Fix custom parser OpenAPI types and add structured default response schema

Agent-Logs-Url: https://github.com/fosrl/pangolin/sessions/73990123-9c27-444b-bc6e-77e890a0d57c Co-authored-by: oschwartz10612 <4999704+oschwartz10612@users.noreply.github.com>
2026-05-26 02:32:36 +00:00 · 2026-05-17 06:38:44 +00:00
parent 82745c701a
commit 9cec711427
66 changed files with 98 additions and 76 deletions
--- a/server/integrationApiServer.ts
+++ b/server/integrationApiServer.ts
@@ -152,11 +152,17 @@ function getOpenApiDocumentation() {
            if (!hasExistingResponses) {
                def.route.responses = {
-                    "*": {
+                    "200": {
-                        description: "",
+                        description: "Successful response",
                        content: {
                            "application/json": {
-                                schema: z.object({})
+                                schema: z.object({
                                    data: z.unknown().nullable(),
                                    success: z.boolean(),
                                    error: z.boolean(),
                                    message: z.string(),
                                    status: z.number()
                                })
                            }
                        }
                    }
--- a/server/lib/ip.ts
+++ b/server/lib/ip.ts
@@ -873,7 +873,13 @@ export const portRangeStringSchema = z
            message:
                'Port range must be "*" for all ports, or a comma-separated list of ports and ranges (e.g., "80,443,8000-9000"). Ports must be between 1 and 65535, and ranges must have start <= end.'
        }
-    );
+    )
    .openapi({
        type: "string",
        description:
            'Port range string. Use "*" for all ports, a comma-separated list of ports, or ranges (e.g., "80,443,8000-9000"). Ports must be between 1 and 65535.',
        example: "80,443,8000-9000"
    });
 /**
 * Parses a port range string into an array of port range objects
--- a/server/private/routers/approvals/processPendingApproval.ts
+++ b/server/private/routers/approvals/processPendingApproval.ts
@@ -24,7 +24,7 @@ import type { NextFunction, Request, Response } from "express";
 const paramsSchema = z.strictObject({
    orgId: z.string(),
-    approvalId: z.string().transform(Number).pipe(z.int().positive())
+    approvalId: z.coerce.number().int().positive()
 });
 const bodySchema = z.strictObject({
--- a/server/private/routers/certificates/restartCertificate.ts
+++ b/server/private/routers/certificates/restartCertificate.ts
@@ -25,7 +25,7 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 const restartCertificateParamsSchema = z.strictObject({
-    certId: z.string().transform(stoi).pipe(z.int().positive()),
+    certId: z.coerce.number().int().positive(),
    orgId: z.string()
 });
@@ -36,7 +36,7 @@ registry.registerPath({
    tags: ["Certificate"],
    request: {
        params: z.object({
-            certId: z.string().transform(stoi).pipe(z.int().positive()),
+            certId: z.coerce.number().int().positive(),
            orgId: z.string()
        })
    },
--- a/server/private/routers/re-key/reGenerateClientSecret.ts
+++ b/server/private/routers/re-key/reGenerateClientSecret.ts
@@ -28,7 +28,7 @@ import { OlmErrorCodes, sendOlmError } from "@server/routers/olm/error";
 import { sendTerminateClient } from "@server/routers/client/terminate";
 const reGenerateSecretParamsSchema = z.strictObject({
-    clientId: z.string().transform(Number).pipe(z.int().positive())
+    clientId: z.coerce.number().int().positive()
 });
 const reGenerateSecretBodySchema = z.strictObject({
--- a/server/private/routers/re-key/reGenerateSiteSecret.ts
+++ b/server/private/routers/re-key/reGenerateSiteSecret.ts
@@ -27,7 +27,7 @@ import { getAllowedIps } from "@server/routers/target/helpers";
 import { disconnectClient, sendToClient } from "#private/routers/ws";
 const updateSiteParamsSchema = z.strictObject({
-    siteId: z.string().transform(Number).pipe(z.int().positive())
+    siteId: z.coerce.number().int().positive()
 });
 const updateSiteBodySchema = z.strictObject({
--- a/server/private/routers/user/addUserRole.ts
+++ b/server/private/routers/user/addUserRole.ts
@@ -27,7 +27,7 @@ import { rebuildClientAssociationsFromClient } from "@server/lib/rebuildClientAs
 const addUserRoleParamsSchema = z.strictObject({
    userId: z.string(),
-    roleId: z.string().transform(stoi).pipe(z.number())
