Chore/zod 4 update

[LukeSchlangen]

Description here... Help the reviewer by:

• linking to an issue that includes more details
• if it's a new feature include samples of how to use the new feature
• (optional if issue link is provided) if you fixed a bug include basic bug details

Checklist (if applicable):

• PR title is following https://www.conventionalcommits.org/en/v1.0.0/
• Tested (manually, unit tested, etc.)
• Docs updated (updated docs or a docs bug required)

[gemini-code-assist]

Summary of Changes

Hello @LukeSchlangen, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request primarily focuses on a significant dependency upgrade, moving the project from Zod v3 to Zod v4 and updating TypeScript to v5. These changes necessitate various code modifications, including API adjustments for schema generation, stricter type definitions, and the introduction of explicit type castings to maintain compatibility and ensure the stability of the application's data validation and typing mechanisms.

Highlights

• Zod v4 Upgrade: The Zod library has been upgraded across the codebase from v3 to v4. This involved updating package dependencies, removing the now-redundant zod-to-json-schema library (as Zod v4 includes toJSONSchema natively), and refactoring schema definitions to align with Zod v4's API changes.
• TypeScript Version Update: Alongside the Zod upgrade, the TypeScript version has been updated from 4.x to 5.x across various packages, ensuring compatibility and leveraging newer language features.
• Schema Definition Refinements: Numerous Zod schema definitions, particularly those using z.record(z.any()) or z.record(z.unknown()), have been made more explicit by specifying key types as z.string() (e.g., z.record(z.string(), z.any())). This improves type safety and clarity.
• Type Casting and Compatibility Adjustments: Extensive type casting (as any, as unknown as ...) has been introduced in various function calls and assignments to resolve type mismatches arising from the Zod v4 and TypeScript 5 upgrades, ensuring the codebase remains functional despite stricter type checking.
• JSON Schema Generation Logic Update: The internal logic for generating JSON schemas from Zod definitions has been updated to use Zod v4's native z.toJSONSchema method, including specific handling for ZodVoid types and nullable schema properties.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request is a significant and well-executed upgrade of the Zod library to version 4 across the repository. The changes are comprehensive, including updating package dependencies, removing the now-obsolete zod-to-json-schema package, and adapting the codebase to the new Zod v4 APIs, such as z.toJSONSchema and the updated z.record syntax. The test files have also been diligently updated to reflect changes in schema generation, which is great to see.

While the changes are extensive and mostly look correct, I've noticed a large number of type assertions (as any, as unknown as ...) have been added. This is often a pragmatic necessity during large dependency upgrades to resolve complex type-checking issues. However, it does reduce type safety. It would be beneficial to create follow-up tasks to revisit these assertions and try to replace them with stronger types or type guards where possible.

My main concern is the removal of the pnpm-lock.yaml file for the js/testapps/next package, which I've detailed in a specific comment.

[gemini-code-assist]

This lock file was removed. Lock files are important for ensuring reproducible builds by pinning down the exact versions of all dependencies, which is particularly important for test applications to avoid flakiness. Was the removal of this file intentional? If not, it should be restored. If this test application is not intended to have its dependencies locked, it might be better to add pnpm-lock.yaml to a .gitignore file in this directory to prevent it from being tracked accidentally.