Add Zod validation to server actions and API chat route; replace root interfaces with Zod schemas by Copilot · Pull Request #197 · ut-code/my-code

Copilot · 2026-03-18T13:05:07Z

app/actions/ server action parameters and the app/api/chat/ POST body lacked runtime validation. Types like MarkdownSection, ReplCommand, etc. were defined as bare interfaces, requiring a separate schema to validate — so the types themselves are rewritten as Zod schemas with z.output<typeof schema>.

Type definitions replaced with Zod schemas

app/lib/docs.ts — interface PagePath → PagePathSchema, interface MarkdownSection → MarkdownSectionSchema. Also adds ReplacedRangeSchema and DynamicMarkdownSectionSchema (consolidated here from client files to make schemas server-importable).
packages/runtime/src/interface.ts — ReplOutputType, ReplOutput, UpdatedFile, ReplCommand interfaces all replaced with Zod schemas + z.output<> types. Added zod to the package's deps.
app/markdown/multiHighlight.tsx / pageContent.tsx — local interface ReplacedRange / interface DynamicMarkdownSection removed; re-export the types from @/lib/docs.

// Before
export interface MarkdownSection { file: string; id: SectionId; ... }

// After
export const MarkdownSectionSchema = z.object({
  file: z.string(),
  id: z.string().transform((s) => s as SectionId),
  ...
});
export type MarkdownSection = z.output<typeof MarkdownSectionSchema>;

Validation added

app/api/chat/route.ts — type ChatParams replaced by ChatParamsSchema (composed from all sub-schemas above); POST body is now validated via safeParse, returning HTTP 400 on invalid input.
app/actions/deleteChat.ts / app/actions/getRedirectFromChat.ts — chatId parameter validated with z.string().uuid() before use.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

workers.cloudflare.com
- Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node node_modules/.bin/next lint (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.

- Replace `interface MarkdownSection`, `interface PagePath` in docs.ts with Zod schemas + `z.output<typeof schema>` types - Add `ReplacedRangeSchema` and `DynamicMarkdownSectionSchema` to docs.ts, moving the type definitions out of the client-only pageContent.tsx - Remove `interface ReplacedRange` from multiHighlight.tsx; re-export `ReplacedRange` type from @/lib/docs - Remove `interface DynamicMarkdownSection` from pageContent.tsx; re-export `DynamicMarkdownSection` type from @/lib/docs - Replace `ReplOutputType` union, `ReplOutput`, `UpdatedFile`, `ReplCommand` interfaces in packages/runtime/src/interface.ts with Zod schemas + `z.output<typeof schema>` types; add zod dependency to runtime package - Replace `type ChatParams` in route.ts with `ChatParamsSchema` + Zod validation of POST request body (returns 400 on invalid input) - Add `z.string().uuid()` validation to deleteChat and getRedirectFromChat server action parameters Co-authored-by: na-trium-144 <100704180+na-trium-144@users.noreply.github.com>

cloudflare-workers-and-pages · 2026-03-18T13:20:03Z

Deploying with Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	my-code	`f759e87`	Commit Preview URL Branch Preview URL	Mar 19 2026, 02:16 PM

na-trium-144 · 2026-03-19T13:39:21Z

@copilot

  const parsed = chatIdSchema.safeParse(chatId);
  if (!parsed.success) {
    throw new Error(parsed.error.issues.map((e) => e.message).join(", "));
  }

これは const parsed = chatIdSchema.parse(chatId); (エラー時にはZodErrorがthrowされる) と書いた方がシンプルだと思ったのですが、何が違う?

Copilot · 2026-03-19T13:39:25Z

@na-trium-144 The model claude-sonnet-4.6 is not available for your account. This can happen if the model was disabled by your organization's policy or if your Copilot plan doesn't include access to it.