---
format:
  revealjs:
    title-slide-attributes:
      data-visibility: hidden
    css: style.css
    theme: simple
    slide-number: true
    code-line-numbers: false
    preview-links: auto
    keyboard: true
    touch: true
    help: true
    include-in-header: meta-tags.html
    link-external-newwindow: true
    mermaid-format: png
revealjs-plugins:
  - fontawesome
execute:
  echo: true
  eval: false
keywords: ["data-validation", "pydantic", "zod", "python", "typescript", "software-engineering", "type-safety"]
description-meta: "Explore the benefits of data validation libraries like Pydantic and Zod. Learn how they improve readability, type safety, testing, security, and maintainability in your applications."
license: "CC0 1.0 Universal"
pagetitle: "Parse, Don't Pray: The Case for Data Validation"
author-meta: "Indrajeet Patil"
date-meta: "2025-12-06"
lang: "en"
dir: "ltr"
image: "media/social-media-card.jpg"
image-alt: "Parse, Don't Pray - Two hands clasped together symbolizing the partnership between Pydantic and Zod for data validation"
canonical-url: "https://indrajeetpatil.github.io/parse-dont-pray/"
---

## {.unnumbered .unlisted}

::: {style="text-align: center;"}

::: {style="font-size: 1.3em; font-weight: bold; margin-bottom: 0.4em;"}
Parse, Don't Pray: The Case for Data Validation
:::

::: {style="font-size: 0.9em; margin-bottom: 0.1em;"}
Indrajeet Patil
:::

::: {style="display: flex; justify-content: center; margin-top: 0.2em;"}
![](media/social-media-card.jpg){width="85%" style="max-height: 400px; object-fit: contain;" fig-alt="Parse, Don't Pray - Two hands clasped together symbolizing the partnership between Pydantic and Zod for data validation"}
:::

:::

::: {.footer style="text-align: center; font-size: 0.55em; color: #999; position: absolute; bottom: 20px; left: 0; right: 0;"}
Source code: [github.com/IndrajeetPatil/parse-dont-pray](https://github.com/IndrajeetPatil/parse-dont-pray/)
:::

## What You'll Learn {.smaller}

- Why data validation libraries are essential for robust applications
- How Pydantic (Python) and Zod (TypeScript) improve code quality
- Benefits across readability, runtime behavior, typing, testing, and security

<br>

::: {style="background-color: #FFFBC1; padding: 20px; border-radius: 25px; text-align: center;"}

üéØ **Goal**

Create a **validated type system** that works at runtime, ensuring data actually matches your assumptions.

:::

<br>

::: {style="background-color: #e3f2fd; padding: 20px; border-radius: 25px; text-align: center;"}

Examples assume a **Python-TypeScript** full-stack, but the outlined principles are relevant in other stacks as well.

:::

# Introduction

*Why data validation matters*

## Dynamic vs Static Typing {.smaller}

Understanding type systems explains why data validation is crucial.

:::: {.columns}

::: {.column width="50%" .fragment}

::: {style="background-color: #e8f5e9; padding: 15px; border-radius: 10px; font-size: 0.85em;"}

::: {style="font-size: 1.05em; font-weight: bold; margin-bottom: 8px;"}
**Statically Typed** (e.g., Java, C++, Rust)
:::

- Types checked at **compile time**
- Type errors caught before runtime
- More verbose type declarations
- Compiler guarantees type safety

::: {style="font-size: 1.1em;"}
```rust
fn greet(name: String) -> String {
    format!("Hello, {}!", name)
}

// Won't compile: type mismatch
greet(42);  // Error at compile time
```
:::

:::

:::

::: {.column width="50%" .fragment}

::: {style="background-color: #fff3e0; padding: 15px; border-radius: 10px; font-size: 0.85em;"}

::: {style="font-size: 1.05em; font-weight: bold; margin-bottom: 8px;"}
**Dynamically Typed** (e.g., Python, JavaScript)
:::

- Types checked at **runtime**
- Type errors appear during execution
- More flexible, less verbose
- No compile-time type guarantees

::: {style="font-size: 1.1em;"}
```python
def greet(name: str) -> str:
    return f"Hello, {name}!"

# Runs fine, even with wrong type
greet(42)          # "Hello, 42!"
# Type error only if you use string methods
greet(42).upper()  # Runtime error!
```
:::

:::

:::

::::

. . .

::: {style="background-color: #e3f2fd; padding: 15px; border-radius: 10px; margin-top: 20px; text-align: center; font-size: 0.9em;"}

**Why validation matters more for dynamic languages**: <br>
Without compile-time checks, **runtime validation** ensures data integrity.

:::

## What is Data Validation? {.smaller}

Ensuring data meets specific criteria before use.

:::: {.columns}

::: {.column width="50%" .fragment}

::: {style="background-color: #ffebee; padding: 15px; border-radius: 10px; font-size: 0.85em;"}

::: {style="font-size: 1.05em; font-weight: bold; margin-bottom: 8px;"}
**‚ùå Without validation libraries**
:::

Manual checks scattered throughout code:

- Type checking (`isinstance`, `typeof`)
- Range validation (`age >= 18`)
- Format validation (email regex, URL patterns)
- Custom business rules
- Logic spreads across codebase
- Difficult to maintain

:::

:::

::: {.column width="50%" .fragment}

::: {style="background-color: #e8f5e9; padding: 15px; border-radius: 10px; font-size: 0.85em;"}

::: {style="font-size: 1.05em; font-weight: bold; margin-bottom: 8px;"}
**‚úÖ With validation libraries**
:::

Schemas automatically validate, parse, and type data:

- Centralized validation rules
- Self-documenting structures
- Automatic type coercion
- Detailed error messages
- Runtime type safety
- Easier to maintain and evolve

:::

:::

::::

## Meet the Libraries {.smaller}

:::: {.columns}

::: {.column width="50%" .fragment}

::: {style="background-color: #ffffff; border: 2px solid #E92063; border-radius: 15px; padding: 20px; box-shadow: 0 4px 6px rgba(0,0,0,0.1); font-size: 0.85em; text-align: center;"}

::: {style="height: 100px; display: flex; align-items: center; justify-content: center; margin-bottom: 15px;"}
![](media/pydantic-logo.png){width="100px" fig-alt="Pydantic logo"}
:::

::: {style="font-size: 1.05em; font-weight: bold; margin-bottom: 10px;"}
**Pydantic** (Python)
:::

Runtime data validation using Python type annotations

::: {style="margin-top: 10px; font-size: 0.95em;"}
[docs.pydantic.dev](https://docs.pydantic.dev/latest/)
:::

:::

:::

::: {.column width="50%" .fragment}

::: {style="background-color: #ffffff; border: 2px solid #3E67B1; border-radius: 15px; padding: 20px; box-shadow: 0 4px 6px rgba(0,0,0,0.1); font-size: 0.85em; text-align: center;"}

