Documentation

    Documentation

    Documentation

    Ring Platform Logo

    Завантаження документації...

    Підготовка контенту платформи Ring

    Ring Platform Logo

    Завантаження документації...

    Підготовка контенту платформи Ring

    Ring Platform Logo

    Завантаження документації...

    Підготовка контенту платформи Ring

    1. /
    2. /Data Validation

    Updated Jun 29, 20265 min listen

    1. /
    2. /Data Validation

    Updated Jun 29, 20265 min listen

    1. /
    2. /Data Validation

    Updated Jun 29, 20265 min listen

    Concepts, value, and typical clone scenarios — less code.

    Welcome to Ring
    Quick Reference
    Getting Started
    Prerequisites
    Installation
    First Success Validation
    Next Steps
    Architecture
    Data Model
    Real Time
    Discovery Mutation Sync
    Security
    Backend Services
    k8s-postgres-fcm Mode
    Firebase Integration
    Features
    Authentication
    Email AI-CRM
    Entities
    Opportunities
    Notifications
    Push Notifications with FCM (Ring-Powered)
    Tunnel Protocol
    Wallet & Credit System
    Multi-Vendor Store
    Referral Codes (Refcodes)
    Affiliate & Referral Enablement
    Payments Overview
    PaymentConductor
    SubscriptionConductor
    VideoConductor
    News Module - Digital Newspaper Experience
    Member Blogs
    Public Profile Pages
    Username Reservation System
    Scientific Editor
    Locale System
    Security & Compliance
    NFT Marketplace
    Token Staking System
    Performance Optimization Patterns
    Mobile Experience
    Wallet
    Wallet Security Tips
    API
    Authentication
    Email AI-CRM API
    Entities
    Opportunities
    Messaging API
    Notifications API
    Wallet API
    Store API
    Admin API
    Customization
    Quick Start — Your First Ring Clone
    Customization Guide
    Token Economics Setup
    Payment Gateway Integration
    Reference Ring deployments
    Branding
    Themes
    Web3
    Token launch jurisdictions
    Deployment
    Self-hosted deployment
    Vercel
    Docker
    Monitoring & Analytics
    Performance Optimization
    Backup & Recovery
    Development
    Local Setup
    Code Structure
    Documentation components
    Community tooling
    Ring MCP Server
    Generative Images (ImageConductor)
    Autonomous Newsroom (Grok)
    OSS vs enterprise
    Whitelabel Navigation
    Best Practices
    Workflow
    Code Style
    Performance
    Testing
    Deployment
    Debugging
    Contributing
    MCP
    ring-image-create
    ring-video-create
    Examples
    Quick Start
    White Label
    Real World
    Integrations
    Ethereum wallets (Wagmi v3)

    Quick entry (CTOs · auditors · agents)

    Welcome — mission & audiences
    Quick Reference
    Getting started
    Architecture & Auth.js
    Backend modes & databases (DB_BACKEND_MODE)
    Self-hosted
    Ring MCP Tools
    Ring MCP Server
    Token economics
    Token launch jurisdictions
    Deploy (Docker · k8s)
    Security & compliance reads
    ringdom.org — LegioX homebase
    Source — MIT license (GitHub)

    Concepts, value, and typical clone scenarios — less code.

    Welcome to Ring
    Quick Reference
    Getting Started
    Prerequisites
    Installation
    First Success Validation
    Next Steps
    Architecture
    Data Model
    Real Time
    Discovery Mutation Sync
    Security
    Backend Services
    k8s-postgres-fcm Mode
    Firebase Integration
    Features
    Authentication
    Email AI-CRM
    Entities
    Opportunities
    Notifications
    Push Notifications with FCM (Ring-Powered)
    Tunnel Protocol
    Wallet & Credit System
    Multi-Vendor Store
    Referral Codes (Refcodes)
    Affiliate & Referral Enablement
    Payments Overview
    PaymentConductor
    SubscriptionConductor
    VideoConductor
    News Module - Digital Newspaper Experience
    Member Blogs
    Public Profile Pages
    Username Reservation System
    Scientific Editor
    Locale System
    Security & Compliance
    NFT Marketplace
    Token Staking System
    Performance Optimization Patterns
    Mobile Experience
    Wallet
    Wallet Security Tips
    API
    Authentication
    Email AI-CRM API
    Entities
    Opportunities
    Messaging API
    Notifications API
    Wallet API
    Store API
    Admin API
    Customization
    Quick Start — Your First Ring Clone
    Customization Guide
    Token Economics Setup
    Payment Gateway Integration
    Reference Ring deployments
    Branding
    Themes
    Web3
    Token launch jurisdictions
    Deployment
    Self-hosted deployment
    Vercel
    Docker
    Monitoring & Analytics
    Performance Optimization
    Backup & Recovery
    Development
    Local Setup
    Code Structure
    Documentation components
    Community tooling
    Ring MCP Server
    Generative Images (ImageConductor)
    Autonomous Newsroom (Grok)
    OSS vs enterprise
    Whitelabel Navigation
    Best Practices
    Workflow
    Code Style
    Performance
    Testing
    Deployment
    Debugging
    Contributing
    MCP
    ring-image-create
    ring-video-create
    Examples
    Quick Start
    White Label
    Real World
    Integrations
    Ethereum wallets (Wagmi v3)

