refactor: Migrate custom-user-status API to standardized format (Rule 7)

[Makeepan-dev]

Proposed changes (including videos or screenshots)

This PR refactors the custom-user-status API to adhere to Project Rule 7 by colocating all endpoint typings and AJV schemas directly within the handler file.

Key Changes:

• Rule 7 Compliance: Moved all request/endpoint types and AJV schemas from packages/rest-typings into apps/meteor/app/api/server/v1/custom-user-status.ts.
• OpenAPI Documentation: Added complete and correct @openapi annotations for .list, .create, .delete, and .update endpoints, including accurate response schemas.
• Truthiness Logic Fix: Replaced logical OR (||) with nullish coalescing (??) in the update handler to correctly preserve explicit empty-string inputs for name and statusType.
• Type Safety: Improved the delete handler to return a consistent { success: true } object as required by the response schema.
• Cleanup: Removed the now-redundant packages/rest-typings/src/v1/customUserStatus.ts and updated the global Endpoints interface via module augmentation.

Issue(s)

Relates to Rule 7 refactoring efforts.

Steps to test or reproduce

1. Run yarn build in packages/rest-typings to ensure that removing the types didn't break the package build.
2. Verify the new OpenAPI documentation by visiting /api/v1/docs (Swagger) once the server is running.
3. Test the update endpoint with an empty string for name to confirm it is no longer ignored.

Further comments

The Windows compatibility fixes made during development (such as cross-env and METEOR_OFFLINE_CATALOG) were not included in this PR to keep it focused on the API refactor.

Summary by CodeRabbit

• Refactor
  • Improved request/response validation and error handling for custom user status endpoints (create, update, delete).
• Bug Fixes
  • Made endpoint responses more consistent and reliable when creating, updating, or deleting statuses.
• Chores
  • Added a changeset entry marking a patch release for related packages.

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[cubic-dev-ai]

No issues found across 3 files

[changeset-bot]

🦋 Changeset detected

Latest commit: 8f30c16

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 41 packages

Name	Type
@rocket.chat/rest-typings	Patch
@rocket.chat/meteor	Patch
@rocket.chat/api-client	Patch
@rocket.chat/core-services	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/http-router	Patch
@rocket.chat/models	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/abac	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/livechat	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/cron	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch
@rocket.chat/server-fetch	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-video-conf	Patch
@rocket.chat/ui-voip	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/apps	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/license	Patch
@rocket.chat/pdf-worker	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f4ad4ce0-fe5a-49da-9d6d-afdf5859ab40

📥 Commits

Reviewing files that changed from the base of the PR and between 5eb30b6 and 8f30c16.

📒 Files selected for processing (1)

• .changeset/breezy-rivers-agree.md

✅ Files skipped from review due to trivial changes (1)

• .changeset/breezy-rivers-agree.md

---

Walkthrough

Migrates custom user status endpoints from API.v1.addRoute() with meteor/check to API.v1.post() using AJV request/response schemas, updates handler logic, and removes corresponding TypeScript REST-typing declarations for custom user status endpoints.

Changes

Cohort / File(s)	Summary
API Validation Migration apps/meteor/app/api/server/v1/custom-user-status.ts	Replaced API.v1.addRoute() handlers with API.v1.post() calls that include AJV request and response schemas. Removed meteor/check usage. Added AJV validators for create, delete, and update. Adjusted handler flows: creation persists then fetches by name; delete returns explicit success object; update fetches by _id, applies nullish-coalescing updates, persists, and re-fetches.
REST typings removal packages/rest-typings/src/index.ts, packages/rest-typings/src/v1/customUserStatus.ts	Deleted packages/rest-typings/src/v1/customUserStatus.ts and removed its re-export/import from packages/rest-typings/src/index.ts, eliminating the CustomUserStatusEndpoints type and related endpoint type declarations.
Changeset .changeset/breezy-rivers-agree.md	Added changeset marking patch bumps for @rocket.chat/rest-typings and @rocket.chat/meteor with notes about AJV migration and colocation.

