Severity: High (Quality H1)
`src/server/app.ts:54`, `src/server/routes/item.tsx:55` — The `:id` param in routes like `/api/items/:id` is passed directly to queries without UUID validation. Invalid strings cause 500 errors instead of 400.
Affects: `/api/items/:id`, `/items/:id`, `/briefs/:id`, `/collections/:id`
Recommendation: Add UUID format validation at the route handler level. Return 400 for malformed IDs.
Severity: High (Quality H1)
`src/server/app.ts:54`, `src/server/routes/item.tsx:55` — The `:id` param in routes like `/api/items/:id` is passed directly to queries without UUID validation. Invalid strings cause 500 errors instead of 400.
Affects: `/api/items/:id`, `/items/:id`, `/briefs/:id`, `/collections/:id`
Recommendation: Add UUID format validation at the route handler level. Return 400 for malformed IDs.