Fix null-unsafe payments config validation for partial overrides

[mantrakp04]

Summary

• Make the branchPaymentsSchema custom validator tolerant of partial override objects
• Avoid crashing when payments.products or payments.productLines are absent during validation
• Add regression tests for partial configs plus the existing missing-line and customer-type mismatch cases

Testing

• Added Vitest coverage for partial payments configs and validation failures
• Lint passed for the touched schema files
• Typecheck passed for packages/stack-shared

Summary by CodeRabbit

• Bug Fixes

  • Improved validation robustness with stricter type-safety checks for payment-related data configurations.
  • Enhanced error messages for clearer feedback on validation failures.

• Tests

  • Added comprehensive test coverage for edge cases including missing configurations and type mismatches.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
stack-auth-hosted-components	Ready	Preview, Comment	Apr 27, 2026 6:57pm
stack-backend	Ready	Preview, Comment	Apr 27, 2026 6:57pm
stack-dashboard	Ready	Preview, Comment	Apr 27, 2026 6:57pm
stack-demo	Ready	Preview, Comment	Apr 27, 2026 6:57pm
stack-docs	Ready	Preview, Comment	Apr 27, 2026 6:57pm
stack-preview-backend	Ready	Preview, Comment	Apr 27, 2026 6:57pm
stack-preview-dashboard	Ready	Preview, Comment	Apr 27, 2026 6:57pm

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c95a0c3f-414d-4fb1-8035-1f85267dd8ed

📥 Commits

Reviewing files that changed from the base of the PR and between 03347ac and 2782654.

📒 Files selected for processing (1)

• packages/stack-shared/src/config/schema.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/stack-shared/src/config/schema.ts

---

📝 Walkthrough

Walkthrough

Enhanced type-safety in the branchPaymentsSchema cross-field validation by adding defensive checks before iteration and property access, improving handling of edge cases like null entries and missing product lines. Error messages and test coverage were also updated.

Changes

Cohort / File(s)	Summary
Schema Validation Enhancement packages/stack-shared/src/config/schema.ts	Strengthened branchPaymentsSchema validation with conditional type-safety checks before accessing products and product lines. Updated error messages to reference validated variables. Added comprehensive Vitest test suite covering partial configs, missing product lines, null entries, customer-type mismatches, and schema validation of empty productLineId.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• N2D4

Poem

🐰 With whiskers twitching, I check the way,
Each product sorted, night and day,
Type-safe guards now stand so tall,
Defensive checks prevent it all,
Tests confirm the schema's sound! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: fixing null-safety issues in the payments config validation to handle partial overrides.
Description check	✅ Passed	The description clearly outlines the summary of changes, testing approach, and verification steps, addressing the core issues and validation improvements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/sentry-config-validation-issue

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/stack-shared/src/config/schema.test.ts (1)

31-56: Consider toMatchInlineSnapshot for error-message assertions.

Per the repo's testing guideline ("prefer .toMatchInlineSnapshot over other selectors, if possible"), the exact-string rejects.toThrow(...) assertions here would be easier to update when the error format evolves if expressed as snapshots. Not blocking — the current assertions are correct and sufficiently precise.

Example refactor

-    })).rejects.toThrow('Product "pro" specifies product line ID "missing-line", but that product line does not exist');
+    })).rejects.toThrowErrorMatchingInlineSnapshot();

As per coding guidelines: "When writing tests, prefer .toMatchInlineSnapshot over other selectors, if possible."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/stack-shared/src/config/schema.test.ts` around lines 31 - 56,
Replace the explicit string assertions in the two tests that call
branchPaymentsSchema.validate with Jest inline-snapshot assertions: instead of
await expect(...).rejects.toThrow('...'), use await
expect(...).rejects.toThrowErrorMatchingInlineSnapshot(`...`) (or
.toThrowErrorMatchingInlineSnapshot for async rejects) for both the "rejects a
product that references a missing product line" test and the "rejects a product
whose customer type differs from its product line" test, and paste the current
error strings into the inline snapshots so future message changes are easier to
update via snapshot tooling.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/stack-shared/src/config/schema.ts`:
- Around line 188-190: Guard against non-object product entries before accessing
product.productLineId: inside the loop that iterates Object.entries(products)
check isObjectLike(product) (or equivalent) and continue if false, then only
compute productLine via getOrUndefined(productLines, product.productLineId) when
product is object-like; this ensures products, product, productLineId,
isObjectLike, getOrUndefined and the Object.entries(products) loop tolerate
null/primitive entries instead of throwing.