Sequence Diagram(s)

sequenceDiagram
  participant Client as Client
  participant API as API.v1.post (route)
  participant Service as UserStatusService/DB
  participant Response as API.v1.response

  Client->>API: POST /v1/custom-user-status.create (body validated by AJV)
  API->>Service: insertOrUpdateUserStatus(userStatusData)
  Service-->>API: persistedId
  API->>Service: findOneByName(name)
  Service-->>API: userStatus
  API->>Response: return success({ customUserStatus: userStatus })

  Client->>API: POST /v1/custom-user-status.update (body validated by AJV)
  API->>Service: findOneById(_id)
  Service-->>API: existingStatus
  API->>Service: insertOrUpdateUserStatus(updatedData)
  Service-->>API: updatedId
  API->>Service: findOneById(_id)
  Service-->>API: updatedStatus
  API->>Response: return success({ customUserStatus: updatedStatus })

  Client->>API: POST /v1/custom-user-status.delete (body validated by AJV)
  API->>Service: removeById(customUserStatusId)
  Service-->>API: removed
  API->>Response: return success({})

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately summarizes the main change: migrating the custom-user-status API to a standardized AJV format while implementing Rule 7 (endpoint colocation). It is concise, specific, and clearly reflects the core refactoring objective.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

apps/meteor/app/api/server/v1/custom-user-status.ts (1)

10-12: Consider removing explanatory comments.

The comments on lines 10-11 explain the Rule 7 migration rationale. While helpful context, they can be deferred to PR description or ADRs to keep the implementation comment-free. As per coding guidelines, avoid code comments in TypeScript/JavaScript implementation files.

🔧 Suggested diff

-// RULE 7: Colocate all endpoint typings and AJV validators within the handler file.
-// This removes the dependency on manual definitions in the separate rest-typings package.
 import { API } from '../../../../api/server';

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/meteor/app/api/server/v1/custom-user-status.ts` around lines 10 - 12,
Remove the explanatory Rule 7 comments preceding the import in this handler file
so the implementation remains comment-free; locate the comment block above the
import statement (import { API } from '../../../../api/server';) in
apps/meteor/app/api/server/v1/custom-user-status.ts and delete those two lines,
leaving only the import and implementation—move any long-form rationale to the
PR description or ADR if needed.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/meteor/app/api/server/v1/custom-user-status.ts`:
- Around line 400-409: The OpenAPI property definitions for name and statusType
currently list only "type: string" but must reflect the AJV schema's nullable:
true; update the OpenAPI annotation in custom-user-status.ts so the properties
"name" and "statusType" explicitly allow null (e.g., add nullable: true or the
OpenAPI equivalent) while keeping _id required, ensuring the documentation
matches the AJV schema used by the code that validates these fields.
- Around line 84-106: The TypeScript type CustomUserStatusUpdateProps doesn’t
reflect the AJV schema's nullable:true for name and statusType; update the type
declaration for CustomUserStatusUpdateProps so name and statusType are allowed
to be null (e.g., name?: string | null; statusType?: string | null) to match
CustomUserStatusUpdatePropsSchema, then run type checks/build and ensure
isCustomUserStatusUpdateProps usage remains valid.

---

Nitpick comments:
In `@apps/meteor/app/api/server/v1/custom-user-status.ts`:
- Around line 10-12: Remove the explanatory Rule 7 comments preceding the import
in this handler file so the implementation remains comment-free; locate the
comment block above the import statement (import { API } from
'../../../../api/server';) in
apps/meteor/app/api/server/v1/custom-user-status.ts and delete those two lines,
leaving only the import and implementation—move any long-form rationale to the
PR description or ADR if needed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1886a28e-3d8d-44f7-a514-473708b888af

📥 Commits

Reviewing files that changed from the base of the PR and between 9e3eb78 and 5eb30b6.

📒 Files selected for processing (3)

• apps/meteor/app/api/server/v1/custom-user-status.ts
• packages/rest-typings/src/index.ts
• packages/rest-typings/src/v1/customUserStatus.ts

💤 Files with no reviewable changes (2)

• packages/rest-typings/src/index.ts
• packages/rest-typings/src/v1/customUserStatus.ts

📜 Review details

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/app/api/server/v1/custom-user-status.ts

🧠 Learnings (14)

📓 Common learnings

Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39676
File: .changeset/migrate-users-register-openapi.md:3-3
Timestamp: 2026-03-16T21:50:42.118Z
Learning: In RocketChat/Rocket.Chat OpenAPI migration PRs, removing endpoint types and validators from `rocket.chat/rest-typings` (e.g., `UserRegisterParamsPOST`, `/v1/users.register` entry) is the *required* migration pattern per RocketChat/Rocket.Chat-Open-API#150 Rule 7 ("No More rest-typings or Manual Typings"). The endpoint type is re-exposed via a module augmentation `.d.ts` file in the consuming package (e.g., `packages/web-ui-registration/src/users-register.d.ts`). This is NOT a breaking change — the correct changeset bump for `rocket.chat/rest-typings` in this scenario is `minor`, not `major`. Do not flag this as a breaking change during OpenAPI migration reviews.

Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39647
File: apps/meteor/app/api/server/v1/users.ts:710-757
Timestamp: 2026-03-15T14:31:28.969Z
Learning: In RocketChat/Rocket.Chat, the `UserCreateParamsPOST` type in `apps/meteor/app/api/server/v1/users.ts` (migrated from `packages/rest-typings/src/v1/users/UserCreateParamsPOST.ts`) intentionally has `fields: string` (non-optional) and `settings?: IUserSettings` without a corresponding AJV schema entry. This is a pre-existing divergence carried over verbatim from the original rest-typings source (PR `#39647`). Do not flag this type/schema misalignment during the OpenAPI migration review — it is tracked as a separate follow-up fix.

Learnt from: smirk-dev
Repo: RocketChat/Rocket.Chat PR: 39625
File: apps/meteor/app/api/server/v1/push.ts:85-97
Timestamp: 2026-03-14T14:58:58.834Z
Learning: In RocketChat/Rocket.Chat, the `push.token` POST/DELETE endpoints in `apps/meteor/app/api/server/v1/push.ts` were already migrated to the chained router API pattern on `develop` prior to PR `#39625`. `cleanTokenResult` (which strips `authToken` and returns `PushTokenResult`) and `isPushTokenPOSTProps`/`isPushTokenDELETEProps` validators already exist on `develop`. PR `#39625` only migrates `push.get` and `push.info` to the chained pattern. Do not flag `cleanTokenResult` or `PushTokenResult` as newly introduced behavior-breaking changes when reviewing this PR.

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 38974
File: apps/meteor/app/api/server/v1/im.ts:220-221
Timestamp: 2026-02-24T19:09:09.561Z
Learning: In RocketChat/Rocket.Chat OpenAPI migration PRs for apps/meteor/app/api/server/v1 endpoints, maintainers prefer to avoid any logic changes; style-only cleanups (like removing inline comments) may be deferred to follow-ups to keep scope tight.

Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39647
File: apps/meteor/app/api/server/v1/users.ts:891-899
Timestamp: 2026-03-15T14:31:23.493Z
Learning: In RocketChat/Rocket.Chat, `IUser.inactiveReason` in `packages/core-typings/src/IUser.ts` is typed as `'deactivated' | 'pending_approval' | 'idle_too_long'` (optional, no `null`), but the database stores `null` for newly created users. The Typia-generated `$ref: '#/components/schemas/IUser'` schema therefore correctly rejects `null` for `inactiveReason`. This causes the test "should create a new user with default roles" to fail when response validation is active (TEST_MODE). The fix is to add `| null` to `inactiveReason` in core-typings and rebuild Typia schemas in a separate PR. Do not flag this test failure as a bug introduced by the users.create OpenAPI migration (PR `#39647`). Do not suggest inlining a custom schema to work around it, as migration rules require using `$ref` when a Typia schema exists.

Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39676
File: apps/meteor/app/api/server/v1/users.ts:862-869
Timestamp: 2026-03-16T23:33:15.721Z
Learning: In RocketChat/Rocket.Chat OpenAPI migration PRs (e.g., PR `#39676` for users.register in apps/meteor/app/api/server/v1/users.ts), calls to `this.parseJsonQuery()` inside migrated handlers are intentionally preserved without adding a corresponding `query` AJV schema to the route options. Adding query-param schemas for the `fields`/`sort`/`query` parameters consumed by `parseJsonQuery()` is a separate cross-cutting concern shared by many endpoints (e.g., users.create, users.update, users.list) and is explicitly out of scope for individual endpoint migration PRs. Do not flag the absence of a `query` schema for `parseJsonQuery()` usage as a violation of OpenAPI/AJV contract during migration reviews.

