DomainScoreCursor Rules
GitHub

Zod Schema Development Rules

6/13/2025

このルールセットは、TypeScript を第一に考慮したスキーマ宣言と検証ライブラリである Zod の使用に関するベストプラクティスに焦点を当てています。コードの組織化、一般的なパターン、パフォーマンスの最適化、セキュリティ、テスト、ツールなどの側面をカバーしています。これらのルールは、Zod スキーマコードの可読性、保守性、セキュリティを向上させ、アプリケーション内のデータ検証と変換を効率的かつ信頼性の高いものにすることを目的としています。


### 1. Code Organization and Structure:

- **Directory Structure Best Practices:**
    - Consider grouping Zod schemas within dedicated directories (e.g., `schemas/`, `models/schemas/`).
    - Organize schemas by domain, feature, or data model.
    - Use subdirectories for complex schemas or schema families.
- **File Naming Conventions:**
    - Name schema files descriptively (e.g., `user.schema.ts`, `product.schema.ts`).
    - Use a consistent naming pattern throughout the project.
    - Consider including the data model name or the schema's purpose in the filename.
- **Module Organization:**
    - Export schemas as named exports from each module.
    - Create index files (e.g., `index.ts`) to re-export schemas from subdirectories for easier access.
    - Use clear and concise module names.
- **Component Architecture:**
    - If you are building React components, consider creating a `components/schemas/` directory where you house your schema related to specific components.
    - Use Zod to validate the props passed to React components using `z.infer` and `z.ZodType<Props>`
    - You can create a custom hook that handles validation with Zod and stores the parsed result in React state.
- **Code Splitting Strategies:**
    - For large schema definitions, split them into smaller, more manageable files.
    - Use Zod's composition features to combine these smaller schemas into larger, more complex schemas as needed.

### 2. Common Patterns and Anti-patterns:

- **Design Patterns Specific to Zod:**
    - **Schema Composition:** Use `z.intersection`, `z.union`, `z.extend`, and `z.optional` to combine and modify existing schemas.
    - **Schema Transformation:** Use `.transform` to modify data during validation.
    - **Custom Validation:** Use `.refine` and `.superRefine` for custom validation logic.
    - **Default Values:** Use `.default` to assign default values to schema properties.
- **Recommended Approaches for Common Tasks:**
    - **Form Validation:** Use Zod to validate form input data and display errors.
    - **API Request Validation:** Use Zod to validate incoming API request bodies.
    - **Data Serialization/Deserialization:** Use Zod to validate and transform data when serializing or deserializing.
- **Anti-patterns and Code Smells to Avoid:**
    - **Overly Complex Schemas:** Avoid creating schemas that are too complex or difficult to understand. Break them down into smaller, more manageable schemas.
    - **Ignoring Validation Errors:** Always handle validation errors and provide informative feedback to the user.
    - **Duplicated Schema Definitions:** Avoid duplicating schema definitions. Use schema composition to reuse existing schemas.
- **State Management Best Practices:**
    - When using Zod with state management libraries (e.g., Redux, Zustand), validate the state data using Zod schemas.
    - Use Zod to validate state updates before applying them to the state.
- **Error Handling Patterns:**
    - Use Zod's `.safeParse` method to handle validation errors gracefully.
    - Provide informative error messages to the user.
    - Log validation errors for debugging purposes.

### 3. Performance Considerations:

- **Optimization Techniques:**
    - **Schema Caching:** Cache frequently used schemas to avoid re-parsing them.
    - **Pre-compilation:** If possible, pre-compile schemas during build time to improve performance.
    - **Minimize Schema Complexity:** Keep schemas as simple as possible to reduce validation overhead.
- **Memory Management:**
    - Be mindful of the memory usage of large schemas, especially when dealing with large datasets.
    - Release unused schemas when they are no longer needed.
- **Bundle Size Optimization:**
    - Remove unused schemas and code from the bundle.
    - Use tree shaking to eliminate dead code.
- **Lazy Loading Strategies:**
    - Lazily load schemas that are not immediately needed.
    - Use code splitting to load schemas on demand.

