Skip to main content
skillsFirst-partyReview first Safety Privacy

tRPC Type-Safe API Builder Skill

Build end-to-end type-safe APIs with tRPC and TypeScript, eliminating code generation and runtime bloat for full-stack applications. tRPC provides end-to-end type safety without code generation, schema stitching, or serialization layers - delivering a lighter, more intuitive developer experience than REST or GraphQL.

HarnessClaude CodeCodexWindsurfGeminiCursorCLI
Level:advancedType:generalVerified:draft
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://trpc.io/docs/, https://github.com/JSONbored/awesome-claude/blob/main/content/skills/trpc-type-safe-api.mdx
Package URL
/downloads/skills/trpc-type-safe-api.zip
Package SHA256
33c0ad29db6fc2f841bd0bf3521a4ebb8111a34d702a317745ea11735d7422c0
Safety notes
Installs server/client packages (@trpc/server, @trpc/client, zod) and runs an API server; review procedures, auth middleware, and exposed routers before deploying.
Privacy notes
tRPC procedures read and persist user-supplied input and use auth context/tokens; validate inputs with zod, keep secrets in environment variables, and review what each procedure stores or logs.
Platform compatibility
claude-code (native-skill), codex (native-skill), windsurf (native-skill), gemini (native-skill), cursor (adapter), cli (manual-context)
Author
JSONbored
Claim status
unclaimed
Last verified
2025-10-16

Decision playbook

Ready to evaluate for your workflow

Signals are comparatively strong, but you should still validate source, privacy posture, and package provenance for your environment.

Compare context
Selected

0

Current score

96

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as first-party.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Complete

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    Package marked verified.

    Done
  • Checksum metadata

    SHA-256 hash is present.

    Done

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

Package install

Copy-ready — paste the snippet to get started.

Install command

Provided

Config snippet

Not provided

Copy snippet

Provided

Prerequisites

6 to clear

Platforms

6 listed

Difficulty

100/100

Adoption plan

Balanced adoption plan

Current risk score 0/100. Use staged verification before broader rollout.

Risk 0

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    Package verification/checksum metadata is available.

    Done

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (6/6 signals complete).

Risk 0

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Present

Package integrity metadata is present.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

6/6 steps complete with no blocking gaps for this preset.

Risk 0

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is available.

Done

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

6 prerequisites to line up before setup.

0/6 ready
Install & runtime3General3

Safety & privacy surface

Safety & privacy surface

1 safety and 1 privacy notes across 2 risk areas. Review closely: credentials & tokens.

2 areas
  • SafetyExecution & processesInstalls server/client packages (@trpc/server, @trpc/client, zod) and runs an API server; review procedures, auth middleware, and exposed routers before deploying.
  • PrivacyCredentials & tokenstRPC procedures read and persist user-supplied input and use auth context/tokens; validate inputs with zod, keep secrets in environment variables, and review what each procedure stores or logs.

Safety notes

  • Installs server/client packages (@trpc/server, @trpc/client, zod) and runs an API server; review procedures, auth middleware, and exposed routers before deploying.

Privacy notes

  • tRPC procedures read and persist user-supplied input and use auth context/tokens; validate inputs with zod, keep secrets in environment variables, and review what each procedure stores or logs.

Prerequisites

  • Node.js 18+
  • TypeScript 5.0+
  • @trpc/server ^10.0.0
  • @trpc/client ^10.0.0
  • @trpc/react-query ^10.0.0
  • TypeScript 5.0+ for full type inference and end-to-end type safety between client and server

