Wip triggers #717

mfpiccolo · 2025-09-22T04:39:02Z

No description provided.

vercel · 2025-09-22T04:39:07Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
motia-docs	Ready	Preview	Comment	Oct 5, 2025 4:12pm
motia-ui	Ready	Preview	Comment	Oct 5, 2025 4:12pm

github-actions · 2025-09-22T04:39:33Z

⚠️ This PR is quite large (>1000 lines). Consider splitting it into smaller PRs for easier review.

packages/core/src/__tests__/state-triggers.test.ts

+    let triggeredData: any = null
+
+    // Mock the callStepFile function to capture triggers
+    const originalCallStepFile = require('../call-step-file').callStepFile


The best way to address this problem is to remove the unused variable declaration on line 131. Specifically, delete the line:

const originalCallStepFile = require('../call-step-file').callStepFile

No further code changes are needed, since this variable is not referenced anywhere afterwards. There are no dependencies to add, and this change does not affect logic or test integrity.

packages/core/src/__tests__/triggers.test.ts

@@ -0,0 +1,442 @@
+import { Step, StepConfig } from '../types'


To fix this problem, remove the unused StepConfig import from the import statement on line 1. The best way to do this is to edit the import statement so that it imports only Step from '../types', eliminating StepConfig from the list. This change is isolated to the first line of the file and will not alter any existing functionality, as StepConfig is not referenced elsewhere in the shown code.

packages/core/src/helper/flows-helper.ts

 // Helper functions
-import { Emit, Step } from 'src/types'
-import { isApiStep, isCronStep, isEventStep, isNoopStep } from '../guards'
+import { Emit, Step, Trigger } from 'src/types'


To fix this issue, simply remove Trigger from the named imports on line 2 of packages/core/src/helper/flows-helper.ts. No other code changes are required because Trigger is not referenced elsewhere in the file. Leave the rest of the import statement intact so Emit and Step remain imported.

packages/core/src/printer.ts

 import { ValidationError } from './step-validator'
 import { Step } from './types'
-import { isApiStep, isCronStep, isEventStep, isNoopStep } from './guards'
+import { hasApiTrigger, hasEventTrigger, hasCronTrigger } from './guards'


To fix the issue, the unused imports hasApiTrigger, hasEventTrigger, and hasCronTrigger should be removed from the import statement on line 5 of packages/core/src/printer.ts. As none of these are used elsewhere in this code snippet, their removal will not alter the existing functionality of the codebase and will simply make the code cleaner and easier to maintain. No other code changes or new imports are needed.

packages/core/src/state-trigger-handler.ts

+import { hasStateTrigger, getTriggersByType } from './guards'
+import { globalLogger } from './logger'
+import { Motia } from './motia'
+import { Event, Step, StateTrigger, InternalStateManager } from './types'


To resolve the unused import, simply remove Event from the import statement on line 5. Leave the other imported types in place if they are still used. This change should be made within packages/core/src/state-trigger-handler.ts, editing only the relevant import line. No other changes are required, and there is no risk to program behavior, as removing an unused type import has no effect at runtime or for type checking.

packages/core/src/state-trigger-handler.ts

+  }
+
+  const triggerStep = async (step: Step, data: { key: string; value: any; traceId: string; depth: number }) => {
+    const { config, filePath } = step


To fix this problem, the unused variable should be removed from the destructuring assignment in the triggerStep function. Specifically, on line 242, filePath is destructured along with config, but it is never used. The function only uses config and its name property. The best fix is to change line 242 so that only the config property is destructured from step, leaving out filePath.

No further changes are required elsewhere, since nothing depends on the filePath variable in this context.

playground/steps/complex-state-triggers/user-registration.step.ts

+
+  try {
+    // Generate user ID
+    const userId = `user_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`


To fix the problem, we need to replace the use of Math.random() with a cryptographically secure random number generator. In Node.js, the recommended way is to use crypto.randomBytes from the built-in crypto module. We'll import crypto, generate a random set of bytes, and convert them to a string format suitable for use in a userId. The rest of the identifier can remain the same, using Date.now() for consistency, but the "random" part should come from cryptographically secure random bytes. Edit only the lines creating the userId (line 40) and add any necessary imports—do not change any other existing logic or interfaces.