::: {style="height: 100px; display: flex; align-items: center; justify-content: center; margin-bottom: 15px;"}
![](media/zod-logo.webp){width="100px" fig-alt="Zod logo"}
:::

::: {style="font-size: 1.05em; font-weight: bold; margin-bottom: 10px;"}
**Zod** (TypeScript)
:::

TypeScript-first schema validation with type inference

::: {style="margin-top: 10px; font-size: 0.95em;"}
[zod.dev](https://zod.dev/)
:::

:::

:::

::::

# Benefits of Data Validation Libraries

*Creating robust, maintainable applications*

# Readability

*Self-documenting schemas that reduce cognitive load*

## Self-Documenting Schemas {.smaller}

::: {.panel-tabset}

### Python (Pydantic)

In [None]:
from pydantic import BaseModel, EmailStr, Field
from typing import Literal

class UserProfile(BaseModel):
    username: str = Field(min_length=3, max_length=20)
    email: EmailStr
    age: int = Field(ge=18, le=120)
    role: Literal["admin", "user", "guest"]
    is_active: bool = True

### TypeScript (Zod)

```typescript
import { z } from "zod";

const UserProfileSchema = z.object({
  username: z.string().min(3).max(20),
  email: z.string().email(),
  age: z.number().int().min(18).max(120),
  role: z.enum(["admin", "user", "guest"]),
  isActive: z.boolean().default(true),
});

type UserProfile = z.infer<typeof UserProfileSchema>;
```

:::

::: {style="background-color: #e8f5e9; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
The schema **is** the documentation‚Äîno separate docs needed!
:::

## Single Source of Truth {.smaller}

::: {.panel-tabset}

### Python (Pydantic)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

In [None]:
from pydantic import BaseModel, Field, field_validator
from datetime import datetime
from uuid import UUID

class Order(BaseModel):
    order_id: str
    customer_id: UUID
    total_amount: float = Field(gt=0)
    created_at: datetime
    items: list[str] = Field(min_length=1)

    @field_validator('order_id')
    @classmethod
    def validate_order_id(cls, value):
        if not value.startswith('ORD-'):
            raise ValueError('Order ID must start with ORD-')
        return value

:::

::: {.column width="50%"}

**Usage Example**

In [None]:
# Create an order instance
order = Order(
    order_id="ORD-123",
    customer_id="550e8400-e29b-41d4-a716-446655440000",
    total_amount=99.99,
    created_at=datetime.now(),
    items=["item1", "item2"]
)

:::

::::

::: {style="background-color: #e8f5e9; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
Schema definition, validation logic, and type information in one place.
:::

### TypeScript (Zod)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

```typescript
import { z } from "zod";

const OrderSchema = z.strictObject({
  orderId: z.string().startsWith("ORD-"),
  customerId: z.string().uuid(),
  totalAmount: z.number().positive(),
  createdAt: z.date(),
  items: z.array(z.string()).min(1),
});

type Order = z.infer<typeof OrderSchema>;
```

:::

::: {.column width="50%"}

**Usage Example**

```typescript
// Create an order instance
const order = OrderSchema.parse({
  orderId: "ORD-123",
  customerId: "550e8400-e29b-41d4-a716-446655440000",
  totalAmount: 99.99,
  createdAt: new Date(),
  items: ["item1", "item2"],
});
```

:::

::::

:::

## Declarative Syntax {.smaller}

::: {.panel-tabset}

### Python

:::: {.columns}

::: {.column width="50%"}

**Without Pydantic**

::: {style="background-color: #ffebee; padding: 15px; border-radius: 8px;"}

In [None]:
# Imperative: Lots of manual checks
def validate_user(data):
    if not isinstance(data.get('username'), str):
        raise ValueError('Username must be string')
    if len(data['username']) < 3 or len(data['username']) > 20:
        raise ValueError('Username must be 3-20 chars')
    if not isinstance(data.get('age'), int):
        raise ValueError('Age must be integer')
    if data['age'] < 18 or data['age'] > 120:
        raise ValueError('Age must be 18-120')
    if data.get('role') not in ['admin', 'user', 'guest']:
        raise ValueError('Invalid role')
    # ... and so on

:::

:::

::: {.column width="50%"}

**With Pydantic**

::: {style="background-color: #e8f5e9; padding: 15px; border-radius: 8px;"}

In [None]:
from pydantic import BaseModel, Field
from typing import Literal

# Declarative: What the data should look like
class User(BaseModel):
    username: str = Field(min_length=3, max_length=20)
    age: int = Field(ge=18, le=120)
    role: Literal["admin", "user", "guest"]

:::

:::

::::

### TypeScript

:::: {.columns}

::: {.column width="50%"}

**Without Zod**

::: {style="background-color: #ffebee; padding: 15px; border-radius: 8px;"}

```typescript
// Imperative: Lots of manual checks
function validateUser(data: any) {
  if (typeof data.username !== 'string') {
    throw new Error('Username must be string');
  }
  if (data.username.length < 3 || data.username.length > 20) {
    throw new Error('Username must be 3-20 chars');
  }
  if (typeof data.age !== 'number') {
    throw new Error('Age must be number');
  }
  if (data.age < 18 || data.age > 120) {
    throw new Error('Age must be 18-120');
  }
  if (!['admin', 'user', 'guest'].includes(data.role)) {
    throw new Error('Invalid role');
  }
  // ... and so on
}
```

:::

:::

::: {.column width="50%"}

**With Zod**

::: {style="background-color: #e8f5e9; padding: 15px; border-radius: 8px;"}

```typescript
import { z } from "zod";

// Declarative: What the data should look like
const UserSchema = z.object({
  username: z.string().min(3).max(20),
  age: z.number().int().min(18).max(120),
  role: z.enum(["admin", "user", "guest"]),
});

type User = z.infer<typeof UserSchema>;
```

:::

:::

::::

:::

::: {style="background-color: #e8f5e9; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
Describes *what* the data should look like, not *how* to validate it.
:::

## Specific Types Over Generic {.smaller}

::: {style="font-size: 0.85em;"}

::: {.panel-tabset}

### Python (Pydantic)

:::: {.columns}

::: {.column width="24%"}

::: {style="background-color: #ffebee; padding: 12px; border-radius: 8px; font-size: 0.9em;"}

**‚ùå Generic: `str`**

In [None]:
class User(BaseModel):
    email: str

- Accepts any string
- No validation
- Unclear intent

:::

:::

::: {.column width="38%"}

::: {style="background-color: #fff3e0; padding: 12px; border-radius: 8px; font-size: 0.9em;"}

**‚ö†Ô∏è Better: `EmailStr`**

In [None]:
from pydantic import EmailStr

class User(BaseModel):
    email: EmailStr

- Validates email format
- Self-documenting
- Still generic

:::

