Settings PATCH fails with 400: Zod schema validation rejects permission mode changes #91
Description
Bug
Changing Claude permission mode in the Settings page fails silently — the dropdown updates locally but the server rejects the PATCH with a 400 status.
Steps to Reproduce
- Open Settings → Coding CLIs → Claude section
- Change the Permission Mode dropdown (e.g., from "Default" to "Plan")
- Observe the server logs
Expected
Setting saves successfully and persists.
Actual
PATCH /api/settings returns 400. Server logs show Zod validation errors:
"details": [
{
"expected": "object",
"code": "invalid_type",
"path": "[MaxDepth]",
"message": "Invalid input: expected object, received undefined"
}
]
(4 identical errors with [MaxDepth] paths)
Client logs: [SettingsView] Failed to save settings {"status": 400, "message": "Invalid request", ...}
Analysis
The [MaxDepth] path in the Zod errors suggests the SettingsPatchSchema has deeply nested validation that's hitting Zod's depth limit, or the patch payload structure doesn't match what the schema expects at some nested level. The issue is in the server-side validation in server/settings-router.ts, not the UI.
Environment
- Freshell v0.5.0
- Development mode (
npm run dev) - macOS, Chrome 145