AgentSkillsCN

Global Validation

实施全面的验证机制,利用Zod Schema在客户端与服务器端均进行类型安全的验证,同时将服务器端验证作为安全防线(切勿信任客户端输入)。在验证用户输入、创建接收数据的API端点、实现表单、定义数据Schema、验证文件上传、创建验证中间件、实施Firestore安全规则或Supabase RLS,或为任何用户提供的数据编写验证规则时,可使用此技能。适用于处理API路由处理器、使用React Hook Form的表单组件、验证中间件、Zod Schema定义(schemas/*.ts、validation/*.ts)、Firestore安全规则(firestore.rules)、Supabase RLS策略,或任何接受外部输入的代码。此技能确保始终以服务器端验证为主(客户端验证仅用于提升用户体验),采用Zod进行Schema验证,并借助TypeScript的类型推断功能(z.infer<typeof schema>);为Express/Bun API构建验证中间件工厂,为表单使用React Hook Form + zodResolver,输出人性化且通俗易懂的错误信息(避免使用技术术语),对HTML内容使用DOMPurify进行输入净化,对文件上传进行验证(通过类型白名单与multer设置大小限制),在Firestore安全规则中加入数据类型与长度校验,为.NET API使用FluentValidation,落实数据库级别的约束强制,贯彻尽早验证的原则,同时在应用启动时通过Zod对环境变量进行验证。

SKILL.md
--- frontmatter
name: Global Validation
description: Implement comprehensive validation using Zod schemas for type-safe validation on both client and server, with server-side validation as the security boundary (never trust client input). Use this skill when validating user inputs, creating API endpoints that accept data, implementing forms, defining data schemas, validating file uploads, creating validation middleware, implementing Firestore security rules or Supabase RLS, or writing validation rules for any user-provided data. Apply when working on API route handlers, form components with React Hook Form, validation middleware, Zod schema definitions (schemas/*.ts, validation/*.ts), Firestore security rules (firestore.rules), Supabase RLS policies, or any code that accepts external input. This skill ensures server-side validation always (client-side is for UX only), Zod for schema validation with TypeScript type inference (z.infer<typeof schema>), validation middleware factory for Express/Bun APIs, React Hook Form + zodResolver for forms, user-friendly error messages (not technical jargon), input sanitization with DOMPurify for HTML content, file upload validation (type whitelist, size limits with multer), Firestore security rules with data type and length validation, FluentValidation for .NET APIs, database-level constraints enforcement, fail-early validation principles, and environment variable validation with Zod on application startup.

Global Validation

When to use this skill:

  • When creating API endpoints that accept request bodies
  • When implementing validation middleware factory for Express/Bun/Hono
  • When defining Zod schemas for data validation with type inference
  • When creating forms with React Hook Form and zodResolver
  • When validating file uploads (MIME type whitelist, size limits with multer)
  • When writing Firestore security rules (firestore.rules) for database validation
  • When writing Supabase Row Level Security (RLS) policies
  • When implementing input sanitization with DOMPurify to prevent XSS
  • When adding validation to service layer methods (fail-early)
  • When creating custom Zod refinements (e.g., password complexity) or transforms (e.g., string to Date)
  • When writing user-friendly validation error messages (not technical jargon)
  • When validating environment variables with Zod on application startup
  • When working on any code that accepts user input or external data
  • When implementing FluentValidation for .NET API validation
  • When creating complex nested schemas with arrays and optional fields

This Skill provides Claude Code with specific guidance on how to adhere to coding standards as they relate to how it should handle global validation.

Instructions

For details, refer to the information provided in this file: global validation