+    roleId: z.coerce.number()
 });
 registry.registerPath({
--- a/server/private/routers/user/removeUserRole.ts
+++ b/server/private/routers/user/removeUserRole.ts
@@ -27,7 +27,7 @@ import { rebuildClientAssociationsFromClient } from "@server/lib/rebuildClientAs
 const removeUserRoleParamsSchema = z.strictObject({
    userId: z.string(),
-    roleId: z.string().transform(stoi).pipe(z.number())
+    roleId: z.coerce.number()
 });
 registry.registerPath({
--- a/server/routers/accessToken/generateAccessToken.ts
+++ b/server/routers/accessToken/generateAccessToken.ts
@@ -31,7 +31,7 @@ export const generateAccessTokenBodySchema = z.strictObject({
 });
 export const generateAccssTokenParamsSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 export type GenerateAccessTokenResponse = Omit<
--- a/server/routers/auth/checkResourceSession.ts
+++ b/server/routers/auth/checkResourceSession.ts
@@ -9,7 +9,7 @@ import logger from "@server/logger";
 export const params = z.strictObject({
    token: z.string(),
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 export type CheckResourceSessionParams = z.infer<typeof params>;
--- a/server/routers/blueprints/getBlueprint.ts
+++ b/server/routers/blueprints/getBlueprint.ts
@@ -13,7 +13,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 import { BlueprintData } from "./types";
 const getBlueprintSchema = z.strictObject({
-    blueprintId: z.string().transform(stoi).pipe(z.int().positive()),
+    blueprintId: z.coerce.number().int().positive(),
    orgId: z.string()
 });
--- a/server/routers/client/archiveClient.ts
+++ b/server/routers/client/archiveClient.ts
@@ -11,7 +11,7 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 const archiveClientSchema = z.strictObject({
-    clientId: z.string().transform(Number).pipe(z.int().positive())
+    clientId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/client/blockClient.ts
+++ b/server/routers/client/blockClient.ts
@@ -13,7 +13,7 @@ import { sendTerminateClient } from "./terminate";
 import { OlmErrorCodes } from "../olm/error";
 const blockClientSchema = z.strictObject({
-    clientId: z.string().transform(Number).pipe(z.int().positive())
+    clientId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/client/deleteClient.ts
+++ b/server/routers/client/deleteClient.ts
@@ -14,7 +14,7 @@ import { sendTerminateClient } from "./terminate";
 import { OlmErrorCodes } from "../olm/error";
 const deleteClientSchema = z.strictObject({
-    clientId: z.string().transform(Number).pipe(z.int().positive())
+    clientId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/client/unarchiveClient.ts
+++ b/server/routers/client/unarchiveClient.ts
@@ -11,7 +11,7 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 const unarchiveClientSchema = z.strictObject({
-    clientId: z.string().transform(Number).pipe(z.int().positive())
+    clientId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/client/unblockClient.ts
+++ b/server/routers/client/unblockClient.ts
@@ -11,7 +11,7 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 const unblockClientSchema = z.strictObject({
-    clientId: z.string().transform(Number).pipe(z.int().positive())
+    clientId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/client/updateClient.ts
+++ b/server/routers/client/updateClient.ts
@@ -11,7 +11,7 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 const updateClientParamsSchema = z.strictObject({
-    clientId: z.string().transform(Number).pipe(z.int().positive())
+    clientId: z.coerce.number().int().positive()
 });
 const updateClientSchema = z.strictObject({
--- a/server/routers/resource/addEmailToResourceWhitelist.ts
+++ b/server/routers/resource/addEmailToResourceWhitelist.ts
@@ -22,7 +22,7 @@ const addEmailToResourceWhitelistBodySchema = z.strictObject({
 });
 const addEmailToResourceWhitelistParamsSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/resource/authWithPassword.ts
+++ b/server/routers/resource/authWithPassword.ts
@@ -20,7 +20,7 @@ export const authWithPasswordBodySchema = z.strictObject({
 });
 export const authWithPasswordParamsSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 export type AuthWithPasswordResponse = {
--- a/server/routers/resource/authWithPincode.ts
+++ b/server/routers/resource/authWithPincode.ts
@@ -19,7 +19,7 @@ export const authWithPincodeBodySchema = z.strictObject({
 });
 export const authWithPincodeParamsSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 export type AuthWithPincodeResponse = {
