Skip to main content

Server actions

Use the template's protected action pattern for validated, authorized, cache-aware mutations.

SectionFor developers / Project development
PurposeDeveloper how-to
UpdatedJul 6, 2026
AuthorTemplate Maintainers
Versionv1.2.0
Reading time1 min

Server actions

All product mutations should use server actions unless they are framework or external API surfaces. This keeps validation, authorization, mutation, cache refresh, and result shape consistent.

Action flow

Every action should follow the same sequence:

  1. Validate input with Zod.
  2. Load the authenticated user on the server.
  3. Authorize access to the target entity.
  4. Mutate data with Prisma.
  5. Refresh cache tags and affected paths.
  6. Return an ActionResult.

Protected helpers

Use the shared protected action helpers instead of reimplementing auth and error handling in each feature:

  • createProtectedActionWithInput for actions that accept validated input;
  • createProtectedAction for actions without input.

Cache refresh

Server actions should use cache tag helpers from the feature types file. Route handlers that mutate data should revalidate affected paths.

Error handling

Return user-safe error messages and stable error codes. Log implementation details through the feature logger instead of exposing them in the UI.