Global Validation

The Global Validation skill provides a standardized framework for handling external data ingestion within your application. Designed for developers and automated agents, this skill enforces a multi-layered defense strategy, ensuring that security is never reliant solely on client-side checks. By promoting the use of allowlists over blocklists and rigorous type checking, it minimizes the attack surface for common vulnerabilities like SQL injection, XSS, and command injection.

• Standardizes server-side validation as the primary source of truth for all API endpoints, forms, and data processing pipelines.

• Provides immediate user feedback via complementary client-side validation libraries such as Zod, Yup, or Joi.

• Facilitates consistent sanitization and formatting of email addresses, phone numbers, dates, and other structured inputs.

• Enforces strict business rule logic, including range checks, mandatory fields, and state-based integrity constraints.

• Supports systematic error handling, ensuring that API responses and UI components return descriptive, field-specific validation failure messages.

• Always apply validation at every entry point: web interfaces, public/private APIs, and background job queues.

• Prefer explicit allowlists to define permissible data patterns, rejecting invalid data early before it reaches storage or business logic layers.

• Use schema-based validation tools to define consistent data models across services.

• When implementing business rules (e.g., inventory checks or balance verification), ensure these validations happen server-side to prevent manipulation.

• Maintain consistent error handling patterns to improve debuggability and UX while avoiding excessive information disclosure in production environments.