--- a/server/routers/resource/authWithWhitelist.ts
+++ b/server/routers/resource/authWithWhitelist.ts
@@ -20,7 +20,7 @@ const authWithWhitelistBodySchema = z.strictObject({
 });
 const authWithWhitelistParamsSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 export type AuthWithWhitelistResponse = {
--- a/server/routers/resource/createResourceRule.ts
+++ b/server/routers/resource/createResourceRule.ts
@@ -25,7 +25,7 @@ const createResourceRuleSchema = z.strictObject({
 });
 const createResourceRuleParamsSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/resource/deleteResource.ts
+++ b/server/routers/resource/deleteResource.ts
@@ -15,7 +15,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 // Define Zod schema for request parameters validation
 const deleteResourceSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/resource/deleteResourceRule.ts
+++ b/server/routers/resource/deleteResourceRule.ts
@@ -11,8 +11,8 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 const deleteResourceRuleSchema = z.strictObject({
-    ruleId: z.string().transform(Number).pipe(z.int().positive()),
+    ruleId: z.coerce.number().int().positive(),
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/resource/getExchangeToken.ts
+++ b/server/routers/resource/getExchangeToken.ts
@@ -17,7 +17,7 @@ import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
 import { logAccessAudit } from "#dynamic/lib/logAccessAudit";
 const getExchangeTokenParams = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 export type GetExchangeTokenResponse = {
--- a/server/routers/resource/getResourceWhitelist.ts
+++ b/server/routers/resource/getResourceWhitelist.ts
@@ -11,7 +11,7 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 const getResourceWhitelistSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 async function queryWhitelist(resourceId: number) {
--- a/server/routers/resource/listResourceRoles.ts
+++ b/server/routers/resource/listResourceRoles.ts
@@ -11,7 +11,7 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 const listResourceRolesSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 async function query(resourceId: number) {
--- a/server/routers/resource/listResourceRules.ts
+++ b/server/routers/resource/listResourceRules.ts
@@ -11,7 +11,7 @@ import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
 const listResourceRulesParamsSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 const listResourceRulesSchema = z.object({
--- a/server/routers/resource/listResourceUsers.ts
+++ b/server/routers/resource/listResourceUsers.ts
@@ -11,7 +11,7 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 const listResourceUsersSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 async function queryUsers(resourceId: number) {
--- a/server/routers/resource/removeEmailFromResourceWhitelist.ts
+++ b/server/routers/resource/removeEmailFromResourceWhitelist.ts
@@ -22,7 +22,7 @@ const removeEmailFromResourceWhitelistBodySchema = z.strictObject({
 });
 const removeEmailFromResourceWhitelistParamsSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/resource/setResourceHeaderAuth.ts
+++ b/server/routers/resource/setResourceHeaderAuth.ts
@@ -15,7 +15,7 @@ import { hashPassword } from "@server/auth/password";
 import { OpenAPITags, registry } from "@server/openApi";
 const setResourceAuthMethodsParamsSchema = z.object({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 const setResourceAuthMethodsBodySchema = z.strictObject({
--- a/server/routers/resource/setResourcePassword.ts
+++ b/server/routers/resource/setResourcePassword.ts
@@ -13,7 +13,7 @@ import { hashPassword } from "@server/auth/password";
 import { OpenAPITags, registry } from "@server/openApi";
 const setResourceAuthMethodsParamsSchema = z.object({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 const setResourceAuthMethodsBodySchema = z.strictObject({
--- a/server/routers/resource/setResourcePincode.ts
+++ b/server/routers/resource/setResourcePincode.ts
@@ -14,7 +14,7 @@ import { hashPassword } from "@server/auth/password";
 import { OpenAPITags, registry } from "@server/openApi";
 const setResourceAuthMethodsParamsSchema = z.object({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 const setResourceAuthMethodsBodySchema = z.strictObject({
--- a/server/routers/resource/setResourceRoles.ts
+++ b/server/routers/resource/setResourceRoles.ts
@@ -15,7 +15,7 @@ const setResourceRolesBodySchema = z.strictObject({
 });
 const setResourceRolesParamsSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/resource/setResourceUsers.ts