    Quick entry (CTOs · auditors · agents)

    Welcome — mission & audiences
    Quick Reference
    Getting started
    Architecture & Auth.js
    Backend modes & databases (DB_BACKEND_MODE)
    Self-hosted
    Ring MCP Tools
    Ring MCP Server
    Token economics
    Token launch jurisdictions
    Deploy (Docker · k8s)
    Security & compliance reads
    ringdom.org — LegioX homebase
    Source — MIT license (GitHub)

    Concepts, value, and typical clone scenarios — less code.

    Welcome to Ring
    Quick Reference
    Getting Started
    Prerequisites
    Installation
    First Success Validation
    Next Steps
    Architecture
    Data Model
    Real Time
    Discovery Mutation Sync
    Security
    Backend Services
    k8s-postgres-fcm Mode
    Firebase Integration
    Features
    Authentication
    Email AI-CRM
    Entities
    Opportunities
    Notifications
    Push Notifications with FCM (Ring-Powered)
    Tunnel Protocol
    Wallet & Credit System
    Multi-Vendor Store
    Referral Codes (Refcodes)
    Affiliate & Referral Enablement
    Payments Overview
    PaymentConductor
    SubscriptionConductor
    VideoConductor
    News Module - Digital Newspaper Experience
    Member Blogs
    Public Profile Pages
    Username Reservation System
    Scientific Editor
    Locale System
    Security & Compliance
    NFT Marketplace
    Token Staking System
    Performance Optimization Patterns
    Mobile Experience
    Wallet
    Wallet Security Tips
    API
    Authentication
    Email AI-CRM API
    Entities
    Opportunities
    Messaging API
    Notifications API
    Wallet API
    Store API
    Admin API
    Customization
    Quick Start — Your First Ring Clone
    Customization Guide
    Token Economics Setup
    Payment Gateway Integration
    Reference Ring deployments
    Branding
    Themes
    Web3
    Token launch jurisdictions
    Deployment
    Self-hosted deployment
    Vercel
    Docker
    Monitoring & Analytics
    Performance Optimization
    Backup & Recovery
    Development
    Local Setup
    Code Structure
    Documentation components
    Community tooling
    Ring MCP Server
    Generative Images (ImageConductor)
    Autonomous Newsroom (Grok)
    OSS vs enterprise
    Whitelabel Navigation
    Best Practices
    Workflow
    Code Style
    Performance
    Testing
    Deployment
    Debugging
    Contributing
    MCP
    ring-image-create
    ring-video-create
    Examples
    Quick Start
    White Label
    Real World
    Integrations
    Ethereum wallets (Wagmi v3)

    Quick entry (CTOs · auditors · agents)

    Welcome — mission & audiences
    Quick Reference
    Getting started
    Architecture & Auth.js
    Backend modes & databases (DB_BACKEND_MODE)
    Self-hosted
    Ring MCP Tools
    Ring MCP Server
    Token economics
    Token launch jurisdictions
    Deploy (Docker · k8s)
    Security & compliance reads
    ringdom.org — LegioX homebase
    Source — MIT license (GitHub)
    Docs
    Architecture
    Docs
    Architecture
    Docs
    Architecture

    Data Validation

    Use Founder / Developer tabs in the docs sidebar. Founders: learn how validation protects your business data. Developers: get the full Zod pattern reference with real codebase examples.

    Every API call to your Ring clone is a contract: the client promises well-formed data, and the server promises to process it safely. Data validation is how Ring Platform enforces that contract — rejecting malformed input before it can corrupt records, create phantom orders, or bypass payment verification.

