Skip to content

feat(workers): add Zod request body validation to auto-fix, auto-triage, code-review workers#1259

Open
kilo-code-bot[bot] wants to merge 3 commits intomainfrom
convoy/worker-consistency-phase-5-zod-input-val/efc36f8c/gt/reed/4f51d883
Open

feat(workers): add Zod request body validation to auto-fix, auto-triage, code-review workers#1259
kilo-code-bot[bot] wants to merge 3 commits intomainfrom
convoy/worker-consistency-phase-5-zod-input-val/efc36f8c/gt/reed/4f51d883

Conversation

@kilo-code-bot
Copy link
Contributor

@kilo-code-bot kilo-code-bot bot commented Mar 19, 2026

Summary

Replaces manual if (!body.field) checks with Zod schemas for structured request body validation in three orchestrator workers. Invalid request bodies now return 400 with Zod error details rather than silent missing-field errors.

Changes per worker:

  • cloudflare-auto-fix-infra POST /fix/dispatch: new fixRequestSchema (with nested sessionInputSchema and ownerSchema); zod added as dependency
  • cloudflare-auto-triage-infra POST /triage: new triageRequestSchema (with nested schemas)
  • cloudflare-code-review-infra POST /review and POST /reviews/:reviewId/cancel: new codeReviewRequestSchema and cancelRequestSchema; zod added as dependency

All endpoints wrap c.req.json() in a try-catch to return a structured 400 on malformed/absent JSON before Zod validation runs.

Verification

  • Reviewed Zod schemas against TypeScript type definitions in src/types.ts for each worker — fields and optionality match
  • Confirmed zod is now a declared dependency in all three package.json files
  • Confirmed no manual if (!body.field) checks remain on validated endpoints
  • Confirmed all c.req.json() calls are guarded against JSON parse errors

Visual Changes

N/A

Reviewer Notes

The cancelRequestSchema has all-optional fields (reason?: string), so an empty-but-valid JSON body {} is accepted. The try-catch before c.req.json() handles requests with no body at all. The phase-3 (structured logging) convoy runs independently on the same workers; console.log calls visible in this diff are not in scope for this bead.

Slate (gastown) and others added 3 commits March 19, 2026 03:23
feat(workers): add Zod request body validation to auto-fix, auto-tria…
1fee1ef 
…ge, code-review workers

Replace manual if (!body.field) checks with Zod schemas on POST /fix/dispatch,
POST /triage, POST /review, and POST /reviews/:reviewId/cancel. Invalid bodies
now return 400 with structured Zod error details. Add zod dependency to
cloudflare-auto-fix-infra and cloudflare-code-review-infra (already present in
cloudflare-auto-triage-infra).
fix(gastown): resolve unsafe-assignment lint errors in beads.ts metad…
2dcf682 
…ata parsing

Use z.record().catch({}).parse() to safely parse JSON metadata instead of
a bare JSON.parse() assignment which triggered no-unsafe-assignment lint errors.
fix(workers): guard c.req.json() calls with try-catch before safeParse
db23862 
Wraps each c.req.json() call in a try-catch so malformed or absent
request bodies return a structured 400 JSON response rather than
bubbling up as an unhandled exception. Affects POST /fix/dispatch,
POST /triage, POST /review, and POST /reviews/:reviewId/cancel.
kilo-code-bot[bot]
kilo-code-bot bot commented Mar 19, 2026
View reviewed changes
cloudflare-auto-fix-infra/src/index.ts
customInstructions: z.string().nullable().optional(),
modelSlug: z.string(),
prBaseBranch: z.string(),
prBranchPrefix: z.string(),
Copy link
Contributor Author

@kilo-code-bot kilo-code-bot bot Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: Required prBranchPrefix breaks the current auto-fix dispatch payload

DispatchFixRequestSchema and prepareFixPayload() never populate sessionInput.prBranchPrefix, so existing /fix/dispatch requests will now fail validation with a 400 before the orchestrator starts. This makes the Zod migration a breaking change unless the field is made optional here or the dispatcher begins sending it.

@kilo-code-bot
Copy link
Contributor Author

kilo-code-bot bot commented Mar 19, 2026
edited
Loading

Code Review Summary

Status: 1 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 1
WARNING 0
SUGGESTION 0

Fix these issues in Kilo Cloud

Issue Details (click to expand)

CRITICAL

File Line Issue
cloudflare-auto-fix-infra/src/index.ts 37 Requiring sessionInput.prBranchPrefix breaks existing /fix/dispatch requests because the current dispatcher does not send that field.
Other Observations (not in diff)

None.

Files Reviewed (7 files)
  • cloudflare-auto-fix-infra/package.json - 0 issues
  • cloudflare-auto-fix-infra/src/index.ts - 1 issue
  • cloudflare-auto-triage-infra/src/index.ts - 0 issues
  • cloudflare-code-review-infra/package.json - 0 issues
  • cloudflare-code-review-infra/src/index.ts - 0 issues
  • cloudflare-gastown/src/dos/town/beads.ts - 0 issues
  • pnpm-lock.yaml - 0 issues

Reviewed by gpt-5.4-20260305 · 1,783,680 tokens

@kilo-code-bot kilo-code-bot bot requested review from jrf0110 and pandemicsyn March 19, 2026 08:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jrf0110 jrf0110 Awaiting requested review from jrf0110

@pandemicsyn pandemicsyn Awaiting requested review from pandemicsyn

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants