refactor: Add status field validation at DTO level

[Xhristin3]

Problem Statement

The UpdateStreamDto.status field (api/src/streams/dto/update-stream.dto.ts:24) accepts any 1-50 character string. While the service layer validates transitions, the DTO should also enforce valid status values for defense-in-depth.

Evidence

@IsOptional()
@IsString()
@Length(1, 50, { message: "status must be between 1 and 50 characters" })
status?: string   // accepts any string, not just valid states

Impact

API accepts arbitrary status strings. The service rejects them later with ConflictException, but the API contract should be narrow. Swagger documentation auto-generates an open-ended status field.

Proposed Solution

Add @IsIn(['inactive', 'active', 'error']) validator to the status field, matching the ListStreamsQueryDto.status pattern.

Acceptance Criteria

• PATCH /streams/:id with status="unknown" returns 400 validation error
• PATCH /streams/:id with status="active" passes DTO validation
• Swagger docs show enum for status field

File Map

• api/src/streams/dto/update-stream.dto.ts — add @isin()

---

Labels: refactoring, good first issue
Priority: Low | Difficulty: Beginner | Estimated Effort: 0.5h

---

Labels: refactoring,good first issue
Priority: Low | Difficulty: Beginner | Estimated Effort: 0.5h
Backlog ID: REPO-044

[Adeyemi-cmd]

I would love to work on this task because it is a straightforward improvement that strengthens API validation and improves the overall developer experience. The proposed change follows an existing pattern in the codebase, making it easy to implement consistently while reducing the risk of invalid input reaching the service layer. It also improves the API contract by ensuring only supported status values are accepted and properly reflected in Swagger documentation. I'm comfortable working with NestJS DTO validation and can efficiently implement, test, and verify the change against the acceptance criteria.

[Whiznificent]

Here’s a more polished and professional rewrite:

---

Hello,

I’m a smart contract and full-stack developer interested in contributing to this issue.

I have hands-on experience contributing to open-source projects through OnlyDust and have participated in Drips Wave 1, Wave 2, Wave 5.

My technical expertise includes Rust, Soroban, Cairo, Solidity, and TypeScript, with a strong focus on developing secure, scalable, and maintainable blockchain solutions.

After reviewing the scope of this issue, I’m confident in my ability to deliver a complete, well-tested solution within 24 hours of assignment. I prioritize writing clean code, maintaining clear documentation, and implementing efficient solutions.

I’d be grateful for the opportunity to contribute and help advance this project.

Thank you.

[skaichima]

I'm interested in working on this issue regarding the DTO level changes. I have the necessary skills to handle this efficiently and would appreciate it if you could assign it to me. Thanks

[Agbasimere]

Hi there, I'd like to work on this issue.

[cLamberti]

Hi! I'm a Software Engineer and I'd like to take this issue.

Two things worth confirming:

1. ESLint config format — the project uses Next.js ^16.2.4, which ships with
   ESLint 9. ESLint 9 uses flat config (eslint.config.js) by default and treats
   .eslintrc.json as legacy. Should I use the flat config format for
   forward-compatibility, or stick with .eslintrc.json as specified?

2. CI working directory — the existing test.yml runs from the repo root but
   the frontend lives in /frontend. I'll add the lint/format job with
   working-directory: frontend to make sure the commands resolve correctly.

Stack: Next.js 15/16, TypeScript, Tailwind — same setup as this project.
I can have a PR up within 24h of being assigned.

Happy to also add husky + lint-staged for pre-commit hooks if that's in scope.

[grantfox-oss]

🦊 GrantFox — @skaichima has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #227)
2. Your PR will be reviewed by the XStreamRollz maintainers

Good luck! Track your progress on GrantFox.