One thing that worked well in our fork was adding first-class hardened schema helpers plus default control-character rejection for parsed strings.
The goal was to make agent-facing CLIs safer by default without requiring every command author to rediscover the same validation patterns.
The patch adds helpers like:
hardened.path()hardened.id()hardened.text()hardened.url()
It also makes parser-handled z.string() inputs reject ASCII control characters by default, with an explicit opt-out via schema metadata.
That gave us:
- safer path handling
- safer free-form text handling
- safer URL/id handling
- parser-wide protection instead of per-command ad hoc checks
Reference patch:
Example from the patch:
if (typeof value !== 'string' || allowsControlChars(schema) || !hasControlChars(value)) return []
Would you be interested in upstreaming hardened input primitives like this, either as built-ins or as an optional companion export?
One thing that worked well in our fork was adding first-class hardened schema helpers plus default control-character rejection for parsed strings.
The goal was to make agent-facing CLIs safer by default without requiring every command author to rediscover the same validation patterns.
The patch adds helpers like:
hardened.path()hardened.id()hardened.text()hardened.url()It also makes parser-handled
z.string()inputs reject ASCII control characters by default, with an explicit opt-out via schema metadata.That gave us:
Reference patch:
Example from the patch:
Would you be interested in upstreaming hardened input primitives like this, either as built-ins or as an optional companion export?