+++ b/server/routers/resource/setResourceUsers.ts
@@ -15,7 +15,7 @@ const setUserResourcesBodySchema = z.strictObject({
 });
 const setUserResourcesParamsSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/resource/setResourceWhitelist.ts
+++ b/server/routers/resource/setResourceWhitelist.ts
@@ -24,7 +24,7 @@ const setResourceWhitelistBodySchema = z.strictObject({
 });
 const setResourceWhitelistParamsSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -31,7 +31,7 @@ import { tierMatrix } from "@server/lib/billing/tierMatrix";
 import { isSubscribed } from "#dynamic/lib/isSubscribed";
 const updateResourceParamsSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 const updateHttpResourceBodySchema = z
--- a/server/routers/resource/updateResourceRule.ts
+++ b/server/routers/resource/updateResourceRule.ts
@@ -18,8 +18,8 @@ import { isValidRegionId } from "@server/db/regions";
 // Define Zod schema for request parameters validation
 const updateResourceRuleParamsSchema = z.strictObject({
-    ruleId: z.string().transform(Number).pipe(z.int().positive()),
+    ruleId: z.coerce.number().int().positive(),
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 // Define Zod schema for request body validation
--- a/server/routers/role/addRoleAction.ts
+++ b/server/routers/role/addRoleAction.ts
@@ -10,7 +10,7 @@ import { eq } from "drizzle-orm";
 import { fromError } from "zod-validation-error";
 const addRoleActionParamSchema = z.strictObject({
-    roleId: z.string().transform(Number).pipe(z.int().positive())
+    roleId: z.coerce.number().int().positive()
 });
 const addRoleActionSchema = z.strictObject({
--- a/server/routers/role/addRoleSite.ts
+++ b/server/routers/role/addRoleSite.ts
@@ -10,11 +10,11 @@ import { eq } from "drizzle-orm";
 import { fromError } from "zod-validation-error";
 const addRoleSiteParamsSchema = z.strictObject({
-    roleId: z.string().transform(Number).pipe(z.int().positive())
+    roleId: z.coerce.number().int().positive()
 });
 const addRoleSiteSchema = z.strictObject({
-    siteId: z.string().transform(Number).pipe(z.int().positive())
+    siteId: z.coerce.number().int().positive()
 });
 export async function addRoleSite(
--- a/server/routers/role/deleteRole.ts
+++ b/server/routers/role/deleteRole.ts
@@ -11,11 +11,11 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 const deleteRoleSchema = z.strictObject({
-    roleId: z.string().transform(Number).pipe(z.int().positive())
+    roleId: z.coerce.number().int().positive()
 });
 const deelteRoleBodySchema = z.strictObject({
-    roleId: z.string().transform(Number).pipe(z.int().positive())
+    roleId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/role/getRole.ts
+++ b/server/routers/role/getRole.ts
@@ -11,7 +11,7 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 const getRoleSchema = z.strictObject({
-    roleId: z.string().transform(Number).pipe(z.int().positive())
+    roleId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/role/listRoleActions.ts
+++ b/server/routers/role/listRoleActions.ts
@@ -10,7 +10,7 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 const listRoleActionsSchema = z.strictObject({
-    roleId: z.string().transform(Number).pipe(z.int().positive())
+    roleId: z.coerce.number().int().positive()
 });
 export async function listRoleActions(
--- a/server/routers/role/listRoleResources.ts
+++ b/server/routers/role/listRoleResources.ts
@@ -10,7 +10,7 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 const listRoleResourcesSchema = z.strictObject({
-    roleId: z.string().transform(Number).pipe(z.int().positive())
+    roleId: z.coerce.number().int().positive()
 });
 export async function listRoleResources(
--- a/server/routers/role/listRoleSites.ts
+++ b/server/routers/role/listRoleSites.ts
@@ -10,7 +10,7 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 const listRoleSitesSchema = z.strictObject({
-    roleId: z.string().transform(Number).pipe(z.int().positive())
+    roleId: z.coerce.number().int().positive()
 });
 export async function listRoleSites(
--- a/server/routers/role/removeRoleAction.ts
+++ b/server/routers/role/removeRoleAction.ts
@@ -10,7 +10,7 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 const removeRoleActionParamsSchema = z.strictObject({
-    roleId: z.string().transform(Number).pipe(z.int().positive())
+    roleId: z.coerce.number().int().positive()
 });
 const removeRoleActionSchema = z.strictObject({
--- a/server/routers/role/removeRoleResource.ts