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 39414
File: apps/meteor/app/api/server/v1/rooms.ts:1241-1297
Timestamp: 2026-03-10T08:13:52.153Z
Learning: In the RocketChat/Rocket.Chat OpenAPI migration PRs for endpoints under apps/meteor/app/api/server/v1/rooms.ts, the pattern `ajv.compile<void>({...})` is intentionally used for the 200 response schema even when the endpoint returns `{ success: true }`. This is an established convention across all migrated endpoints (rooms.leave, rooms.favorite, rooms.delete, rooms.muteUser, rooms.unmuteUser). Do not flag this as a type mismatch during reviews of these migration PRs.

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 39230
File: apps/meteor/app/api/server/v1/chat.ts:214-222
Timestamp: 2026-03-03T11:11:48.541Z
Learning: In apps/meteor/server/lib/moderation/reportMessage.ts, the reportMessage function validates that description is not empty or whitespace-only with `if (!description.trim())`. When migrating the chat.reportMessage endpoint to OpenAPI, adding minLength validation to the schema preserves this existing behavior.

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 39340
File: apps/meteor/app/api/server/v1/im.ts:1349-1398
Timestamp: 2026-03-12T10:26:26.697Z
Learning: In `apps/meteor/app/api/server/v1/im.ts` (PR `#39340`), the `DmEndpoints` type intentionally includes temporary stub entries for `/v1/im.kick`, `/v1/dm.kick`, `/v1/im.leave`, and `/v1/dm.leave` (using `DmKickProps` and `DmLeaveProps`) even though no route handlers exist for them yet. These stubs were added to preserve type compatibility after removing the original `DmLeaveProps` and related files. They are planned for cleanup in a follow-up PR. Do not flag these as missing implementations when reviewing this file until the follow-up is merged.

Learnt from: ggazzo
Repo: RocketChat/Rocket.Chat PR: 35995
File: apps/meteor/app/api/server/v1/rooms.ts:1107-1112
Timestamp: 2026-02-23T17:53:18.785Z
Learning: In Rocket.Chat PR reviews, maintain strict scope boundaries—when a PR is focused on a specific endpoint (e.g., rooms.favorite), avoid reviewing or suggesting changes to other endpoints that were incidentally refactored (e.g., rooms.invite) unless explicitly requested by maintainers.

Learnt from: ggazzo
Repo: RocketChat/Rocket.Chat PR: 39553
File: apps/meteor/app/api/server/v1/stats.ts:98-117
Timestamp: 2026-03-20T13:52:26.083Z
Learning: In `apps/meteor/app/api/server/v1/stats.ts`, the `statistics.telemetry` POST endpoint intentionally has no `body` AJV schema in its route options. The proper request body shape (a `params` array of telemetry event objects) has not been formally defined yet, so body validation is deferred to a follow-up. Do not flag the missing body schema for this endpoint during OpenAPI migration reviews.

📚 Learning: 2026-03-16T21:50:42.118Z

Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39676
File: .changeset/migrate-users-register-openapi.md:3-3
Timestamp: 2026-03-16T21:50:42.118Z
Learning: In RocketChat/Rocket.Chat OpenAPI migration PRs, removing endpoint types and validators from `rocket.chat/rest-typings` (e.g., `UserRegisterParamsPOST`, `/v1/users.register` entry) is the *required* migration pattern per RocketChat/Rocket.Chat-Open-API#150 Rule 7 ("No More rest-typings or Manual Typings"). The endpoint type is re-exposed via a module augmentation `.d.ts` file in the consuming package (e.g., `packages/web-ui-registration/src/users-register.d.ts`). This is NOT a breaking change — the correct changeset bump for `rocket.chat/rest-typings` in this scenario is `minor`, not `major`. Do not flag this as a breaking change during OpenAPI migration reviews.

Applied to files:

• apps/meteor/app/api/server/v1/custom-user-status.ts

📚 Learning: 2026-03-15T14:31:28.969Z

Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39647
File: apps/meteor/app/api/server/v1/users.ts:710-757
Timestamp: 2026-03-15T14:31:28.969Z
Learning: In RocketChat/Rocket.Chat, the `UserCreateParamsPOST` type in `apps/meteor/app/api/server/v1/users.ts` (migrated from `packages/rest-typings/src/v1/users/UserCreateParamsPOST.ts`) intentionally has `fields: string` (non-optional) and `settings?: IUserSettings` without a corresponding AJV schema entry. This is a pre-existing divergence carried over verbatim from the original rest-typings source (PR `#39647`). Do not flag this type/schema misalignment during the OpenAPI migration review — it is tracked as a separate follow-up fix.

