fix(webapp,sdk): harden dashboard agent head start and session ownership

- Log head-start warm-step failures instead of swallowing them, so a failed
  first turn is visible in the server logs.
- Guard the new-chat create against stale responses so a slow create can't
  replace a chat the user just switched to.
- Scope the chat ownership check by organization, not just by user.
- Clear the head start idle timer on the warm-step failure path (it was only
  cleared on the success path).

Author: ericallam

apps/webapp/app/components/dashboard-agent/DashboardAgentPanel.tsx

@@ -134,6 +134,7 @@ export function DashboardAgentPanel({ onClose }: { onClose: () => void }) {
   const createChat = useCallback(
     async (text: string) => {
       setView("chat");
+      const seq = ++openChatRequestSeq.current;
       setLoading(true);
       try {
         const userMessage: UIMessage = {
@@ -152,6 +153,8 @@ export function DashboardAgentPanel({ onClose }: { onClose: () => void }) {
           headStarted?: boolean;
           error?: string;
         };
+        // A newer open/create (or New chat) superseded this one — drop the result.
+        if (seq !== openChatRequestSeq.current) return;
         if (!res.ok || !data.chatId || !data.publicAccessToken) {
           setActive(null);
           return;
@@ -164,7 +167,7 @@ export function DashboardAgentPanel({ onClose }: { onClose: () => void }) {
           streaming: data.headStarted,
         });
       } finally {
-        setLoading(false);
+        if (seq === openChatRequestSeq.current) setLoading(false);
       }
     },
     [actionPath, clientData]
@@ -196,6 +199,9 @@ export function DashboardAgentPanel({ onClose }: { onClose: () => void }) {
   }, [active?.chatId, storageKey]);
 
   const newChat = useCallback(() => {
+    // Invalidate any in-flight open/create so its result can't replace the draft.
+    openChatRequestSeq.current += 1;
+    setLoading(false);
     setView("chat");
     setActive(null);
   }, []);

apps/webapp/app/routes/resources.orgs.$organizationSlug.projects.$projectParam.env.$envParam.dashboard-agent.ts

@@ -186,7 +186,7 @@ export const action = async ({ request, params }: ActionFunctionArgs) => {
       // id). The transport falls back here to re-establish a session for an
       // existing chat (e.g. after its token expired), so verify ownership before
       // issuing one — a client-supplied chatId must belong to the caller.
-      if (!(await chatExists(dashboardAgentDb, { chatId, userId }))) {
+      if (!(await chatExists(dashboardAgentDb, { chatId, userId, organizationId: project.organizationId }))) {
         return json({ error: "Chat not found" }, { status: 404 });
       }
       let clientData: Record<string, unknown> | undefined;
@@ -215,7 +215,7 @@ export const action = async ({ request, params }: ActionFunctionArgs) => {
       }
       // Only mint a session token for a chat the caller owns, so a client-supplied
       // chatId can't be used to get a token for someone else's session.
-      if (!(await chatExists(dashboardAgentDb, { chatId, userId }))) {
+      if (!(await chatExists(dashboardAgentDb, { chatId, userId, organizationId: project.organizationId }))) {
         return json({ error: "Chat not found" }, { status: 404 });
       }
       return json({ token: await mintDashboardAgentToken(chatId) });

apps/webapp/app/services/dashboardAgentHeadStart.server.ts

@@ -10,6 +10,7 @@ import { chat as chatServer } from "@trigger.dev/sdk/chat-server";
 import { streamText, type UIMessage } from "ai";
 import { env } from "~/env.server";
 import { dashboardAgentApiOrigin } from "~/services/dashboardAgent.server";
+import { logger } from "~/services/logger.server";
 
 const TASK_ID = "dashboard-agent";
 
@@ -59,6 +60,10 @@ export async function startDashboardAgentHeadStart(params: {
 
   // The webapp is long-lived, so step 1's drain + the handover dispatch run in
   // the background after this resolves (createSession + trigger have completed).
-  // startHeadStart already guards the promise against unhandled rejection.
-  completion.catch(() => {});
+  // Log a warm-step failure for observability: startHeadStart has already fired
+  // handover-skip so the agent run exits cleanly, but the client (mounted as
+  // streaming) then resumes an empty session.out, so the turn looks lost.
+  completion.catch((error) => {
+    logger.error("Dashboard agent head start failed", { chatId: params.chatId, error });
+  });
 }

internal-packages/dashboard-agent-db/src/queries.ts

@@ -104,13 +104,18 @@ export async function getSession(
  */
 export async function chatExists(
   db: DashboardAgentDb,
-  params: { chatId: string; userId: string }
+  params: { chatId: string; userId: string; organizationId: string }
 ): Promise<boolean> {
   const rows = await db
     .select({ id: chats.id })
     .from(chats)
     .where(
-      and(eq(chats.id, params.chatId), eq(chats.userId, params.userId), isNull(chats.deletedAt))
+      and(
+        eq(chats.id, params.chatId),
+        eq(chats.organizationId, params.organizationId),
+        eq(chats.userId, params.userId),
+        isNull(chats.deletedAt)
+      )
     )
     .limit(1);
   return rows.length > 0;

packages/trigger-sdk/src/v3/chat-server.ts

@@ -683,9 +683,18 @@ async function openHandoverSession(opts: {
    * `finishReason`). Normal pure-text and tool-call finishes go
    * through `handover()` with the appropriate `isFinal` flag.
    */
+  // Clear the idle timer on every terminal path. The detached failure path
+  // (run() throws -> handoverSkip) otherwise leaves it armed until the idle
+  // timeout elapses, since only handoverWhenDone used to clear it.
+  const cleanup = () => clearTimeout(idleTimer);
+
   const handoverSkip = async () => {
-    const chunk: ChatInputChunk = { kind: "handover-skip" };
-    await apiClient.appendToSessionStream(chatId, "in", JSON.stringify(chunk));
+    try {
+      const chunk: ChatInputChunk = { kind: "handover-skip" };
+      await apiClient.appendToSessionStream(chatId, "in", JSON.stringify(chunk));
+    } finally {
+      cleanup();
+    }
   };
 
   // A stable assistant messageId for this turn. The customer's
@@ -761,7 +770,7 @@ async function openHandoverSession(opts: {
       }
       throw err;
     } finally {
-      clearTimeout(idleTimer);
+      cleanup();
     }
   };