:::

::: {.column width="38%"}

::: {style="background-color: #e8f5e9; padding: 12px; border-radius: 8px; font-size: 0.9em;"}

**‚úÖ Best: `AcmeEmailStr`**

In [None]:
from pydantic import field_validator

class AcmeEmailStr(EmailStr):
    @field_validator('email')
    def must_be_acme(cls, value):
        if not value.endswith('@acme.com'):
            raise ValueError('Must be @acme.com')
        return value

class User(BaseModel):
    email: AcmeEmailStr

- Domain-specific
- Business rule enforced
- Crystal clear intent

:::

:::

::::

### TypeScript (Zod)

:::: {.columns}

::: {.column width="24%"}

::: {style="background-color: #ffebee; padding: 12px; border-radius: 8px; font-size: 0.9em;"}

**‚ùå Generic: `string`**

```typescript
const UserSchema = z.object({
  email: z.string(),
});
```

- Accepts any string
- No validation
- Unclear intent

:::

:::

::: {.column width="38%"}

::: {style="background-color: #fff3e0; padding: 12px; border-radius: 8px; font-size: 0.9em;"}

**‚ö†Ô∏è Better: `.email()`**

```typescript
const UserSchema = z.object({
  email: z.string().email(),
});
```

- Validates email format
- Self-documenting
- Still generic

:::

:::

::: {.column width="38%"}

::: {style="background-color: #e8f5e9; padding: 12px; border-radius: 8px; font-size: 0.9em;"}

**‚úÖ Best: Custom refinement**

```typescript
const acmeEmail = z
  .string()
  .email()
  .refine(
    (email) => email.endsWith('@acme.com'),
    { message: 'Must be @acme.com email' }
  );

const UserSchema = z.object({
  email: acmeEmail,
});
```

- Domain-specific
- Business rule enforced
- Crystal clear intent

:::

:::

::::

:::

::: {style="background-color: #e3f2fd; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
**Progression**: `str` ‚Üí `EmailStr` ‚Üí `AcmeEmailStr` = **Increasing specificity = Better readability**
:::

:::

# Runtime Behavior

*Catch errors early before they propagate*

## Automatic Validation {.smaller}

::: {.panel-tabset}

### Python (Pydantic)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

In [None]:
from pydantic import BaseModel, ValidationError, Field

class ProductPrice(BaseModel):
    product_id: str
    price: float = Field(gt=0)
    currency: str = Field(pattern=r'^[A-Z]{3}$')

:::

::: {.column width="50%"}

**Validation Examples**

In [None]:
# Valid data passes through
valid_product = ProductPrice(
    product_id="PROD-123",
    price=29.99,
    currency="USD"
)

# Invalid data raises detailed error
try:
    invalid_product = ProductPrice(
        product_id="PROD-123",
        price=-10,     # Negative!
        currency="US"  # Invalid format!
    )
except ValidationError as e:
    print(e.json())

:::

::::

### TypeScript (Zod)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

```typescript
import { z } from "zod";

const ProductPriceSchema = z.object({
  productId: z.string(),
  price: z.number().positive(),
  currency: z.string().regex(/^[A-Z]{3}$/),
});
```

:::

::: {.column width="50%"}

**Validation Examples**

```typescript
// Valid data passes through
const validProduct = ProductPriceSchema.parse({
  productId: "PROD-123",
  price: 29.99,
  currency: "USD",
});

// Invalid data throws detailed error
try {
  const invalidProduct = ProductPriceSchema.parse({
    productId: "PROD-123",
    price: -10,     // Negative!
    currency: "US", // Invalid format!
  });
} catch (error) {
  console.error(error.errors);
}
```

:::

::::

:::

::: {style="background-color: #e8f5e9; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
Data validated as it enters the system, catching errors early.
:::

## Data Coercion & Parsing {.smaller}

::: {.panel-tabset}

### Python (Pydantic)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

In [None]:
from pydantic import BaseModel
from datetime import datetime

class Event(BaseModel):
    event_id: int        # Coerces string to int
    timestamp: datetime  # Parses ISO 8601 strings
    is_public: bool      # Coerces to bool
    attendees: list[str] # Coerces tuple to list

:::

::: {.column width="50%"}

**Coercion Examples**

In [None]:
# String inputs are intelligently coerced
event = Event(
    event_id="42",                    # ‚Üí int 42
    timestamp="2024-01-15T10:30:00",  # ‚Üí datetime
    is_public="yes",                  # ‚Üí True
    attendees=("Alice", "Bob")        # ‚Üí list
)

print(event.event_id)   # 42 (int)
print(event.timestamp)  # datetime object
print(event.is_public)  # True (bool)
print(event.attendees)  # ["Alice", "Bob"]

:::

::::

### TypeScript (Zod)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

```typescript
import { z } from "zod";

const EventSchema = z.object({
  eventId: z.coerce.number(),   // Coerce to number
  timestamp: z.coerce.date(),   // Parse to Date
  isPublic: z.boolean(),
  attendees: z.array(z.string()),
});
```

:::

::: {.column width="50%"}

**Coercion Examples**

```typescript
// String inputs are intelligently coerced
const event = EventSchema.parse({
  eventId: "42",                     // ‚Üí number 42
  timestamp: "2024-01-15T10:30:00",  // ‚Üí Date
  isPublic: true,
  attendees: ["Alice", "Bob"],
});

console.log(event.eventId);    // 42 (number)
console.log(event.timestamp);  // Date object
console.log(event.isPublic);   // true (boolean)
console.log(event.attendees);  // ["Alice", "Bob"]
```

:::

::::

:::

::: {style="background-color: #e3f2fd; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
**Smart coercion**: Handles common API/JSON data format conversions automatically!
:::

## Detailed Error Messages {.smaller}

::: {.panel-tabset}

### Python (Pydantic)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

In [None]:
from pydantic import BaseModel, ValidationError, EmailStr, Field

class SignupForm(BaseModel):
    username: str = Field(min_length=3)
    email: EmailStr

:::

::: {.column width="50%"}

**Error Messages**

In [None]:
try:
    user = SignupForm(
        username="ab",        # Too short
        email="not-an-email", # Invalid format
    )
except ValidationError as e:
    print(e.json(indent=2))
    # Output:
    # [{
    #   "loc": ["username"],
    #   "msg": "at least 3 characters",
    #  },
    #  {
    #   "loc": ["email"],
    #   "msg": "not a valid email",
    # }]

:::

::::

### TypeScript (Zod)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

```typescript
import { z } from "zod";

const SignupFormSchema = z.object({
  username: z.string().min(3),
  email: z.string().email(),
});
```

:::