    Validation layers at a glance

    LayerWhat it catchesWho owns it
    Route boundaryMissing fields, wrong types, malformed JSONZod schemas in /app/api/** route handlers
    Service boundaryBusiness rule violations (wrong role, missing ownership)Domain services in features/*/services/
    Database boundaryConstraint violations (NOT NULL, UNIQUE, CHECK)PostgreSQL data/schema.sql constraints

    Each layer adds a narrow guarantee. No single layer replaces the others.

    Why validation protects your business

    The cost of bad data

    Without validation, a malformed API request can:

    • Create ghost records — an opportunity with no title appears in search results
    • Corrupt payment records — a webhook with a spoofed signature triggers a refund
    • Break user experience — invalid preferences crash the settings page
    • Leak confidential data — a missing visibility check exposes deal-room listings

    Ring Platform's three-layer validation catches these before they reach your database.

    What this means for your clone

    When you ringize a deployment, you inherit validation that:

    • Rejects incomplete entity profiles — name, type, location, and visibility are required before a record is created
    • Verifies payment webhooks — WayForPay HMAC signatures are checked before any order status changes
    • Guards confidential tiers — role validation happens before confidential entity/opportunity data is returned
    • Prevents preference injection — user settings are validated against a known schema, so unknown fields can't sneak in

    Business scenarios

    Payment webhook spoofing

    Zod schema architecture

    Ring Platform uses Zod as the single validation library across all API routes, Server Actions, and webhook handlers. Schemas serve as both runtime validators and TypeScript type generators via z.infer<>.

    Schema locations (SSOT)

    LocationPurposeExamples
    lib/zod/Shared cross-feature schemascredit-schemas.ts, store-product.ts, desk-schemas.ts, airdrop-schemas.ts
    features/*/types/Feature-specific schemasfeatures/opportunities/types/, features/news/types/
    app/api/**/route.tsRoute-local schemasInline schemas for MCP and webhook routes

    Canonical route-boundary pattern

    Every API route follows this pattern — parse, validate, then use typed data:

    Anti-pattern: as any

    Never use body as any to bypass TypeScript when calling service functions. If the service expects a specific type, create a Zod schema that validates the shape, then cast the validated output: parsed.data as Parameters<typeof service>[0]. The Zod validation ensures the cast is safe.

    Related documentation

    Security Model

    RBAC, confidential tiers, API hardening checklist, and layout-level auth gates.

    Data Model

    JSONB document contract, schema.sql SSOT, and DatabaseService patterns.

    PaymentConductor

    HMAC webhook verification, idempotent order references, and settlement flows.

    Best Practices

    Server Action conventions, database access patterns, and error handling.

    Data Validation

    Use Founder / Developer tabs in the docs sidebar. Founders: learn how validation protects your business data. Developers: get the full Zod pattern reference with real codebase examples.

    Every API call to your Ring clone is a contract: the client promises well-formed data, and the server promises to process it safely. Data validation is how Ring Platform enforces that contract — rejecting malformed input before it can corrupt records, create phantom orders, or bypass payment verification.

    Validation layers at a glance

    LayerWhat it catchesWho owns it
    Route boundaryMissing fields, wrong types, malformed JSONZod schemas in /app/api/** route handlers
    Service boundaryBusiness rule violations (wrong role, missing ownership)Domain services in features/*/services/
    Database boundaryConstraint violations (NOT NULL, UNIQUE, CHECK)PostgreSQL data/schema.sql constraints

    Each layer adds a narrow guarantee. No single layer replaces the others.

    Why validation protects your business

    The cost of bad data

    Without validation, a malformed API request can:

    • Create ghost records — an opportunity with no title appears in search results
    • Corrupt payment records — a webhook with a spoofed signature triggers a refund
    • Break user experience — invalid preferences crash the settings page
    • Leak confidential data — a missing visibility check exposes deal-room listings

    Ring Platform's three-layer validation catches these before they reach your database.

    What this means for your clone

    When you ringize a deployment, you inherit validation that:

    • Rejects incomplete entity profiles — name, type, location, and visibility are required before a record is created
    • Verifies payment webhooks — WayForPay HMAC signatures are checked before any order status changes
    • Guards confidential tiers — role validation happens before confidential entity/opportunity data is returned
    • Prevents preference injection — user settings are validated against a known schema, so unknown fields can't sneak in

    Business scenarios

    Payment webhook spoofing

    Zod schema architecture

    Ring Platform uses Zod as the single validation library across all API routes, Server Actions, and webhook handlers. Schemas serve as both runtime validators and TypeScript type generators via z.infer<>.

