fix: handle stricter Express request param types and update dependencies

[WikiRik]

Summary

This PR updates low-risk patch and medium priority dependencies while maintaining pinned versions. The dependency updates triggered stricter TypeScript checking that required fixing how we handle Express request parameters.

Type Safety Fix

The dependency updates caused @types/express-serve-static-core to be updated from 5.1.0 → 5.1.1, which now correctly types req.params values as string | string[] instead of just string. This is more accurate since Express does support array values in route parameters. See DefinitelyTyped/DefinitelyTyped#74161 for more information about this change

Why This Change Was Needed

When we updated the dependencies, TypeScript started failing with errors like:

Argument of type 'string | string[]' is not assignable to parameter of type 'string'.

This happened because the Express type definitions became more accurate - req.params can technically be arrays in certain cases. While Express routing typically guarantees single string values for matched route parameters, the type system needed to be satisfied.

Solution

Created a helper function getStringParam() in apps/server/src/lib/request-utils/index.ts:

export function getStringParam(param: string | string[]): string {
  if (Array.isArray(param)) {
    return param[0];
  }
  return param;
}

This helper:

• Handles both string and string[] types
• Returns a clean string type
• Keeps code simple and maintainable
• Can be reused throughout the codebase

Files Updated

Updated 6 route handlers to use the helper:

• apps/server/src/routes/sessions/routes/archive.ts
• apps/server/src/routes/sessions/routes/delete.ts
• apps/server/src/routes/sessions/routes/unarchive.ts
• apps/server/src/routes/sessions/routes/update.ts
• apps/server/src/routes/terminal/routes/session-delete.ts
• apps/server/src/routes/terminal/routes/session-resize.ts

Dependency Updates

Low-Risk Patches

• prettier: 3.7.4 → 3.8.0
• vitest: 4.0.16 → 4.0.17 (across all workspace packages)
• ws: 8.18.3 → 8.19.0
• zustand: 5.0.9 → 5.0.10
• vite: 7.3.0 → 7.3.1
• @tanstack/react-query: 5.90.12 → 5.90.18
• @typescript-eslint/eslint-plugin: 8.50.0 → 8.53.0
• @typescript-eslint/parser: 8.50.0 → 8.53.0

Medium Priority Updates

• @tanstack/react-router: 1.141.6 → 1.150.0
• @tanstack/router-plugin: 1.141.7 → 1.150.0
• @eslint/js: 9.0.0 → 9.39.2
• electron-builder: 26.0.12 → 26.4.0
• @xterm/addon-fit: 0.10.0 → 0.11.0
• @xterm/addon-search: 0.15.0 → 0.16.0
• @xterm/addon-web-links: 0.11.0 → 0.12.0
• @xterm/addon-webgl: 0.18.0 → 0.19.0
• lightningcss-*: 1.29.2 → 1.30.2 (all platforms)

Testing

All tests pass successfully:

• ✅ Build: Successful (including electron build)
• ✅ E2E Tests: 12/12 passed
• ✅ Format: Passing
• ✅ Audit: Passing
• ✅ Unit Tests: 1089/1096 passed (7 pre-existing test failures unchanged)

Notes

• Skipped @types/node update (still on Node 22)
• Skipped p-limit (major version jump from 6 → 7)
• Maintained pinned version strategy throughout
• Major version updates (electron 40, @xterm/xterm 6, claude-agent-sdk 0.2.9, etc.) deferred for separate PRs

---

This PR was generated through user prompts with OpenCode and Claude Sonnet 4.5. It's a rebased version of #523

Summary by CodeRabbit

• Chores
  • Updated development and project dependencies across the codebase for improved stability and performance.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

This PR introduces a new request parameter utility function to normalize Express req.params values to strings, applies it across multiple route handlers, and performs dependency version bumps across the project including major updates to packages like @tanstack/react-router and testing tools.

Changes

Cohort / File(s)	Summary
Request Parameter Utility apps/server/src/lib/request-utils.ts	New TypeScript utility module exporting getStringParam() function that normalizes string | string[] parameters to strings, handling array values by returning the first element or empty string for empty arrays.
Route Handler Refactoring apps/server/src/routes/sessions/routes/archive.ts, delete.ts, unarchive.ts, update.ts apps/server/src/routes/terminal/routes/session-delete.ts, session-resize.ts	Six route files updated to use getStringParam() utility for extracting and normalizing request parameters instead of direct destructuring; imports added, control flow unchanged.
Server Dependencies apps/server/package.json	Version bumps: ws (8.18.3 → 8.19.0), @vitest/coverage-v8 (4.0.16 → 4.0.17), @vitest/ui (4.0.16 → 4.0.17), vitest (4.0.16 → 4.0.17).
UI Dependencies apps/ui/package.json	Multiple dependency updates: @tanstack/react-query (5.90.12 → 5.90.18), @tanstack/react-router (1.141.6 → 1.150.0), @xterm/addon-\* packages, @typescript-eslint/\* (8.50.0 → 8.53.0), electron-builder (26.0.12 → 26.4.0), and others.
Library Dependencies libs/dependency-resolver/package.json, libs/git-utils/package.json, libs/model-resolver/package.json, libs/platform/package.json, libs/prompts/package.json, libs/utils/package.json	vitest bumped from 4.0.16 to 4.0.17 across all library package.json files.
Root Dependencies package.json	Version bumps: prettier (3.7.4 → 3.8.0), vitest (4.0.16 → 4.0.17).
Test Data Format apps/server/tests/unit/services/claude-usage-service.test.ts	Authentication error test data updated from plain string authentication_error to JSON format {"type":"authentication_error"}.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

