The zod schemas for PO headers and lines cap their free-text fields, but the OpenAPI component schemas declare them as bare { type: 'string' } with no length constraints.
| field |
zod |
OpenAPI |
| pohReference |
1..255 |
unbounded |
| pohTerms |
1..1000 |
unbounded |
| polItemDesc |
1..1000 |
unbounded |
SDK generators reading the spec can't see the server-side caps, so client-side validation has no way to catch oversized payloads before they round-trip.
Fix: add minLength/maxLength to the component schemas and pin them with tests in tests/api/openapi.test.js.
Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/2347/
The zod schemas for PO headers and lines cap their free-text fields, but the OpenAPI component schemas declare them as bare
{ type: 'string' }with no length constraints.SDK generators reading the spec can't see the server-side caps, so client-side validation has no way to catch oversized payloads before they round-trip.
Fix: add minLength/maxLength to the component schemas and pin them with tests in
tests/api/openapi.test.js.Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/2347/