feat: hide regex in error when msg is used with the j rule

Author: mrnagydavid

packages/nodejs-lib/src/validation/ajv/ajv.test.ts

@@ -363,6 +363,22 @@ describe('fingerprint for different keywords', () => {
       data: { email: 'INVALID@EMAIL.COM' },
       fingerprint: 'Contact.email pattern:^[a-z]+$',
     },
+    {
+      inputName: 'Contact',
+      schema: {
+        type: 'object',
+        properties: {
+          email: {
+            type: 'string',
+            pattern: '^[a-z]+$',
+            errorMessages: { pattern: 'must be lowercase' },
+          },
+        },
+        required: ['email'],
+      },
+      data: { email: 'INVALID@EMAIL.COM' },
+      fingerprint: 'Contact.email pattern:must be lowercase',
+    },
     {
       inputName: 'Record',
       schema: {
@@ -373,6 +389,22 @@ describe('fingerprint for different keywords', () => {
       data: { status: 'unknown' },
       fingerprint: 'Record.status enum:active,inactive',
     },
+    {
+      inputName: 'Record',
+      schema: {
+        type: 'object',
+        properties: {
+          status: {
+            type: 'string',
+            enum: ['active', 'inactive'],
+            errorMessages: { enum: 'must be active or inactive' },
+          },
+        },
+        required: ['status'],
+      },
+      data: { status: 'unknown' },
+      fingerprint: 'Record.status enum:must be active or inactive',
+    },
     {
       inputName: 'Person',
       schema: {
@@ -437,3 +469,108 @@ describe('fingerprint for different keywords', () => {
     },
   )
 })
+
+describe('error params with custom msg', () => {
+  test('should drop params when a custom msg overrides the rule', () => {
+    const schemaWithMsg = j.string().regex(/^[0-9]{2}$/, { msg: 'is not a valid Oompa-loompa' })
+    const [err] = schemaWithMsg.getValidationResult('abc')
+    expect(err!.data).toMatchInlineSnapshot(`
+      {
+        "errors": [
+          {
+            "instancePath": "",
+            "keyword": "pattern",
+            "message": "is not a valid Oompa-loompa",
+            "params": {},
+            "schemaPath": "#/pattern",
+          },
+        ],
+        "fingerprint": "Object pattern:is not a valid Oompa-loompa",
+        "inputName": "Object",
+      }
+    `)
+    expect(err!.data.errors[0]!.params).toEqual({})
+  })
+
+  test('should preserve params when no custom msg is provided', () => {
+    const plainSchema = j.string().regex(/^[0-9]{2}$/)
+
+    const [err] = plainSchema.getValidationResult('abc')
+
+    expect(err).toMatchInlineSnapshot(`
+      [AjvValidationError: Object must match pattern "^[0-9]{2}$"
+      Input: abc]
+    `)
+    expect(err!.data).toMatchInlineSnapshot(`
+      {
+        "errors": [
+          {
+            "instancePath": "",
+            "keyword": "pattern",
+            "message": "must match pattern "^[0-9]{2}$"",
+            "params": {
+              "pattern": "^[0-9]{2}$",
+            },
+            "schemaPath": "#/pattern",
+          },
+        ],
+        "fingerprint": "Object pattern:^[0-9]{2}$",
+        "inputName": "Object",
+      }
+    `)
+  })
+
+  test('should drop params for nested property with custom msg', () => {
+    const schema = j.object<{ foo: string }>({
+      foo: j.string().pattern('^abc$', { msg: 'must equal "abc"' }),
+    })
+
+    const [err] = schema.getValidationResult({ foo: 'def' })
+
+    expect(err).toMatchInlineSnapshot(`
+      [AjvValidationError: Object.foo must equal "abc"
+      Input: { foo: 'def' }]
+    `)
+    expect(err!.data).toMatchInlineSnapshot(`
+      {
+        "errors": [
+          {
+            "instancePath": ".foo",
+            "keyword": "pattern",
+            "message": "must equal "abc"",
+            "params": {},
+            "schemaPath": "#/properties/foo/pattern",
+          },
+        ],
+        "fingerprint": "Object.foo pattern:must equal "abc"",
+        "inputName": "Object",
+      }
+    `)
+  })
+
+  test('should drop params for enum with custom msg', () => {
+    const schema = j.enum(['foo', 'bar'], { msg: 'must be foo or bar' })
+
+    const [err] = schema.getValidationResult('baz')
+
+    expect(err).toMatchInlineSnapshot(`
+      [AjvValidationError: Object must be foo or bar
+      Input: baz]
+    `)
+    expect(err!.data).toMatchInlineSnapshot(`
+      {
+        "errors": [
+          {
+            "instancePath": "",
+            "keyword": "enum",
+            "message": "must be foo or bar",
+            "params": {},
+            "schemaPath": "#/enum",
+          },
+        ],
+        "fingerprint": "Object enum:must be foo or bar",
+        "inputName": "Object",
+      }
+    `)
+  })
+})