Testers-Requested

Poem

🐰 Hops with glee, parameters aligned,
String utility brings order refined,
Across the routes it spreads with care,
Dependencies fresh in the morning air!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 14.29% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: handle stricter Express request param types and update dependencies' accurately reflects the main changes: introducing the getStringParam helper to handle stricter Express param typing and updating multiple dependencies across the monorepo.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @WikiRik, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on enhancing the project's stability and maintainability by updating various dependencies and improving type safety. The dependency updates led to stricter TypeScript checks, particularly for Express request parameters, which are now correctly typed to include array possibilities. To address this, a new utility function was introduced and integrated into several route handlers, ensuring robust and type-safe handling of request parameters.

Highlights

• Dependency Updates: Updated various low-risk patch and medium-priority dependencies across the project, including prettier, vitest, ws, zustand, @tanstack/react-query, @tanstack/react-router, @eslint/js, electron-builder, @xterm/addon-*, lightningcss-*, and @typescript-eslint/*.
• TypeScript Type Safety Fix: Addressed stricter TypeScript checking for Express request parameters (req.params) which now correctly types values as string | string[] instead of just string due to an update in @types/express-serve-static-core.
• New Utility Function: Introduced a new helper function getStringParam() in apps/server/src/lib/request-utils.ts to safely extract string parameters from req.params, handling both string and string[] types.
• Route Handler Updates: Modified six Express route handlers in apps/server/src/routes/sessions and apps/server/src/routes/terminal to utilize the new getStringParam() helper for robust and type-safe parameter handling.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request effectively addresses a type-safety issue that arose from dependency updates, specifically the stricter typing of Express request parameters. The introduction of the getStringParam helper function is a clean and reusable solution to handle the string | string[] type. The dependency updates themselves are well-documented and categorized. My main feedback is a suggestion to make the new getStringParam function more robust by handling the edge case of an empty array parameter to prevent potential runtime errors.

[WikiRik]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@apps/ui/package.json`:
- Around line 69-73: The xterm addon versions in package.json are incompatible
with `@xterm/xterm` 5.5.0; update the dependency versions for the addons to match
the 5.5.0 release: change "@xterm/addon-fit" from 0.11.0 to 0.10.0,
"@xterm/addon-search" from 0.16.0 to 0.15.0, "@xterm/addon-web-links" from
0.12.0 to 0.11.0, and "@xterm/addon-webgl" from 0.19.0 to 0.18.0 (then run your
package manager install to lock the correct versions).

🧹 Nitpick comments (5)

apps/server/src/routes/terminal/routes/session-resize.ts (1)

5-13: Use @automaker/ import for request utils.*
The new relative import of getStringParam conflicts with the guideline to import from shared @automaker/* packages. Please re-export it from an @automaker/* package (or existing shared utils) and import from there. As per coding guidelines, ...

apps/server/src/routes/terminal/routes/session-delete.ts (1)

5-13: Use @automaker/ import for request utils.*
The new relative import of getStringParam conflicts with the guideline to import from shared @automaker/* packages. Please re-export it from an @automaker/* package (or existing shared utils) and import from there. As per coding guidelines, ...

apps/server/src/routes/sessions/routes/delete.ts (1)

5-14: Use @automaker/ import for request utils.*
The new relative import of getStringParam conflicts with the guideline to import from shared @automaker/* packages. Please re-export it from an @automaker/* package (or existing shared utils) and import from there. As per coding guidelines, ...

apps/server/src/routes/sessions/routes/update.ts (1)

5-14: Use @automaker/ import for request utils.*
The new relative import of getStringParam conflicts with the guideline to import from shared @automaker/* packages. Please re-export it from an @automaker/* package (or existing shared utils) and import from there. As per coding guidelines, ...

apps/server/src/routes/sessions/routes/archive.ts (1)

5-14: Use @automaker/ import for request utils.*
The new relative import of getStringParam conflicts with the guideline to import from shared @automaker/* packages. Please re-export it from an @automaker/* package (or existing shared utils) and import from there. As per coding guidelines, ...

