chore(api): migrate commands endpoints to OpenAPI pattern#40072
chore(api): migrate commands endpoints to OpenAPI pattern#40072vivekyarra wants to merge 2 commits intoRocketChat:developfrom
Conversation
|
Looks like this PR is not ready to merge, because of the following issues:
Please fix the issues and try again If you have any trouble, please check the PR guidelines |
🦋 Changeset detectedLatest commit: 27322b4 The changes in this PR will be included in the next version bump. This PR includes changesets to release 41 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
WalkthroughThis PR migrates the REST API commands endpoints from the legacy Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Suggested labels
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (1)
apps/meteor/app/api/server/v1/commands.ts (1)
302-302: Drop the inline payload comment.
isCommandsRunPropsalready defines this request shape, so the comment is duplicate state that can drift.As per coding guidelines, "Avoid code comments in the implementation".
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@apps/meteor/app/api/server/v1/commands.ts` at line 302, Remove the duplicate inline payload comment that describes the request body (the line "// Expects a body of: { command: 'gimme', params: 'any string value', roomId: 'value', triggerId: 'value' }") from the commands route implementation; the shape is already defined by isCommandsRunProps, so simply delete that comment near the handler for run/commands (referencing isCommandsRunProps) to avoid redundant documentation in code.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.changeset/migrate-commands-openapi.md:
- Line 3: The changeset currently marks '@rocket.chat/rest-typings' as a patch
but new root exports (isCommandsListProps, isCommandsRunProps,
isCommandsPreviewGETProps, isCommandsPreviewPOSTProps) in
packages/rest-typings/src/v1/commands.ts increase the public surface and require
a minor bump; update the entry in .changeset/migrate-commands-openapi.md from
'patch' to 'minor' (i.e., change the line "'@rocket.chat/rest-typings': patch"
to "'@rocket.chat/rest-typings': minor") so the release correctly reflects the
non-breaking API surface addition.
In `@apps/meteor/app/api/server/v1/commands.ts`:
- Around line 239-256: The 202 response JSON schema compiled via ajv.compile
omits "success" from the required array even though the handler always returns
success: true; update the schema object passed to ajv.compile to include
"success" in the required list so the validator enforces presence of the success
boolean (refer to the ajv.compile call and the schema's properties object where
success: { type: 'boolean', enum: [true] } is defined, and the required: [...]
array).
- Around line 305-320: The response maps for the commands endpoints that call
API.v1.forbidden() are missing a 403 validator; update each response object (the
one using isCommandsRunProps / the other two response maps in this file that
currently declare only 200/400/401) to include "403:
validateForbiddenErrorResponse" so the router has a validator for forbidden
responses; locate the response maps near the routes that call API.v1.forbidden()
and add the validateForbiddenErrorResponse entry alongside 200/400/401.
- Around line 203-204: Reconnect the chained route registration by attaching the
orphaned .get('commands.list', ...) call back onto the commandsEndpoints chain
(i.e., ensure .get('commands.list', ...) is part of the commandsEndpoints =
commandsEndpoints... chain instead of a standalone statement) and confirm the
final .post(...) in that chain ends with a closing `);`. Add 403 to the response
schemas for commands.run, commands.preview (GET) and commands.preview (POST) to
reflect calls to API.v1.forbidden(), add "success" to the required array of the
202 response schema for commands.list (since the handler always returns success:
true), and remove the inline implementation comment "// Expects a body of..."
near the commands.run handler to comply with the comment guideline.
---
Nitpick comments:
In `@apps/meteor/app/api/server/v1/commands.ts`:
- Line 302: Remove the duplicate inline payload comment that describes the
request body (the line "// Expects a body of: { command: 'gimme', params: 'any
string value', roomId: 'value', triggerId: 'value' }") from the commands route
implementation; the shape is already defined by isCommandsRunProps, so simply
delete that comment near the handler for run/commands (referencing
isCommandsRunProps) to avoid redundant documentation in code.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: faed3f97-5d77-4b52-a2bd-ab9df173a38e
📒 Files selected for processing (3)
.changeset/migrate-commands-openapi.mdapps/meteor/app/api/server/v1/commands.tspackages/rest-typings/src/v1/commands.ts
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: cubic · AI code reviewer
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx,js}
📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)
**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation
Files:
apps/meteor/app/api/server/v1/commands.tspackages/rest-typings/src/v1/commands.ts
🧠 Learnings (19)
📓 Common learnings
Learnt from: smirk-dev
Repo: RocketChat/Rocket.Chat PR: 39625
File: apps/meteor/app/api/server/v1/push.ts:85-97
Timestamp: 2026-03-14T14:58:58.834Z
Learning: In RocketChat/Rocket.Chat, the `push.token` POST/DELETE endpoints in `apps/meteor/app/api/server/v1/push.ts` were already migrated to the chained router API pattern on `develop` prior to PR `#39625`. `cleanTokenResult` (which strips `authToken` and returns `PushTokenResult`) and `isPushTokenPOSTProps`/`isPushTokenDELETEProps` validators already exist on `develop`. PR `#39625` only migrates `push.get` and `push.info` to the chained pattern. Do not flag `cleanTokenResult` or `PushTokenResult` as newly introduced behavior-breaking changes when reviewing this PR.
Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 38974
File: apps/meteor/app/api/server/v1/im.ts:220-221
Timestamp: 2026-02-24T19:09:09.561Z
Learning: In RocketChat/Rocket.Chat OpenAPI migration PRs for apps/meteor/app/api/server/v1 endpoints, maintainers prefer to avoid any logic changes; style-only cleanups (like removing inline comments) may be deferred to follow-ups to keep scope tight.
Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39676
File: apps/meteor/app/api/server/v1/users.ts:862-869
Timestamp: 2026-03-16T23:33:15.721Z
Learning: In RocketChat/Rocket.Chat OpenAPI migration PRs (e.g., PR `#39676` for users.register in apps/meteor/app/api/server/v1/users.ts), calls to `this.parseJsonQuery()` inside migrated handlers are intentionally preserved without adding a corresponding `query` AJV schema to the route options. Adding query-param schemas for the `fields`/`sort`/`query` parameters consumed by `parseJsonQuery()` is a separate cross-cutting concern shared by many endpoints (e.g., users.create, users.update, users.list) and is explicitly out of scope for individual endpoint migration PRs. Do not flag the absence of a `query` schema for `parseJsonQuery()` usage as a violation of OpenAPI/AJV contract during migration reviews.
Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39676
File: .changeset/migrate-users-register-openapi.md:3-3
Timestamp: 2026-03-16T21:50:42.118Z
Learning: In RocketChat/Rocket.Chat OpenAPI migration PRs, removing endpoint types and validators from `rocket.chat/rest-typings` (e.g., `UserRegisterParamsPOST`, `/v1/users.register` entry) is the *required* migration pattern per RocketChat/Rocket.Chat-Open-API#150 Rule 7 ("No More rest-typings or Manual Typings"). The endpoint type is re-exposed via a module augmentation `.d.ts` file in the consuming package (e.g., `packages/web-ui-registration/src/users-register.d.ts`). This is NOT a breaking change — the correct changeset bump for `rocket.chat/rest-typings` in this scenario is `minor`, not `major`. Do not flag this as a breaking change during OpenAPI migration reviews.
Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 39414
File: apps/meteor/app/api/server/v1/rooms.ts:1241-1297
Timestamp: 2026-03-10T08:13:52.153Z
Learning: In the RocketChat/Rocket.Chat OpenAPI migration PRs for endpoints under apps/meteor/app/api/server/v1/rooms.ts, the pattern `ajv.compile<void>({...})` is intentionally used for the 200 response schema even when the endpoint returns `{ success: true }`. This is an established convention across all migrated endpoints (rooms.leave, rooms.favorite, rooms.delete, rooms.muteUser, rooms.unmuteUser). Do not flag this as a type mismatch during reviews of these migration PRs.
Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39647
File: apps/meteor/app/api/server/v1/users.ts:710-757
Timestamp: 2026-03-15T14:31:28.969Z
Learning: In RocketChat/Rocket.Chat, the `UserCreateParamsPOST` type in `apps/meteor/app/api/server/v1/users.ts` (migrated from `packages/rest-typings/src/v1/users/UserCreateParamsPOST.ts`) intentionally has `fields: string` (non-optional) and `settings?: IUserSettings` without a corresponding AJV schema entry. This is a pre-existing divergence carried over verbatim from the original rest-typings source (PR `#39647`). Do not flag this type/schema misalignment during the OpenAPI migration review — it is tracked as a separate follow-up fix.
Learnt from: ggazzo
Repo: RocketChat/Rocket.Chat PR: 39553
File: apps/meteor/app/api/server/v1/stats.ts:98-117
Timestamp: 2026-03-20T13:52:29.575Z
Learning: In `apps/meteor/app/api/server/v1/stats.ts`, the `statistics.telemetry` POST endpoint intentionally has no `body` AJV schema in its route options. The proper request body shape (a `params` array of telemetry event objects) has not been formally defined yet, so body validation is deferred to a follow-up. Do not flag the missing body schema for this endpoint during OpenAPI migration reviews.
📚 Learning: 2026-03-16T21:50:37.589Z
Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39676
File: .changeset/migrate-users-register-openapi.md:3-3
Timestamp: 2026-03-16T21:50:37.589Z
Learning: For changes related to OpenAPI migrations in Rocket.Chat/OpenAPI, when removing endpoint types and validators from rocket.chat/rest-typings (e.g., UserRegisterParamsPOST, /v1/users.register) document this as a minor changeset (not breaking) per RocketChat/Rocket.Chat-Open-API#150 Rule 7. Note that the endpoint type is re-exposed via a module augmentation .d.ts in the consuming package (e.g., packages/web-ui-registration/src/users-register.d.ts). In reviews, ensure the changeset clearly states: this is a non-breaking change, the major version should not be bumped, and the changeset reflects a minor version bump. Do not treat this as a breaking change during OpenAPI migrations.
Applied to files:
.changeset/migrate-commands-openapi.md
📚 Learning: 2026-02-24T19:09:09.561Z
Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 38974
File: apps/meteor/app/api/server/v1/im.ts:220-221
Timestamp: 2026-02-24T19:09:09.561Z
Learning: In RocketChat/Rocket.Chat OpenAPI migration PRs for apps/meteor/app/api/server/v1 endpoints, maintainers prefer to avoid any logic changes; style-only cleanups (like removing inline comments) may be deferred to follow-ups to keep scope tight.
Applied to files:
.changeset/migrate-commands-openapi.md
📚 Learning: 2026-03-15T14:31:28.969Z
Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39647
File: apps/meteor/app/api/server/v1/users.ts:710-757
Timestamp: 2026-03-15T14:31:28.969Z
Learning: In RocketChat/Rocket.Chat, the `UserCreateParamsPOST` type in `apps/meteor/app/api/server/v1/users.ts` (migrated from `packages/rest-typings/src/v1/users/UserCreateParamsPOST.ts`) intentionally has `fields: string` (non-optional) and `settings?: IUserSettings` without a corresponding AJV schema entry. This is a pre-existing divergence carried over verbatim from the original rest-typings source (PR `#39647`). Do not flag this type/schema misalignment during the OpenAPI migration review — it is tracked as a separate follow-up fix.