Applied to files:

• apps/meteor/app/api/server/v1/custom-user-status.ts

📚 Learning: 2026-02-24T19:09:01.522Z

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 38974
File: apps/meteor/app/api/server/v1/im.ts:220-221
Timestamp: 2026-02-24T19:09:01.522Z
Learning: In Rocket.Chat OpenAPI migration PRs for endpoints under apps/meteor/app/api/server/v1, avoid introducing logic changes. Only perform scope-tight changes that preserve behavior; style-only cleanups (e.g., removing inline comments) may be deferred to follow-ups to keep the migration PR focused.

Applied to files:

• apps/meteor/app/api/server/v1/custom-user-status.ts

📚 Learning: 2026-03-14T14:58:58.834Z

Learnt from: smirk-dev
Repo: RocketChat/Rocket.Chat PR: 39625
File: apps/meteor/app/api/server/v1/push.ts:85-97
Timestamp: 2026-03-14T14:58:58.834Z
Learning: In RocketChat/Rocket.Chat, the `push.token` POST/DELETE endpoints in `apps/meteor/app/api/server/v1/push.ts` were already migrated to the chained router API pattern on `develop` prior to PR `#39625`. `cleanTokenResult` (which strips `authToken` and returns `PushTokenResult`) and `isPushTokenPOSTProps`/`isPushTokenDELETEProps` validators already exist on `develop`. PR `#39625` only migrates `push.get` and `push.info` to the chained pattern. Do not flag `cleanTokenResult` or `PushTokenResult` as newly introduced behavior-breaking changes when reviewing this PR.

Applied to files:

• apps/meteor/app/api/server/v1/custom-user-status.ts

📚 Learning: 2026-03-12T10:26:26.697Z

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 39340
File: apps/meteor/app/api/server/v1/im.ts:1349-1398
Timestamp: 2026-03-12T10:26:26.697Z
Learning: In `apps/meteor/app/api/server/v1/im.ts` (PR `#39340`), the `DmEndpoints` type intentionally includes temporary stub entries for `/v1/im.kick`, `/v1/dm.kick`, `/v1/im.leave`, and `/v1/dm.leave` (using `DmKickProps` and `DmLeaveProps`) even though no route handlers exist for them yet. These stubs were added to preserve type compatibility after removing the original `DmLeaveProps` and related files. They are planned for cleanup in a follow-up PR. Do not flag these as missing implementations when reviewing this file until the follow-up is merged.

Applied to files:

• apps/meteor/app/api/server/v1/custom-user-status.ts

📚 Learning: 2026-03-16T23:33:15.721Z

Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39676
File: apps/meteor/app/api/server/v1/users.ts:862-869
Timestamp: 2026-03-16T23:33:15.721Z
Learning: In RocketChat/Rocket.Chat OpenAPI migration PRs (e.g., PR `#39676` for users.register in apps/meteor/app/api/server/v1/users.ts), calls to `this.parseJsonQuery()` inside migrated handlers are intentionally preserved without adding a corresponding `query` AJV schema to the route options. Adding query-param schemas for the `fields`/`sort`/`query` parameters consumed by `parseJsonQuery()` is a separate cross-cutting concern shared by many endpoints (e.g., users.create, users.update, users.list) and is explicitly out of scope for individual endpoint migration PRs. Do not flag the absence of a `query` schema for `parseJsonQuery()` usage as a violation of OpenAPI/AJV contract during migration reviews.

Applied to files:

• apps/meteor/app/api/server/v1/custom-user-status.ts

📚 Learning: 2026-03-20T13:52:26.083Z

Learnt from: ggazzo
Repo: RocketChat/Rocket.Chat PR: 39553
File: apps/meteor/app/api/server/v1/stats.ts:98-117
Timestamp: 2026-03-20T13:52:26.083Z
Learning: In `apps/meteor/app/api/server/v1/stats.ts`, the `statistics.telemetry` POST endpoint intentionally has no `body` AJV schema in its route options. The proper request body shape (a `params` array of telemetry event objects) has not been formally defined yet, so body validation is deferred to a follow-up. Do not flag the missing body schema for this endpoint during OpenAPI migration reviews.

