start-core/middleware
Installation
SKILL.md
Middleware
Middleware customizes the behavior of server functions and server routes. It is composable — middleware can depend on other middleware to form a chain.
CRITICAL: TypeScript enforces method order:
middleware()→inputValidator()→client()→server(). Wrong order causes type errors. CRITICAL: Validating the shape ofsendContext(e.g.z.string().uuid().parse(...)) is NOT authorization. A parsed identifier is a well-formed identifier, not an authorized one. Always re-check access against the session principal before using a client-sent ID as a query key, filter, or path parameter.
Two Types of Middleware
| Feature | Request Middleware | Server Function Middleware |
|---|---|---|
| Scope | All server requests (SSR, routes, functions) | Server functions only |
| Methods | .server() |
.client(), .server() |
| Input validation | No | Yes (.inputValidator()) |
| Client-side logic | No | Yes |
| Created with | createMiddleware() |
createMiddleware({ type: 'function' }) |
Request middleware cannot depend on server function middleware. Server function middleware can depend on both types.