Skip to content

feat: validate event_type filter against known enum in activity endpoint #838

Closed
#937
Closed
feat: validate event_type filter against known enum in activity endpoint#838
#937
Labels
prio:lowNice to have, can deferscope:smallLess than 1 day of workspec:apitype:featureNew feature implementationv0.5Minor version v0.5v0.5.3Patch release v0.5.3
@Aureliolo

Description

@Aureliolo
Aureliolo
opened on Mar 26, 2026

Context

The GET /api/v1/activities endpoint accepts an event_type query parameter as a free-form string (max 64 chars). Invalid values silently return empty results.

Proposed Solution

Define a StrEnum or Literal type for the 12 known event types (hired, fired, promoted, demoted, onboarded, offboarded, status_changed, task_completed, task_started, cost_incurred, tool_used, delegation_sent, delegation_received) and use it as the parameter type. This makes the OpenAPI schema self-documenting and rejects invalid values with a 400.

Files

  • src/synthorg/api/controllers/activities.py (parameter type)

Source

Found during PR #832 review (security-reviewer agent).

Metadata

Metadata

Assignees

No one assigned

    Labels

    prio:lowNice to have, can deferscope:smallLess than 1 day of workspec:apitype:featureNew feature implementationv0.5Minor version v0.5v0.5.3Patch release v0.5.3

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions