fix(sdk): validate deploy query options

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: MajorTal

sdk/src/namespaces/deploy.test.ts

@@ -3555,6 +3555,29 @@ describe("Deploy.list", () => {
     assert.equal(w.requests[0].path, "/deploy/v2/operations?limit=5");
   });
 
+  it("rejects invalid limit values with a LocalError before issuing a request", async () => {
+    const invalidLimits = [
+      { label: "NaN", value: Number.NaN },
+      { label: "zero", value: 0 },
+      { label: "negative", value: -1 },
+      { label: "fractional", value: 1.5 },
+      { label: "infinite", value: Number.POSITIVE_INFINITY },
+      { label: "unsafe", value: Number.MAX_SAFE_INTEGER + 1 },
+    ];
+
+    for (const { label, value } of invalidLimits) {
+      const w = makeWiring();
+      const deploy = new Deploy(w.client);
+      await assert.rejects(
+        () => deploy.list({ project: "prj_test", limit: value }),
+        (err: unknown) =>
+          err instanceof LocalError && /limit/i.test((err as LocalError).message),
+        `${label} limit should be rejected locally`,
+      );
+      assert.equal(w.requests.length, 0, `${label}: no gateway request`);
+    }
+  });
+
   it("accepts a bare projectId string and issues the same request as the options form", async () => {
     const projectLookups: string[] = [];
     const wiringFor = (): FakeWiring => {
@@ -3759,6 +3782,34 @@ describe("Deploy release observability", () => {
     assert.equal(w.requests[0].headers?.apikey, "ak");
   });
 
+  it("rejects invalid getRelease siteLimit values before issuing a request", async () => {
+    const invalidLimits = [
+      { label: "NaN", value: Number.NaN },
+      { label: "zero", value: 0 },
+      { label: "negative", value: -1 },
+      { label: "fractional", value: 1.5 },
+      { label: "infinite", value: Number.POSITIVE_INFINITY },
+      { label: "unsafe", value: Number.MAX_SAFE_INTEGER + 1 },
+    ];
+
+    for (const { label, value } of invalidLimits) {
+      const w = makeWiring();
+      const deploy = new Deploy(w.client);
+      await assert.rejects(
+        () =>
+          deploy.getRelease({
+            project: "prj_test",
+            releaseId: "rel_1",
+            siteLimit: value,
+          }),
+        (err: unknown) =>
+          err instanceof LocalError && /siteLimit/i.test((err as LocalError).message),
+        `${label} siteLimit should be rejected locally`,
+      );
+      assert.equal(w.requests.length, 0, `${label}: no gateway request`);
+    }
+  });
+
   it("fetches the active release inventory with site_limit", async () => {
     const w = makeWiring();
     const activeInventory = { ...inventory, release_id: "rel_active", state_kind: "current_live" };
@@ -3775,6 +3826,29 @@ describe("Deploy release observability", () => {
     assert.equal(w.requests[0].headers?.apikey, "ak");
   });
 
+  it("rejects invalid getActiveRelease siteLimit values before issuing a request", async () => {
+    const invalidLimits = [
+      { label: "NaN", value: Number.NaN },
+      { label: "zero", value: 0 },
+      { label: "negative", value: -1 },
+      { label: "fractional", value: 1.5 },
+      { label: "infinite", value: Number.POSITIVE_INFINITY },
+      { label: "unsafe", value: Number.MAX_SAFE_INTEGER + 1 },
+    ];
+
+    for (const { label, value } of invalidLimits) {
+      const w = makeWiring();
+      const deploy = new Deploy(w.client);
+      await assert.rejects(
+        () => deploy.getActiveRelease({ project: "prj_test", siteLimit: value }),
+        (err: unknown) =>
+          err instanceof LocalError && /siteLimit/i.test((err as LocalError).message),
+        `${label} siteLimit should be rejected locally`,
+      );
+      assert.equal(w.requests.length, 0, `${label}: no gateway request`);
+    }
+  });
+
   it("diffs release targets with encoded selectors, limit, and project apikey auth", async () => {
     const w = makeWiring();
     const diff = {
@@ -3810,4 +3884,78 @@ describe("Deploy release observability", () => {
     assert.equal(w.requests[0].headers?.apikey, "ak");
   });
 