::: {.column width="50%"}

**Error Messages**

```typescript
const result = SignupFormSchema.safeParse({
  username: "ab",            // Too short
  email: "not-an-email",     // Invalid format
});

if (!result.success) {
  console.log(result.error.format());
  // Output:
  // {
  //   "username": {
  //     "_errors": ["at least 3 character(s)"]
  //   },
  //   "email": { "_errors": ["Invalid email"] }
  // }
}
```

:::

::::

:::

::: {style="background-color: #fff3e0; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
Specific, actionable feedback about what's wrong and where.
:::

# Typing

*Type inference that bridges static and runtime worlds*

## Type Inference {.smaller}

::: {.panel-tabset}

### Python (Pydantic)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

In [None]:
from pydantic import BaseModel
from typing import Optional

class Address(BaseModel):
    street: str
    city: str
    zipcode: str
    country: str = "USA"

class Person(BaseModel):
    name: str
    age: int
    address: Address
    phone: Optional[str] = None

:::

::: {.column width="50%"}

**Type Inference**

In [None]:
# Type checkers understand types automatically
def get_person_city(person: Person) -> str:
    return person.address.city

# No separate type annotations needed
person = Person(
    name="Alice",
    age=30,
    address=Address(
        street="123 Main St",
        city="Boston",
        zipcode="02101"
    )
)

city: str = get_person_city(person)

:::

::::

### TypeScript (Zod)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

```typescript
import { z } from "zod";

const AddressSchema = z.object({
  street: z.string(),
  city: z.string(),
  zipcode: z.string(),
  country: z.string().default("USA"),
});

const PersonSchema = z.object({
  name: z.string(),
  age: z.number(),
  address: AddressSchema,
  phone: z.string().optional(),
});
```

:::

::: {.column width="50%"}

**Type Inference**

```typescript
// Types automatically inferred from schema
type Person = z.infer<typeof PersonSchema>;

function getPersonCity(person: Person): string {
  return person.address.city;
}

const person = PersonSchema.parse({
  name: "Alice",
  age: 30,
  address: {
    street: "123 Main St",
    city: "Boston",
    zipcode: "02101"
  }
});

const city: string = getPersonCity(person);
```

:::

::::

:::

::: {style="background-color: #e8f5e9; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
**Write once, get types everywhere**: Schema is both validator and type definition!
:::

## End-to-End Type Safety {.smaller}

::: {.panel-tabset}

### Python (Pydantic)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

In [None]:
from pydantic import BaseModel, Field
from typing import List

class ApiResponse(BaseModel):
    status: str = Field(pattern=r'^(success|error)$')
    data: List[dict]
    message: str

:::

::: {.column width="50%"}

**Type-Safe Usage**

In [None]:
def fetch_data_from_api() -> ApiResponse:
    raw_response = requests.get(
        "https://api.example.com/data"
    ).json()
    # Validates runtime data
    return ApiResponse(**raw_response)

def process_response(response: ApiResponse) -> None:
    # Type-safe throughout
    if response.status == "success":
        for item in response.data:
            process_item(item)

response = fetch_data_from_api()
process_response(response)

:::

::::

### TypeScript (Zod)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

```typescript
import { z } from "zod";

const ApiResponseSchema = z.object({
  status: z.enum(["success", "error"]),
  data: z.array(z.record(z.unknown())),
  message: z.string(),
});

type ApiResponse = z.infer<typeof ApiResponseSchema>;
```

:::

::: {.column width="50%"}

**Type-Safe Usage**

```typescript
async function fetchDataFromApi(): Promise<ApiResponse> {
  const rawResponse = await fetch(
    "https://api.example.com/data"
  );
  const json = await rawResponse.json();
  // Validates runtime data
  return ApiResponseSchema.parse(json);
}

function processResponse(response: ApiResponse): void {
  // Type-safe throughout
  if (response.status === "success") {
    for (const item of response.data) {
      processItem(item);
    }
  }
}
```

:::

::::

:::

::: {style="background-color: #e3f2fd; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
**Type-safe boundaries**: External data is validated before entering your type-safe code!
:::

## Eliminates Type/Validation Drift {.smaller}

::: {.panel-tabset}

### Python (Pydantic)

:::: {.columns}

::: {.column width="50%"}

**Schema Evolution**

In [None]:
from pydantic import BaseModel, Field
from typing import Literal

# Version 1: Original schema
class UserV1(BaseModel):
    name: str
    role: Literal["user", "admin"]

# Version 2: Updated schema
class UserV2(BaseModel):
    name: str
    role: Literal["user", "admin", "moderator"]
    email: str  # New required field

:::

::: {.column width="50%"}

**Type-Checked Usage**

In [None]:
# Types automatically update
def process_user(user: UserV2) -> str:
    if user.role == "moderator":
        return f"Moderator {user.name}"
    elif user.role == "admin":
        return f"Admin {user.name}"
    else:
        return f"User {user.name}"

# Old code gets type errors
def old_process_user(user: UserV2) -> str:
    if user.role == "admin":
        return "admin"
    # Type checker warns: missing cases!
    return "user"

:::

::::

### TypeScript (Zod)

:::: {.columns}

::: {.column width="50%"}

**Schema Evolution**

```typescript
import { z } from "zod";

// Version 1: Original schema
const UserV1Schema = z.object({
  name: z.string(),
  role: z.enum(["user", "admin"]),
});

// Version 2: Updated schema
const UserV2Schema = z.object({
  name: z.string(),
  role: z.enum(["user", "admin", "moderator"]),
  email: z.string(),  // New required field
});

type UserV2 = z.infer<typeof UserV2Schema>;
```

:::

::: {.column width="50%"}

**Type-Checked Usage**

```typescript
// Types automatically update
function processUser(user: UserV2): string {
  if (user.role === "moderator") {
    return `Moderator ${user.name}`;
  } else if (user.role === "admin") {
    return `Admin ${user.name}`;
  } else {
    return `User ${user.name}`;
  }
}

// Old code gets type errors
function oldProcessUser(user: UserV2): string {
  if (user.role === "admin") {
    return "admin";
  }
  // TypeScript warns: missing cases!
  return "user";
}
```

:::

::::

:::

::: {style="background-color: #fff3e0; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
**Single update, everywhere**: Change the schema once, type errors guide you to update all code!
:::

# Testing

*Reduce test burden with built-in validation*

## Reduced Test Burden {.smaller}

::: {.panel-tabset}

### Python

:::: {.columns}

::: {.column width="50%"}

**Without Pydantic**

::: {style="background-color: #ffebee; padding: 15px; border-radius: 8px;"}

In [None]:
# Need extensive tests for every validation rule
def test_user_validation():
    # Test username length
    with pytest.raises(ValueError):
        create_user(username="ab")  # Too short
    with pytest.raises(ValueError):
        create_user(username="a" * 21)  # Too long