Applied to files:

• apps/meteor/app/api/server/v1/custom-user-status.ts

📚 Learning: 2026-02-25T20:10:16.987Z

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 38913
File: packages/ddp-client/src/legacy/types/SDKLegacy.ts:34-34
Timestamp: 2026-02-25T20:10:16.987Z
Learning: In the RocketChat/Rocket.Chat monorepo, packages/ddp-client and apps/meteor do not use TypeScript project references. Module augmentations in apps/meteor (e.g., declare module 'rocket.chat/rest-typings') are not visible when compiling packages/ddp-client in isolation, which is why legacy SDK methods that depend on OperationResult types for OpenAPI-migrated endpoints must remain commented out.

Applied to files:

• apps/meteor/app/api/server/v1/custom-user-status.ts

📚 Learning: 2026-03-10T08:13:52.153Z

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 39414
File: apps/meteor/app/api/server/v1/rooms.ts:1241-1297
Timestamp: 2026-03-10T08:13:52.153Z
Learning: In the RocketChat/Rocket.Chat OpenAPI migration PRs for endpoints under apps/meteor/app/api/server/v1/rooms.ts, the pattern `ajv.compile<void>({...})` is intentionally used for the 200 response schema even when the endpoint returns `{ success: true }`. This is an established convention across all migrated endpoints (rooms.leave, rooms.favorite, rooms.delete, rooms.muteUser, rooms.unmuteUser). Do not flag this as a type mismatch during reviews of these migration PRs.

Applied to files:

• apps/meteor/app/api/server/v1/custom-user-status.ts

📚 Learning: 2026-03-15T14:31:23.493Z

Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39647
File: apps/meteor/app/api/server/v1/users.ts:891-899
Timestamp: 2026-03-15T14:31:23.493Z
Learning: In RocketChat/Rocket.Chat, `IUser.inactiveReason` in `packages/core-typings/src/IUser.ts` is typed as `'deactivated' | 'pending_approval' | 'idle_too_long'` (optional, no `null`), but the database stores `null` for newly created users. The Typia-generated `$ref: '#/components/schemas/IUser'` schema therefore correctly rejects `null` for `inactiveReason`. This causes the test "should create a new user with default roles" to fail when response validation is active (TEST_MODE). The fix is to add `| null` to `inactiveReason` in core-typings and rebuild Typia schemas in a separate PR. Do not flag this test failure as a bug introduced by the users.create OpenAPI migration (PR `#39647`). Do not suggest inlining a custom schema to work around it, as migration rules require using `$ref` when a Typia schema exists.

Applied to files:

• apps/meteor/app/api/server/v1/custom-user-status.ts

📚 Learning: 2026-02-23T17:53:06.802Z

Learnt from: ggazzo
Repo: RocketChat/Rocket.Chat PR: 35995
File: apps/meteor/app/api/server/v1/rooms.ts:1107-1112
Timestamp: 2026-02-23T17:53:06.802Z
Learning: During PR reviews that touch endpoint files under apps/meteor/app/api/server/v1, enforce strict scope: if a PR targets a specific endpoint (e.g., rooms.favorite), do not propose changes to unrelated endpoints (e.g., rooms.invite) unless maintainers explicitly request them. Focus feedback on the touched endpoint's behavior, API surface, and related tests; avoid broad cross-endpoint changes in the same PR unless requested.

Applied to files:

• apps/meteor/app/api/server/v1/custom-user-status.ts

📚 Learning: 2026-02-26T19:25:44.063Z

Learnt from: gabriellsh
Repo: RocketChat/Rocket.Chat PR: 38778
File: packages/ui-voip/src/providers/useMediaSession.ts:192-192
Timestamp: 2026-02-26T19:25:44.063Z
Learning: In the Rocket.Chat repository, do not reference Biome lint rules in code review feedback. Biome is not used even if biome.json exists; only reference Biome rules if there is explicit, project-wide usage documented. For TypeScript files, review lint implications without Biome guidance unless the project enables Biome rules.

Applied to files:

• apps/meteor/app/api/server/v1/custom-user-status.ts

📚 Learning: 2026-02-26T19:25:44.063Z

Learnt from: gabriellsh
Repo: RocketChat/Rocket.Chat PR: 38778
File: packages/ui-voip/src/providers/useMediaSession.ts:192-192
Timestamp: 2026-02-26T19:25:44.063Z
Learning: In this repository (RocketChat/Rocket.Chat), Biome lint rules are not used even if a biome.json exists. When reviewing TypeScript files (e.g., packages/ui-voip/src/providers/useMediaSession.ts), ensure lint suggestions do not reference Biome-specific rules. Rely on general ESLint/TypeScript lint rules and project conventions instead.

