prepareMessages` cache breakpoint to cache the conversation prefix across turns too.
@@ -14,7 +14,10 @@ concurrency:
 
 jobs:
   audit:
+    # Set the ENABLE_CLAUDE_CODE repository variable to 'false' to turn off Claude
+    # jobs; leave it unset (the default) to keep them enabled.
     if: >-
+      vars.ENABLE_CLAUDE_CODE != 'false' &&
       github.event.pull_request.draft == false &&
       github.event.pull_request.head.repo.full_name == github.repository
     runs-on: ubuntu-latest
 
@@ -15,7 +15,10 @@ concurrency:
 
 jobs:
   audit:
+    # Set the ENABLE_CLAUDE_CODE repository variable to 'false' to turn off Claude
+    # jobs; leave it unset (the default) to keep them enabled.
     if: >-
+      vars.ENABLE_CLAUDE_CODE != 'false' &&
       github.event.pull_request.draft == false &&
       github.event.pull_request.head.repo.full_name == github.repository
     runs-on: ubuntu-latest
 
@@ -12,11 +12,16 @@ on:
 
 jobs:
   claude:
+    # Set the ENABLE_CLAUDE_CODE repository variable to 'false' to turn off Claude
+    # jobs; leave it unset (the default) to keep them enabled.
     if: |
-      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
-      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
-      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
-      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+      vars.ENABLE_CLAUDE_CODE != 'false' &&
+      (
+        (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+        (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+        (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+        (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+      )
     runs-on: ubuntu-latest
     permissions:
       contents: write
 
@@ -25,6 +25,10 @@ permissions:
 jobs:
   alert:
     name: Post critical alerts
+    # Set the ENABLE_DEPENDABOT_ALERTS repository variable to 'false' to turn off
+    # the Dependabot alert/summary notifiers — e.g. forks/mirrors that lack the
+    # DEPENDABOT_ALERTS_TOKEN / SLACK_BOT_TOKEN secrets. Defaults to enabled.
+    if: ${{ vars.ENABLE_DEPENDABOT_ALERTS != 'false' }}
     runs-on: ubuntu-latest
     environment: dependabot-summary
     env:
 
@@ -19,6 +19,10 @@ permissions:
 jobs:
   summary:
     name: Post weekly Dependabot summary
+    # Set the ENABLE_DEPENDABOT_ALERTS repository variable to 'false' to turn off
+    # the Dependabot alert/summary notifiers — e.g. forks/mirrors that lack the
+    # DEPENDABOT_ALERTS_TOKEN / SLACK_BOT_TOKEN secrets. Defaults to enabled.
+    if: ${{ vars.ENABLE_DEPENDABOT_ALERTS != 'false' }}
     runs-on: ubuntu-latest
     environment: dependabot-summary
     env:
 
@@ -68,10 +68,15 @@ jobs:
 
   prerelease:
     needs: lint-and-test
+    # Set the ENABLE_HELM_PRERELEASE repository variable to 'false' to turn off
+    # publishing the chart to GHCR — e.g. forks/mirrors that lack write_package
+    # on the owner's charts namespace. Defaults to enabled; the lint-and-test
+    # job above always runs regardless.
     if: |
-      (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) ||
+      vars.ENABLE_HELM_PRERELEASE != 'false' &&
+      ((github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) ||
       github.event_name == 'push' ||
-      github.event_name == 'workflow_dispatch'
+      github.event_name == 'workflow_dispatch')
     runs-on: ubuntu-latest
     permissions:
       contents: read
 
@@ -63,6 +63,11 @@ jobs:
 
   release:
     needs: lint-and-test
+    # Set the ENABLE_HELM_PRERELEASE repository variable to 'false' to turn off
+    # publishing the chart to GHCR — e.g. forks/mirrors that lack write_package
+    # on the owner's charts namespace. Defaults to enabled; the lint-and-test
+    # job above always runs regardless.
+    if: ${{ vars.ENABLE_HELM_PRERELEASE != 'false' }}
     runs-on: ubuntu-latest
     permissions:
       contents: write # for gh-release
 
@@ -36,6 +36,11 @@ jobs:
 
   zizmor:
     name: Zizmor
+    # Uploads SARIF to the Security tab, which requires GitHub code scanning to be
+    # enabled on the repository. Set the ENABLE_WORKFLOW_SECURITY_SCAN repository
+    # variable to 'false' to skip this job where code scanning isn't available;
+    # leave it unset (the default) to run the scan.
+    if: ${{ vars.ENABLE_WORKFLOW_SECURITY_SCAN != 'false' }}
     runs-on: ubuntu-latest
     permissions:
       security-events: write # Upload SARIF to GitHub Security tab
 
@@ -0,0 +1,6 @@
+---
+area: webapp
+type: improvement
+---
+
+Harden the native realtime backend's run-change publishing so a publish can never throw into a run lifecycle operation and never buffers commands in memory during a pub/sub Redis outage.