TypeScript Security Priority: P0 (CRITICAL) Validate Input at Boundaries - Use , , or at API boundary . Always and validate before using. Use for error handling without throwing. Return on failure. See references/REFERENCE.md for Zod validation schemas, secure cookie setup, and JWT auth patterns. Prevent Injection and XSS - Sanitization : Use for HTML sanitization to prevent Cross-Site Scripting (XSS) . - SQL Injection : Use Parameterized Queries (e.g., ) or Type-safe ORMs ( / ). Use for raw queries. - Input Filtering : Sanitize before using it in file paths or OS commands (Command Injection)…