Zod v4 Compatibility Issue in @trigger.dev/core #2805
Description
Summary
@trigger.dev/core@4.3.0 has a direct dependency on zod-validation-error@^1.5.0, which accesses Zod v3 internals (t.valueType._zod) that don't exist in Zod v4. This causes a runtime error when projects use Zod v4, even though the SDK's peer dependency allows "zod": "^3.0.0 || ^4.0.0".
Error Details
Error: TypeError: undefined is not an object (evaluating 't.valueType._zod')
Location: Occurs during SDK's internal validation/serialization, before any HTTP request is made.
Misleading Error Message: The error is wrapped as TriggerApiError: Connection error., making it appear to be a network issue when it's actually a Zod version incompatibility.
Stack Trace:
TriggerApiError: Connection error.
at iE (/app/apps/christmas-photo/.next/server/chunks/node_modules_5ba9120a._.js:6:6423)
at processTicksAndRejections (native)
TypeError: undefined is not an object (evaluating 't.valueType._zod')
at (.next/server/chunks/_70c3eef0._.js:19:6236)
Root Cause
{
"dependencies": {
"zod": "3.25.76",
"zod-validation-error": "^1.5.0"
}
}The zod-validation-error@^1.5.0 package accesses Zod v3 internals (t.valueType._zod) which were removed in Zod v4. When a project uses Zod v4, the SDK's internal validation fails because zod-validation-error tries to access properties that don't exist.
Reproduction
Environment:
@trigger.dev/sdk@4.3.0- Project uses
zod@^4.2.1 - SDK peer dependency:
"zod": "^3.0.0 || ^4.0.0"✅ (allows v4)
Code:
import { auth as triggerAuth } from "@trigger.dev/sdk"
// All of these fail with the same error:
await triggerAuth.createPublicToken()
await triggerAuth.createPublicToken({ scopes: { read: { runs: true } } })
await triggerAuth.createPublicToken({ expirationTime: "1h" })Result: All calls fail during SDK's internal validation, before reaching the network layer.
Expected Behavior
Since the SDK's peer dependency allows Zod v4 ("zod": "^3.0.0 || ^4.0.0"), projects using Zod v4 should work correctly.
Proposed Solution
Update @trigger.dev/core to use zod-validation-error@^4.0.1 (or later), which is compatible with both Zod v3 and v4:
{
"dependencies": {
"zod": "3.25.76", // Keep for backward compatibility
"zod-validation-error": "^4.0.1" // Update to v4-compatible version
}
}Alternatively, make zod-validation-error a peer dependency or use a version that supports both Zod v3 and v4.
Workaround
We've implemented a direct API call workaround using jose to bypass the SDK's Zod validation:
- Fetch JWT claims from
/api/v1/auth/jwt/claims - Sign the JWT directly using
jose(same library Trigger.dev uses internally)
This workaround confirms the root cause: effectively bypassing the SDK's Zod validation logic (and zod-validation-error) allows the token creation to succeed and the application to connect to Trigger.dev without issues.
Additional Context
- Environment-Specific Failure: The issue consistently reproduces in our production environment (Docker/Alpine Linux/Bun) but interestingly works locally during development. This might be due to differences in how dependencies are flattened/hoisted or how
instanceofchecks behave across environments, but the core incompatibility remains. - Error occurs regardless of input parameters to
createPublicToken - The error message is misleading ("Connection error") when it's actually a validation error
zod-validation-error@^4.0.1exists and supports Zod v4
References
zod-validation-errorv4 release: https://github.com/causaly/zod-validation-error/releases- Zod v4 migration guide: https://zod.dev/?id=v4-migration-guide