Applied to files:
.changeset/migrate-commands-openapi.mdapps/meteor/app/api/server/v1/commands.tspackages/rest-typings/src/v1/commands.ts
📚 Learning: 2026-03-14T14:58:58.834Z
Learnt from: smirk-dev
Repo: RocketChat/Rocket.Chat PR: 39625
File: apps/meteor/app/api/server/v1/push.ts:85-97
Timestamp: 2026-03-14T14:58:58.834Z
Learning: In RocketChat/Rocket.Chat, the `push.token` POST/DELETE endpoints in `apps/meteor/app/api/server/v1/push.ts` were already migrated to the chained router API pattern on `develop` prior to PR `#39625`. `cleanTokenResult` (which strips `authToken` and returns `PushTokenResult`) and `isPushTokenPOSTProps`/`isPushTokenDELETEProps` validators already exist on `develop`. PR `#39625` only migrates `push.get` and `push.info` to the chained pattern. Do not flag `cleanTokenResult` or `PushTokenResult` as newly introduced behavior-breaking changes when reviewing this PR.
Applied to files:
.changeset/migrate-commands-openapi.mdapps/meteor/app/api/server/v1/commands.ts
📚 Learning: 2026-03-16T23:33:15.721Z
Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39676
File: apps/meteor/app/api/server/v1/users.ts:862-869
Timestamp: 2026-03-16T23:33:15.721Z
Learning: In RocketChat/Rocket.Chat OpenAPI migration PRs (e.g., PR `#39676` for users.register in apps/meteor/app/api/server/v1/users.ts), calls to `this.parseJsonQuery()` inside migrated handlers are intentionally preserved without adding a corresponding `query` AJV schema to the route options. Adding query-param schemas for the `fields`/`sort`/`query` parameters consumed by `parseJsonQuery()` is a separate cross-cutting concern shared by many endpoints (e.g., users.create, users.update, users.list) and is explicitly out of scope for individual endpoint migration PRs. Do not flag the absence of a `query` schema for `parseJsonQuery()` usage as a violation of OpenAPI/AJV contract during migration reviews.
Applied to files:
.changeset/migrate-commands-openapi.mdapps/meteor/app/api/server/v1/commands.ts
📚 Learning: 2026-03-10T08:13:52.153Z
Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 39414
File: apps/meteor/app/api/server/v1/rooms.ts:1241-1297
Timestamp: 2026-03-10T08:13:52.153Z
Learning: In the RocketChat/Rocket.Chat OpenAPI migration PRs for endpoints under apps/meteor/app/api/server/v1/rooms.ts, the pattern `ajv.compile<void>({...})` is intentionally used for the 200 response schema even when the endpoint returns `{ success: true }`. This is an established convention across all migrated endpoints (rooms.leave, rooms.favorite, rooms.delete, rooms.muteUser, rooms.unmuteUser). Do not flag this as a type mismatch during reviews of these migration PRs.
Applied to files:
.changeset/migrate-commands-openapi.mdapps/meteor/app/api/server/v1/commands.tspackages/rest-typings/src/v1/commands.ts
📚 Learning: 2026-02-25T20:10:16.987Z
Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 38913
File: packages/ddp-client/src/legacy/types/SDKLegacy.ts:34-34
Timestamp: 2026-02-25T20:10:16.987Z
Learning: In the RocketChat/Rocket.Chat monorepo, packages/ddp-client and apps/meteor do not use TypeScript project references. Module augmentations in apps/meteor (e.g., declare module 'rocket.chat/rest-typings') are not visible when compiling packages/ddp-client in isolation, which is why legacy SDK methods that depend on OperationResult types for OpenAPI-migrated endpoints must remain commented out.
Applied to files:
.changeset/migrate-commands-openapi.mdapps/meteor/app/api/server/v1/commands.ts
📚 Learning: 2026-03-03T11:11:48.541Z
Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 39230
File: apps/meteor/app/api/server/v1/chat.ts:214-222
Timestamp: 2026-03-03T11:11:48.541Z
Learning: In apps/meteor/server/lib/moderation/reportMessage.ts, the reportMessage function validates that description is not empty or whitespace-only with `if (!description.trim())`. When migrating the chat.reportMessage endpoint to OpenAPI, adding minLength validation to the schema preserves this existing behavior.
Applied to files:
.changeset/migrate-commands-openapi.md
📚 Learning: 2026-02-24T19:05:56.710Z
Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 0
File: :0-0
Timestamp: 2026-02-24T19:05:56.710Z
Learning: Rocket.Chat repo context: When a workspace manifest on develop already pins a dependency version (e.g., packages/web-ui-registration → "rocket.chat/ui-contexts": "27.0.1"), a lockfile change in a feature PR that upgrades only that dependency’s resolution is considered a manifest-driven sync and can be kept, preferably as a small "chore: sync yarn.lock with manifests" commit.
Applied to files:
.changeset/migrate-commands-openapi.md
📚 Learning: 2025-12-02T22:23:49.593Z
Learnt from: d-gubert
Repo: RocketChat/Rocket.Chat PR: 37654
File: apps/meteor/client/hooks/useAppSlashCommands.ts:32-38
Timestamp: 2025-12-02T22:23:49.593Z
Learning: In apps/meteor/client/hooks/useAppSlashCommands.ts, the `data?.forEach((command) => slashCommands.add(command))` call during render is intentional. The query is configured with `structuralSharing: false` to prevent React Query from keeping stable data references, and `slashCommands.add` is idempotent, so executing on every render is acceptable and ensures the command registry stays current.