### 4. Security Best Practices:

- **Common Vulnerabilities and How to Prevent Them:**
    - **Injection Attacks:** Prevent injection attacks by validating and sanitizing user input data.
    - **Cross-Site Scripting (XSS):** Prevent XSS attacks by encoding user input data before displaying it in the UI.
    - **Denial of Service (DoS):** Prevent DoS attacks by limiting the size and complexity of input data.
- **Input Validation:**
    - Validate all user input data using Zod schemas.
    - Enforce strict validation rules to prevent invalid or malicious data from entering the system.
- **Authentication and Authorization Patterns:**
    - Use Zod to validate user credentials during authentication.
    - Use Zod to validate authorization tokens and permissions.
- **Data Protection Strategies:**
    - Encrypt sensitive data at rest and in transit.
    - Use secure storage mechanisms to protect data from unauthorized access.
- **Secure API Communication:**
    - Use HTTPS to encrypt API communication.
    - Validate API request and response data using Zod schemas.

### 5. Testing Approaches:

- **Unit Testing Strategies:**
    - Write unit tests for individual schemas to ensure they validate data correctly.
    - Test different input scenarios, including valid and invalid data.
    - Use mocking and stubbing to isolate schemas from external dependencies.
- **Integration Testing:**
    - Write integration tests to ensure that schemas work correctly with other parts of the application.
    - Test the interaction between schemas and data sources (e.g., databases, APIs).
- **End-to-End Testing:**
    - Write end-to-end tests to ensure that the entire application works correctly with Zod schemas.
    - Test the user interface and the data flow through the application.
- **Test Organization:**
    - Organize tests into separate directories based on the type of test (e.g., unit, integration, end-to-end).
    - Use descriptive test names to indicate the purpose of each test.
- **Mocking and Stubbing:**
    - Use mocking and stubbing to isolate schemas from external dependencies during testing.
    - Mock data sources and APIs to control the test environment.

### 6. Common Pitfalls and Gotchas:

- **Frequent Mistakes Developers Make:**
    - **Incorrect Schema Definitions:** Ensure that schema definitions accurately reflect the expected data format.
    - **Ignoring Validation Errors:** Always handle validation errors and provide informative feedback to the user.
    - **Overly Complex Schemas:** Avoid creating schemas that are too complex or difficult to understand.
- **Edge Cases to Be Aware Of:**
    - **Null and Undefined Values:** Handle null and undefined values correctly in schemas.
    - **Empty Strings and Arrays:** Handle empty strings and arrays appropriately.
    - **Date and Time Formats:** Use consistent date and time formats throughout the application.
- **Version-Specific Issues:**
    - Be aware of any version-specific issues or breaking changes in Zod.
    - Refer to the Zod documentation and release notes for information on compatibility and migration.
- **Compatibility Concerns:**
    - Ensure that Zod schemas are compatible with the data formats used by other systems or libraries.
    - Consider using a data serialization format (e.g., JSON, YAML) that is widely supported.
- **Debugging Strategies:**
    - Use Zod's `.safeParse` method to log validation errors for debugging purposes.
    - Use a debugger to step through the validation process and identify issues.

### 7. Tooling and Environment:

- **Recommended Development Tools:**
    - **TypeScript:** Use TypeScript to provide static typing for Zod schemas and data.
    - **VS Code:** Use VS Code with the Zod extension for improved code completion and validation.
- **Build Configuration:**
    - Configure the build process to transpile TypeScript code and bundle JavaScript code.
    - Use a module bundler (e.g., Webpack, Parcel, Rollup) to optimize the bundle size.
- **Linting and Formatting:**
    - Use a linter (e.g., ESLint) to enforce code style and best practices.
    - Use a code formatter (e.g., Prettier) to automatically format code.
- **Deployment Best Practices:**
    - Deploy the application to a production environment with appropriate security measures in place.
    - Monitor the application for errors and performance issues.
- **CI/CD Integration:**
    - Integrate Zod schemas into the CI/CD pipeline to automate validation and testing.
    - Run unit tests, integration tests, and end-to-end tests as part of the CI/CD process.
チュートリアルに戻る