packages/core/src/state/adapters/default-state-adapter.ts

+    return this.update(traceId, key, (current: T | null) => {
+      const obj = current || ({} as T)
+      const { [field as keyof T]: _, ...rest } = obj
+      return rest as T


packages/core/src/state/adapters/default-state-adapter.ts

+        const deleteFieldKey = this._makeKey(traceId, operation.key)
+        const deleteFieldCurrent = data[deleteFieldKey] ? JSON.parse(data[deleteFieldKey]) as T : ({} as T)
+        const { [operation.field as keyof T]: _, ...deleteFieldRest } = deleteFieldCurrent
+        data[deleteFieldKey] = JSON.stringify(deleteFieldRest)


packages/core/src/state/adapters/memory-state-adapter.ts

+  async setField<T>(traceId: string, key: string, field: string, value: any): Promise<T> {
+    return this.update(traceId, key, (current: T | null) => {
+      const obj = current || ({} as T)
+      return { ...obj, [field]: value }


packages/core/src/state/adapters/memory-state-adapter.ts

+      case 'setField':
+        if (!operation.field) throw new Error('Field required for setField operation')
+        const currentObj = (this.state[fullKey] as T) || ({} as T)
+        const newObj = { ...currentObj, [operation.field]: operation.value }


packages/workbench/src/components/states/state-sidebar.tsx

playground/integration-tests/complexStateTriggers.spec.ts

+    })
+
+    it('should handle missing user gracefully', async () => {
+      const consoleSpy = jest.spyOn(console, 'log').mockImplementation()


To fix the issue, the unused variable declaration const consoleSpy = jest.spyOn(console, 'log').mockImplementation() on line 779 should be removed from the file playground/integration-tests/complexStateTriggers.spec.ts. This deletion is safe and will not affect test behavior, as its value is never used, nor its effects (mocking, restoring) invoked.

playground/steps/complex-state-triggers/notification-cleaner.step.ts

+}
+
+export const handler: Handlers['NotificationCleaner'] = async (input, { logger, state }) => {
+  const { key, value, traceId } = input


To fix the problem, simply remove the unused variable key from destructuring on line 19. Destructure just the needed properties from input — in this case value and traceId. No other code needs to change because the rest of the logic does not use key. The change is restricted to the destructuring line within the handler in playground/steps/complex-state-triggers/notification-cleaner.step.ts.

playground/steps/complex-state-triggers/notification-cleaner.step.ts

+        }] : [])
+      ]
+
+      const cleanupResult = await state.batch(userId, cleanupOperations)


To fix the problem, simply remove the unused variable cleanupResult by either omitting the assignment altogether or, if the side effect of calling state.batch(...) is still required, call it as an expression and await its completion without assigning its result to any variable. Because only the assignment is flagged, and the function must still perform the atomic batch operation for notifications cleanup, the best fix is to call await state.batch(userId, cleanupOperations) without assigning its result to any variable. Only modify line 66 of playground/steps/complex-state-triggers/notification-cleaner.step.ts; no additional imports or definitions are required.

packages/core/src/state/adapters/default-state-adapter.ts

+      // Clean up temp file if it exists
+      try {
+        fs.unlinkSync(tempPath)
+      } catch {


The most robust way to solve this issue is to use the tmp library to securely create a unique temporary file with proper permissions and guaranteed non-existence before creation. Replace the manual .tmp approach in _writeFile with tmp.fileSync() to generate the temp file for atomic writes. This change is localized to the _writeFile method in packages/core/src/state/adapters/default-state-adapter.ts. You need to:

Add an import for the tmp package at the top of the file.

Replace the logic in _writeFile so that it creates a secure temp file with tmp.fileSync(), writes the JSON data to that pathname, and then performs the atomic rename.

Remember to clean up the temp file handle as well as the path if an error is thrown.

No changes to tests are required.

packages/core/src/state/adapters/default-state-adapter.ts

To fix the problem, the file adapter should never create files or temporary files in the OS temp directory or in any location with a custom mechanism, unless steps are taken to guarantee atomicity, uniqueness, and proper permissions. Standard practice for securely writing temporary files is to use a well-tested library such as tmp. This library ensures temporary files are created with secure permissions, are unique, and are inaccessible to other users on the system.

To fix the current problem:

Import the tmp library in default-state-adapter.ts.

In the _writeFile method, instead of constructing tempPath manually, use tmp.fileSync() to get a securely created temporary file, and write your data to that.

Atomically move/replace the file at the desired path.