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check peer dependency requirements for specific xterm addon versions
echo "Checking npm peer dependencies for xterm addons..."
for pkg in "@xterm/addon-fit@0.11.0" "@xterm/addon-search@0.16.0" "@xterm/addon-web-links@0.12.0" "@xterm/addon-webgl@0.19.0"; do
  echo "=== $pkg ==="
  npm view "$pkg" peerDependencies --json 2>/dev/null || echo "No peer deps found"
  echo ""
done

Repository: AutoMaker-Org/automaker

Length of output: 260

---

🏁 Script executed:

#!/bin/bash
# Get full package metadata from npm registry
echo "Checking full package metadata for xterm addons..."
npm view "@xterm/addon-fit@0.11.0" --json 2>/dev/null | jq -r '.peerDependencies, .engines, .dependencies' || echo "Failed to get fit metadata"
echo ""
echo "Checking `@xterm/xterm`@5.5.0 metadata..."
npm view "@xterm/xterm@5.5.0" --json 2>/dev/null | jq -r '.version, .dependencies' || echo "Failed to get xterm metadata"

Repository: AutoMaker-Org/automaker

Length of output: 184

---

🏁 Script executed:

#!/bin/bash
# Get complete package metadata
echo "=== Full metadata for `@xterm/addon-fit`@0.11.0 ==="
npm view "@xterm/addon-fit@0.11.0" --json 2>/dev/null | head -50

echo ""
echo "=== Checking npm registry URL for addon compatibility info ==="
npm view "@xterm/addon-fit" versions --json 2>/dev/null | tail -20

Repository: AutoMaker-Org/automaker

Length of output: 1620

---

🏁 Script executed:

#!/bin/bash
# Get specific fields from npm registry that contain dependency info
echo "=== Checking dependencies for addon versions ==="
npm view "@xterm/addon-fit@0.11.0" --json 2>/dev/null | jq '.peerDependencies // "no peer deps" | .dependencies // "no deps"'

echo ""
echo "=== Getting full object keys to understand structure ==="
npm view "@xterm/addon-fit@0.11.0" --json 2>/dev/null | jq 'keys' | head -30

Repository: AutoMaker-Org/automaker

Length of output: 683

---

🏁 Script executed:

#!/bin/bash
# Search for xterm addons in the codebase to find any package-lock or version info
echo "=== Checking for xterm addon info in node_modules or lock files ==="
cd apps/ui
if [ -f "package-lock.json" ]; then
  echo "Found package-lock.json, checking xterm addon entries..."
  jq '.dependencies[] | select(.name | startswith("@xterm/addon")) | {name, version, requires}' package-lock.json 2>/dev/null | head -100
elif [ -f "yarn.lock" ]; then
  echo "Checking yarn.lock for xterm addons..."
  grep -A 5 "@xterm/addon" yarn.lock | head -50
else
  echo "No lock file found"
fi

Repository: AutoMaker-Org/automaker

Length of output: 153

---

🏁 Script executed:

#!/bin/bash
# Check the actual package.json content for context
cd apps/ui
echo "=== Full xterm dependency section from package.json ==="
cat package.json | jq '.dependencies | to_entries[] | select(.key | contains("xterm"))' 2>/dev/null

Repository: AutoMaker-Org/automaker

Length of output: 393

---

🌐 Web query:

xterm addon compatibility with @xterm/xterm 5.5.0 addon-fit addon-search addon-web-links addon-webgl

💡 Result:

For @xterm/xterm 5.5.0 the compatible addon versions are:

• @xterm/addon-fit: 0.10.0. [1]
• @xterm/addon-search: 0.15.0. [1]
• @xterm/addon-web-links: 0.11.0. [1]
• @xterm/addon-webgl: 0.18.0. [1]

(See xterm.js 5.5.0 release notes / compatible addon table.) [1][2]

Sources:
[1] xtermjs/xterm.js releases (5.5.0) — GitHub.
[2] xterm.js 5.5.0 release summary (NewReleases).

---

Downgrade xterm addons to versions compatible with @xterm/xterm 5.5.0.

The current addon versions are incompatible with the installed xterm version. According to the official xterm.js 5.5.0 release notes, the following versions must be used:

• @xterm/addon-fit: change from 0.11.0 to 0.10.0
• @xterm/addon-search: change from 0.16.0 to 0.15.0
• @xterm/addon-web-links: change from 0.12.0 to 0.11.0
• @xterm/addon-webgl: change from 0.19.0 to 0.18.0

Using newer addon versions with xterm 5.5.0 will cause runtime errors in the terminal component.

🤖 Prompt for AI Agents

In `@apps/ui/package.json` around lines 69 - 73, The xterm addon versions in
package.json are incompatible with `@xterm/xterm` 5.5.0; update the dependency
versions for the addons to match the 5.5.0 release: change "@xterm/addon-fit"
from 0.11.0 to 0.10.0, "@xterm/addon-search" from 0.16.0 to 0.15.0,
"@xterm/addon-web-links" from 0.12.0 to 0.11.0, and "@xterm/addon-webgl" from
0.19.0 to 0.18.0 (then run your package manager install to lock the correct
versions).

[WikiRik]

The peer dependency version for these packages was removed between the 5.5.0 release and the current version. As the tests are passing, it might not be a breaking change internally. Did you check what the changes between those versions are and what the impact might be?

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!