Schema details

Install type
package
Reading time
6 min
Difficulty score
100
Troubleshooting
Yes
Breaking changes
No
Package metadata
Package verified
Yes
SHA-256
33c0ad29db6fc2f841bd0bf3521a4ebb8111a34d702a317745ea11735d7422c0
Skill and platform metadata
Skill type
general
Skill level
advanced
Verification
draft
Verified at
2025-10-16
Retrieval sources
https://trpc.io/docs/
Tested platforms
ClaudeCodexOpenClawCursorWindsurfGemini
PlatformSupportInstall path
claude-codeNative.claude/skills/<skill-name>/SKILL.md
codexNative.agents/skills/<skill-name>/SKILL.md
windsurfNative.windsurf/skills/<skill-name>/SKILL.md
geminiNative.gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md
cursorAdapter.cursor/rules/<skill-name>.mdc
cliManualAGENTS.md or tool-specific context file
Full copyable content
import { initTRPC, TRPCError } from '@trpc/server';
import { z } from 'zod';
import { db } from './db';

// Context creation
export const createContext = async ({ req }: { req: Request }) => {
  const token = req.headers.get('authorization')?.replace('Bearer ', '');
  const user = token ? await verifyToken(token) : null;
  
  return {
    db,
    user,
  };
};

type Context = Awaited<ReturnType<typeof createContext>>;

const t = initTRPC.context<Context>().create();

// Middleware
const isAuthed = t.middleware(({ ctx, next }) => {
  if (!ctx.user) {
    throw new TRPCError({ code: 'UNAUTHORIZED' });
  }
  return next({
    ctx: {
      user: ctx.user,
    },
  });
});

// Procedures
export const publicProcedure = t.procedure;
export const protectedProcedure = t.procedure.use(isAuthed);

// Router
export const appRouter = t.router({
  users: t.router({
    list: publicProcedure.query(async ({ ctx }) => {
      return ctx.db.user.findMany();
    }),
    
    create: protectedProcedure
      .input(
        z.object({
          name: z.string().min(3),
          email: z.string().email(),
        })
      )
      .mutation(async ({ ctx, input }) => {
        return ctx.db.user.create({
          data: input,
        });
      }),
  }),
});

export type AppRouter = typeof appRouter;

About this resource

What This Skill Enables

Claude can build fully type-safe APIs using tRPC (TypeScript Remote Procedure Call), part of the T3 Stack explosion in 2025. tRPC provides end-to-end type safety without code generation, schema stitching, or serialization layers - delivering a lighter, more intuitive developer experience than REST or GraphQL. With zero dependencies, tiny client-side footprint, and automatic type inference, tRPC makes full-stack TypeScript development actually enjoyable.

Compatibility

Native

  • Claude Code / Claude: native skill usage via SKILL.md.
  • Codex/OpenAI workflows: compatible with Agent Skills-style SKILL.md content as reusable workflow instructions.

Manual Adaptation

  • Gemini CLI: native skill usage via .gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md where supported.
  • Cursor: use the generated .cursor/rules/*.mdc adapter for project rules.
  • OpenClaw and similar agents: use the same skill content as a reusable prompt/workflow file when native skill import is unavailable.

Prerequisites

Required:

  • Claude Pro subscription or Claude Code CLI
  • Node.js 18+ with TypeScript 5.0+
  • Understanding of React or Next.js
  • Basic API development knowledge

What Claude handles automatically:

  • Setting up tRPC server with Express, Next.js, or standalone
  • Creating type-safe routers and procedures
  • Implementing middleware for authentication
  • Generating React Query hooks automatically
  • Adding input validation with Zod
  • Configuring error handling and transformers
  • Setting up WebSocket subscriptions
  • Integrating with Prisma or other ORMs

How to Use This Skill

Create Basic tRPC API

Prompt: "Set up a tRPC API with Next.js 15 that has procedures for creating, reading, updating, and deleting todos. Include Zod validation and automatic React Query hooks."

Claude will:

  1. Initialize tRPC router with type-safe procedures
  2. Add Zod schemas for input validation
  3. Create CRUD operations with proper types
  4. Set up Next.js API route handlers
  5. Generate React hooks for client usage
  6. Include error handling and transformers
  7. Add TypeScript types exported automatically

Authentication Middleware

Prompt: "Add JWT authentication middleware to my tRPC API. Protected procedures should verify the token and attach user data to context."

