tessl-labs/nextjs-api-patterns
Next.js App Router API patterns — Route Handlers, Server Actions, middleware, validation, caching, error handling
92
1.58x
Quality
90%
Does it follow best practices?
Impact
95%
1.58xAverage score across 5 eval scenarios
Securityby
Passed
No known issues
validation-in-handlers.jsonverifiers/
{
"instruction": "Validate input with zod (or equivalent) in both Route Handlers and Server Actions",
"relevant_when": "Agent writes Route Handlers or Server Actions that accept user input",
"context": "Route Handlers and Server Actions are public endpoints -- any client can send any payload. Input must be validated with a schema library (zod recommended) using safeParse rather than parse (which throws). Validation errors should return structured field-level error details. For Server Actions, validation errors are returned as state (not thrown) so the form can display them. For Route Handlers, validation errors return 400 with a structured error body.",
"sources": [
{
"type": "file",
"filename": "skills/nextjs-api-patterns/SKILL.md",
"tile": "tessl-labs/nextjs-api-patterns@0.2.0"
}
],
"checklist": [
{
"name": "schema-validation-present",
"rule": "Route Handlers and Server Actions that accept input use a schema validation library (zod, yup, valibot, etc.) to validate the incoming data before processing it",
"relevant_when": "Agent writes Route Handlers or Server Actions that accept POST/PUT/PATCH bodies or form data"
},
{
"name": "safe-parse-used",
"rule": "Validation uses safeParse (or equivalent non-throwing method) so validation failures are handled as data, not exceptions",
"relevant_when": "Agent validates input with zod in Route Handlers or Server Actions"
},
{
"name": "field-level-errors-returned",
"rule": "Validation failures return field-level error details (which fields failed and why) -- not just a generic 'invalid input' message",
"relevant_when": "Agent handles validation errors in Route Handlers or Server Actions"
}
]
}