fix: Add minLength validation to prevent empty tokens in schema

zuharz · zuharz · commit 4350c818d254 · 2025-08-20T17:16:26.000+02:00
- Added minLength: 1 constraint to Token schema definition in shared.json
- Prevents empty string tokens that would cause runtime HTTP errors
- Regenerated all schema documentation files (.mdx) and TypeScript definitions
- Ensures consistent validation across all connection types (GitHub, GitLab, Gitea, Bitbucket, Gerrit)

This addresses CodeRabbit bot's review comment about preventing zero-length tokens
at the schema level rather than failing at runtime during HTTP requests.
diff --git a/docs/snippets/schemas/v3/bitbucket.schema.mdx b/docs/snippets/schemas/v3/bitbucket.schema.mdx
@@ -23,7 +23,8 @@
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/docs/snippets/schemas/v3/connection.schema.mdx b/docs/snippets/schemas/v3/connection.schema.mdx
@@ -23,7 +23,8 @@
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
@@ -240,7 +241,8 @@
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
@@ -446,7 +448,8 @@
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
@@ -633,7 +636,8 @@
               "anyOf": [
                 {
                   "type": "string",
-                  "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                  "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                  "minLength": 1
                 },
                 {
                   "type": "object",
@@ -783,7 +787,8 @@
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
diff --git a/docs/snippets/schemas/v3/gerrit.schema.mdx b/docs/snippets/schemas/v3/gerrit.schema.mdx
@@ -42,7 +42,8 @@
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
diff --git a/docs/snippets/schemas/v3/gitea.schema.mdx b/docs/snippets/schemas/v3/gitea.schema.mdx
@@ -19,7 +19,8 @@
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/docs/snippets/schemas/v3/github.schema.mdx b/docs/snippets/schemas/v3/github.schema.mdx
@@ -19,7 +19,8 @@
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/docs/snippets/schemas/v3/gitlab.schema.mdx b/docs/snippets/schemas/v3/gitlab.schema.mdx
@@ -19,7 +19,8 @@
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/docs/snippets/schemas/v3/index.schema.mdx b/docs/snippets/schemas/v3/index.schema.mdx
@@ -286,7 +286,8 @@
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
@@ -503,7 +504,8 @@
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
@@ -709,7 +711,8 @@
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
@@ -896,7 +899,8 @@
                       "anyOf": [
                         {
                           "type": "string",
-                          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                          "minLength": 1
                         },
                         {
                           "type": "object",
@@ -1046,7 +1050,8 @@
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
diff --git a/docs/snippets/schemas/v3/shared.schema.mdx b/docs/snippets/schemas/v3/shared.schema.mdx
@@ -8,7 +8,8 @@
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/packages/schemas/src/v3/bitbucket.schema.ts b/packages/schemas/src/v3/bitbucket.schema.ts
@@ -22,7 +22,8 @@ const schema = {
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/packages/schemas/src/v3/connection.schema.ts b/packages/schemas/src/v3/connection.schema.ts
@@ -22,7 +22,8 @@ const schema = {
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
@@ -239,7 +240,8 @@ const schema = {
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
@@ -445,7 +447,8 @@ const schema = {
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
@@ -632,7 +635,8 @@ const schema = {
               "anyOf": [
                 {
                   "type": "string",
-                  "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                  "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                  "minLength": 1
                 },
                 {
                   "type": "object",
@@ -782,7 +786,8 @@ const schema = {
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
diff --git a/packages/schemas/src/v3/gerrit.schema.ts b/packages/schemas/src/v3/gerrit.schema.ts
@@ -41,7 +41,8 @@ const schema = {
           "anyOf": [
             {
               "type": "string",
-              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+              "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+              "minLength": 1
             },
             {
               "type": "object",
diff --git a/packages/schemas/src/v3/gitea.schema.ts b/packages/schemas/src/v3/gitea.schema.ts
@@ -18,7 +18,8 @@ const schema = {
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/packages/schemas/src/v3/github.schema.ts b/packages/schemas/src/v3/github.schema.ts
@@ -18,7 +18,8 @@ const schema = {
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/packages/schemas/src/v3/gitlab.schema.ts b/packages/schemas/src/v3/gitlab.schema.ts
@@ -18,7 +18,8 @@ const schema = {
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/packages/schemas/src/v3/index.schema.ts b/packages/schemas/src/v3/index.schema.ts
@@ -285,7 +285,8 @@ const schema = {
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
@@ -502,7 +503,8 @@ const schema = {
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
@@ -708,7 +710,8 @@ const schema = {
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
@@ -895,7 +898,8 @@ const schema = {
                       "anyOf": [
                         {
                           "type": "string",
-                          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                          "minLength": 1
                         },
                         {
                           "type": "object",
@@ -1045,7 +1049,8 @@ const schema = {
                   "anyOf": [
                     {
                       "type": "string",
-                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                      "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                      "minLength": 1
                     },
                     {
                       "type": "object",
diff --git a/packages/schemas/src/v3/shared.schema.ts b/packages/schemas/src/v3/shared.schema.ts
@@ -7,7 +7,8 @@ const schema = {
       "anyOf": [
         {
           "type": "string",
-          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+          "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+          "minLength": 1
         },
         {
           "type": "object",
diff --git a/schemas/v3/shared.json b/schemas/v3/shared.json
@@ -6,7 +6,8 @@
             "anyOf": [
                 {
                     "type": "string",
-                    "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"
+                    "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",
+                    "minLength": 1
                 },
                 {
                     "type": "object",

