Add validation for untrusted GitHub API responses

[Copilot]

GitHub API responses are untrusted external data but were being used directly without validation, creating type safety and security risks.

Changes

• Added validators (githubAPIValidators.ts) for 11 API response types: SessionInfo, PullRequestFile, JobInfo, IOctoKitUser, CustomAgentListItem, and response wrappers
• Applied validation at consumption points in githubAPI.ts and githubService.ts (9 functions total)
• Added error logging when validation fails, returning safe defaults instead of using malformed data

Example

Before:

const result = await makeGitHubAPIRequest(...);
return result || [];  // No validation, trusts external data

After:

const result = await makeGitHubAPIRequest(...);
if (!result) return [];

const validationResult = vArray(vPullRequestFile).validate(result);
if (validationResult.error) {
  this._logService.error(`Validation failed: ${validationResult.error.message}`);
  return [];
}
return validationResult.content;  // Type-safe, validated data

The validator library (similar to Zod) ensures external API data matches expected TypeScript types before use.

Original prompt

I've made a change to accurately reflect that the response from makeGitHubAPIRequest is untrusted.

Use #file:validator.ts (it's like zod)

The user has attached the following file paths as relevant context:

• src/platform/configuration/common/validator.ts
• src/platform/github/common/githubAPI.ts

TITLE: Updating GitHub API response validation logic

Created from VS Code.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.