Server actions
Use the template's protected action pattern for validated, authorized, cache-aware mutations.
Server actions
All product mutations should use server actions unless they are framework or external API surfaces. This keeps validation, authorization, mutation, cache refresh, and result shape consistent.
Action flow
Every action should follow the same sequence:
- Validate input with Zod.
- Load the authenticated user on the server.
- Authorize access to the target entity.
- Mutate data with Prisma.
- Refresh cache tags and affected paths.
- Return an
ActionResult.
Protected helpers
Use the shared protected action helpers instead of reimplementing auth and error handling in each feature:
createProtectedActionWithInputfor actions that accept validated input;createProtectedActionfor actions without input.
Cache refresh
Server actions should use cache tag helpers from the feature types file. Route handlers that mutate data should revalidate affected paths.
Error handling
Return user-safe error messages and stable error codes. Log implementation details through the feature logger instead of exposing them in the UI.