You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .cursor/rules/sim-architecture.mdc
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -61,7 +61,7 @@ Boundary HTTP request and response shapes for all routes under `apps/sim/app/api
61
61
62
62
- Each contract is built with `defineRouteContract({ method, path, params?, query?, body?, headers?, response: { mode: 'json', schema } })` and exports both schemas and named TypeScript type aliases (e.g., `export type CreateFolderBody = z.input<typeof createFolderBodySchema>`).
63
63
- Shared identifier schemas live in `apps/sim/lib/api/contracts/primitives.ts`.
64
-
- Routes validate via canonical helpers in `apps/sim/lib/api/server/validation.ts` (`parseRequest`, `validateJsonBody`, `validateSchema`, `validationErrorResponse`, `getValidationErrorMessage`, `isZodError`). Routes never `import { z } from 'zod'` and never use `instanceof z.ZodError`.
64
+
- Routes validate via canonical helpers in `apps/sim/lib/api/server/validation.ts` (`parseRequest`, `validateSchema`, `validationErrorResponse`, `getValidationErrorMessage`, `isZodError`). Routes never `import { z } from 'zod'` and never use `instanceof z.ZodError`.
65
65
- Clients call `requestJson(contract, ...)` from `apps/sim/lib/api/client/request.ts`; hooks import named type aliases from contracts, never `z.input/z.output`.
66
66
- Routes under `apps/sim/app/api/v1/**` use `apps/sim/app/api/v1/middleware.ts` for shared auth, rate-limit, and workspace access. Compose contract validation inside that middleware.
67
67
- `bun run check:api-validation` enforces this policy and must pass on PRs.
Copy file name to clipboardExpand all lines: AGENTS.md
-25Lines changed: 0 additions & 25 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -156,7 +156,6 @@ const provider = config as unknown as LegacyProvider
156
156
Routes never `import { z } from 'zod'` and never define route-local boundary schemas. They consume the contract from `@/lib/api/contracts/**` and validate with canonical helpers from `@/lib/api/server`:
157
157
158
158
-`parseRequest(contract, request, context)` — fully contract-bound routes; parses params, query, body, and headers in one call
159
-
-`validateJsonBody(request, schema)` — when the body schema comes from a contract but you need to assemble query/headers manually
160
159
-`validateSchema(schema, data)` — for ad-hoc validation against a contract schema or primitive
161
160
-`validationErrorResponse(error)` and `getValidationErrorMessage(error, fallback)` — produce 400 responses from a `ZodError`
162
161
-`validationErrorResponseFromError(error)` — when handling unknown caught errors that may or may not be a `ZodError`
const body =awaitvalidateJsonBody(request, updateFolderBodySchema)
204
-
returnNextResponse.json({ id, ...body })
205
-
} catch (error) {
206
-
if (isZodError(error)) returnvalidationErrorResponse(error)
207
-
throwerror
208
-
}
209
-
})
210
-
```
211
-
212
187
Routes under `apps/sim/app/api/v1/**` use the shared middleware in `apps/sim/app/api/v1/middleware.ts` for auth, rate-limit, and workspace access. Compose contract validation inside that middleware — never reimplement auth/rate-limit per-route.
Copy file name to clipboardExpand all lines: CLAUDE.md
-25Lines changed: 0 additions & 25 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -137,7 +137,6 @@ Every API route handler must be wrapped with `withRouteHandler`. This sets up `A
137
137
Routes never `import { z } from 'zod'` and never define route-local boundary schemas. They consume the contract from `@/lib/api/contracts/**` and validate with canonical helpers from `@/lib/api/server`:
138
138
139
139
-`parseRequest(contract, request, context)` — fully contract-bound routes; parses params, query, body, and headers in one call
140
-
-`validateJsonBody(request, schema)` — when the body schema comes from a contract but you need to assemble query/headers manually
141
140
-`validateSchema(schema, data)` — for ad-hoc validation against a contract schema or primitive
142
141
-`validationErrorResponse(error)` and `getValidationErrorMessage(error, fallback)` — produce 400 responses from a `ZodError`
143
142
-`validationErrorResponseFromError(error)` — when handling unknown caught errors that may or may not be a `ZodError`
Copy file name to clipboardExpand all lines: apps/sim/AGENTS.md
-25Lines changed: 0 additions & 25 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -107,7 +107,6 @@ const provider = config as unknown as LegacyProvider
107
107
Routes never `import { z } from 'zod'` and never define route-local boundary schemas. They consume the contract from `@/lib/api/contracts/**` and validate with canonical helpers from `@/lib/api/server`:
108
108
109
109
-`parseRequest(contract, request, context)` — fully contract-bound routes; parses params, query, body, and headers in one call.
110
-
-`validateJsonBody(request, schema)` — when the body schema comes from a contract but you need to assemble query/headers manually.
111
110
-`validateSchema(schema, data)` — for ad-hoc validation against a contract schema or primitive.
112
111
-`validationErrorResponse(error)` and `getValidationErrorMessage(error, fallback)` — produce 400 responses from a `ZodError`.
113
112
-`validationErrorResponseFromError(error)` — when handling unknown caught errors that may or may not be a `ZodError`.
const body =awaitvalidateJsonBody(request, updateFolderBodySchema)
155
-
returnNextResponse.json({ id, ...body })
156
-
} catch (error) {
157
-
if (isZodError(error)) returnvalidationErrorResponse(error)
158
-
throwerror
159
-
}
160
-
})
161
-
```
162
-
163
138
Routes under `apps/sim/app/api/v1/**` use the shared middleware in `apps/sim/app/api/v1/middleware.ts` for auth, rate-limit, and workspace access. Compose contract validation inside that middleware — never reimplement auth/rate-limit per-route.
0 commit comments