Also known as: zod schema
Definition
Zod is a TypeScript-first schema validation library that parses unknown input against a typed schema and returns either typed data or a structured error. In Server Actions, Zod is the validation layer that runs before any business logic, rejecting malformed or hostile input at the boundary.
Zod is a runtime validation library for TypeScript. You declare a schema with builder methods (z.object({ email: z.email(), age: z.number().min(0) })), then call schema.safeParse(input) to validate any unknown value. The return is either { success: true, data: ... } with the typed value or { success: false, error: ... } with structured field-level errors.
Server Actions receive unknown input from the network. TypeScript types disappear at runtime, so the compiler cannot help. Zod is the runtime checkpoint: every Server Action runs safeParse at the top, and only the validated parsed.data flows into the rest of the action. Any malformed payload returns an error immediately without touching the database.
Optional. React Hook Form binds the schema to the form for client-side hints (inline error messages, disabled submit buttons), but the same schema runs on the server inside the Server Action for the authoritative check. The client validation is UX. The server validation is security.