STD-API-001: API Contracts & Validation
1. Context
To ensure that independent modules can talk to each other without causing runtime explosions. "The Contract is King."
2. The Standard (The Floor)
- [MUST] Zod DTOs: Every Server Action or API Endpoint MUST define input/output schemas using Zod.
input: Validates arguments.output: Strips secrets/internal state.- [MUST] Validated Entry: Never trust the client. Validation MUST happen on the Server side (inside the Action/API) regardless of client-side checks.
- [MUST] Backward Compatibility: You MUST NOT introduce Breaking Changes to a
Stable or Public API without a migration plan.
- Forbidden: Renaming a required field.
- Forbidden: A new required field (must be nullable/optional).
3. Best Practices (The Path)
- [SHOULD] Shared Packages: Share DTO types via
@sd/types or similar to keep Client and Server in sync.
- [SHOULD] Versioning: Use explicit versioning (e.g.,
v1, v2) if a breaking change is unavoidable.
5. Version History
| Version |
Date |
Author |
Change |
| 0.1 |
2026-01-25 |
AI |
Draft P1 Standard |
Version History
| Version |
Date |
Author |
Change |
| 0.1.0 |
2026-01-26 |
Antigravity |
Initial Audit & Metadata Injection |