accordproject · hemantch01 · Apr 14, 2026
diff --git a/server/handlers/agreements.ts b/server/handlers/agreements.ts
@@ -10,7 +10,11 @@ import { Template as CiceroTemplate } from '@accordproject/cicero-core';
 
 async function resolveAgreement(db: any, agreementId: string) {
     console.log('Getting agreement: ' + agreementId);
-    const result = await db.select().from(Agreement).where(eq(Agreement.id, Number.parseInt(agreementId))).limit(1);
+    const parsedId = Number(agreementId);
+    if (Number.isNaN(parsedId)) {
+        throw new Error(`Invalid agreement ID format`);
+    }
+    const result = await db.select().from(Agreement).where(eq(Agreement.id, parsedId)).limit(1);
     if (!result.length) {
         throw new Error(`Agreement with id ${agreementId} does not exist`);
     }

diff --git a/server/handlers/crud.ts b/server/handlers/crud.ts
@@ -343,11 +343,14 @@ export function buildCrudRouter<T extends PgTable<any> & TableWithId>({
         async (req: Request, res: Response) => {
             try {
                 const queryParams = parseQueryParams(req);
+                if (table.id.columnType !== 'PgUUID' && isNaN(Number(req.params.id))) {
+                    return res.status(400).json({ error: 'Invalid ID format' });
+                }
                 const whereConditions = [
                     // Check if table has UUID primary key
                     table.id.columnType === 'PgUUID' ? 
                         eq(table.id, req.params.id) :
-                        eq(table.id, parseInt(req.params.id))
+                        eq(table.id, Number(req.params.id))
                 ].filter(Boolean);
 
                 const result = await res.locals.db
@@ -392,10 +395,13 @@ export function buildCrudRouter<T extends PgTable<any> & TableWithId>({
                 };
 
                 const queryParams = parseQueryParams(req);
+                if (table.id.columnType !== 'PgUUID' && isNaN(Number(req.params.id))) {
+                    return res.status(400).json({ error: 'Invalid ID format' });
+                }
                 const whereConditions = [
                     table.id.columnType === 'PgUUID' ? 
                         eq(table.id, req.params.id) :
-                        eq(table.id, parseInt(req.params.id))
+                        eq(table.id, Number(req.params.id))
                 ].filter(Boolean);
 
                 const updated = await res.locals.db
@@ -433,10 +439,13 @@ export function buildCrudRouter<T extends PgTable<any> & TableWithId>({
         async (req: Request, res: Response) => {
             try {
                 const queryParams = parseQueryParams(req);
+                if (table.id.columnType !== 'PgUUID' && isNaN(Number(req.params.id))) {
+                    return res.status(400).json({ error: 'Invalid ID format' });
+                }
                 const whereConditions = [
                     table.id.columnType === 'PgUUID' ? 
                         eq(table.id, req.params.id) :
-                        eq(table.id, parseInt(req.params.id))
+                        eq(table.id, Number(req.params.id))
                 ].filter(Boolean);
 
                 await res.locals.db