feat: add regex-based validation for connection field values

@zen-agentchecks n/achecks…zen/validate-connection-fields-5xy81a → master7 files · +329 −0review: @anshugarg15review: @rohanprabhureview: @acsrujanreview: @sarthakupdated 2mo ago

GitHub

▸Description· 1 comment · 6 noise

Description

Users frequently pass incorrect values for subdomains and other connection fields during account connection (e.g., passing https://mycompany.zendesk.com as a subdomain instead of just mycompany). This causes silent failures and broken connections.

This PR adds optional regex and expected_format properties to field definitions, enabling per-field value validation during connection creation with clear, actionable error messages.

Changes:

packages/auth-config/src/base.ts: Added optional regex and expected_format fields to DeprecatedAuthSchemaFieldSchema
apps/apollo/src/lib/toolkits/utils/schema.ts: Propagated regex/expected_format to AuthConfigFieldSchema
apps/apollo/src/lib/auth_config/getSingleAuthConfig.ts: Propagated to ExpectedInputFieldsSchema (returned in API responses for client-side validation)
apps/apollo/src/lib/toolkits/get_toolkits_by_slug.ts: Propagated through connectedAccountInitiation field mapping
apps/apollo/src/lib/connected_accounts/utils/validateConnectedAccount.ts: Added validateFieldValues() function that checks field values against regex patterns during connection creation, with clear error messages including the expected_format hint
apps/apollo/src/common/constants/error.ts: Added InvalidFieldValues error code (623)

How it works:

Toolkit configs in Mercury can now define regex and expected_format per field (e.g., regex: "^[a-zA-Z0-9-]+$" for subdomains)
The API exposes these in expectedInputFields so SDKs/UI can validate client-side too
During connection creation, validateConnectedAccountRequiredFieldsAndPopulateOptionalFields validates field values against regex patterns
Invalid values return a 400 error with a clear message: Invalid field values: Subdomain: "https://bad.com" is invalid. Just the subdomain (e.g. 'mycompany'), not the full URL

Backward compatible: Fields without regex continue to work as before (no validation applied).

How did I test this PR

Added 12 unit tests in validateConnectedAccount.test.ts — all passing
Tests cover: regex matching, missing fields, non-string values, legacy field names, multiple errors, invalid regex handling, primary vs legacy name precedence
Ran existing test suites (s2s_oauth2_utils.test.ts, validateAuthConfig.test.ts) — all passing, no regressions
Verified Apollo health and tool listing E2E against running server

Triggered by: Karan Vaidya karan@composio.dev | Source: slack Session: https://zen-api-production-4c98.up.railway.app/dashboard/#/chat/zen-64b119c91570

@zen-agent2mo ago

PR Status Update

Codex Review

Iteration 1: 2 issues found (P2: empty string bypass, P3: thermos binary in diff) — both fixed in commit 8301f0d
Iteration 2: LGTM — no actionable issues found

CI Status

All checks green on latest commit (8301f0d).

Tests Executed

Unit tests: 13/13 pass (validateFieldValues — regex matching, empty strings, legacy names, multiple errors, invalid regex, primary vs legacy precedence)
Local lint + typecheck: pass
E2E and integration tests: pass via CI

PR Comments Addressed

Empty string bypass (P2) — Fixed: empty strings now go through regex validation
strict_fields missing regex (P2) — Acknowledged as intentional scope; follow-up tracked for BaseNamedFieldSchema + compatible.ts

Remaining

No blockers. Ready for human review.

▸ 6 bot/status comments hidden

@vercel[bot]2mo ago

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
apollo	Ready	Preview, Comment	Apr 13, 2026 5:53am

Project	Deployment	Actions	Updated (UTC)
debby	Ignored	Preview	Apr 13, 2026 5:53am
hermes-frontend	Ignored		Apr 13, 2026 5:53am

@github-actions[bot]2mo ago

loading diff…

Contributor	Contribution	Files
lingalarahul7	25%	6
anshugarg15	15%	4
devin-ai-integration[bot]	12%	5
Himanshu Dixit	11%	6
Karan Vaidya	10%	7

@codecov[bot]2mo ago

Codecov Report

:x: Patch coverage is 88.60759% with 9 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
...nnected_accounts/utils/validateConnectedAccount.ts	84.48%	9 Missing :warning:

Flag	Coverage Δ
e2e-tests	`5.59% <13.92%> (+<0.01%)`	:arrow_up:
self-hosted-tests	`4.39% <11.39%> (+<0.01%)`	:arrow_up:
unit-tests	`55.66% <88.60%> (+<0.01%)`	:arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
apps/apollo/src/common/constants/error.ts	`98.64% <100.00%> (+<0.01%)`	:arrow_up:
.../apollo/src/lib/auth_config/getSingleAuthConfig.ts	`83.60% <100.00%> (+0.10%)`	:arrow_up:
...ps/apollo/src/lib/toolkits/get_toolkits_by_slug.ts	`93.66% <100.00%> (+0.11%)`	:arrow_up:
apps/apollo/src/lib/toolkits/utils/schema.ts	`100.00% <100.00%> (ø)`
...nnected_accounts/utils/validateConnectedAccount.ts	`80.85% <84.48%> (+1.06%)`	:arrow_up:

... and 3 files with indirect coverage changes

:snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
:package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

feat: add regex-based validation for connection field values

Description

How did I test this PR