Applied to files:
apps/meteor/app/api/server/v1/commands.tspackages/rest-typings/src/v1/commands.ts
📚 Learning: 2026-03-16T21:50:42.118Z
Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39676
File: .changeset/migrate-users-register-openapi.md:3-3
Timestamp: 2026-03-16T21:50:42.118Z
Learning: In RocketChat/Rocket.Chat OpenAPI migration PRs, removing endpoint types and validators from `rocket.chat/rest-typings` (e.g., `UserRegisterParamsPOST`, `/v1/users.register` entry) is the *required* migration pattern per RocketChat/Rocket.Chat-Open-API#150 Rule 7 ("No More rest-typings or Manual Typings"). The endpoint type is re-exposed via a module augmentation `.d.ts` file in the consuming package (e.g., `packages/web-ui-registration/src/users-register.d.ts`). This is NOT a breaking change — the correct changeset bump for `rocket.chat/rest-typings` in this scenario is `minor`, not `major`. Do not flag this as a breaking change during OpenAPI migration reviews.
Applied to files:
apps/meteor/app/api/server/v1/commands.tspackages/rest-typings/src/v1/commands.ts
📚 Learning: 2026-03-12T10:26:26.697Z
Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 39340
File: apps/meteor/app/api/server/v1/im.ts:1349-1398
Timestamp: 2026-03-12T10:26:26.697Z
Learning: In `apps/meteor/app/api/server/v1/im.ts` (PR `#39340`), the `DmEndpoints` type intentionally includes temporary stub entries for `/v1/im.kick`, `/v1/dm.kick`, `/v1/im.leave`, and `/v1/dm.leave` (using `DmKickProps` and `DmLeaveProps`) even though no route handlers exist for them yet. These stubs were added to preserve type compatibility after removing the original `DmLeaveProps` and related files. They are planned for cleanup in a follow-up PR. Do not flag these as missing implementations when reviewing this file until the follow-up is merged.
Applied to files:
apps/meteor/app/api/server/v1/commands.ts
📚 Learning: 2026-03-20T13:52:29.575Z
Learnt from: ggazzo
Repo: RocketChat/Rocket.Chat PR: 39553
File: apps/meteor/app/api/server/v1/stats.ts:98-117
Timestamp: 2026-03-20T13:52:29.575Z
Learning: In `apps/meteor/app/api/server/v1/stats.ts`, the `statistics.telemetry` POST endpoint intentionally has no `body` AJV schema in its route options. The proper request body shape (a `params` array of telemetry event objects) has not been formally defined yet, so body validation is deferred to a follow-up. Do not flag the missing body schema for this endpoint during OpenAPI migration reviews.
Applied to files:
apps/meteor/app/api/server/v1/commands.ts
📚 Learning: 2026-02-24T19:09:01.522Z
Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 38974
File: apps/meteor/app/api/server/v1/im.ts:220-221
Timestamp: 2026-02-24T19:09:01.522Z
Learning: In Rocket.Chat OpenAPI migration PRs for endpoints under apps/meteor/app/api/server/v1, avoid introducing logic changes. Only perform scope-tight changes that preserve behavior; style-only cleanups (e.g., removing inline comments) may be deferred to follow-ups to keep the migration PR focused.
Applied to files:
apps/meteor/app/api/server/v1/commands.ts
📚 Learning: 2026-01-26T18:26:01.279Z
Learnt from: d-gubert
Repo: RocketChat/Rocket.Chat PR: 38227
File: apps/meteor/app/api/server/router.ts:44-49
Timestamp: 2026-01-26T18:26:01.279Z
Learning: In apps/meteor/app/api/server/router.ts, when retrieving bodyParams and queryParams from the Hono context via c.get(), do not add defensive defaults (e.g., ?? {}). The code should fail fast if these parameters are missing, as endpoint handlers expect them to be present and breaking here helps surface parsing problems rather than hiding them.
Applied to files:
apps/meteor/app/api/server/v1/commands.ts
📚 Learning: 2026-02-23T17:53:06.802Z
Learnt from: ggazzo
Repo: RocketChat/Rocket.Chat PR: 35995
File: apps/meteor/app/api/server/v1/rooms.ts:1107-1112
Timestamp: 2026-02-23T17:53:06.802Z
Learning: During PR reviews that touch endpoint files under apps/meteor/app/api/server/v1, enforce strict scope: if a PR targets a specific endpoint (e.g., rooms.favorite), do not propose changes to unrelated endpoints (e.g., rooms.invite) unless maintainers explicitly request them. Focus feedback on the touched endpoint's behavior, API surface, and related tests; avoid broad cross-endpoint changes in the same PR unless requested.
Applied to files:
apps/meteor/app/api/server/v1/commands.ts
📚 Learning: 2026-02-26T19:25:44.063Z
Learnt from: gabriellsh
Repo: RocketChat/Rocket.Chat PR: 38778
File: packages/ui-voip/src/providers/useMediaSession.ts:192-192
Timestamp: 2026-02-26T19:25:44.063Z
Learning: In the Rocket.Chat repository, do not reference Biome lint rules in code review feedback. Biome is not used even if biome.json exists; only reference Biome rules if there is explicit, project-wide usage documented. For TypeScript files, review lint implications without Biome guidance unless the project enables Biome rules.
Applied to files:
apps/meteor/app/api/server/v1/commands.tspackages/rest-typings/src/v1/commands.ts
📚 Learning: 2026-02-26T19:25:44.063Z
Learnt from: gabriellsh
Repo: RocketChat/Rocket.Chat PR: 38778
File: packages/ui-voip/src/providers/useMediaSession.ts:192-192
Timestamp: 2026-02-26T19:25:44.063Z
Learning: In this repository (RocketChat/Rocket.Chat), Biome lint rules are not used even if a biome.json exists. When reviewing TypeScript files (e.g., packages/ui-voip/src/providers/useMediaSession.ts), ensure lint suggestions do not reference Biome-specific rules. Rely on general ESLint/TypeScript lint rules and project conventions instead.
Applied to files:
apps/meteor/app/api/server/v1/commands.tspackages/rest-typings/src/v1/commands.ts
🪛 Biome (2.4.10)
apps/meteor/app/api/server/v1/commands.ts
[error] 203-204: Expected a statement but instead found '.get(
'commands.list','.
