playbooks

home / skills / tlabs-xyz / tbtc-v2-performance / global-validation

global-validation skill

/.claude/skills/global-validation

This skill helps implement fail-fast, server and client validation with consistent rules, clear errors, and input sanitization across all entry points.

npx playbooks add skill tlabs-xyz/tbtc-v2-performance --skill global-validation

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
2.0 KB
---
name: Global Validation
description: Implement comprehensive validation on server and client sides with fail-fast checks, specific error messages, input sanitization, and consistent validation across all entry points. Use this skill when validating user input or form data, implementing server-side validation logic, adding client-side validation for user experience, creating validation schemas or rules, implementing type and format checks, sanitizing input to prevent injection attacks, validating business rules, creating field-specific error messages, implementing allowlist validation patterns, or ensuring consistent validation across web forms, API endpoints, and background jobs. Use when working with validation libraries, form handlers, API request validators, or any code that processes user input.
---

## When to use this skill

- When validating user input or form data
- When implementing server-side validation logic (always required)
- When adding client-side validation for immediate user feedback
- When creating validation schemas or rules (Joi, Yup, Zod, etc.)
- When implementing type, format, range, or required field checks
- When sanitizing input to prevent injection attacks (SQL, XSS, command injection)
- When validating business rules (balance checks, date validation, etc.)
- When creating specific, helpful error messages for validation failures
- When implementing allowlist validation patterns
- When ensuring consistent validation across web forms, API endpoints, and background jobs
- When working with validation middleware or decorators
- When using validation libraries or frameworks
- When implementing fail-fast validation at entry points

# Global Validation

This Skill provides Claude Code with specific guidance on how to adhere to coding standards as they relate to how it should handle global validation.

## Instructions

For details, refer to the information provided in this file:
[global validation](../../../agent-os/standards/global/validation.md)

Overview

This skill defines a consistent, fail-fast approach to input validation across client, server, and background jobs. It emphasizes clear, field-specific error messages, input sanitization to prevent injection, and reusable validation schemas to keep rules consistent across all entry points.

How this skill works

The skill recommends enforcing validation as close to the entry point as possible and rejecting invalid data immediately (fail-fast). It encourages using shared validation schemas or libraries (Zod, Joi, Yup, TypeScript types) and combining type/format checks, business-rule validation, and sanitization into a predictable pipeline. Error responses are precise and machine-friendly for UI consumption.

When to use it

  • Validating form input on the client for immediate feedback
  • Implementing mandatory server-side validation for all API endpoints
  • Creating shared validation schemas for frontend and backend
  • Sanitizing inputs to prevent SQL, XSS, or command injection
  • Validating business rules like balance checks or date constraints
  • Ensuring consistent validation across jobs, workers, and controllers

Best practices

  • Fail fast at every public entry point and return consistent error shapes
  • Use shared schema libraries or generated types to avoid drift
  • Provide field-specific, developer-friendly error messages and codes
  • Sanitize and normalize inputs before business-rule checks
  • Prefer allowlists over blocklists for values and patterns
  • Validate both shape (type/format) and semantics (business rules) separately

Example use cases

  • Define a single Zod or Joi schema reused by frontend form, API route, and background job
  • Implement middleware that rejects malformed requests with standardized error payloads
  • Add client-side rules to prevent obvious mistakes and server-side checks as the source of truth
  • Sanitize user-submitted HTML and escape outputs to prevent XSS
  • Create allowlist validators for file types, currencies, and country codes

FAQ

Should I rely on client-side validation only?

No. Client-side validation improves UX but server-side validation is mandatory as the source of truth and defense against malicious input.

When should I sanitize versus validate?

Sanitize to normalize or remove malicious content (e.g., strip HTML), and validate to enforce types, formats, ranges, and business rules. Do both where appropriate.