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,8 @@`
`23`	`23`	`"anyOf": [`
`24`	`24`	`{`
`25`	`25`	`"type": "string",`
`26`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`26`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`27`	`+ "minLength": 1`
`27`	`28`	`},`
`28`	`29`	`{`
`29`	`30`	`"type": "object",`
Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,8 @@`
`42`	`42`	`"anyOf": [`
`43`	`43`	`{`
`44`	`44`	`"type": "string",`
`45`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`45`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`46`	`+ "minLength": 1`
`46`	`47`	`},`
`47`	`48`	`{`
`48`	`49`	`"type": "object",`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,8 @@`
`19`	`19`	`"anyOf": [`
`20`	`20`	`{`
`21`	`21`	`"type": "string",`
`22`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`22`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`23`	`+ "minLength": 1`
`23`	`24`	`},`
`24`	`25`	`{`
`25`	`26`	`"type": "object",`
Original file line number	Diff line number	Diff line change
`@@ -286,7 +286,8 @@`
`286`	`286`	`"anyOf": [`
`287`	`287`	`{`
`288`	`288`	`"type": "string",`
`289`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`289`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`290`	`+ "minLength": 1`
`290`	`291`	`},`
`291`	`292`	`{`
`292`	`293`	`"type": "object",`
`@@ -503,7 +504,8 @@`
`503`	`504`	`"anyOf": [`
`504`	`505`	`{`
`505`	`506`	`"type": "string",`
`506`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`507`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`508`	`+ "minLength": 1`
`507`	`509`	`},`
`508`	`510`	`{`
`509`	`511`	`"type": "object",`
`@@ -709,7 +711,8 @@`
`709`	`711`	`"anyOf": [`
`710`	`712`	`{`
`711`	`713`	`"type": "string",`
`712`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`714`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`715`	`+ "minLength": 1`
`713`	`716`	`},`
`714`	`717`	`{`
`715`	`718`	`"type": "object",`
`@@ -896,7 +899,8 @@`
`896`	`899`	`"anyOf": [`
`897`	`900`	`{`
`898`	`901`	`"type": "string",`
`899`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`902`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`903`	`+ "minLength": 1`
`900`	`904`	`},`
`901`	`905`	`{`
`902`	`906`	`"type": "object",`
`@@ -1046,7 +1050,8 @@`
`1046`	`1050`	`"anyOf": [`
`1047`	`1051`	`{`
`1048`	`1052`	`"type": "string",`
`1049`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`1053`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`1054`	`+ "minLength": 1`
`1050`	`1055`	`},`
`1051`	`1056`	`{`
`1052`	`1057`	`"type": "object",`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,8 @@`
`8`	`8`	`"anyOf": [`
`9`	`9`	`{`
`10`	`10`	`"type": "string",`
`11`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`11`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`12`	`+ "minLength": 1`
`12`	`13`	`},`
`13`	`14`	`{`
`14`	`15`	`"type": "object",`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,8 @@ const schema = {`
`22`	`22`	`"anyOf": [`
`23`	`23`	`{`
`24`	`24`	`"type": "string",`
`25`		`- "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)"`
	`25`	`+ "description": "Direct token value (SECURITY RISK: not recommended for production - use secrets or environment variables instead)",`
	`26`	`+ "minLength": 1`
`26`	`27`	`},`
`27`	`28`	`{`
`28`	`29`	`"type": "object",`