Remove the manual temp naming logic.
Only replace relevant code and add the minimum imports required, staying inside the code you've been shown.

mfpiccolo added 17 commits September 21, 2025 17:28

wip triggers

6d94775

wip

5f0d597

wip

e1b543a

wip

74fd400

wip

20129b9

wip

9b86f4a

wip

728f609

wip

79d6350

wip

070507c

wip

a841ed9

wip

1d8a25d

wip

1fcc4cf

wip

3da9bb7

wip

fb3f05d

wip

f22d762

wip

7a1b778

wip

8c925cb

github-actions bot added the size/XL label Sep 22, 2025

github-advanced-security bot found potential problems Sep 22, 2025

View reviewed changes

wip

49300cd

vercel bot deployed to Preview – motia-ui September 22, 2025 15:31 View deployment

github-advanced-security bot found potential problems Sep 22, 2025

View reviewed changes

vercel bot deployed to Preview – motia-docs September 22, 2025 15:33 View deployment

wip

4f64bab

vercel bot deployed to Preview – motia-docs September 22, 2025 15:50 View deployment

vercel bot deployed to Preview – motia-ui September 22, 2025 15:51 View deployment

mfpiccolo added 2 commits September 22, 2025 12:01

wip

723cefa

wip

59e17a6

wip

4afe13c

vercel bot deployed to Preview – motia-ui September 22, 2025 20:40 View deployment

github-advanced-security bot found potential problems Sep 22, 2025

View reviewed changes

vercel bot deployed to Preview – motia-docs September 22, 2025 20:42 View deployment

wip

50e99ec

vercel bot deployed to Preview – motia-ui September 22, 2025 20:49 View deployment

vercel bot deployed to Preview – motia-docs September 22, 2025 20:51 View deployment

wip

1e96309

vercel bot deployed to Preview – motia-ui September 22, 2025 21:14 View deployment

github-advanced-security bot found potential problems Sep 22, 2025

View reviewed changes

vercel bot deployed to Preview – motia-docs September 22, 2025 21:16 View deployment

fix lint

084158d

vercel bot deployed to Preview – motia-docs September 23, 2025 00:02 View deployment

vercel bot deployed to Preview – motia-ui September 23, 2025 00:03 View deployment

Remove md files

5226f66

vercel bot deployed to Preview – motia-docs September 23, 2025 10:01 View deployment

vercel bot deployed to Preview – motia-ui September 23, 2025 10:02 View deployment

mfpiccolo added 2 commits October 5, 2025 09:38

multi-triggers

95ee4a3

fix ts errors for multi-triggers

152e063

vercel bot deployed to Preview – motia-ui October 5, 2025 14:50 View deployment

vercel bot deployed to Preview – motia-docs October 5, 2025 14:53 View deployment

fix e2e

99e351e

vercel bot deployed to Preview – motia-docs October 5, 2025 16:11 View deployment

vercel bot deployed to Preview – motia-ui October 5, 2025 16:12 View deployment

@@ -128,7 +128,6 @@
                 let triggeredData: any = null
                 // Mock the callStepFile function to capture triggers
-                const originalCallStepFile = require('../call-step-file').callStepFile
                 jest.spyOn(require('../call-step-file'), 'callStepFile').mockImplementation(async (options: any) => {
                   triggeredStep = options.step.config.name
                   triggeredData = options.data

@@ -1,4 +1,4 @@
-            import { Step, StepConfig } from '../types'
+            import { Step } from '../types'
             import { hasApiTrigger, hasEventTrigger, hasCronTrigger, hasStateTrigger, getTriggersByType } from '../guards'
             import { validateStep } from '../step-validator'

@@ -1,5 +1,5 @@
             // Helper functions
-            import { Emit, Step, Trigger } from 'src/types'
+            import { Emit, Step } from 'src/types'
             import { hasApiTrigger, hasEventTrigger, hasCronTrigger, getTriggersByType } from '../guards'
             import { FlowEdge, FlowResponse, FlowStepResponse } from '../types/flows-types'
             import { getStepLanguage } from '../get-step-language'

@@ -2,7 +2,7 @@
             import path from 'path'
             import { ValidationError } from './step-validator'
             import { Step } from './types'
-            import { hasApiTrigger, hasEventTrigger, hasCronTrigger } from './guards'
+            // import { hasApiTrigger, hasEventTrigger, hasCronTrigger } from './guards'
             import { Stream } from './types-stream'
             const stepTag = colors.bold(colors.magenta('Step'))