    # Test email format
    with pytest.raises(ValueError):
        create_user(email="invalid")

    # Test age range
    with pytest.raises(ValueError):
        create_user(age=17)  # Too young
    with pytest.raises(ValueError):
        create_user(age=121)  # Too old

    # Test role enum
    with pytest.raises(ValueError):
        create_user(role="superuser")  # Invalid

    # ... 50+ more validation tests

:::

:::

::: {.column width="50%"}

**With Pydantic**

::: {style="background-color: #e8f5e9; padding: 15px; border-radius: 8px;"}

In [None]:
from pydantic import BaseModel, Field, EmailStr
from typing import Literal

class User(BaseModel):
    username: str = Field(min_length=3, max_length=20)
    email: EmailStr
    age: int = Field(ge=18, le=120)
    role: Literal["user", "admin", "guest"]

# Only test business logic, not validation
def test_user_permissions():
    admin = User(username="admin", email="admin@test.com",
                 age=30, role="admin")
    assert admin.has_permission("delete_users")

    user = User(username="user", email="user@test.com",
                age=25, role="user")
    assert not user.has_permission("delete_users")

# Validation is tested by Pydantic itself
# No need for 50+ validation tests!

:::

:::

::::

### TypeScript

:::: {.columns}

::: {.column width="50%"}

**Without Zod**

::: {style="background-color: #ffebee; padding: 15px; border-radius: 8px;"}

```typescript
// Need extensive tests for every validation rule
describe("User validation", () => {
  // Test username length
  it("rejects short username", () => {
    expect(() => createUser({ username: "ab" }))
      .toThrow();
  });
  it("rejects long username", () => {
    expect(() => createUser({ username: "a".repeat(21) }))
      .toThrow();
  });

  // Test email format
  it("rejects invalid email", () => {
    expect(() => createUser({ email: "invalid" }))
      .toThrow();
  });

  // Test age range
  it("rejects young age", () => {
    expect(() => createUser({ age: 17 }))
      .toThrow();
  });

  // ... 50+ more validation tests
});
```

:::

:::

::: {.column width="50%"}

**With Zod**

::: {style="background-color: #e8f5e9; padding: 15px; border-radius: 8px;"}

```typescript
import { z } from "zod";

const UserSchema = z.object({
  username: z.string().min(3).max(20),
  email: z.string().email(),
  age: z.number().min(18).max(120),
  role: z.enum(["user", "admin", "guest"]),
});

type User = z.infer<typeof UserSchema>;

// Only test business logic, not validation
describe("User permissions", () => {
  it("admin has delete permission", () => {
    const admin = UserSchema.parse({
      username: "admin", email: "admin@test.com",
      age: 30, role: "admin"
    });
    expect(admin.hasPermission("delete_users")).toBe(true);
  });

  it("user lacks delete permission", () => {
    const user = UserSchema.parse({
      username: "user", email: "user@test.com",
      age: 25, role: "user"
    });
    expect(user.hasPermission("delete_users")).toBe(false);
  });
});

// Validation is tested by Zod itself!
```

:::

:::

::::

:::

::: {style="background-color: #e8f5e9; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
**Focus on business logic**: Validation testing is delegated to the well-tested library!
:::

## Easy Mock Data Generation {.smaller}

::: {.panel-tabset}

### Python (Pydantic + Hypothesis)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

In [None]:
from pydantic import BaseModel, Field
from hypothesis.strategies import builds
from pydantic_factories import ModelFactory

class Product(BaseModel):
    product_id: str = Field(pattern=r'^PROD-\d+$')
    name: str = Field(min_length=1, max_length=100)
    price: float = Field(gt=0, le=10000)
    in_stock: bool

class ProductFactory(ModelFactory):
    __model__ = Product

:::

::: {.column width="50%"}

**Test Data Generation**

In [None]:
# Hypothesis auto-generates valid instances
@given(builds(Product))
def test_product_discount(product):
    discounted = apply_discount(product, 0.1)
    assert discounted.price < product.price
    assert discounted.product_id == product.product_id

# Factory generates test data easily
def test_bulk_operations():
    products = [ProductFactory.build() for _ in range(100)]
    result = bulk_update_inventory(products)
    assert len(result) == 100

:::

::::

### TypeScript (Zod + Faker)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

```typescript
import { z } from "zod";
import { faker } from "@faker-js/faker";

const ProductSchema = z.object({
  productId: z.string().regex(/^PROD-\d+$/),
  name: z.string().min(1).max(100),
  price: z.number().positive().max(10000),
  inStock: z.boolean(),
});

type Product = z.infer<typeof ProductSchema>;
```

:::

::: {.column width="50%"}

**Test Data Generation**

```typescript
// Helper generates valid Product
function generateProduct(): Product {
  return ProductSchema.parse({
    productId: `PROD-${faker.number.int({ min: 1000, max: 9999 })}`,
    name: faker.commerce.productName(),
    price: faker.number.float({ min: 0.01, max: 10000 }),
    inStock: faker.datatype.boolean(),
  });
}

// Use in tests
describe("Product operations", () => {
  it("applies discount correctly", () => {
    const product = generateProduct();
    const discounted = applyDiscount(product, 0.1);
    expect(discounted.price).toBeLessThan(product.price);
  });
});
```

:::

::::

:::

::: {style="background-color: #e3f2fd; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
**Automated test data**: Generate hundreds of valid test cases from your schema!
:::

## Contract Testing {.smaller}

::: {.panel-tabset}

### Python Backend (Pydantic)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

In [None]:
# backend/schemas/user.py
from pydantic import BaseModel, EmailStr, ConfigDict
from datetime import datetime

class UserResponse(BaseModel):
    model_config = ConfigDict(
        json_schema_extra={
            "example": {
                "user_id": "USR-123",
                "email": "user@example.com",
                "username": "johndoe",
                "created_at": "2024-01-15T10:30:00Z",
                "is_verified": True
            }
        }
    )

    user_id: str
    email: EmailStr
    username: str
    created_at: datetime
    is_verified: bool

:::

::: {.column width="50%"}

**FastAPI Endpoint**

In [None]:
# FastAPI generates OpenAPI spec automatically
from fastapi import FastAPI

app = FastAPI()

@app.get("/users/{user_id}", response_model=UserResponse)
def get_user(user_id: str) -> UserResponse:
    # Response is automatically validated
    return UserResponse(...)