Claude will:

  1. Create authentication middleware
  2. Verify JWT tokens with jose library
  3. Extend tRPC context with user data
  4. Create protected procedure wrapper
  5. Add type-safe context typing
  6. Include refresh token logic
  7. Implement role-based authorization

Real-Time Subscriptions

Prompt: "Build a tRPC subscription that sends real-time notifications when new messages are posted. Use WebSocket transport."

Claude will:

  1. Configure WebSocket link on client
  2. Create subscription procedure
  3. Implement event emitter pattern
  4. Add connection status handling
  5. Include automatic reconnection
  6. Type subscription payloads properly
  7. Add subscription filters

Full-Stack T3 App

Prompt: "Create a complete T3 Stack application with tRPC, Prisma, NextAuth, and Tailwind. Include user authentication, database models, and type-safe API routes."

Claude will:

  1. Initialize T3 app with create-t3-app
  2. Set up Prisma schema and migrations
  3. Configure NextAuth providers
  4. Create tRPC routers for all features
  5. Build authenticated UI components
  6. Add optimistic updates with React Query
  7. Include comprehensive error handling

Tips for Best Results

  1. Use Zod for Validation: tRPC integrates perfectly with Zod. Always request Zod schemas for input validation to get runtime safety matching TypeScript types.

  2. Leverage Context: Put database clients, auth sessions, and shared utilities in tRPC context for type-safe access across all procedures.

  3. React Query Integration: tRPC's React hooks are powered by React Query. Request configurations for caching, refetching, and optimistic updates.

  4. Organize with Sub-Routers: For large APIs, ask Claude to split procedures into feature-based sub-routers (users, posts, comments) merged into a root router.

  5. Type Inference Magic: tRPC's inferProcedureInput and inferProcedureOutput utilities maintain types across client/server. Request these for shared type definitions.

  6. Error Handling: Use tRPC's TRPCError with specific codes (BAD_REQUEST, UNAUTHORIZED, etc.) for consistent error responses.

Common Workflows

E-Commerce API

"Build a type-safe e-commerce API with tRPC:
1. Product catalog with filtering and search
2. Shopping cart management
3. Order processing with Stripe
4. User authentication with NextAuth
5. Admin dashboard procedures
6. Real-time inventory updates
7. Include Zod validation and Prisma integration"

Social Media Backend

"Create a social media backend using tRPC:
1. User profiles with follow/unfollow
2. Posts with likes and comments
3. Real-time notifications via subscriptions
4. Image uploads to S3
5. Feed algorithm with pagination
6. Direct messaging between users
7. Content moderation procedures"

SaaS Multi-Tenant API

"Build a multi-tenant SaaS API with tRPC:
1. Organization and team management
2. Role-based access control middleware
3. Usage tracking and billing
4. Webhook integrations
5. Audit logging for all actions
6. Rate limiting per tenant
7. Data isolation at database level"

AI Chat Application

"Create a chat app with tRPC and streaming:
1. OpenAI integration with streaming responses
2. Chat history with Prisma
3. Real-time message updates
4. Typing indicators via subscriptions
5. File uploads for context
6. Conversation summarization
7. Cost tracking per user"

Troubleshooting

Issue: Type errors between client and server Solution: Ensure both use the same TypeScript version and tRPC version. Export AppRouter type from server and import on client. Run tsc --noEmit to catch type issues.

Issue: Queries not refetching properly Solution: Configure React Query's staleTime and cacheTime. Use utils.invalidate() after mutations or enable optimistic updates with onMutate.

Issue: Authentication context undefined Solution: Verify middleware runs before protected procedures. Check that createContext properly extracts auth token from headers. Ensure client passes credentials.

