fix: Add minLength validation to prevent empty tokens in schema

zuharz · zuharz · commit 42ec1d90a04a · 2025-07-15T19:30:36.000+02:00
- Added minLength: 1 constraint to Token schema definition in shared.json
- Prevents empty string tokens that would cause runtime HTTP errors
- Regenerated all schema documentation files (.mdx) and TypeScript definitions
- Ensures consistent validation across all connection types (GitHub, GitLab, Gitea, Bitbucket, Gerrit)

This addresses CodeRabbit bot's review comment about preventing zero-length tokens
at the schema level rather than failing at runtime during HTTP requests.
diff --git a/docs/snippets/schemas/v3/bitbucket.schema.mdx b/docs/snippets/schemas/v3/bitbucket.schema.mdx
@@ -23,7 +23,8 @@
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/docs/snippets/schemas/v3/connection.schema.mdx b/docs/snippets/schemas/v3/connection.schema.mdx
@@ -23,7 +23,8 @@
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
@@ -240,7 +241,8 @@
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
@@ -446,7 +448,8 @@
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
@@ -633,7 +636,8 @@
               "anyOf": [
                 {
                   "type": "string",
-                  "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                  "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                  "minLength": 1
                 },
                 {
                   "type": "object",
@@ -742,7 +746,8 @@
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
diff --git a/docs/snippets/schemas/v3/gerrit.schema.mdx b/docs/snippets/schemas/v3/gerrit.schema.mdx
@@ -42,7 +42,8 @@
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
diff --git a/docs/snippets/schemas/v3/gitea.schema.mdx b/docs/snippets/schemas/v3/gitea.schema.mdx
@@ -19,7 +19,8 @@
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/docs/snippets/schemas/v3/github.schema.mdx b/docs/snippets/schemas/v3/github.schema.mdx
@@ -19,7 +19,8 @@
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/docs/snippets/schemas/v3/gitlab.schema.mdx b/docs/snippets/schemas/v3/gitlab.schema.mdx
@@ -19,7 +19,8 @@
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/docs/snippets/schemas/v3/index.schema.mdx b/docs/snippets/schemas/v3/index.schema.mdx
@@ -262,7 +262,8 @@
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
@@ -479,7 +480,8 @@
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
@@ -685,7 +687,8 @@
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
@@ -872,7 +875,8 @@
                       "anyOf": [
                         {
                           "type": "string",
-                          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                          "minLength": 1
                         },
                         {
                           "type": "object",
@@ -981,7 +985,8 @@
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
diff --git a/docs/snippets/schemas/v3/shared.schema.mdx b/docs/snippets/schemas/v3/shared.schema.mdx
@@ -8,7 +8,8 @@
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/packages/schemas/src/v3/bitbucket.schema.ts b/packages/schemas/src/v3/bitbucket.schema.ts
@@ -22,7 +22,8 @@ const schema = {
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/packages/schemas/src/v3/connection.schema.ts b/packages/schemas/src/v3/connection.schema.ts
@@ -22,7 +22,8 @@ const schema = {
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
@@ -239,7 +240,8 @@ const schema = {
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
@@ -445,7 +447,8 @@ const schema = {
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
@@ -632,7 +635,8 @@ const schema = {
               "anyOf": [
                 {
                   "type": "string",
-                  "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                  "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                  "minLength": 1
                 },
                 {
                   "type": "object",
@@ -741,7 +745,8 @@ const schema = {
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
diff --git a/packages/schemas/src/v3/gerrit.schema.ts b/packages/schemas/src/v3/gerrit.schema.ts
@@ -41,7 +41,8 @@ const schema = {
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
diff --git a/packages/schemas/src/v3/gitea.schema.ts b/packages/schemas/src/v3/gitea.schema.ts
@@ -18,7 +18,8 @@ const schema = {
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/packages/schemas/src/v3/github.schema.ts b/packages/schemas/src/v3/github.schema.ts
@@ -18,7 +18,8 @@ const schema = {
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/packages/schemas/src/v3/gitlab.schema.ts b/packages/schemas/src/v3/gitlab.schema.ts
@@ -18,7 +18,8 @@ const schema = {
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/packages/schemas/src/v3/index.schema.ts b/packages/schemas/src/v3/index.schema.ts
@@ -261,7 +261,8 @@ const schema = {
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
@@ -478,7 +479,8 @@ const schema = {
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
@@ -684,7 +686,8 @@ const schema = {
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
@@ -871,7 +874,8 @@ const schema = {
                       "anyOf": [
                         {
                           "type": "string",
-                          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                          "minLength": 1
                         },
                         {
                           "type": "object",
@@ -980,7 +984,8 @@ const schema = {
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
diff --git a/packages/schemas/src/v3/shared.schema.ts b/packages/schemas/src/v3/shared.schema.ts
@@ -7,7 +7,8 @@ const schema = {
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/schemas/v3/shared.json b/schemas/v3/shared.json
@@ -6,7 +6,8 @@
             "anyOf": [
                 {
                     "type": "string",
-                    "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                    "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                    "minLength": 1
                 },
                 {
                     "type": "object",