Applied to files:

• apps/meteor/app/api/server/v1/custom-user-status.ts

🔇 Additional comments (4)

apps/meteor/app/api/server/v1/custom-user-status.ts (4)

280-322: LGTM!

The create endpoint migration correctly uses the new AJV schema pattern with appropriate request body validation and response schema. The handler logic is preserved.

---

356-384: LGTM!

The delete endpoint correctly migrates to the new pattern. The API.v1.success({}) return properly results in { success: true } matching the response schema.

---

456-462: LGTM on the nullish coalescing fix!

Using ?? instead of || correctly preserves explicit empty-string inputs for name and statusType. This is an intentional behavioral fix as documented in the PR objectives.

---

478-483: LGTM!

The module augmentation correctly re-exposes CustomUserStatusEndpoints to the global Endpoints interface, following the required Rule 7 migration pattern.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

TypeScript type doesn't reflect nullable: true in AJV schema.

The AJV schema (lines 93-94, 97-98) allows null for name and statusType via nullable: true, but the TypeScript type on line 84 defines them as optional strings without null. This mismatch means TypeScript won't warn when code assumes these values can't be null.

The handler logic (line 460-461) correctly uses ?? to handle null, so this isn't a runtime bug, but aligning types improves type safety.

🛡️ Proposed fix to align TypeScript type with AJV schema

-type CustomUserStatusUpdateProps = { _id: string; name?: string; statusType?: string };
+type CustomUserStatusUpdateProps = { _id: string; name?: string | null; statusType?: string | null };

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/meteor/app/api/server/v1/custom-user-status.ts` around lines 84 - 106,
The TypeScript type CustomUserStatusUpdateProps doesn’t reflect the AJV schema's
nullable:true for name and statusType; update the type declaration for
CustomUserStatusUpdateProps so name and statusType are allowed to be null (e.g.,
name?: string | null; statusType?: string | null) to match
CustomUserStatusUpdatePropsSchema, then run type checks/build and ensure
isCustomUserStatusUpdateProps usage remains valid.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

OpenAPI annotation doesn't indicate nullable for name and statusType.

The AJV schema (lines 93-94, 97-98) defines name and statusType with nullable: true, but the OpenAPI annotation here only shows type: string. This will make the API documentation misleading since clients won't know these fields accept null.

📝 Proposed fix to align OpenAPI with AJV schema

              _id:
                type: string
              name:
                type: string
+               nullable: true
              statusType:
                type: string
+               nullable: true

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/meteor/app/api/server/v1/custom-user-status.ts` around lines 400 - 409,
The OpenAPI property definitions for name and statusType currently list only
"type: string" but must reflect the AJV schema's nullable: true; update the
OpenAPI annotation in custom-user-status.ts so the properties "name" and
"statusType" explicitly allow null (e.g., add nullable: true or the OpenAPI
equivalent) while keeping _id required, ensuring the documentation matches the
AJV schema used by the code that validates these fields.

[Makeepan-dev]

Hi team! 👋

I've modernized the custom-user-status API by migrating it to the AJV validation standard and implementing Rule 7 colocation for the typings and schemas.

Note for reviewers: I spent most of the day troubleshooting the monorepo build on a Windows environment. I've identified and fixed several path-related issues (e.g., rm -rf and cp compatibility) across 50+ package.json files. To keep this PR atomic and clean, I've stashed those environment fixes and will submit them as a separate 'Windows Compatibility' PR shortly.

Looking forward to your feedback! 🚀

[ggazzo]

Hey, thanks for the contribution! 🙏

I'm closing this PR because the endpoint(s) covered here have already been migrated as part of a larger batch migration I'm working on (see #39820). I decided to go with a mass migration approach because reviewing individual PRs for each endpoint was taking too much of my time.

That said, you're more than welcome to help by reviewing and testing the changes in #39820 to make sure everything is working correctly. Your input would be really valuable!

Thanks again for your effort! 🚀

[Makeepan-dev]

No problem at all, @ggazzo! I completely understand the need for a mass migration to streamline the review process. 🚀

I'd be happy to help review and test the changes in #39820. Since I've been working deeply with the Windows build environment and AJV structures today, I'll keep a close eye on those aspects specifically.

Thanks for the heads-up!