fix(api): validate metric alert UUID inputs

[dnsnljw]

Summary

• validate metric alert rule, channel, and saved-filter IDs before they reach Postgres UUID parameters
• return structured mutation errors for malformed metric alert IDs instead of surfacing unexpected database errors
• return null for malformed Target.metricAlertRule(id:) queries

Tests

• added integration coverage for malformed metric alert UUID inputs in add/update/delete/query paths

Note: I could not run the full integration suite locally in this environment because pnpm was not available and package-manager download was blocked.

[gemini-code-assist]

Code Review

This pull request introduces input validation to ensure metric alert rule IDs, channel IDs, and saved filter IDs are valid UUIDs before executing database operations, and adds corresponding integration tests. Feedback suggests replacing truthiness checks on savedFilterId with strict null/undefined checks to prevent empty strings from bypassing validation and causing database errors.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

Using a truthiness check if (input.savedFilterId) skips validation if savedFilterId is an empty string (""), leading to a database syntax error when Postgres inserts it into a UUID column. Use a strict null/undefined check to ensure all string values are validated.

Suggested change

	if (input.savedFilterId) {
	assertUUID(input.savedFilterId, 'Saved filter ID');
	}
	if (input.savedFilterId !== undefined && input.savedFilterId !== null) {
	assertUUID(input.savedFilterId, 'Saved filter ID');
	}

[gemini-code-assist]

Using a truthiness check if (input.savedFilterId) skips validation if savedFilterId is an empty string (""), leading to a database syntax error when Postgres updates the UUID column. Use a strict null/undefined check to ensure all string values are validated.

Suggested change

	if (input.savedFilterId) {
	assertUUID(input.savedFilterId, 'Saved filter ID');
	await this.assertSavedFilterBelongsToProject(input.savedFilterId, input.projectId);
	}
	if (input.savedFilterId !== undefined && input.savedFilterId !== null) {
	assertUUID(input.savedFilterId, 'Saved filter ID');
	await this.assertSavedFilterBelongsToProject(input.savedFilterId, input.projectId);
	}