Data Validation - Input Sanitisation & Schema Patterns

Validation patterns ensuring all data entering the system is validated at boundaries: user input via Zod (frontend), API requests via Pydantic (backend). No unvalidated data crosses a trust boundary.

Description

Defines Zod and Pydantic validation patterns for all data entering the system at trust boundaries. Covers form validation, API request schemas, type-safe contracts, Australian-specific validators (ABN, phone, postcode), and schema composition strategies.

When to Apply

Positive Triggers

• Creating or modifying form inputs with user data
• Defining API request/response schemas (Pydantic models)
• Adding Zod schemas for frontend validation
• Reviewing code for missing input validation
• Building new API endpoints that accept POST/PUT/PATCH data
• User mentions: "validation", "Zod", "Pydantic", "schema", "sanitise", "input"