+  it("rejects invalid diff limit values before issuing a request", async () => {
+    const invalidLimits = [
+      { label: "NaN", value: Number.NaN },
+      { label: "zero", value: 0 },
+      { label: "negative", value: -1 },
+      { label: "fractional", value: 1.5 },
+      { label: "infinite", value: Number.POSITIVE_INFINITY },
+      { label: "unsafe", value: Number.MAX_SAFE_INTEGER + 1 },
+    ];
+
+    for (const { label, value } of invalidLimits) {
+      const w = makeWiring();
+      const deploy = new Deploy(w.client);
+      await assert.rejects(
+        () =>
+          deploy.diff({
+            project: "prj_test",
+            from: "empty",
+            to: "rel_2",
+            limit: value,
+          }),
+        (err: unknown) =>
+          err instanceof LocalError && /limit/i.test((err as LocalError).message),
+        `${label} limit should be rejected locally`,
+      );
+      assert.equal(w.requests.length, 0, `${label}: no gateway request`);
+    }
+  });
+
+  it("rejects missing or empty diff selectors before issuing a request", async () => {
+    const cases: Array<{
+      label: string;
+      opts: Parameters<Deploy["diff"]>[0];
+      expectedMessage: RegExp;
+    }> = [
+      {
+        label: "missing from",
+        opts: { project: "prj_test", to: "rel_2" } as unknown as Parameters<
+          Deploy["diff"]
+        >[0],
+        expectedMessage: /from/i,
+      },
+      {
+        label: "missing to",
+        opts: { project: "prj_test", from: "rel_1" } as unknown as Parameters<
+          Deploy["diff"]
+        >[0],
+        expectedMessage: /to/i,
+      },
+      {
+        label: "empty from",
+        opts: { project: "prj_test", from: "", to: "rel_2" },
+        expectedMessage: /from/i,
+      },
+      {
+        label: "empty to",
+        opts: { project: "prj_test", from: "rel_1", to: "" },
+        expectedMessage: /to/i,
+      },
+    ];
+
+    for (const { label, opts, expectedMessage } of cases) {
+      const w = makeWiring();
+      const deploy = new Deploy(w.client);
+      await assert.rejects(
+        () => deploy.diff(opts),
+        (err: unknown) =>
+          err instanceof LocalError && expectedMessage.test((err as LocalError).message),
+        `${label} should be rejected locally`,
+      );
+      assert.equal(w.requests.length, 0, `${label}: no gateway request`);
+    }
+  });
+
 });

sdk/src/namespaces/deploy.ts

@@ -288,9 +288,14 @@ export class Deploy {
         "listing deploy operations",
       );
     }
+    const normalizedLimit = normalizePositiveSafeIntegerQueryOption(
+      limit,
+      "r.deploy.list limit",
+      "listing deploy operations",
+    );
     const headers = await apikeyHeaders(this.client, project);
     const qs = new URLSearchParams();
-    if (limit !== undefined) qs.set("limit", String(limit));
+    if (normalizedLimit !== undefined) qs.set("limit", String(normalizedLimit));
     const path =
       qs.toString().length > 0
         ? `/deploy/v2/operations?${qs.toString()}`
@@ -350,10 +355,15 @@ export class Deploy {
         "fetching release inventory",
       );
     }
+    const siteLimit = normalizePositiveSafeIntegerQueryOption(
+      opts.siteLimit,
+      "r.deploy.getRelease siteLimit",
+      "fetching release inventory",
+    );
     const headers = await apikeyHeaders(this.client, opts.project);
     return this.client.request<ReleaseInventory>(
       appendQuery(`/deploy/v2/releases/${encodeURIComponent(opts.releaseId)}`, {
-        site_limit: opts.siteLimit,
+        site_limit: siteLimit,
       }),
       { headers, context: "fetching release inventory" },
     );
@@ -373,10 +383,15 @@ export class Deploy {
         "fetching active release inventory",
       );
     }
+    const siteLimit = normalizePositiveSafeIntegerQueryOption(
+      opts.siteLimit,
+      "r.deploy.getActiveRelease siteLimit",
+      "fetching active release inventory",
+    );
     const headers = await apikeyHeaders(this.client, opts.project);
     return this.client.request<ActiveReleaseInventory>(
       appendQuery("/deploy/v2/releases/active", {
-        site_limit: opts.siteLimit,
+        site_limit: siteLimit,
       }),
       { headers, context: "fetching active release inventory" },
     );
@@ -394,9 +409,24 @@ export class Deploy {
         "diffing releases",
       );
     }
+    const from = requireNonEmptyStringQueryOption(
+      opts.from,
+      "r.deploy.diff from",
+      "diffing releases",
+    );
+    const to = requireNonEmptyStringQueryOption(
+      opts.to,
+      "r.deploy.diff to",
+      "diffing releases",
+    );
+    const limit = normalizePositiveSafeIntegerQueryOption(
+      opts.limit,
+      "r.deploy.diff limit",
+      "diffing releases",
+    );
     const headers = await apikeyHeaders(this.client, opts.project);
-    const qs = new URLSearchParams({ from: opts.from, to: opts.to });
-    if (opts.limit !== undefined) qs.set("limit", String(opts.limit));
+    const qs = new URLSearchParams({ from, to });
+    if (limit !== undefined) qs.set("limit", String(limit));
     return this.client.request<ReleaseToReleaseDiff>(
       `/deploy/v2/releases/diff?${qs.toString()}`,
       { headers, context: "diffing releases" },
@@ -433,6 +463,29 @@ function appendQuery(
   return query.length > 0 ? `${path}?${query}` : path;
 }
 
+function normalizePositiveSafeIntegerQueryOption(
+  value: number | undefined,
+  label: string,
+  context: string,
+): number | undefined {
+  if (value === undefined) return undefined;
+  if (!Number.isSafeInteger(value) || value <= 0) {
+    throw new LocalError(`${label} must be a positive safe integer`, context);
+  }
+  return value;
+}
+
+function requireNonEmptyStringQueryOption(
+  value: unknown,
+  label: string,
+  context: string,
+): string {
+  if (typeof value !== "string" || value.length === 0) {
+    throw new LocalError(`${label} must be a non-empty string`, context);
+  }
+  return value;
+}
+
 // ─── Internal pipeline ───────────────────────────────────────────────────────
 
 async function applyOnce(