+++ b/server/routers/role/removeRoleResource.ts
@@ -10,11 +10,11 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 const removeRoleResourceParamsSchema = z.strictObject({
-    roleId: z.string().transform(Number).pipe(z.int().positive())
+    roleId: z.coerce.number().int().positive()
 });
 const removeRoleResourceSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 export async function removeRoleResource(
--- a/server/routers/role/removeRoleSite.ts
+++ b/server/routers/role/removeRoleSite.ts
@@ -10,11 +10,11 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 const removeRoleSiteParamsSchema = z.strictObject({
-    roleId: z.string().transform(Number).pipe(z.int().positive())
+    roleId: z.coerce.number().int().positive()
 });
 const removeRoleSiteSchema = z.strictObject({
-    siteId: z.string().transform(Number).pipe(z.int().positive())
+    siteId: z.coerce.number().int().positive()
 });
 export async function removeRoleSite(
--- a/server/routers/role/updateRole.ts
+++ b/server/routers/role/updateRole.ts
@@ -14,7 +14,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 import { tierMatrix } from "@server/lib/billing/tierMatrix";
 const updateRoleParamsSchema = z.strictObject({
-    roleId: z.string().transform(Number).pipe(z.int().positive())
+    roleId: z.coerce.number().int().positive()
 });
 const sshSudoModeSchema = z.enum(["none", "full", "commands"]);
--- a/server/routers/site/deleteSite.ts
+++ b/server/routers/site/deleteSite.ts
@@ -16,7 +16,7 @@ import { usageService } from "@server/lib/billing/usageService";
 import { FeatureId } from "@server/lib/billing";
 const deleteSiteSchema = z.strictObject({
-    siteId: z.string().transform(Number).pipe(z.int().positive())
+    siteId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/site/listSiteRoles.ts
+++ b/server/routers/site/listSiteRoles.ts
@@ -10,7 +10,7 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 const listSiteRolesSchema = z.strictObject({
-    siteId: z.string().transform(Number).pipe(z.int().positive())
+    siteId: z.coerce.number().int().positive()
 });
 export async function listSiteRoles(
--- a/server/routers/site/socketIntegration.ts
+++ b/server/routers/site/socketIntegration.ts
@@ -44,7 +44,7 @@ export interface Container {
 }
 const siteIdParamsSchema = z.strictObject({
-    siteId: z.string().transform(stoi).pipe(z.int().positive())
+    siteId: z.coerce.number().int().positive()
 });
 const DockerStatusSchema = z.strictObject({
--- a/server/routers/site/updateSite.ts
+++ b/server/routers/site/updateSite.ts
@@ -12,7 +12,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 import { isValidCIDR } from "@server/lib/validators";
 const updateSiteParamsSchema = z.strictObject({
-    siteId: z.string().transform(Number).pipe(z.int().positive())
+    siteId: z.coerce.number().int().positive()
 });
 const updateSiteBodySchema = z
--- a/server/routers/siteResource/batchAddClientToSiteResources.ts
+++ b/server/routers/siteResource/batchAddClientToSiteResources.ts
@@ -22,7 +22,7 @@ import {
 const batchAddClientToSiteResourcesParamsSchema = z
    .object({
-        clientId: z.string().transform(Number).pipe(z.number().int().positive())
+        clientId: z.coerce.number().int().positive()
    })
    .strict();
--- a/server/routers/siteResource/createSiteResource.ts
+++ b/server/routers/siteResource/createSiteResource.ts
@@ -42,7 +42,12 @@ const createSiteResourceParamsSchema = z.strictObject({
 const createSiteResourceSchema = z
    .strictObject({
        name: z.string().min(1).max(255),
-        niceId: z.string().optional(),
+        niceId: z.string().optional()
            .openapi({
                description:
                    "Fully qualified domain name with optional wildcards, e.g., example.internal, *.example.internal, or host-0?.example.internal",
                example: "service.example.internal"
            }),
        // protocol: z.enum(["tcp", "udp"]).optional(),
        mode: z.enum(["host", "cidr", "http"]),
        ssl: z.boolean().optional(), // only used for http mode
--- a/server/routers/siteResource/deleteSiteResource.ts
+++ b/server/routers/siteResource/deleteSiteResource.ts
@@ -12,7 +12,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 import { rebuildClientAssociationsFromSiteResource } from "@server/lib/rebuildClientAssociations";
 const deleteSiteResourceParamsSchema = z.strictObject({
-    siteResourceId: z.string().transform(Number).pipe(z.int().positive())