@@ -239,7 +239,7 @@
               }
               const triggerStep = async (step: Step, data: { key: string; value: any; traceId: string; depth: number }) => {
-                const { config, filePath } = step
+                const { config } = step
                 const { name } = config
                 globalLogger.debug('[state handler] triggering step', { step: name, key: data.key, depth: data.depth })

		@@ -0,0 +1,442 @@
		import { Step, StepConfig } from '../types'

@@ -1,6 +1,6 @@
             import { StepConfig, Handlers } from 'motia'
             import { z } from 'zod'
+            import * as crypto from 'crypto';
             export const config: StepConfig = {
               name: 'UserRegistration',
               description: 'API endpoint to register a new user with initial profile data',
@@ -37,7 +37,8 @@
               try {
                 // Generate user ID
-                const userId = `user_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`
+                const randomSuffix = crypto.randomBytes(6).toString('base64').replace(/[^a-zA-Z0-9]/g, '').substr(0, 9);
+                const userId = `user_${Date.now()}_${randomSuffix}`
                 // Set initial user state - this will trigger multiple state monitors

@@ -16,7 +16,7 @@
             }
             export const handler: Handlers['NotificationCleaner'] = async (input, { logger, state }) => {
-              const { key, value, traceId } = input
+              const { value, traceId } = input
               // Extract userId from the traceId (format: user_123_abc)
               const userId = traceId

@@ -1,5 +1,6 @@
             import fs from 'fs'
             import * as path from 'path'
+            import tmp from 'tmp'
             import { StateAdapter, StateItem, StateItemsInput } from '../state-adapter'
             import { StateOperation, BatchOperation, TransactionResult, BatchResult } from '../../types'
             import { filterItem, inferType } from './utils'
@@ -404,19 +405,22 @@
               }
               private _writeFile(data: unknown) {
-                const tempPath = this.filePath + '.tmp'
                 const jsonData = JSON.stringify(data, null, 2)
+                // Use tmp for secure temp file creation
+                let tempFile
                 try {
-                  // Write to temporary file first
-                  fs.writeFileSync(tempPath, jsonData, 'utf-8')
+                  tempFile = tmp.fileSync({ dir: path.dirname(this.filePath), prefix: path.basename(this.filePath) + '-', postfix: '.tmp' })
+                  fs.writeFileSync(tempFile.name, jsonData, 'utf-8')
                   // Atomically rename temp file to final location (atomic on POSIX systems)
-                  fs.renameSync(tempPath, this.filePath)
+                  fs.renameSync(tempFile.name, this.filePath)
+                  tempFile.removeCallback()
                 } catch (error) {
                   // Clean up temp file if it exists
                   try {
-                    fs.unlinkSync(tempPath)
+                    if (tempFile && tempFile.removeCallback) {
+                      tempFile.removeCallback()
+                    }
                   } catch {
                     // Ignore cleanup errors
                   }

@@ -27,7 +27,8 @@
                 "uuid": "^11.1.0",
                 "ws": "^8.18.2",
                 "zod": "^3.24.1",
-                "zod-to-json-schema": "^3.24.1"
+                "zod-to-json-schema": "^3.24.1",
+                "tmp": "^0.2.5"
               },
               "devDependencies": {
                 "@types/body-parser": "^1.19.5",

Package	Version	Security advisories
tmp (npm)	0.2.5	None

Package	Version	Security advisories
tmp (npm)	0.2.5	None

Wip triggers #717

Are you sure you want to change the base?

Wip triggers #717

Uh oh!

Conversation

mfpiccolo commented Sep 22, 2025

Uh oh!

vercel bot commented Sep 22, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Sep 22, 2025

Uh oh!

Check notice

Copilot Autofix

Check notice

Copilot Autofix

Check notice

Copilot Autofix

Check notice

Copilot Autofix

Check notice

Copilot Autofix

Check notice

Copilot Autofix

Check failure

Uh oh!

Copilot Autofix

Check failure

Uh oh!

Check failure

Uh oh!

Check failure

Uh oh!

Check failure

Uh oh!

Uh oh!

Check notice

Copilot Autofix

Check notice

Copilot Autofix

Check notice

Copilot Autofix

Check failure

Uh oh!

Copilot Autofix

Check failure

Uh oh!

Copilot Autofix

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

vercel bot commented Sep 22, 2025 •

edited

Loading