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,8 @@`
`23`	`23`	`"anyOf": [`
`24`	`24`	`{`
`25`	`25`	`"type": "string",`
`26`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`26`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`27`	`+ "minLength": 1`
`27`	`28`	`},`
`28`	`29`	`{`
`29`	`30`	`"type": "object",`
Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,8 @@`
`42`	`42`	`"anyOf": [`
`43`	`43`	`{`
`44`	`44`	`"type": "string",`
`45`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`45`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`46`	`+ "minLength": 1`
`46`	`47`	`},`
`47`	`48`	`{`
`48`	`49`	`"type": "object",`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,8 @@`
`19`	`19`	`"anyOf": [`
`20`	`20`	`{`
`21`	`21`	`"type": "string",`
`22`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`22`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`23`	`+ "minLength": 1`
`23`	`24`	`},`
`24`	`25`	`{`
`25`	`26`	`"type": "object",`
Original file line number	Diff line number	Diff line change
`@@ -262,7 +262,8 @@`
`262`	`262`	`"anyOf": [`
`263`	`263`	`{`
`264`	`264`	`"type": "string",`
`265`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`265`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`266`	`+ "minLength": 1`
`266`	`267`	`},`
`267`	`268`	`{`
`268`	`269`	`"type": "object",`
`@@ -479,7 +480,8 @@`
`479`	`480`	`"anyOf": [`
`480`	`481`	`{`
`481`	`482`	`"type": "string",`
`482`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`483`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`484`	`+ "minLength": 1`
`483`	`485`	`},`
`484`	`486`	`{`
`485`	`487`	`"type": "object",`
`@@ -685,7 +687,8 @@`
`685`	`687`	`"anyOf": [`
`686`	`688`	`{`
`687`	`689`	`"type": "string",`
`688`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`690`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`691`	`+ "minLength": 1`
`689`	`692`	`},`
`690`	`693`	`{`
`691`	`694`	`"type": "object",`
`@@ -872,7 +875,8 @@`
`872`	`875`	`"anyOf": [`
`873`	`876`	`{`
`874`	`877`	`"type": "string",`
`875`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`878`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`879`	`+ "minLength": 1`
`876`	`880`	`},`
`877`	`881`	`{`
`878`	`882`	`"type": "object",`
`@@ -981,7 +985,8 @@`
`981`	`985`	`"anyOf": [`
`982`	`986`	`{`
`983`	`987`	`"type": "string",`
`984`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`988`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`989`	`+ "minLength": 1`
`985`	`990`	`},`
`986`	`991`	`{`
`987`	`992`	`"type": "object",`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,8 @@`
`8`	`8`	`"anyOf": [`
`9`	`9`	`{`
`10`	`10`	`"type": "string",`
`11`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`11`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`12`	`+ "minLength": 1`
`12`	`13`	`},`
`13`	`14`	`{`
`14`	`15`	`"type": "object",`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,8 @@ const schema = {`
`22`	`22`	`"anyOf": [`
`23`	`23`	`{`
`24`	`24`	`"type": "string",`
`25`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`25`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`26`	`+ "minLength": 1`
`26`	`27`	`},`
`27`	`28`	`{`
`28`	`29`	`"type": "object",`