+    siteResourceId: z.coerce.number().int().positive()
 });
 export type DeleteSiteResourceResponse = {
--- a/server/routers/siteResource/listSiteResources.ts
+++ b/server/routers/siteResource/listSiteResources.ts
@@ -11,7 +11,7 @@ import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
 const listSiteResourcesParamsSchema = z.strictObject({
-    siteId: z.string().transform(Number).pipe(z.int().positive()),
+    siteId: z.coerce.number().int().positive(),
    orgId: z.string()
 });
--- a/server/routers/siteResource/updateSiteResource.ts
+++ b/server/routers/siteResource/updateSiteResource.ts
@@ -37,7 +37,7 @@ import { z } from "zod";
 import { fromError } from "zod-validation-error";
 const updateSiteResourceParamsSchema = z.strictObject({
-    siteResourceId: z.string().transform(Number).pipe(z.int().positive())
+    siteResourceId: z.coerce.number().int().positive()
 });
 const updateSiteResourceSchema = z
@@ -58,7 +58,12 @@ const updateSiteResourceSchema = z
        // mode: z.enum(["host", "cidr", "port"]).optional(),
        mode: z.enum(["host", "cidr", "http"]).optional(),
        ssl: z.boolean().optional(),
-        scheme: z.enum(["http", "https"]).nullish(),
+        scheme: z.enum(["http", "https"]).nullish()
            .openapi({
                description:
                    "Fully qualified domain name with optional wildcards, e.g., example.internal, *.example.internal, or host-0?.example.internal",
                example: "service.example.internal"
            }),
        // proxyPort: z.int().positive().nullish(),
        destinationPort: z.int().positive().nullish(),
        destination: z.string().min(1).optional(),
--- a/server/routers/target/createTarget.ts
+++ b/server/routers/target/createTarget.ts
@@ -26,7 +26,7 @@ import {
 } from "@server/lib/alerts";
 const createTargetParamsSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 const createTargetSchema = z.strictObject({
--- a/server/routers/target/deleteTarget.ts
+++ b/server/routers/target/deleteTarget.ts
@@ -13,7 +13,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 import { targetHealthCheck } from "@server/db";
 const deleteTargetSchema = z.strictObject({
-    targetId: z.string().transform(Number).pipe(z.int().positive())
+    targetId: z.coerce.number().int().positive()
 });
 registry.registerPath({
--- a/server/routers/target/getTarget.ts
+++ b/server/routers/target/getTarget.ts
@@ -11,7 +11,7 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 const getTargetSchema = z.strictObject({
-    targetId: z.string().transform(Number).pipe(z.int().positive())
+    targetId: z.coerce.number().int().positive()
 });
 type GetTargetResponse = Target &
--- a/server/routers/target/listTargets.ts
+++ b/server/routers/target/listTargets.ts
@@ -11,7 +11,7 @@ import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
 const listTargetsParamsSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 const listTargetsSchema = z.object({
--- a/server/routers/target/updateTarget.ts
+++ b/server/routers/target/updateTarget.ts
@@ -20,7 +20,7 @@ import { isTargetValid } from "@server/lib/validators";
 import { OpenAPITags, registry } from "@server/openApi";
 const updateTargetParamsSchema = z.strictObject({
-    targetId: z.string().transform(Number).pipe(z.int().positive())
+    targetId: z.coerce.number().int().positive()
 });
 const updateTargetBodySchema = z
--- a/server/routers/user/addUserRoleLegacy.ts
+++ b/server/routers/user/addUserRoleLegacy.ts
@@ -14,7 +14,7 @@ import { rebuildClientAssociationsFromClient } from "@server/lib/rebuildClientAs
 /** Legacy path param order: /role/:roleId/add/:userId */
 const addUserRoleLegacyParamsSchema = z.strictObject({
-    roleId: z.string().transform(stoi).pipe(z.number()),
+    roleId: z.coerce.number(),
    userId: z.string()
 });
--- a/server/routers/user/addUserSite.ts
+++ b/server/routers/user/addUserSite.ts
@@ -11,7 +11,7 @@ import { fromError } from "zod-validation-error";
 const addUserSiteSchema = z.strictObject({
    userId: z.string(),
-    siteId: z.string().transform(Number).pipe(z.int().positive())
+    siteId: z.coerce.number().int().positive()
 });
 export async function addUserSite(
--- a/server/routers/user/removeUserResource.ts
+++ b/server/routers/user/removeUserResource.ts
@@ -11,7 +11,7 @@ import { fromError } from "zod-validation-error";
 const removeUserResourceSchema = z.strictObject({
    userId: z.string(),
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 export async function removeUserResource(