(parse)
[error] 207-207: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 209-209: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 211-211: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 214-214: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 216-216: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 217-218: Expected a statement but instead found ',
command:'.
(parse)
[error] 218-219: Expected a statement but instead found ',
description:'.
(parse)
[error] 219-220: Expected a statement but instead found ',
params:'.
(parse)
[error] 220-221: Expected a statement but instead found ',
providesPreview:'.
(parse)
[error] 221-222: Expected a statement but instead found ',
appId:'.
(parse)
[error] 222-222: Expected a statement but instead found ','.
(parse)
[error] 223-225: Expected a statement but instead found ',
required: ['command', 'providesPreview'],
additionalProperties: true,'.
(parse)
[error] 226-226: Expected a statement but instead found ','.
(parse)
[error] 227-228: Expected a statement but instead found ',
appsLoaded:'.
(parse)
[error] 228-229: Expected a statement but instead found ',
offset:'.
(parse)
[error] 229-230: Expected a statement but instead found ',
count:'.
(parse)
[error] 230-231: Expected a statement but instead found ',
total:'.
(parse)
[error] 231-232: Expected a statement but instead found ',
success:'.
(parse)
[error] 232-232: Expected an expression but instead found 'enum'.
(parse)
[error] 232-232: expected { but instead found :
(parse)
[error] 232-232: Expected a statement but instead found ','.
(parse)
[error] 233-235: Expected a statement but instead found ',
required: ['commands', 'appsLoaded', 'offset', 'count', 'total', 'success'],
additionalProperties: true,'.
(parse)
[error] 236-239: Expected a statement but instead found '),
400: validateBadRequestErrorResponse,
401: validateUnauthorizedErrorResponse,
202: ajv.compile<'.
(parse)
[error] 246-246: Expected a statement but instead found '>('.
(parse)
[error] 248-248: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 249-249: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 249-250: Expected a statement but instead found ',
appsLoaded:'.
(parse)
[error] 250-250: Expected an expression but instead found 'enum'.
(parse)
[error] 250-250: expected { but instead found :
(parse)
[error] 250-251: Expected a statement but instead found ',
offset:'.
(parse)
[error] 251-252: Expected a statement but instead found ',
count:'.
(parse)
[error] 252-253: Expected a statement but instead found ',
total:'.
(parse)
[error] 253-254: Expected a statement but instead found ',
success:'.
(parse)
[error] 254-254: Expected an expression but instead found 'enum'.
(parse)
[error] 254-254: expected { but instead found :
(parse)
[error] 254-254: Expected a statement but instead found ','.
(parse)
[error] 255-257: Expected a statement but instead found ',
required: ['commands', 'appsLoaded', 'offset', 'count', 'total'],
additionalProperties: true,'.
(parse)
[error] 258-258: Expected a statement but instead found '),'.
(parse)
[error] 259-259: Expected a statement but instead found ','.
(parse)
[error] 260-261: Expected a statement but instead found ',
async'.
(parse)
[error] 307-307: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 309-309: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 309-309: Expected a statement but instead found '>('.
(parse)
[error] 311-311: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 312-313: Expected a statement but instead found ',
success:'.
(parse)
[error] 313-313: Expected an expression but instead found 'enum'.
(parse)
[error] 313-313: expected { but instead found :
(parse)
[error] 313-313: Expected a statement but instead found ','.
(parse)
[error] 314-316: Expected a statement but instead found ',
required: ['success'],
additionalProperties: true,'.
(parse)
[error] 317-319: Expected a statement but instead found '),
400: validateBadRequestErrorResponse,
401: validateUnauthorizedErrorResponse,'.
(parse)
[error] 320-320: Expected a statement but instead found ','.
(parse)
[error] 321-322: Expected a statement but instead found ',
async'.
(parse)
[error] 361-361: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 363-363: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 363-363: Expected a statement but instead found '>('.
(parse)
[error] 365-365: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 368-368: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 369-370: Expected a statement but instead found ',
items:'.
(parse)
[error] 370-370: Expected a statement but instead found ','.
(parse)
[error] 371-373: Expected a statement but instead found ',
required: ['i18nTitle', 'items'],
additionalProperties: true,'.
(parse)
[error] 374-375: Expected a statement but instead found ',
success:'.
(parse)
[error] 375-375: Expected an expression but instead found 'enum'.
(parse)
[error] 375-375: expected { but instead found :
(parse)
[error] 375-375: Expected a statement but instead found ','.
(parse)
[error] 376-378: Expected a statement but instead found ',
required: ['preview', 'success'],
additionalProperties: true,'.
(parse)
[error] 379-381: Expected a statement but instead found '),
400: validateBadRequestErrorResponse,
401: validateUnauthorizedErrorResponse,'.
(parse)
[error] 382-382: Expected a statement but instead found ','.
(parse)
[error] 383-384: Expected a statement but instead found ',
async'.
(parse)
[error] 412-412: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 414-414: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 414-414: Expected a statement but instead found '>('.
(parse)
[error] 416-416: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 416-416: Expected an expression but instead found 'enum'.
(parse)
[error] 416-416: expected { but instead found :
(parse)
[error] 416-418: Expected a statement but instead found ',
required: ['success'],
additionalProperties: false,'.
(parse)
[error] 419-421: Expected a statement but instead found '),
400: validateBadRequestErrorResponse,
401: validateUnauthorizedErrorResponse,'.
(parse)
[error] 422-422: Expected a statement but instead found ','.
(parse)
[error] 423-424: Expected a statement but instead found ',
async'.
(parse)
[error] 461-462: Expected a statement but instead found ',
)'.
(parse)
🔇 Additional comments (1)
packages/rest-typings/src/v1/commands.ts (1)
7-125: Nice extraction of the request validators.Centralizing these schemas keeps the server routes and the client typings on the same contract, which fits this migration well.
| @@ -0,0 +1,6 @@ | |||
| --- | |||
| '@rocket.chat/meteor': patch | |||
| '@rocket.chat/rest-typings': patch | |||
There was a problem hiding this comment.
