Fix CSV newline bug + valibot validation pattern#25
Merged
bradburch merged 3 commits intoJul 14, 2026
Conversation
parseCsvRows split the input into rows before handling quotes, so a newline embedded in a quoted field (e.g. a multi-line Notes value pasted from a spreadsheet) was treated as a row break — shredding one logical row into several and silently corrupting client/pet imports. Rewrite as a single-pass state machine that only breaks rows on newlines outside quotes (CRLF/CR/LF all handled). All prior behavior preserved; adds LF and CRLF embedded-newline tests. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the untyped json().catch() + hand-rolled typeof guards in the /identify and /verify handlers with inline valibot schemas and a single safeParse. Email validation reuses the existing EMAIL_RE via v.regex, so every error response is byte-for-byte unchanged. Serves as the reference pattern for migrating the remaining route validation sites. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The import format is Client Email, Client Name, Pet Name, Pet Type — the newline-in-quoted-field fix is generically correct, but the rationale wrongly cited a Notes column. Point it at an actual quoted field instead. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Owner
Author
Code reviewNo issues found. Checked for bugs and CLAUDE.md compliance. Reviewed across five independent passes (bug scan, git-history regression, prior-PR review comments, code-comment/contract compliance, dependency conventions). Notable invariants verified as preserved:
One factual nit surfaced and fixed in 62f1eb1: the parser docstring wrongly cited a 🤖 Generated with Claude Code |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Two fixes from a "reinvented-wheel" audit — the codebase is deliberately platform-first (WebCrypto, Intl, hono/jwt), so only two spots warranted change.
1. CSV parser: newlines inside quoted fields (bug)
parseCsvRowssplit rows on newlines before handling quotes, so a newline inside a quoted field (a multi-lineNotesvalue pasted from Excel/Sheets) was treated as a row break — shredding one logical row into several and silently corrupting client/pet imports (server/routes/admin.tsimport path).Rewrote as a single-pass state machine that only breaks rows on newlines outside quotes (CRLF/CR/LF handled, no phantom empty rows). All prior behavior preserved; kept dep-free rather than pulling in papaparse for a narrow format.
Adds LF + CRLF embedded-newline tests (fail against the old code, pass now).
2. valibot validation pattern (ergonomics)
Converted the
/identifyand/verifyhandlers from untypedjson().catch()+ scatteredtypeofguards to inline valibot schemas + a singlesafeParse. Email validation reuses the existingEMAIL_REviav.regex, so every error response (400/403/502/503/200) is byte-for-byte unchanged. This is the reference pattern for migrating the remainingas-cast route sites.Chose valibot over zod for its tree-shakeable function API — matters for the embeddable widget bundle.
Verification
tsc -bclean, eslint clean on changed files🤖 Generated with Claude Code