packages/nodejs-lib/src/validation/ajv/jSchema.ts

@@ -1694,7 +1694,11 @@ function executeValidation<OUT>(
 
   // Build fingerprint before applyImprovementsOnErrorMessages: after it, /items/0/name becomes
   // .items[0].name, embedding the index into the segment and making it harder to strip without regex
-  const fingerprint = buildAjvErrorFingerprint(errors[0], inputName)
+  const fingerprint = buildAjvErrorFingerprint(
+    errors[0],
+    inputName,
+    resolveCustomErrorMessage(builtSchema, errors[0]),
+  )
 
   applyImprovementsOnErrorMessages(errors, builtSchema)
 
@@ -1731,34 +1735,51 @@ function applyImprovementsOnErrorMessages(
 
   filterNullableAnyOfErrors(errors, schema)
 
-  const { errorMessages } = schema
-
   for (const error of errors) {
-    const errorMessage = getErrorMessageForInstancePath(schema, error.instancePath, error.keyword)
-
-    if (errorMessage) {
-      error.message = errorMessage
-    } else if (errorMessages?.[error.keyword]) {
-      error.message = errorMessages[error.keyword]
-    } else {
-      const unwrapped = unwrapNullableAnyOf(schema)
-      if (unwrapped?.errorMessages?.[error.keyword]) {
-        error.message = unwrapped.errorMessages[error.keyword]
-      }
+    const customMessage = resolveCustomErrorMessage(schema, error)
+
+    if (customMessage) {
+      error.message = customMessage
+      // A custom `msg` signals "the underlying rule param is an implementation detail".
+      // Drop params so consumers (e.g. HTTP responses, Sentry payloads) don't surface
+      // the raw regex/limit/etc. — the custom message is now the canonical rule label.
+      error.params = {}
     }
 
     error.instancePath = error.instancePath.replaceAll(/\/(\d+)/g, `[$1]`).replaceAll('/', '.')
   }
 }
 
+/**
+ * Looks up the user-provided custom error message (set via `{ msg }` / `{ name }`)
+ * for a given AJV error, walking the schema along the error's instancePath and
+ * falling back to top-level `errorMessages` (including through nullable wrappers).
+ * Returns undefined if no custom message was registered for the failing keyword.
+ */
+function resolveCustomErrorMessage(schema: JsonSchema, error: ErrorObject): string | undefined {
+  const byPath = getErrorMessageForInstancePath(schema, error.instancePath, error.keyword)
+  if (byPath) return byPath
+  if (schema.errorMessages?.[error.keyword]) return schema.errorMessages[error.keyword]
+  const unwrapped = unwrapNullableAnyOf(schema)
+  return unwrapped?.errorMessages?.[error.keyword]
+}
+
 /**
  * Groups repeated validation errors by rule rather than by unique request content.
  * Excludes instance-specific data like record IDs and array indices.
+ *
+ * When a custom error message is registered for the failing rule, prefer it over
+ * the raw param value (e.g. regex source) — it is both stable across regex tweaks
+ * and avoids leaking the underlying pattern into Sentry fingerprints.
  */
-function buildAjvErrorFingerprint(e: ErrorObject, inputName: string): string {
-  const value = Object.values(e.params || {})[0]
+function buildAjvErrorFingerprint(
+  e: ErrorObject,
+  inputName: string,
+  customMessage: string | undefined,
+): string {
+  const ruleValue = customMessage ?? Object.values(e.params || {})[0]
   let rule = e.keyword
-  if (value !== undefined) rule += `:${value}`
+  if (ruleValue !== undefined) rule += `:${ruleValue}`
   const path = e.instancePath
     .split('/')
     .filter(s => s && isNaN(Number(s)))