    Schema locations (SSOT)

    LocationPurposeExamples
    lib/zod/Shared cross-feature schemascredit-schemas.ts, store-product.ts, desk-schemas.ts, airdrop-schemas.ts
    features/*/types/Feature-specific schemasfeatures/opportunities/types/, features/news/types/
    app/api/**/route.tsRoute-local schemasInline schemas for MCP and webhook routes

    Canonical route-boundary pattern

    Every API route follows this pattern — parse, validate, then use typed data:

    Anti-pattern: as any

    Never use body as any to bypass TypeScript when calling service functions. If the service expects a specific type, create a Zod schema that validates the shape, then cast the validated output: parsed.data as Parameters<typeof service>[0]. The Zod validation ensures the cast is safe.

    Related documentation

    Security Model

    RBAC, confidential tiers, API hardening checklist, and layout-level auth gates.

    Data Model

    JSONB document contract, schema.sql SSOT, and DatabaseService patterns.

    PaymentConductor

    HMAC webhook verification, idempotent order references, and settlement flows.

    Best Practices

    Server Action conventions, database access patterns, and error handling.

    Data Validation

    Use Founder / Developer tabs in the docs sidebar. Founders: learn how validation protects your business data. Developers: get the full Zod pattern reference with real codebase examples.

    Every API call to your Ring clone is a contract: the client promises well-formed data, and the server promises to process it safely. Data validation is how Ring Platform enforces that contract — rejecting malformed input before it can corrupt records, create phantom orders, or bypass payment verification.

    Validation layers at a glance

    LayerWhat it catchesWho owns it
    Route boundaryMissing fields, wrong types, malformed JSONZod schemas in /app/api/** route handlers
    Service boundaryBusiness rule violations (wrong role, missing ownership)Domain services in features/*/services/
    Database boundaryConstraint violations (NOT NULL, UNIQUE, CHECK)PostgreSQL data/schema.sql constraints

    Each layer adds a narrow guarantee. No single layer replaces the others.

    Why validation protects your business

    The cost of bad data

    Without validation, a malformed API request can:

    • Create ghost records — an opportunity with no title appears in search results
    • Corrupt payment records — a webhook with a spoofed signature triggers a refund
    • Break user experience — invalid preferences crash the settings page
    • Leak confidential data — a missing visibility check exposes deal-room listings

    Ring Platform's three-layer validation catches these before they reach your database.

    What this means for your clone

    When you ringize a deployment, you inherit validation that:

    • Rejects incomplete entity profiles — name, type, location, and visibility are required before a record is created
    • Verifies payment webhooks — WayForPay HMAC signatures are checked before any order status changes
    • Guards confidential tiers — role validation happens before confidential entity/opportunity data is returned
    • Prevents preference injection — user settings are validated against a known schema, so unknown fields can't sneak in

    Business scenarios

    Payment webhook spoofing

    Zod schema architecture

    Ring Platform uses Zod as the single validation library across all API routes, Server Actions, and webhook handlers. Schemas serve as both runtime validators and TypeScript type generators via z.infer<>.

    Schema locations (SSOT)

    LocationPurposeExamples
    lib/zod/Shared cross-feature schemascredit-schemas.ts, store-product.ts, desk-schemas.ts, airdrop-schemas.ts
    features/*/types/Feature-specific schemasfeatures/opportunities/types/, features/news/types/
    app/api/**/route.tsRoute-local schemasInline schemas for MCP and webhook routes

    Canonical route-boundary pattern

    Every API route follows this pattern — parse, validate, then use typed data:

    Anti-pattern: as any

    Never use body as any to bypass TypeScript when calling service functions. If the service expects a specific type, create a Zod schema that validates the shape, then cast the validated output: parsed.data as Parameters<typeof service>[0]. The Zod validation ensures the cast is safe.

    Related documentation

    Security Model

    RBAC, confidential tiers, API hardening checklist, and layout-level auth gates.

    Data Model

    JSONB document contract, schema.sql SSOT, and DatabaseService patterns.

    PaymentConductor

    HMAC webhook verification, idempotent order references, and settlement flows.

    Best Practices

    Server Action conventions, database access patterns, and error handling.

