Reject invisible separator characters in baseURL

Co-authored-by: Eric Allam <eric@trigger.dev>

Author: cursoragent

.changeset/curly-radios-visit.md

@@ -10,5 +10,6 @@ Add a new `@trigger.dev/ai` package with:
 - reconnect-aware stream handling on top of Trigger.dev Realtime Streams v2
 - strict `baseURL` normalization/validation (trimming, path-safe slash handling, absolute `http(s)` URLs only, no query/hash/credentials)
 - rejection of internal whitespace characters in normalized `baseURL` values
+- rejection of internal invisible separator characters (e.g. zero-width spaces) in normalized `baseURL` values
 - deterministic baseURL validation error ordering for multi-issue inputs (internal whitespace → protocol → query/hash → credentials)
 - explicit default `baseURL` behavior (`https://api.trigger.dev`) and case-insensitive `HTTP(S)` protocol acceptance

docs/tasks/streams.mdx

@@ -676,6 +676,7 @@ Examples:
 - ❌ `https://api.trigger.dev/\ninternal`
 - ❌ `https://api.trigger.dev/\tinternal`
 - ❌ `https://api.trigger.dev/\rinternal`
+- ❌ `https://api.trigger.dev/\u200Binternal`
 
 Validation errors use these exact messages:
 

packages/ai/CHANGELOG.md

@@ -26,7 +26,7 @@
 - Added explicit validation that `baseURL` uses `http` or `https`.
 - Added explicit validation that `baseURL` excludes query parameters and hash fragments.
 - Added explicit validation that `baseURL` excludes username/password credentials.
-- Added explicit validation that `baseURL` excludes internal whitespace characters.
+- Added explicit validation that `baseURL` excludes internal whitespace/invisible separator characters.
 - Documented that `HTTP://` and `HTTPS://` are accepted (case-insensitive protocol matching).
 - Added deterministic validation ordering for multi-issue baseURL values
   (internal whitespace → protocol → query/hash → credentials).

packages/ai/README.md

@@ -183,6 +183,7 @@ Examples:
 - ❌ `https://api.trigger.dev/\ninternal` (internal whitespace characters)
 - ❌ `https://api.trigger.dev/\tinternal` (internal tab characters)
 - ❌ `https://api.trigger.dev/\rinternal` (internal carriage-return characters)
+- ❌ `https://api.trigger.dev/\u200Binternal` (internal zero-width-space characters)
 
 Validation errors use these exact messages:
 

packages/ai/src/chatTransport.test.ts

@@ -753,6 +753,17 @@ describe("TriggerChatTransport", function () {
     }).toThrowError("baseURL must not contain internal whitespace characters");
   });
 
+  it("throws when baseURL contains internal zero-width-space characters", function () {
+    expect(function () {
+      new TriggerChatTransport({
+        task: "chat-task",
+        accessToken: "pk_trigger",
+        baseURL: "https://api.trigger.dev/\u200Binternal",
+        stream: "chat-stream",
+      });
+    }).toThrowError("baseURL must not contain internal whitespace characters");
+  });
+
   it("throws when baseURL is a relative path", function () {
     expect(function () {
       new TriggerChatTransport({
@@ -3371,6 +3382,17 @@ describe("TriggerChatTransport", function () {
     }).toThrowError("baseURL must not contain internal whitespace characters");
   });
 
+  it("throws from factory when baseURL contains internal zero-width-space characters", function () {
+    expect(function () {
+      createTriggerChatTransport({
+        task: "chat-task",
+        accessToken: "pk_trigger",
+        baseURL: "https://api.trigger.dev/\u200Binternal",
+        stream: "chat-stream",
+      });
+    }).toThrowError("baseURL must not contain internal whitespace characters");
+  });
+
   it("throws from factory when baseURL protocol is not http or https", function () {
     expect(function () {
       createTriggerChatTransport({

packages/ai/src/chatTransport.ts

@@ -457,7 +457,7 @@ const BASE_URL_VALIDATION_ERRORS = {
   credentials: "baseURL must not include username or password credentials",
 } as const;
 
-const INTERNAL_WHITESPACE_REGEX = /\s/;
+const INTERNAL_WHITESPACE_REGEX = /[\s\u200B\u200C\u200D\u2060\uFEFF]/u;
 
 function resolvePayloadMapper<
   UI_MESSAGE extends UIMessage,