form-types-validation_skill

This skill strengthens Symfony form types validation and authorization by applying test-backed boundaries at controllers and API operations.
  • Shell

69

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill makfly/superpowers-symfony --skill form-types-validation

  • reference.md9.8 KB
  • SKILL.md1.1 KB

Overview

This skill strengthens Symfony authorization and validation boundaries by enforcing explicit checks at form type and controller boundaries. It guides mapping actor-resource-action matrices, placing voters and constraints correctly, and producing test-backed negative and positive path coverage. The result is clearer responsibility, fewer duplicated policies, and safer error exposure.

How this skill works

The skill inspects form types, validators, and voter implementations to ensure access control and validation live at the correct boundary. It recommends wiring checks into controllers and API operations, and it generates a test matrix that exercises allowed, forbidden, and invalid paths. Outputs include suggested boundary updates, integration points, and failing negative-path tests to prevent regressions.

When to use it

  • Hardening access-control around sensitive domain actions
  • Aligning security voters or expressions with domain validation rules
  • Ensuring form input validation and authorization occur at intended boundaries
  • Reducing duplicated policy logic across layers
  • Auditing error messages to avoid leaking privileged state

Best practices

  • Map actor-resource-action decisions before implementing checks
  • Place policy logic in voters or dedicated constraints, not duplicated in controllers and forms
  • Wire explicit deny behavior for sensitive actions and test it
  • Keep error responses minimal to avoid leaking privileged state
  • Cover positive, forbidden, and invalid cases in automated tests

Example use cases

  • Move a permission check from a controller into a voter used by a form submit to centralize policy
  • Add a custom constraint to a form type to enforce domain rules already used by a voter
  • Create a test suite that asserts forbidden users receive 403 and invalid input yields validation errors
  • Audit a code path that returned detailed errors to ensure sensitive state is not exposed
  • Document integration points where authorization and validation intersect for future maintainers

FAQ

Place access decisions in voters or policy services and keep validation-specific rules in form constraints. Avoid duplicating the same rule in both places.

How do I test negative paths effectively?

Build a decision matrix of actor/resource/action combinations and write tests for allowed, forbidden, and invalid inputs to ensure behavior stays explicit.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
form-types-validation skill by makfly/superpowers-symfony | VeilStrat