:::

::::

### TypeScript Frontend (Zod)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

```typescript
// frontend/schemas/user.ts
import { z } from "zod";

// Mirror the backend contract
export const UserResponseSchema = z.object({
  user_id: z.string(),
  email: z.string().email(),
  username: z.string(),
  created_at: z.coerce.date(),
  is_verified: z.boolean(),
});

export type UserResponse = z.infer<typeof UserResponseSchema>;
```

:::

::: {.column width="50%"}

**API Client Usage**

```typescript
// API client with validated responses
async function getUser(userId: string): Promise<UserResponse> {
  const response = await fetch(`/api/users/${userId}`);
  const json = await response.json();

  // Validate backend returns expected structure
  // Catches API contract violations!
  return UserResponseSchema.parse(json);
}

// Usage with guaranteed type safety
const user = await getUser("USR-123");
console.log(user.username);  // TS knows exists
console.log(user.created_at);  // TS knows is Date
```

:::

::::

:::

::: {style="background-color: #fff3e0; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
**API contracts enforced**: Frontend and backend schemas ensure compatibility at runtime!
:::

# Security

*Prevent vulnerabilities through validation*

## Input Sanitization {.smaller}

::: {.panel-tabset}

### Python (Pydantic)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

In [None]:
from pydantic import BaseModel, ConfigDict

class UserUpdate(BaseModel):
    model_config = ConfigDict(extra='forbid')
    email: str

:::

::: {.column width="50%"}

**Mass Assignment Prevention**

In [None]:
# Malicious request
malicious_data = {
    "email": "hacker@evil.com",
    "is_admin": True,  # Attack!
    "balance": 999999,  # Attack!
}

try:
    user_update = UserUpdate(**malicious_data)
except ValidationError as e:
    print("Attack prevented!")

# Safe version
safe_data = {"email": "hacker@evil.com"}
user_update = UserUpdate(**safe_data)
# Malicious fields rejected

:::

::::

### TypeScript (Zod)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

```typescript
import { z } from "zod";

const UserUpdateSchema = z.strictObject({
  email: z.string().email(),
});
```

:::

::: {.column width="50%"}

**Mass Assignment Prevention**

```typescript
// Malicious request
const maliciousData = {
  email: "hacker@evil.com",
  isAdmin: true,  // Attack!
  balance: 999999,  // Attack!
};

try {
  const userUpdate = UserUpdateSchema.parse(maliciousData);
} catch (error) {
  console.log("Attack prevented!");
}

// Safe version
const safeData = { email: "hacker@evil.com" };
const userUpdate = UserUpdateSchema.parse(safeData);
// Malicious fields rejected
```

:::

::::

:::

::: {style="background-color: #ffebee; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
**Mass assignment protection**: Attackers can't inject fields to escalate privileges!
:::

## Type Confusion Prevention {.smaller}

::: {.panel-tabset}

### Python (Pydantic)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

In [None]:
from pydantic import BaseModel, Field

class PaymentRequest(BaseModel):
    user_id: str
    amount: float = Field(gt=0)
    currency: str = Field(pattern=r'^[A-Z]{3}$')

:::

::: {.column width="50%"}

**Type Confusion Prevention**

In [None]:
# Attack: String instead of float
attack_data = {
    "user_id": "USR-123",
    "amount": "0.01 OR 1=1",  # Attack!
    "currency": "USD"
}

try:
    payment = PaymentRequest(**attack_data)
except ValidationError:
    print("Attack blocked!")

# Attack: Array instead of string
attack_data2 = {
    "user_id": ["USR-123", "ADMIN"],  # Attack!
    "amount": 10.0,
    "currency": "USD"
}

try:
    payment = PaymentRequest(**attack_data2)
except ValidationError:
    print("Attack blocked!")

:::

::::

### TypeScript (Zod)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

```typescript
import { z } from "zod";

const PaymentRequestSchema = z.object({
  userId: z.string(),
  amount: z.number().positive(),
  currency: z.string().regex(/^[A-Z]{3}$/),
});
```

:::

::: {.column width="50%"}

**Type Confusion Prevention**

```typescript
// Attack: String instead of number
const attackData = {
  userId: "USR-123",
  amount: "0.01 OR 1=1",  // Attack!
  currency: "USD"
};

const result = PaymentRequestSchema.safeParse(attackData);
if (!result.success) {
  console.log("Attack blocked!");
}

// Attack: Array instead of string
const attackData2 = {
  userId: ["USR-123", "ADMIN"],  // Attack!
  amount: 10.0,
  currency: "USD"
};

const result2 = PaymentRequestSchema.safeParse(attackData2);
if (!result2.success) {
  console.log("Attack blocked!");
}
```

:::

::::

:::

::: {style="background-color: #fff3e0; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
**Strict typing**: No loose coercion that attackers can exploit!
:::

## Size & Range Limits {.smaller}

::: {.panel-tabset}

### Python (Pydantic)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

In [None]:
from pydantic import BaseModel, Field, field_validator

class CommentSubmission(BaseModel):
    post_id: str
    author: str = Field(min_length=1, max_length=50)
    content: str = Field(min_length=1, max_length=5000)
    tags: list[str] = Field(max_length=10)
    rating: int = Field(ge=1, le=5)

    @field_validator('tags')
    @classmethod
    def validate_tag_length(cls, tags):
        if any(len(tag) > 30 for tag in tags):
            raise ValueError('Tag too long')
        return tags

:::

::: {.column width="50%"}

**DoS Attack Prevention**

In [None]:
# Attack: Massive content
dos_attack = {
    "post_id": "POST-123",
    "author": "attacker",
    "content": "X" * 1_000_000,  # 1MB!
    "tags": ["spam"] * 1000,  # 1000 tags!
    "rating": 999  # Out of range
}

try:
    comment = CommentSubmission(**dos_attack)
except ValidationError as e:
    print("DoS attack prevented!")
    # Errors:
    # - content: max 5000 characters
    # - tags: max 10 items
    # - rating: max 5

:::

::::

### TypeScript (Zod)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

```typescript
import { z } from "zod";

const CommentSubmissionSchema = z.object({
  postId: z.string(),
  author: z.string().min(1).max(50),
  content: z.string().min(1).max(5000),
  tags: z.array(z.string().max(30)).max(10),
  rating: z.number().int().min(1).max(5),
});
```

:::

::: {.column width="50%"}

**DoS Attack Prevention**

```typescript
// Attack: Massive content
const dosAttack = {
  postId: "POST-123",
  author: "attacker",
  content: "X".repeat(1_000_000),  // 1MB!
  tags: Array(1000).fill("spam"),  // 1000 tags!
  rating: 999  // Out of range
};

const result = CommentSubmissionSchema.safeParse(dosAttack);
if (!result.success) {
  console.log("DoS attack prevented!");
  // Errors:
  // - content: max 5000 character(s)
  // - tags: max 10 element(s)
  // - rating: max 5
}
```

:::

::::

:::

::: {style="background-color: #ffebee; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
**Resource protection**: Limit input sizes to prevent memory/storage exhaustion attacks!
:::

