fix: add Zod schemas for PocketBase API responses to resolve type-aware linting errors

[Copilot]

Problem

After enabling type-aware linting with oxlint, 41 no-unsafe-* linting errors were identified across the codebase. These errors occurred because PocketBase API responses were being parsed as any types without proper validation, leading to unsafe type assertions and member access throughout the codebase.

Solution

This PR implements comprehensive Zod schemas for all PocketBase API responses, ensuring type-safe parsing and validation of all data received from the PocketBase API.

Key Changes

1. New Type Definitions (src/types/pocketbase-api-responses.type.ts)

Created Zod schemas for all PocketBase API response types:

• pocketbaseErrorResponseSchema - Validates error responses with code, message, and optional data fields
• pocketbaseAuthResponseSchema - Validates authentication responses containing token field
• pocketbaseListResponseSchema - Validates paginated collection responses with proper item validation
• pocketbaseMinimalListResponseSchema - Handles responses when specific fields are requested (e.g., only id field)

2. Enhanced Entry and Schema Types

• Added pocketBaseEntrySchema to validate core PocketBase entry fields (id, collectionId, collectionName)
• Updated pocketBaseCollection and pocketBaseSchemaEntry to use .passthrough(), allowing additional fields from PocketBase while still validating required fields

3. Type-Safe API Response Handling

Updated all files that interact with PocketBase API:

// Before: Unsafe parsing
const response = await request.json();
const reason = response.message; // no-unsafe-member-access error

// After: Type-safe parsing
const responseData = (await request.json()) as unknown;
const parsedError = pocketbaseErrorResponseSchema.parse(responseData);
const reason = parsedError.message; // Type-safe!

Files updated:

• src/utils/get-superuser-token.ts
• src/schema/get-remote-schema.ts
• src/loader/fetch-collection.ts
• src/loader/fetch-entry.ts
• src/loader/cleanup-entries.ts

4. Improved Error Handling

All error response parsing now includes try-catch fallbacks to handle cases where PocketBase returns non-JSON responses (e.g., HTML error pages):

let errorMessage = `Request failed with status ${status}.`;
try {
  const errorData = (await response.json()) as unknown;
  const parsedError = pocketbaseErrorResponseSchema.parse(errorData);
  errorMessage += `\nReason: ${parsedError.message}`;
} catch {
  // Gracefully handle non-JSON responses
}

5. Fixed Unsafe Type Assertions

• Live loaders: Converted error handling from error as Error to proper type checking with error instanceof Error
• File transformations: Replaced unsafe type assertions with Zod validation using .safeParse() before processing file fields

Results

• ✅ Linting: Resolved all 41 no-unsafe-* errors (41 → 0)
• ✅ Type Checking: Passes without errors
• ✅ Unit Tests: All 138 tests pass
• ✅ Type Safety: All PocketBase API responses are now properly validated with Zod

The codebase now has strong type safety while maintaining compatibility with PocketBase's dynamic response structures.

Documentation

All changes follow the existing code patterns and are documented with JSDoc comments. The Zod schemas are based on the official PocketBase API documentation.

Original prompt

This branch enabled type-aware linting with oxlint. The only remaining linting errors are "no-unsafe-x". Please check the PocketBase documentation what the return type of the requests are and create zod types so the responses can be parsed safely. This should resolve the linter errors since everything will be typed then.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[pawcoding]

Closing this in favor of:

• Enable type aware linting #68