Bump @rocket.chat/rest-typings as a minor release.
This PR adds new root exports (isCommandsListProps, isCommandsRunProps, isCommandsPreviewGETProps, isCommandsPreviewPOSTProps) in packages/rest-typings/src/v1/commands.ts, so patch understates the public surface change.
Suggested changeset update
-'@rocket.chat/rest-typings': patch
+'@rocket.chat/rest-typings': minor📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| '@rocket.chat/rest-typings': patch | |
| '@rocket.chat/rest-typings': minor |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.changeset/migrate-commands-openapi.md at line 3, The changeset currently
marks '@rocket.chat/rest-typings' as a patch but new root exports
(isCommandsListProps, isCommandsRunProps, isCommandsPreviewGETProps,
isCommandsPreviewPOSTProps) in packages/rest-typings/src/v1/commands.ts increase
the public surface and require a minor bump; update the entry in
.changeset/migrate-commands-openapi.md from 'patch' to 'minor' (i.e., change the
line "'@rocket.chat/rest-typings': patch" to "'@rocket.chat/rest-typings':
minor") so the release correctly reflects the non-breaking API surface addition.
| .get( | ||
| 'commands.list', |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
python - <<'PY'
from pathlib import Path
import re
path = Path("apps/meteor/app/api/server/v1/commands.ts")
text = path.read_text()
pattern = re.compile(
r"const\s+commandsEndpoints\s*=\s*API\.v1\.get\([\s\S]*?\n\);\n\s*\n\s*\.get\(",
re.M,
)
match = pattern.search(text)
print("detached chained call found:", bool(match))
if match:
print("start line:", text[:match.start()].count("\n") + 1)
print("end line:", text[:match.end()].count("\n") + 1)
PY
rg -n "const commandsEndpoints|^\s*\.get\(|^\s*\.post\(" apps/meteor/app/api/server/v1/commands.tsRepository: RocketChat/Rocket.Chat
Length of output: 187
🏁 Script executed:
# Read the file to understand the actual structure
head -n 250 apps/meteor/app/api/server/v1/commands.ts | tail -n +35 | head -n 170Repository: RocketChat/Rocket.Chat
Length of output: 4119
🏁 Script executed:
# Get lines around the detached .get() call and see the full scope
sed -n '195,210p' apps/meteor/app/api/server/v1/commands.tsRepository: RocketChat/Rocket.Chat
Length of output: 335
🏁 Script executed:
# Check the response schema for commands.list and look for missing 403 and inline comments
sed -n '203,280p' apps/meteor/app/api/server/v1/commands.tsRepository: RocketChat/Rocket.Chat
Length of output: 2284
🏁 Script executed:
# Check for inline comments and look at other endpoints (commands.run, commands.preview)
sed -n '280,420p' apps/meteor/app/api/server/v1/commands.tsRepository: RocketChat/Rocket.Chat
Length of output: 3693
🏁 Script executed:
# Check the rest of commands.preview POST and look for the endpoint assignment end
sed -n '408,450p' apps/meteor/app/api/server/v1/commands.tsRepository: RocketChat/Rocket.Chat
Length of output: 1160
🏁 Script executed:
# Find where the commandsEndpoints assignment ends
sed -n '450,470p' apps/meteor/app/api/server/v1/commands.tsRepository: RocketChat/Rocket.Chat
Length of output: 510
Reconnect this chained route registration—the file cannot parse.
Line 203 starts a top-level .get(...) call that is orphaned from the commandsEndpoints assignment, which already closed at line 95. The chain should attach to that assignment, not start independently. This is a critical syntax error blocking the entire file.
Fix the structure:
-const commandsEndpoints = API.v1.get(
+const commandsEndpoints = API.v1
+ .get(And ensure the final .post(...) at line 408 ends with ); (currently appears to close the chain correctly at line 463).
Additionally:
- Three endpoints return
API.v1.forbidden()but omit 403 from their response schemas:commands.run(line ~331),commands.previewGET (line ~393), andcommands.previewPOST (line ~433) all callforbidden()when access checks fail, but response maps only declare 200/400/401. - The 202 response schema for
commands.listis incomplete: Therequiredarray omitssuccess, yet the handler always returnssuccess: true(lines 265–272). Addsuccessto the required fields. - Remove the inline comment at line 302: The comment
// Expects a body of...duplicates intent already captured by the schema definition and violates the guideline against implementation comments.
🧰 Tools
🪛 Biome (2.4.10)
[error] 203-204: Expected a statement but instead found '.get(
'commands.list','.
(parse)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apps/meteor/app/api/server/v1/commands.ts` around lines 203 - 204, Reconnect
the chained route registration by attaching the orphaned .get('commands.list',
...) call back onto the commandsEndpoints chain (i.e., ensure
.get('commands.list', ...) is part of the commandsEndpoints =
commandsEndpoints... chain instead of a standalone statement) and confirm the
final .post(...) in that chain ends with a closing `);`. Add 403 to the response
schemas for commands.run, commands.preview (GET) and commands.preview (POST) to
reflect calls to API.v1.forbidden(), add "success" to the required array of the
202 response schema for commands.list (since the handler always returns success:
true), and remove the inline implementation comment "// Expects a body of..."
near the commands.run handler to comply with the comment guideline.
| 202: ajv.compile<{ | ||
| commands: []; | ||
| appsLoaded: boolean; | ||
| offset: number; | ||
| count: number; | ||
| total: number; | ||
| success: boolean; | ||
| }>({ | ||
| type: 'object', | ||
| properties: { | ||
| commands: { type: 'array', maxItems: 0 }, | ||
| appsLoaded: { type: 'boolean', enum: [false] }, | ||
| offset: { type: 'number' }, | ||
| count: { type: 'number' }, | ||
| total: { type: 'number' }, | ||
| success: { type: 'boolean', enum: [true] }, | ||
| }, | ||
| required: ['commands', 'appsLoaded', 'offset', 'count', 'total'], |
There was a problem hiding this comment.