# Additional Benefits

*More advantages of using validation libraries*

## API Design & Documentation {.smaller}

::: {.panel-tabset}

### Python (FastAPI + Pydantic)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

In [None]:
from pydantic import BaseModel, Field, EmailStr, ConfigDict

class User(BaseModel):
    model_config = ConfigDict(
        json_schema_extra={
            "example": {
                "user_id": "USR-123",
                "email": "john@example.com",
                "username": "johndoe",
                "is_active": True
            }
        }
    )

    user_id: str = Field(description="Unique user identifier")
    email: EmailStr = Field(description="User's email address")
    username: str = Field(min_length=3, max_length=20)
    is_active: bool = Field(default=True)

:::

::: {.column width="50%"}

**FastAPI Endpoint**

In [None]:
from fastapi import FastAPI

app = FastAPI(title="User API")

@app.post("/users", response_model=User,
          summary="Create new user",
          description="Creates a new user with validated data")
def create_user(user: User) -> User:
    # FastAPI automatically:
    # - Validates request body
    # - Generates OpenAPI/Swagger docs
    # - Provides interactive docs at /docs
    return user

# Visit /docs for auto-generated documentation!
# Schema validation = API docs, always in sync!

:::

::::

### TypeScript (Express + Zod)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

```typescript
import { z } from "zod";
import { generateSchema } from "@anatine/zod-openapi";

const UserSchema = z.object({
  userId: z.string().describe("Unique user identifier"),
  email: z.string().email().describe("User's email address"),
  username: z.string().min(3).max(20),
  isActive: z.boolean().default(true),
}).openapi({
  example: {
    userId: "USR-123",
    email: "john@example.com",
    username: "johndoe",
    isActive: true,
  },
});

type User = z.infer<typeof UserSchema>;
```

:::

::: {.column width="50%"}

**Express Endpoint**

```typescript
import express from "express";

const app = express();

app.post("/users", (req, res) => {
  // Validate request body
  const result = UserSchema.safeParse(req.body);

  if (!result.success) {
    return res.status(400).json({ errors: result.error.format() });
  }

  const user: User = result.data;
  // ... create user
  res.json(user);
});

// Generate OpenAPI spec from Zod schemas
const openApiSchema = generateSchema(UserSchema);
// Use with swagger-ui-express for docs
```

:::

::::

:::

::: {style="background-color: #e8f5e9; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
**Living documentation**: API docs generated from schemas, always accurate!
:::

## Data Transformation {.smaller}

::: {.panel-tabset}

### Python (Pydantic)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

In [None]:
from pydantic import BaseModel, Field, model_validator, field_serializer
from datetime import datetime

class BlogPost(BaseModel):
    title: str
    slug: str
    published_at: datetime
    tags: list[str]
    view_count: int = 0

    @model_validator(mode='before')
    @classmethod
    def generate_slug(cls, values):
        if not values.get('slug') and 'title' in values:
            values['slug'] = values['title'].lower().replace(' ', '-')
        return values

    @field_serializer('published_at')
    def serialize_datetime(self, value: datetime) -> str:
        return value.isoformat()

:::

::: {.column width="50%"}

**Transformation Examples**

In [None]:
# Parse with transformations
post = BlogPost(
    title="My Blog Post",
    slug="",                              # Auto-generated
    published_at="2024-01-15T10:30:00",   # String ‚Üí datetime
    tags=["python", "fastapi", "pydantic"]
)

print(post.slug)  # "my-blog-post"
print(post.published_at)  # datetime object

# Serialize back to JSON
print(post.model_dump_json())
# {"title":"My Blog Post","slug":"my-blog-post",...}

:::

::::

### TypeScript (Zod)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

```typescript
import { z } from "zod";

const BlogPostSchema = z.object({
  title: z.string(),
  slug: z.string().transform((val, ctx) => {
    return val || ctx.path[0].toString().toLowerCase().replace(/\s+/g, "-");
  }),
  publishedAt: z.coerce.date(),
  tags: z.union([
    z.array(z.string()),
    z.string().transform(s => s.split(","))
  ]),
  viewCount: z.number().default(0),
});

type BlogPost = z.infer<typeof BlogPostSchema>;
```

:::

::: {.column width="50%"}

**Transformation Examples**

```typescript
// Parse with transformations
const post = BlogPostSchema.parse({
  title: "My Blog Post",
  slug: "",
  publishedAt: "2024-01-15T10:30:00Z",  // String ‚Üí Date
  tags: "python,fastapi,pydantic",  // String ‚Üí Array
});

console.log(post.slug);  // "my-blog-post" (auto-generated)
console.log(post.publishedAt);  // Date object
console.log(post.tags);  // ["python", "fastapi", "pydantic"]

// Serialize back to JSON
console.log(JSON.stringify(post));
```

:::

::::

:::

::: {style="background-color: #e3f2fd; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
**Smart transformations**: Parse, normalize, and serialize complex data automatically!
:::

## Immutable Configs: Validate Once, Done {.smaller}

::: {.panel-tabset}

### Python (Pydantic)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

In [None]:
from pydantic import BaseModel, Field, ConfigDict

class DatabaseConfig(BaseModel):
    model_config = ConfigDict(frozen=True)

    host: str
    port: int = Field(ge=1, le=65535)
    database: str
    max_connections: int = Field(ge=1, le=100)
    timeout_seconds: int = Field(ge=1)

# Validated once at startup
db_config = DatabaseConfig(
    host="localhost",
    port=5432,
    database="myapp",
    max_connections=20,
    timeout_seconds=30
)

:::

::: {.column width="50%"}

**Immutability Benefits**

In [None]:
# Guaranteed valid throughout lifecycle
# Attempts to modify raise an error
try:
    db_config.port = 9999
except ValidationError as e:
    print("Config is immutable!")

# Use confidently without re-validation
def connect_db():
    connection = psycopg2.connect(
        host=db_config.host,      # Always valid
        port=db_config.port,      # Always 1-65535
        database=db_config.database
    )

:::

::::

### TypeScript (Zod)

:::: {.columns}

::: {.column width="50%"}

**Schema Definition**

```typescript
import { z } from "zod";

const DatabaseConfigSchema = z.object({
  host: z.string(),
  port: z.number().int().min(1).max(65535),
  database: z.string(),
  maxConnections: z.number().int().min(1).max(100),
  timeoutSeconds: z.number().int().min(1),
}).readonly();  // Immutable after creation

type DatabaseConfig = z.infer<typeof DatabaseConfigSchema>;

// Validated once at startup
const dbConfig = DatabaseConfigSchema.parse({
  host: "localhost",
  port: 5432,
  database: "myapp",
  maxConnections: 20,
  timeoutSeconds: 30,
}) as Readonly<DatabaseConfig>;
```

:::

::: {.column width="50%"}

**Immutability Benefits**

```typescript
// Guaranteed valid throughout lifecycle
// TypeScript prevents modification
try {
  dbConfig.port = 9999;  // Compile error!
} catch (error) {
  console.log("Config is immutable!");
}

// Use confidently without re-validation
function connectDb() {
  const connection = createConnection({
    host: dbConfig.host,      // Always valid
    port: dbConfig.port,      // Always 1-65535
    database: dbConfig.database
  });
}
```

:::

::::

:::

. . .