    An attacker sends a fake "payment completed" webhook. Ring validates the HMAC signature first — if it doesn't match, the webhook is rejected before any order status changes.

    Opportunity creation

    A client submits an opportunity without a title or category. Zod rejects it at the route boundary with a clear error message — no ghost record is created.

    User preferences

    A malicious client tries to inject unknown fields into their preferences. The Zod schema strips unknown keys — only locale, currency, and theme are accepted.

    Confidential deal room

    A subscriber tries to access confidential opportunities. The route gate checks role before the query runs — the database never sees the unauthorized request.

    Operator takeaway

    Validation is not just a developer concern — it directly protects your revenue, your users' trust, and your compliance posture. Every Ring clone ships with these guards enabled by default.

    z.preprocess for webhook normalization

    Payment webhooks (WayForPay, Stripe) arrive in various formats. z.preprocess normalizes the raw body before validation — but for HMAC-verified webhooks, never transform values (HMAC uses Object.values() on the raw payload):

    For webhooks with multiple wire formats (like Web Vitals metrics), z.preprocess can normalize into a canonical shape:

    Conditional validation with superRefine

    When validation rules depend on field values (e.g., metadata requirements vary by conversation type), use superRefine:

    Enum extraction from TypeScript enums

    For large TypeScript enums (like NotificationType with 27 values), extract values at runtime for Zod:

    after() for non-blocking analytics writes

    Analytics routes use Next.js 16 after() to respond immediately while DB writes happen in the background. This eliminates ~50ms of blocking latency per analytics call:

    HMAC + Zod for payment webhooks

    Payment webhook processing combines Zod shape validation with HMAC signature verification:

    Payment webhook validation flow
    1. 1

      Parse and validate shape

      Zod ensures the payload has required fields (orderReference, merchantSignature, amount, etc.) before any processing.

    2. 2

      Verify HMAC signature

      Recompute the HMAC-MD5 from payload values using the merchant secret key. Compare with merchantSignature. Reject on mismatch.

    3. 3

      Dispatch by order reference

      Parse the orderReference prefix to determine the order type (store, membership, news promotion) and route to the correct handler.

    4. 4

      Idempotent update

      Handlers check existing order status before updating — duplicate webhooks are safely ignored.

    MCP route validation

    All /api/mcp/v1/* routes use Zod schemas with .passthrough() for forward compatibility. This allows MCP clients to send additional fields without breaking, while still validating required fields:

    Anti-patterns eliminated

    Anti-patternWhy it's dangerousReplacement
    body as anyBypasses all type checkingZod safeParse + typed output
    Manual if chainsEasy to miss edge casesSingle schema.safeParse() call
    Mutating parsed bodySide effects break predictabilitySpread into new object
    No route validationService receives garbageZod at route boundary
    as Record<string, unknown> on DB readsHides type mismatchesschema.safeParse(dbResult.data)

    Authentication

    Auth.js v5 sessions, role enum SSOT, and multi-provider setup.

    An attacker sends a fake "payment completed" webhook. Ring validates the HMAC signature first — if it doesn't match, the webhook is rejected before any order status changes.

    Opportunity creation

    A client submits an opportunity without a title or category. Zod rejects it at the route boundary with a clear error message — no ghost record is created.

    User preferences

    A malicious client tries to inject unknown fields into their preferences. The Zod schema strips unknown keys — only locale, currency, and theme are accepted.

    Confidential deal room

    A subscriber tries to access confidential opportunities. The route gate checks role before the query runs — the database never sees the unauthorized request.

    Operator takeaway

    Validation is not just a developer concern — it directly protects your revenue, your users' trust, and your compliance posture. Every Ring clone ships with these guards enabled by default.

    z.preprocess for webhook normalization

    Payment webhooks (WayForPay, Stripe) arrive in various formats. z.preprocess normalizes the raw body before validation — but for HMAC-verified webhooks, never transform values (HMAC uses Object.values() on the raw payload):

    For webhooks with multiple wire formats (like Web Vitals metrics), z.preprocess can normalize into a canonical shape:

    Conditional validation with superRefine

    When validation rules depend on field values (e.g., metadata requirements vary by conversation type), use superRefine:

    Enum extraction from TypeScript enums

    For large TypeScript enums (like NotificationType with 27 values), extract values at runtime for Zod:

    after() for non-blocking analytics writes

    Analytics routes use Next.js 16 after() to respond immediately while DB writes happen in the background. This eliminates ~50ms of blocking latency per analytics call:

    HMAC + Zod for payment webhooks

    Payment webhook processing combines Zod shape validation with HMAC signature verification:

    Payment webhook validation flow
    1. 1

      Parse and validate shape

      Zod ensures the payload has required fields (orderReference, merchantSignature, amount, etc.) before any processing.

    2. 2

      Verify HMAC signature

      Recompute the HMAC-MD5 from payload values using the merchant secret key. Compare with merchantSignature. Reject on mismatch.

    3. 3

      Dispatch by order reference

      Parse the orderReference prefix to determine the order type (store, membership, news promotion) and route to the correct handler.

    4. 4

      Idempotent update

      Handlers check existing order status before updating — duplicate webhooks are safely ignored.

    MCP route validation

    All /api/mcp/v1/* routes use Zod schemas with .passthrough() for forward compatibility. This allows MCP clients to send additional fields without breaking, while still validating required fields:

    Anti-patterns eliminated

    Anti-patternWhy it's dangerousReplacement
    body as anyBypasses all type checkingZod safeParse + typed output
    Manual if chainsEasy to miss edge casesSingle schema.safeParse() call
    Mutating parsed bodySide effects break predictabilitySpread into new object
    No route validationService receives garbageZod at route boundary
    as Record<string, unknown> on DB readsHides type mismatchesschema.safeParse(dbResult.data)

    Authentication

    Auth.js v5 sessions, role enum SSOT, and multi-provider setup.

    An attacker sends a fake "payment completed" webhook. Ring validates the HMAC signature first — if it doesn't match, the webhook is rejected before any order status changes.

    Opportunity creation

    A client submits an opportunity without a title or category. Zod rejects it at the route boundary with a clear error message — no ghost record is created.

    User preferences

    A malicious client tries to inject unknown fields into their preferences. The Zod schema strips unknown keys — only locale, currency, and theme are accepted.

    Confidential deal room

    A subscriber tries to access confidential opportunities. The route gate checks role before the query runs — the database never sees the unauthorized request.

    Operator takeaway

    Validation is not just a developer concern — it directly protects your revenue, your users' trust, and your compliance posture. Every Ring clone ships with these guards enabled by default.

    z.preprocess for webhook normalization

    Payment webhooks (WayForPay, Stripe) arrive in various formats. z.preprocess normalizes the raw body before validation — but for HMAC-verified webhooks, never transform values (HMAC uses Object.values() on the raw payload):

    For webhooks with multiple wire formats (like Web Vitals metrics), z.preprocess can normalize into a canonical shape:

    Conditional validation with superRefine

    When validation rules depend on field values (e.g., metadata requirements vary by conversation type), use superRefine:

    Enum extraction from TypeScript enums

    For large TypeScript enums (like NotificationType with 27 values), extract values at runtime for Zod:

    after() for non-blocking analytics writes

    Analytics routes use Next.js 16 after() to respond immediately while DB writes happen in the background. This eliminates ~50ms of blocking latency per analytics call:

    HMAC + Zod for payment webhooks

    Payment webhook processing combines Zod shape validation with HMAC signature verification:

    Payment webhook validation flow
    1. 1

      Parse and validate shape

      Zod ensures the payload has required fields (orderReference, merchantSignature, amount, etc.) before any processing.

    2. 2

      Verify HMAC signature

      Recompute the HMAC-MD5 from payload values using the merchant secret key. Compare with merchantSignature. Reject on mismatch.

    3. 3

      Dispatch by order reference

      Parse the orderReference prefix to determine the order type (store, membership, news promotion) and route to the correct handler.

    4. 4

      Idempotent update

      Handlers check existing order status before updating — duplicate webhooks are safely ignored.

    MCP route validation

    All /api/mcp/v1/* routes use Zod schemas with .passthrough() for forward compatibility. This allows MCP clients to send additional fields without breaking, while still validating required fields:

    Anti-patterns eliminated

    Anti-patternWhy it's dangerousReplacement
    body as anyBypasses all type checkingZod safeParse + typed output
    Manual if chainsEasy to miss edge casesSingle schema.safeParse() call
    Mutating parsed bodySide effects break predictabilitySpread into new object
    No route validationService receives garbageZod at route boundary
    as Record<string, unknown> on DB readsHides type mismatchesschema.safeParse(dbResult.data)

    Authentication

    Auth.js v5 sessions, role enum SSOT, and multi-provider setup.