Require success in the 202 schema too.
Lines 263-272 always send success: true, but the 202 schema leaves success out of required. That weakens the generated contract for this endpoint.
Suggested schema fix
- required: ['commands', 'appsLoaded', 'offset', 'count', 'total'],
+ required: ['commands', 'appsLoaded', 'offset', 'count', 'total', 'success'],📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| 202: ajv.compile<{ | |
| commands: []; | |
| appsLoaded: boolean; | |
| offset: number; | |
| count: number; | |
| total: number; | |
| success: boolean; | |
| }>({ | |
| type: 'object', | |
| properties: { | |
| commands: { type: 'array', maxItems: 0 }, | |
| appsLoaded: { type: 'boolean', enum: [false] }, | |
| offset: { type: 'number' }, | |
| count: { type: 'number' }, | |
| total: { type: 'number' }, | |
| success: { type: 'boolean', enum: [true] }, | |
| }, | |
| required: ['commands', 'appsLoaded', 'offset', 'count', 'total'], | |
| 202: ajv.compile<{ | |
| commands: []; | |
| appsLoaded: boolean; | |
| offset: number; | |
| count: number; | |
| total: number; | |
| success: boolean; | |
| }>({ | |
| type: 'object', | |
| properties: { | |
| commands: { type: 'array', maxItems: 0 }, | |
| appsLoaded: { type: 'boolean', enum: [false] }, | |
| offset: { type: 'number' }, | |
| count: { type: 'number' }, | |
| total: { type: 'number' }, | |
| success: { type: 'boolean', enum: [true] }, | |
| }, | |
| required: ['commands', 'appsLoaded', 'offset', 'count', 'total', 'success'], |
🧰 Tools
🪛 Biome (2.4.10)
[error] 246-246: Expected a statement but instead found '>('.
(parse)
[error] 248-248: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 249-249: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 249-250: Expected a statement but instead found ',
appsLoaded:'.
(parse)
[error] 250-250: Expected an expression but instead found 'enum'.
(parse)
[error] 250-250: expected { but instead found :
(parse)
[error] 250-251: Expected a statement but instead found ',
offset:'.
(parse)
[error] 251-252: Expected a statement but instead found ',
count:'.
(parse)
[error] 252-253: Expected a statement but instead found ',
total:'.
(parse)
[error] 253-254: Expected a statement but instead found ',
success:'.
(parse)
[error] 254-254: Expected an expression but instead found 'enum'.
(parse)
[error] 254-254: expected { but instead found :
(parse)
[error] 254-254: Expected a statement but instead found ','.
(parse)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apps/meteor/app/api/server/v1/commands.ts` around lines 239 - 256, The 202
response JSON schema compiled via ajv.compile omits "success" from the required
array even though the handler always returns success: true; update the schema
object passed to ajv.compile to include "success" in the required list so the
validator enforces presence of the success boolean (refer to the ajv.compile
call and the schema's properties object where success: { type: 'boolean', enum:
[true] } is defined, and the required: [...] array).
| { | ||
| authRequired: true, | ||
| body: isCommandsRunProps, | ||
| response: { | ||
| 200: ajv.compile<ClientCommandsEndpoints['/v1/commands.run']['POST'] & { success: boolean }>({ | ||
| type: 'object', | ||
| properties: { | ||
| result: {}, | ||
| success: { type: 'boolean', enum: [true] }, | ||
| }, | ||
| required: ['success'], | ||
| additionalProperties: true, | ||
| }), | ||
| 400: validateBadRequestErrorResponse, | ||
| 401: validateUnauthorizedErrorResponse, | ||
| }, |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "Forbidden branches in commands endpoints:"
rg -n -C1 "API\.v1\.forbidden\(\)" apps/meteor/app/api/server/v1/commands.ts
echo
echo "Declared response maps:"
sed -n '305,320p' apps/meteor/app/api/server/v1/commands.ts
sed -n '357,382p' apps/meteor/app/api/server/v1/commands.ts
sed -n '408,421p' apps/meteor/app/api/server/v1/commands.ts
echo
echo "Router behavior for undeclared response codes in typed/test mode:"
rg -n -C2 "Missing response validator for endpoint" packages/http-router/src/Router.tsRepository: RocketChat/Rocket.Chat
Length of output: 2408
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Checking API.v1.forbidden() implementation ==="
rg -n "forbidden\s*\(\s*\)" apps/meteor/app/api/server/v1 -A 2 -B 2 | head -30
echo
echo "=== Searching for forbidden method definition ==="
rg -n "\.forbidden\s*=" apps/meteor/app/api --type ts -B 2 -A 5
echo
echo "=== Checking if 403 is declared elsewhere ==="
rg -n "403" apps/meteor/app/api/server/v1/commands.tsRepository: RocketChat/Rocket.Chat
Length of output: 1731
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Checking comparable endpoints in other files for 403 handling ==="
# Check rooms.ts for similar forbidden handling patterns
rg -n "API\.v1\.forbidden\(\)" apps/meteor/app/api/server/v1/rooms.ts -C 3
echo
echo "=== Check corresponding response declarations in rooms.ts ==="
# Find the endpoint that calls forbidden() in rooms.ts and check its response map
rg -n "response:\s*{" apps/meteor/app/api/server/v1/rooms.ts -A 4 | head -40Repository: RocketChat/Rocket.Chat
Length of output: 1194
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Finding API.v1 definition and forbidden method ==="
fd -t f "\.ts" apps/meteor/app/api | head -20
echo
echo "=== Search for forbidden method in API module ==="
rg -n "forbidden.*function\|forbidden.*=>" apps/meteor/app/api --type ts -B 1 -A 3 | head -50
echo
