Address code review feedback: add projectId validation and improve PATCH endpoint clarity

Copilot · tikazyq · Copilot · commit 6d78026d3e94 · 2025-11-02T11:49:14.000Z
Co-authored-by: tikazyq &lt;3393101+tikazyq@users.noreply.github.com&gt;
diff --git a/apps/web/app/api/events/route.ts b/apps/web/app/api/events/route.ts
@@ -105,13 +105,26 @@ export async function POST(request: NextRequest) {
       );
     }
 
+    // Validate and parse projectId
+    const projectId =
+      typeof body.projectId === 'number' ? body.projectId : parseInt(body.projectId, 10);
+    if (isNaN(projectId) || projectId <= 0) {
+      return NextResponse.json(
+        {
+          success: false,
+          error: 'Invalid projectId: must be a positive integer',
+        },
+        { status: 400 },
+      );
+    }
+
     // Create event input
     const eventInput: CreateAgentEventInput = {
       type: body.type,
       agentId: body.agentId,
       agentVersion: body.agentVersion,
       sessionId: body.sessionId,
-      projectId: parseInt(body.projectId),
+      projectId: projectId,
       context: body.context,
       data: body.data,
       metrics: body.metrics,
diff --git a/apps/web/app/api/sessions/[id]/route.ts b/apps/web/app/api/sessions/[id]/route.ts
@@ -76,16 +76,20 @@ export async function PATCH(request: NextRequest, { params }: { params: { id: st
       );
     }
 
-    // Handle special case: ending a session with just outcome
-    if (body.outcome && Object.keys(body).length === 1) {
+    // Special case: If only 'outcome' is provided, use endSession which also sets endTime and duration
+    // This is a convenience for the common case of just ending a session
+    const bodyKeys = Object.keys(body);
+    const isJustOutcome = bodyKeys.length === 1 && bodyKeys[0] === 'outcome';
+
+    if (isJustOutcome) {
       const updatedSession = await sessionService.endSession(id, body.outcome as SessionOutcome);
       return NextResponse.json({
         success: true,
         data: updatedSession,
       });
     }
 
-    // Handle general update
+    // General update: Apply all provided fields
     const updateInput: UpdateAgentSessionInput = {};
 
     if (body.endTime) updateInput.endTime = new Date(body.endTime);
diff --git a/apps/web/app/api/sessions/route.ts b/apps/web/app/api/sessions/route.ts
@@ -97,11 +97,24 @@ export async function POST(request: NextRequest) {
       );
     }
 
+    // Validate and parse projectId
+    const projectId =
+      typeof body.projectId === 'number' ? body.projectId : parseInt(body.projectId, 10);
+    if (isNaN(projectId) || projectId <= 0) {
+      return NextResponse.json(
+        {
+          success: false,
+          error: 'Invalid projectId: must be a positive integer',
+        },
+        { status: 400 },
+      );
+    }
+
     // Create session input
     const sessionInput: CreateAgentSessionInput = {
       agentId: body.agentId,
       agentVersion: body.agentVersion,
-      projectId: parseInt(body.projectId),
+      projectId: projectId,
       context: body.context,
     };
 