::: {style="background-color: #fff3e0; padding: 15px; border-radius: 10px; margin-top: 15px; font-size: 0.85em;"}

**Benefits of frozen/immutable configs**:

- ‚úÖ **Validate once at startup**, use everywhere without re-checking
- ‚úÖ **Prevent accidental mutations** that could break application state
- ‚úÖ **Thread-safe** - no risk of concurrent modifications
- ‚úÖ **Clearer intent** - signals this data is meant to be constant
- ‚úÖ **Performance** - no validation overhead after initial parse

:::

## Developer Experience {.smaller}

::: {.panel-tabset}

### Python

:::: {.columns}

::: {.column width="50%"}

**Without Pydantic**

::: {style="background-color: #ffebee; padding: 15px; border-radius: 8px;"}

In [None]:
# Lots of manual work
def create_user_without_pydantic(data: dict):
    # Manual validation
    if not isinstance(data.get('username'), str):
        raise ValueError('username must be string')
    if len(data['username']) < 3:
        raise ValueError('username too short')
    if not isinstance(data.get('email'), str):
        raise ValueError('email must be string')
    if '@' not in data['email']:
        raise ValueError('invalid email')
    # ... 50 more lines of validation

    # Manual type conversion
    age = int(data.get('age', 0))
    # ... more conversion

    return {
        'username': data['username'],
        'email': data['email'],
        'age': age,
        # No IDE autocomplete, no type safety
    }

:::

:::

::: {.column width="50%"}

**With Pydantic**

::: {style="background-color: #e8f5e9; padding: 15px; border-radius: 8px;"}

In [None]:
from pydantic import BaseModel, EmailStr, Field

# Concise and clear
class User(BaseModel):
    username: str = Field(min_length=3)
    email: EmailStr
    age: int = Field(ge=0)

# That's it! Full validation, type safety, IDE support
user = User(**data)  # ‚Üê One line replaces 50+ lines

:::

:::

::::

### TypeScript

:::: {.columns}

::: {.column width="50%"}

**Without Zod**

::: {style="background-color: #ffebee; padding: 15px; border-radius: 8px;"}

```typescript
// Lots of manual work
function createUserWithoutZod(data: any): User {
  // Manual validation
  if (typeof data.username !== 'string') {
    throw new Error('username must be string');
  }
  if (data.username.length < 3) {
    throw new Error('username too short');
  }
  if (typeof data.email !== 'string') {
    throw new Error('email must be string');
  }
  if (!data.email.includes('@')) {
    throw new Error('invalid email');
  }
  // ... 50 more lines of validation

  // Manual type conversion
  const age = Number(data.age || 0);
  // ... more conversion

  return {
    username: data.username,
    email: data.email,
    age: age,
    // No runtime validation, types could be wrong
  };
}
```

:::

:::

::: {.column width="50%"}

**With Zod**

::: {style="background-color: #e8f5e9; padding: 15px; border-radius: 8px;"}

```typescript
import { z } from "zod";

// Concise and clear
const UserSchema = z.object({
  username: z.string().min(3),
  email: z.string().email(),
  age: z.number().nonnegative(),
});

type User = z.infer<typeof UserSchema>;

// That's it! Full validation, type safety, IDE support
const user = UserSchema.parse(data);  // ‚Üê One line replaces 50+ lines
```

:::

:::

::::

:::

::: {style="background-color: #fff3e0; padding: 15px; border-radius: 10px; margin-top: 15px; text-align: center;"}
**Less code, more confidence**: Reduce boilerplate by 90% while improving safety!
:::

# Summary

*Creating a validated type system that works at runtime*

## Key Takeaways {.smaller}

Data validation libraries like Pydantic and Zod transform how we build applications:

. . .

::: {style="background-color: #e8f5e9; padding: 20px; border-radius: 10px; margin: 15px 0;"}

**Readability**: Self-documenting schemas that serve as single source of truth

**Runtime Safety**: Catch errors at system boundaries before they propagate

**Type Safety**: Bridge the gap between static types and runtime data

**Testing**: Reduce test burden and generate mock data easily

**Security**: Prevent injection, mass assignment, and DoS attacks

**Maintainability**: Update once, changes propagate everywhere

**Developer Experience**: Less boilerplate, better IDE support, faster onboarding

:::

. . .

::: {style="background-color: #FFFBC1; padding: 20px; border-radius: 25px; text-align: center; font-size: 1.1em; margin-top: 20px;"}

**Parse, don't pray!** Validate data at boundaries and trust it throughout your application.

:::

## Resources {.smaller}

Learn more about these powerful libraries:

::: {style="background-color: #f8f9fa; padding: 20px; border-radius: 10px; margin-top: 15px; font-size: 0.75em;"}

### Pydantic (Python)

- **Documentation**: [docs.pydantic.dev](https://docs.pydantic.dev/latest/)
- **GitHub**: [github.com/pydantic/pydantic](https://github.com/pydantic/pydantic)
- **Key Features**: Type validation, data parsing, FastAPI integration, JSON Schema generation

### Zod (TypeScript)

- **Documentation**: [zod.dev](https://zod.dev/)
- **GitHub**: [github.com/colinhacks/zod](https://github.com/colinhacks/zod)
- **Key Features**: Type inference, composable schemas, async validation, error formatting

### Related Tools

- **FastAPI**: Python web framework with built-in Pydantic support
- **tRPC**: TypeScript RPC framework with Zod integration
- **Hypothesis**: Property-based testing with Pydantic
- **@faker-js/faker**: Test data generation for TypeScript

:::

# Thank You!

And Happy Parsing! üéâ

::: {.footer style="text-align: center; font-size: 0.55em; color: #999; position: absolute; bottom: 20px; left: 0; right: 0;"}
Questions? Discussion? Visit: [github.com/IndrajeetPatil/parse-dont-pray](https://github.com/IndrajeetPatil/parse-dont-pray/)
:::

# For more {data-visibility="uncounted"}

If you are interested in good programming and software development practices, check out my other [slide decks](https://sites.google.com/site/indrajeetspatilmorality/presentations).

# Find me at... {data-visibility="uncounted"}

{{< fa brands linkedin >}} [LinkedIn](https://www.linkedin.com/in/indrajeet-patil-ph-d-397865174/)

{{< fa brands github >}} [GitHub](http://github.com/IndrajeetPatil)

{{< fa solid link >}} [Website](https://sites.google.com/site/indrajeetspatilmorality/)

{{< fa solid envelope >}} [E-mail](mailto:patilindrajeet.science@gmail.com)