Issue: Slow API responses Solution: Add database query optimization, implement batching with DataLoader pattern, use tRPC's batching link on client, and consider Redis caching for expensive operations.

Issue: WebSocket subscriptions disconnecting Solution: Implement heartbeat/ping-pong pattern, add automatic reconnection with exponential backoff, check firewall/proxy timeouts, and use connection pooling.

Issue: Zod validation too strict Solution: Use .optional(), .nullable(), or .default() on schema fields. For flexible objects, use z.record() or .passthrough() to allow extra keys.

Learn More

Features

  • End-to-end type safety without code generation - TypeScript types flow from server to client automatically
  • Zero runtime dependencies and tiny bundle size - minimal overhead compared to GraphQL or REST
  • Automatic React Query hooks generation with @trpc/react-query for seamless data fetching
  • WebSocket subscriptions support for real-time updates with observable pattern
  • Middleware system for authentication, logging, rate limiting, and custom logic
  • Zod integration for runtime input validation matching TypeScript types
  • Batching support for multiple queries in single HTTP request for performance
  • Adapters for Express, Next.js, Fastify, and standalone servers with flexible deployment

Use Cases

  • Full-stack TypeScript applications with shared types between client and server
  • Real-time collaborative apps with WebSocket subscriptions and live updates
  • Type-safe microservices communication with end-to-end type inference
  • T3 Stack applications (Next.js, tRPC, Prisma, NextAuth, Tailwind)
  • Monorepo architectures with shared type definitions across packages
  • API-first development with automatic client generation and type safety

Source citations

Add this badge to your README

Show that tRPC Type-Safe API Builder Skill is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/skills/trpc-type-safe-api.svg)](https://heyclau.de/entry/skills/trpc-type-safe-api)

How it compares

tRPC Type-Safe API Builder Skill side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

2 trust signals differ across this comparison (Package trust, Source provenance).

Field

Build end-to-end type-safe APIs with tRPC and TypeScript, eliminating code generation and runtime bloat for full-stack applications. tRPC provides end-to-end type safety without code generation, schema stitching, or serialization layers - delivering a lighter, more intuitive developer experience than REST or GraphQL.

Open dossier

TypeScript-first validation skill using Zod — define schemas once, get runtime checks and inferred types for APIs, forms, and data pipelines.

Open dossier

Anthropic's public Agent Skills repository for Claude, with example skills, document skills, the Agent Skills specification pointer, a template skill, Claude Code plugin installation, Claude.ai usage guidance, and Claude API skill creation references.