echo "=== Check lib/methods/sendMessage and look for API.v1 ==="
rg -n "forbidden" apps/meteor/app/api/server --type ts -l | head -10Repository: RocketChat/Rocket.Chat
Length of output: 1134
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Find where forbidden() returns status code 403 ==="
find apps/meteor/app/api -name "*.ts" -exec grep -l "403\|forbidden" {} \;
echo
echo "=== Check the actual API.v1 implementation ==="
find apps/meteor/app/api -name "*.ts" | xargs grep -l "class.*API" | head -5Repository: RocketChat/Rocket.Chat
Length of output: 1615
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Check rooms.ts for 403 declarations and compare ==="
grep -n "403\|forbidden" apps/meteor/app/api/server/v1/rooms.ts | head -20
echo
echo "=== Look at a complete endpoint in rooms.ts that calls forbidden() ==="
sed -n '536,580p' apps/meteor/app/api/server/v1/rooms.tsRepository: RocketChat/Rocket.Chat
Length of output: 1625
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Find which endpoint has 403 at line 1110 ==="
sed -n '1090,1120p' apps/meteor/app/api/server/v1/rooms.ts
echo
echo "=== Compare with endpoint that calls forbidden() at line 540 ==="
sed -n '500,545p' apps/meteor/app/api/server/v1/rooms.ts | grep -n "addRoute\|response:\|403\|forbidden"
echo
echo "=== Find the forbidden() method definition in ApiClass ==="
grep -n "forbidden\s*(" apps/meteor/app/api/server/ApiClass.ts -A 5 -B 2 | head -30Repository: RocketChat/Rocket.Chat
Length of output: 1737
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Check if forbidden() returns 403 ==="
rg -n "forbidden.*=.*=>|forbidden\s*\(\s*\)\s*{" apps/meteor/app/api/server --type ts -A 2
echo
echo "=== Get full definition from ApiClass ==="
sed -n '1,50p' apps/meteor/app/api/server/ApiClass.ts | head -30Repository: RocketChat/Rocket.Chat
Length of output: 267
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Search for forbidden method in ApiClass ==="
rg -n "forbidden" apps/meteor/app/api/server/ApiClass.ts -B 2 -A 4
echo
echo "=== Check definition.ts for API response helpers ==="
rg -n "forbidden\|403" apps/meteor/app/api/server/definition.ts -B 2 -A 2 | head -40Repository: RocketChat/Rocket.Chat
Length of output: 1396
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Verify all three endpoints and their response declarations ==="
# First endpoint: commands.run (POST)
echo "Endpoint 1: commands.run"
sed -n '302,325p' apps/meteor/app/api/server/v1/commands.ts | head -15
echo
echo "Endpoint 2: commands.preview (GET)"
sed -n '354,375p' apps/meteor/app/api/server/v1/commands.ts | head -15
echo
echo "Endpoint 3: commands.preview (POST)"
sed -n '405,425p' apps/meteor/app/api/server/v1/commands.ts | head -15
echo
echo "=== Confirm forbidden() calls in all three ==="
sed -n '330,331p' apps/meteor/app/api/server/v1/commands.ts
sed -n '392,393p' apps/meteor/app/api/server/v1/commands.ts
sed -n '432,433p' apps/meteor/app/api/server/v1/commands.tsRepository: RocketChat/Rocket.Chat
Length of output: 1729
Add 403 response validators to these endpoints.
These routes call API.v1.forbidden() (lines 330-331, 392-393, 432-433), which returns HTTP status 403. Their response maps only declare 200/400/401. In typed mode, packages/http-router/src/Router.ts (line 267) throws when a returned status lacks a validator, and the OpenAPI spec omits the forbidden outcome.
Add 403: validateForbiddenErrorResponse to the response maps at lines 305-320, 357-382, and 408-421, matching the pattern used in other endpoints like rooms.ts:1110.
🧰 Tools
🪛 Biome (2.4.10)
[error] 307-307: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 309-309: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 309-309: Expected a statement but instead found '>('.
(parse)
[error] 311-311: Expected a semicolon or an implicit semicolon after a statement, but found none
(parse)
[error] 312-313: Expected a statement but instead found ',
success:'.
(parse)
[error] 313-313: Expected an expression but instead found 'enum'.
(parse)
[error] 313-313: expected { but instead found :
(parse)
[error] 313-313: Expected a statement but instead found ','.
(parse)
[error] 314-316: Expected a statement but instead found ',
required: ['success'],
additionalProperties: true,'.
(parse)
[error] 317-319: Expected a statement but instead found '),
400: validateBadRequestErrorResponse,
401: validateUnauthorizedErrorResponse,'.
(parse)
[error] 320-320: Expected a statement but instead found ','.
(parse)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apps/meteor/app/api/server/v1/commands.ts` around lines 305 - 320, The
response maps for the commands endpoints that call API.v1.forbidden() are
missing a 403 validator; update each response object (the one using
isCommandsRunProps / the other two response maps in this file that currently
declare only 200/400/401) to include "403: validateForbiddenErrorResponse" so
the router has a validator for forbidden responses; locate the response maps
near the routes that call API.v1.forbidden() and add the
validateForbiddenErrorResponse entry alongside 200/400/401.
|
Hey @vivekyarra, thank you for your contribution! 🙏 This endpoint has already been migrated as part of #39553, which consolidated all OpenAPI migrations to make it easier to test and validate everything as a single unit. That PR has been merged into |
2 participants
Migrates
commandslegacy endpoints to the chained OpenAPI pattern with proper AJV validation.Closes #38876
Summary by CodeRabbit