---

Nitpick comments:
In `@packages/stack-shared/src/config/schema.test.ts`:
- Around line 31-56: Replace the explicit string assertions in the two tests
that call branchPaymentsSchema.validate with Jest inline-snapshot assertions:
instead of await expect(...).rejects.toThrow('...'), use await
expect(...).rejects.toThrowErrorMatchingInlineSnapshot(`...`) (or
.toThrowErrorMatchingInlineSnapshot for async rejects) for both the "rejects a
product that references a missing product line" test and the "rejects a product
whose customer type differs from its product line" test, and paste the current
error strings into the inline snapshots so future message changes are easier to
update via snapshot tooling.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 88852a85-2731-48c4-81c7-881a24be1d68

📥 Commits

Reviewing files that changed from the base of the PR and between f89b97b and 4df268d.

📒 Files selected for processing (2)

• packages/stack-shared/src/config/schema.test.ts
• packages/stack-shared/src/config/schema.ts

[greptile-apps]

Greptile Summary

This PR makes the branchPaymentsSchema cross-field validator defensive against partial override objects by guarding access to products and productLines with isObjectLike() checks, preventing crashes when either field is absent. Regression tests cover the five key paths: partial config, product referencing a missing line, null product/line entries, and customer-type mismatch.

Confidence Score: 5/5

Safe to merge — the fix is narrowly scoped to the cross-field validator and the test coverage is appropriate.

All changes are defensive guards that cannot regress existing valid inputs; the only semantic shift (falsy → == null for productLineId) is strictly more correct. No P0/P1 issues found.

No files require special attention.

Important Files Changed

Filename	Overview
packages/stack-shared/src/config/schema.ts	Added null/undefined guards in the cross-field validator so partial override objects (missing products or productLines) no longer cause a TypeError or StackAssertionError.
packages/stack-shared/src/config/schema.test.ts	New Vitest file covering five branchPaymentsSchema scenarios: partial configs, missing product line reference, null product entries, null product line entries, and customer-type mismatch.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["branchPaymentsSchema .test()"] --> B{"value is falsy?"}
    B -- Yes --> C["return true (pass)"]
    B -- No --> D["products = Reflect.get(value, 'products')"]
    D --> E{"isObjectLike(products)?"}
    E -- No --> C
    E -- Yes --> F["productLines = Reflect.get(value, 'productLines')"]
    F --> G["iterate Object.entries(products)"]
    G --> H{"isObjectLike(product)?"}
    H -- No --> G
    H -- Yes --> I{"product.productLineId == null?"}
    I -- Yes --> G
    I -- No --> J{"isObjectLike(productLines)?"}
    J -- No --> K["productLine = undefined"]
    J -- Yes --> L["productLine = getOrUndefined(productLines, productLineId)"]
    K --> M{"productLine === undefined?"}
    L --> M
    M -- Yes --> N["createError: missing product line"]
    M -- No --> O{"isObjectLike(productLine)?"}
    O -- No --> G
    O -- Yes --> P{"customerType mismatch?"}
    P -- Yes --> Q["createError: type mismatch"]
    P -- No --> G
    G -- done --> R["return true (pass)"]

Loading

_{Reviews (2): Last reviewed commit: "fix: guard null payments config entries" | Re-trigger Greptile}

[Copilot]

Pull request overview

This PR updates the branchPaymentsSchema custom Yup validator in packages/stack-shared to avoid runtime crashes when validating partial payments overrides (e.g., missing products / productLines), and adds targeted Vitest regression coverage around those cases and existing referential/customer-type validation behavior.

Changes:

• Make the branchPaymentsSchema custom validator tolerant of missing payments.products / payments.productLines.
• Add branchPaymentsSchema unit tests covering partial configs and key validation failures.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
packages/stack-shared/src/config/schema.ts	Hardens the product/productLine cross-field validator against absent products / productLines.
packages/stack-shared/src/config/schema.test.ts	Adds focused regression tests for partial configs and validation error cases.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

These two rejection tests build products.pro objects that are not otherwise valid productSchema instances (notably missing required prices). Right now the custom referential-integrity test likely runs before nested validation, so you get the desired error, but this is order-dependent and could become flaky if Yup/test ordering changes. Consider making the product objects minimally valid (e.g., include a valid prices value) so the failure reason is unambiguously the missing product line / customer-type mismatch.

[Copilot]

In this custom test, products being object-like doesn’t guarantee each product value is object-like. Because Yup runs parent .test(...) callbacks before it validates nested schemas/records, a config like products: { pro: null } (or a non-object) will still reach product.productLineId and can throw at runtime instead of returning a validation error. Consider guarding product with isObjectLike(product) (and reading fields via Reflect.get/type checks) before accessing productLineId/customerType, letting the products record validation report the shape error.

[mantrakp04]

@greptile-ai review

[nams1570]

Test-wise, why not just append to the unit tests in schema.ts? Also, is there a reason behind not using inline snapshots? that's more in line with how the codebase handles it.
Also, it would be nice to have them run abortEarly = false tests if possible since by default that's what smart-request runs.

[nams1570]

Discussion: this is a stricter check than what we had before. Is there a reason you switched it? This change would mean empty product line ids are not skipped.