Open dossier

Agent Skill from mcp-use for building production MCP servers and MCP Apps with tools, resources, prompts, widgets, authentication, deployment, inspector testing, and framework-specific guardrails.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustDiffersPackage verified2025-10-16Package verified2025-10-16Package not verifiedPackage not verified
Source provenanceDiffersSource-backedNo submission linkSource-backedSource-backed
Submitter
Install riskReview firstLow riskReview firstReview first
Notes Safety Privacy Safety Privacy Safety Privacy Safety Privacy
BrandAnthropic logoAnthropic
Categoryskillsskillsskillsskills
Sourcefirst-partyfirst-partysource-backedsource-backed
AuthorJSONboredJSONboredAnthropicmcp-use
Added2025-10-162025-10-162026-06-182026-06-18
Platforms
Claude CodeCodexWindsurfGeminiCursorCLI
Claude CodeCodexWindsurfGeminiCursorCLI
Claude CodeCodexWindsurfGeminiCursorCLI
Claude CodeCodexWindsurfGeminiCursorCLI
Source repo
Safety notesInstalls server/client packages (@trpc/server, @trpc/client, zod) and runs an API server; review procedures, auth middleware, and exposed routers before deploying.Install Zod with `npm install zod` (or your package manager's equivalent) before use. The library has zero runtime dependencies and does not execute network requests on its own. Async refinements (`.refine(async fn)`) may call external services if your own callback does — review any async refinement for unintended network or database access.The repository is explicitly presented as demonstration and educational material; behavior available in Claude products can differ from repository examples. Document skills can read, transform, and create files such as PDFs, Word documents, PowerPoint decks, and spreadsheets, so review generated artifacts before sharing or publishing them. The MCP builder skill guides agents through creating MCP servers and evaluations; generated servers still need security review, least-privilege tool design, authentication review, and transport testing. The skill creator workflow can generate instructions, scripts, references, and assets; review all generated resources before installing them into an agent host.This skill guides agents through MCP server work that can expose tools, resources, prompts, widgets, middleware, auth flows, and remote deployment surfaces. MCP tools can call external APIs, read or mutate local data, proxy other MCP servers, or trigger side effects depending on implementation. Widget and MCP Apps work can render user-provided data in interactive UI surfaces; validate data and avoid trusting client-side state. Authentication examples may involve OAuth, Supabase, Clerk, Auth0, WorkOS, Keycloak, custom auth, API keys, and session handling. Keep secrets in environment variables. Deployment guidance can make a server reachable by external clients; review tool authority, CORS, auth, logging, rate limits, and observability before publishing.
Privacy notestRPC procedures read and persist user-supplied input and use auth context/tokens; validate inputs with zod, keep secrets in environment variables, and review what each procedure stores or logs.Zod validates data in-process only and does not transmit your schemas, inputs, or error output to any external service. Schemas that validate emails, passwords, or personal data remain entirely local; no input leaves your runtime environment through Zod itself.Skill usage can expose documents, spreadsheets, slide decks, prompts, company workflows, brand guidelines, MCP designs, API details, and generated artifacts to Claude or the configured model/runtime. Do not upload or commit customer documents, regulated data, private brand assets, secrets, credentials, or unreleased business plans unless the environment and account policy allow that data. When creating custom skills, check bundled scripts, references, and assets for private data before sharing a repository, plugin, or ZIP archive.MCP Apps and servers may process prompts, tool arguments, API responses, user identity, OAuth scopes, logs, widget props, resources, and generated UI state. The skill's reference files can lead agents to inspect local source, configs, package metadata, auth providers, deployment logs, and connected MCP server definitions. Do not paste API keys, OAuth secrets, cookies, session tokens, production customer data, or private server URLs into prompts, examples, generated docs, issues, or PRs. When using hosted deployment or inspector tools, review the retention policies for mcp-use, Manufact, MCP clients, model providers, and connected services.
Prerequisites
  • Node.js 18+
  • TypeScript 5.0+
  • @trpc/server ^10.0.0
  • @trpc/client ^10.0.0
  • TypeScript 5.0+ (5.5+ recommended for best type inference)
  • zod ^3.22.0
  • Node.js 18+ or a modern browser with ES2020+ support
  • Basic TypeScript knowledge
  • Claude Code for plugin marketplace installation, Claude.ai paid plan access for built-in/example skill usage, or Claude API access for programmatic skill creation.
  • A target task where a demonstration skill, document skill, MCP builder workflow, skill creator workflow, or custom skill template is appropriate.
  • Review of the repository disclaimer and license/source-availability notes before relying on a skill in production.
  • Local testing for any copied or customized skill before using it on sensitive documents, production workflows, or customer data.
  • Node.js, npm or pnpm, and a workspace where an MCP server or MCP App can be scaffolded or edited.
  • A coding agent or skill host that can install Agent Skills from GitHub.
  • For TypeScript projects, familiarity with `mcp-use/server`, Zod schemas, resources, prompts, widgets, and the project package manager.
  • For Python projects, familiarity with the mcp-use Python SDK and the target transport.
Install
npm install @trpc/server @trpc/client @trpc/react-query zod
npm install zod
/plugin marketplace add anthropics/skills
npx skills add https://github.com/mcp-use/mcp-use --skill mcp-apps-builder
Config
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.