sourcebot-dev
diff --git a/‎docs/snippets/schemas/v3/index.schema.mdx‎
Lines changed: 100 additions & 0 deletions b/‎docs/snippets/schemas/v3/index.schema.mdx‎
Lines changed: 100 additions & 0 deletions
diff --git a/‎docs/snippets/schemas/v3/languageModel.schema.mdx‎
Lines changed: 100 additions & 0 deletions b/‎docs/snippets/schemas/v3/languageModel.schema.mdx‎
Lines changed: 100 additions & 0 deletions
diff --git a/‎docs/snippets/schemas/v3/shared.schema.mdx‎
Lines changed: 2 additions & 0 deletions b/‎docs/snippets/schemas/v3/shared.schema.mdx‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎packages/backend/src/gerrit.ts‎
Lines changed: 6 additions & 5 deletions b/‎packages/backend/src/gerrit.ts‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎packages/crypto/src/tokenUtils.test.ts‎
Lines changed: 6 additions & 0 deletions b/‎packages/crypto/src/tokenUtils.test.ts‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎packages/schemas/src/v3/connection.schema.ts‎
Lines changed: 3 additions & 2 deletions b/‎packages/schemas/src/v3/connection.schema.ts‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎packages/schemas/src/v3/gerrit.schema.ts‎
Lines changed: 3 additions & 2 deletions b/‎packages/schemas/src/v3/gerrit.schema.ts‎
Lines changed: 3 additions & 2 deletions
@@ -93,6 +93,7 @@
                   "properties": {
                     "secret": {
                       "type": "string",
+                      "minLength": 1,
                       "description": "The name of the secret that contains the token."
                     }
                   },
@@ -106,6 +107,7 @@
                   "properties": {
                     "env": {
                       "type": "string",
+                      "minLength": 1,
                       "description": "The name of the environment variable that contains the token. Only supported in declarative connection configs."
                     }
                   },
 
@@ -87,7 +87,7 @@ export const getGerritReposFromConfig = async (
    }
 
    // include repos by glob if specified in config
-   if (config.projects) {
+   if (config.projects?.length) {
       projects = projects.filter((project) => {
          return micromatch.isMatch(project.name, config.projects!);
       });
@@ -155,10 +155,11 @@ const fetchAllProjects = async (url: string, auth?: GerritAuthConfig): Promise<G
             throw err;
          }
 
-         const status = (err as any).code;
-         logger.error(`Failed to fetch projects from Gerrit at ${endpointWithParams} with status ${status}`);
+         const status = (err as any).code ?? 0;
+         const message = (err as Error)?.message ?? String(err);
+         logger.error(`Failed to fetch projects from Gerrit at ${endpointWithParams} with status ${status}: ${message}`);
          throw new BackendException(BackendError.CONNECTION_SYNC_FAILED_TO_FETCH_GERRIT_PROJECTS, {
-            status: status,
+            status,
             url: endpointWithParams,
             authenticated: !!auth
          });
@@ -168,7 +169,7 @@ const fetchAllProjects = async (url: string, auth?: GerritAuthConfig): Promise<G
       // Remove XSSI protection prefix that Gerrit adds to JSON responses
       // The regex /^\)\]\}'\n/ matches the literal string ")]}'" at the start of the response
       // followed by a newline character, which Gerrit adds to prevent JSON hijacking
-      const jsonText = text.startsWith(")]}'") ? text.replace(/^\)\]\}'\n/, '') : text;
+      const jsonText = text.replace(/^\)\]\}'\s*/, '');
       const data: GerritProjects = JSON.parse(jsonText);
 
       // Add fetched projects to allProjects
 
@@ -35,6 +35,9 @@ describe('tokenUtils', () => {
             const result = await getTokenFromConfig(config, testOrgId, mockPrisma);
 
             expect(result).toBe('decrypted-secret-value');
+            // Verify we invoked decrypt with the secret's IV and encrypted value
+            const { decrypt } = await import('./index.js');
+            expect(decrypt).toHaveBeenCalledWith('test-iv', 'encrypted-value');
             expect(mockPrisma.secret.findUnique).toHaveBeenCalledWith({
                 where: { 
                     orgId_key: {
@@ -52,6 +55,7 @@ describe('tokenUtils', () => {
             const result = await getTokenFromConfig(config, testOrgId, mockPrisma);
 
             expect(result).toBe('env-token-value');
+            expect(mockPrisma.secret.findUnique).not.toHaveBeenCalled();
         });
 
         test('throws error for string tokens (security)', async () => {
@@ -75,6 +79,8 @@ describe('tokenUtils', () => {
 
             await expect(getTokenFromConfig(config, testOrgId, mockPrisma))
                 .rejects.toThrow('Secret with key non-existent-secret not found for org 1');
+            const { decrypt } = await import('./index.js');
+            expect(decrypt).not.toHaveBeenCalled();
         });
 
         test('throws error for missing environment variable', async () => {
 
@@ -608,6 +608,7 @@ const schema = {
           "properties": {
             "username": {
               "type": "string",
+              "minLength": 1,
               "description": "Gerrit username for authentication",
               "examples": [
                 "john.doe"
@@ -630,7 +631,7 @@ const schema = {
                     "secret": {
                       "type": "string",
                       "minLength": 1,
-                      "description": "The name of the secret that contains the token."
+                      "description": "The name of the secret that contains the HTTP password."
                     }
                   },
                   "required": [
@@ -644,7 +645,7 @@ const schema = {
                     "env": {
                       "type": "string",
                       "minLength": 1,
-                      "description": "The name of the environment variable that contains the token. Only supported in declarative connection configs."
+                      "description": "The name of the environment variable that contains the HTTP password. Only supported in declarative connection configs."
                     }
                   },
                   "required": [
 
@@ -23,6 +23,7 @@ const schema = {
       "properties": {
         "username": {
           "type": "string",
+          "minLength": 1,
           "description": "Gerrit username for authentication",
           "examples": [
             "john.doe"
@@ -45,7 +46,7 @@ const schema = {
                 "secret": {
                   "type": "string",
                   "minLength": 1,
-                  "description": "The name of the secret that contains the token."
+                  "description": "The name of the secret that contains the HTTP password."
                 }
               },
               "required": [
@@ -59,7 +60,7 @@ const schema = {
                 "env": {
                   "type": "string",
                   "minLength": 1,
-                  "description": "The name of the environment variable that contains the token. Only supported in declarative connection configs."
+                  "description": "The name of the environment variable that contains the HTTP password. Only supported in declarative connection configs."
                 }
               },
               "required": [